Wireless Access

Reply
MVP
Posts: 399
Registered: ‎07-26-2011

RAP unable to connect to BLMS after 6.1.3.9 Upgrade

Hi All,

 

Have an issue where after upgrading to 6.1.3.9 from 6.1.3.7, some of the RAP's are terminating on the BLMS (master)as opposed to the LMS (local). Looking at the logs I can see they are failing due to the AAA Server timeout

 

Nov 16 11:26:36  authmgr[1629]: <522038> <INFO> |authmgr|  username=xx.xx.xx.xx.xx.xx.xx MAC=00:00:00:00:00:00 IP=10.119.1.113 Authentication result=AAA server timeout method=VPN server=Internal

 

No changes to the config has been made and this was connected previously. I've confirmed the RAP's are in the whitelist and have also exported the local-userdb from Master to Local.

 

To confuse matters even more I have RAP's showing as up on the LMS (local) yet on the BLMS (Master) showing as down.

 

The business in question has upgraded their switches today as well...which may also be a factor.

ACMA, ACMP
If my post addresses your query, give kudos:)
MVP
Posts: 399
Registered: ‎07-26-2011

Re: RAP unable to connect to BLMS after 6.1.3.9 Upgrade

[ Edited ]

Further to this the RAP's appear to be stuck in the logon role?

 

10.119.1.113    00:00:00:00:00:00            logon              00:00:00    VPN             N/A                                                                               tunnel        
10.119.1.101    00:00:00:00:00:00            logon              00:00:05    VPN             N/A                                                                               tunnel        
10.119.1.100    00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel        
10.119.1.99     00:00:00:00:00:00            logon              00:00:00    VPN             N/A                                                                               tunnel        
10.119.1.98     00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel        
10.119.1.97     00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel 

 

Logon role is as per before the upgrade :

 

access-list List
----------------
Position  Name              Location
--------  ----              --------
1         logon-control     
2         captiveportal     
3         vpnlogon          
4         v6-logon-control  
5         captiveportal6   

 

I can also see that they are passing Phase 2 just not on their respective Controllers

 

 

###############


Admin, please delete this customer has broken their Master-Local IPSEC connectivity :)

 

###############

ACMA, ACMP
If my post addresses your query, give kudos:)
Search Airheads
Showing results for 
Search instead for 
Did you mean: