01-29-2015 08:36 PM
I am brand new to Aruba. I am testing some Aruba equipments right now. The AP that is local to my controller (7005) are working fine. The problem I have is with the 225AP at a remote location. Here is the basic setup
225 --SW--- PA(Firewall) ------IPSEC -------PA(Firewall) -------Controller 7005---DNS Server
From the remote network, I can ping aruba-master and resolve via nslookup. Once the AP got the DHCP address, I can ping the AP from the controller and the controller from the AP. But the AP will never assocaite with the controller.
I have try to console into the AP, it will sit at the Master: screen, then reboot. I did try to hardcode the controller IP, once I did that. The AP will show up inside the controller with the I,D Flag but I cannot do anything to it. I try to change the profile, but the AP never restart.
I did a capture on both end of the firewall, some UDP aruba-papi traffic got drop. I suspect MTU between the tunnel was the problem. I drop the MTU to 1400 but no luck.
I did plug the AP at the local network at first and all work fine, but once I relocate them. It stop working...
Have anyone run into a similar problem? Any suggestion would be appreciated.
01-29-2015 10:13 PM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
01-29-2015 11:50 PM - edited 01-29-2015 11:52 PM
Did u deployed the AP as RAP or CAP? because as far as it's looks - GRE will not pass the two firewalls you got - I advise you to pre configure the AP as RAP (it will be based on IPSEC) and then your AP will be able to contact the controller without the ID
or read this PDF
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
06-01-2015 11:33 AM
Sorry for the late reply. We finally fix the issues couple weeks ago. Aruba support keep having us run around during troubleshooting. At the end of the day, we figure it out the problem is dealing with MTU size, my initial MTU 1150 was not small enough. Once we drop it to 1100, it start working.
Thank for the suggestion. We finially can roll out the new solution.