Wireless Access

Reply
Contributor II
Posts: 43
Registered: ‎03-31-2014

Virtual AP profile error

Hello,

 

I'm having a problem with my 3200 controller right now. 

 

The problem is that I can't create new vap profile because when I entered the AAA profile and SSID profile and click apply button it says dot1x profile needs to be enabled in aaa profile default. The aaa profile I choosed is not default profile. And I created a dot1x profile via Layer 2 Authentication under 802.1x. I tried to configure it from wizard and CLI interface but I was not successful on both. What could be the point I'm missing. I have a radius server and I'm trying to authenticate users via this server also put them into the appropriate user role with appropriate server rule which matches the role via tunnel-private-group-id.

 

And also I've already created one test profile before and it works fine but now I have different vlans and different user roles. I want to create a new ap group. The only difference between the time i created the test profile and now is the OS version of the controller. Back then the version is 6.3.1.2 but now it is 6.3.1.8.

 

Any help will be appreciated!

Community Administrator
Posts: 2,279
Registered: ‎12-03-2013

Re: Virtual AP profile error

Could you share your configuration of the profile with us?

CWNA, ACMP, Security +
Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: Virtual AP profile error

Try the WLAN/LAN Wizard under configuration...  That will create all the profiles for you.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: Virtual AP profile error

The configuration of the working profile is below

 

wlan virtual-ap "test"
aaa-profile "deneme_internal"
ssid-profile "arubatest"
vlan 60,70,80
no broadcast-filter arp
no blacklist

 

wlan ssid-profile "arubatest"
essid "arubatest"
opmode wpa-tkip wpa2-aes

 

aaa profile "deneme_internal"
mac-default-role "authenticated"
authentication-dot1x "test"
dot1x-default-role "authenticated"
dot1x-server-group "deneme_Server_group"
enforce-dhcp

aaa authentication dot1x "test"
reauth-server-termination-action
termination inner-eap-type eap-mschapv2

 

 

 

The second part is the one that gives the error. I only created the aaa profile that concerns vlan 60. I will add the vlan 70 and 80's aaa profile with the same ssid profile. And will use the server-derivation rule to assing users to appropriate user role and vlan.

 

aaa profile "uzak_lokasyon_vlan60_aaa"
authentication-dot1x "uzak_lokasyon_dot1x"
dot1x-default-role "vlan60_dot1x_default"
dot1x-server-group "deneme_Server_group"

 

aaa authentication dot1x "uzak_lokasyon_dot1x"
machine-authentication user-default-role "authenticated"

 

user-role vlan60_dot1x_default
vlan 60
access-list session ra-guard
access-list session allowall
access-list session v6-allowall

 

wlan ssid-profile "uzaklokasyon" %The SSID will be used.
essid "uzaklokasyon"
opmode wpa-tkip wpa2-aes

 

 

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: Virtual AP profile error

I have already tried it. It didn't work.

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: Virtual AP profile error

Where is the configuration for the non-working Virtual AP?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: Virtual AP profile error

the vap I try to create is in a different Ap group. Under that ap group when I try to create that vap it gives the errors below where the bottom line, I think, indicates the error that it can't create the virtual ap profile.

 

Error processing command 'wlan virtual-ap "vlan60_vap"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "vlan60_vap" aaa-profile "uzak_lokasyon_vlan60_aaa"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'wlan virtual-ap "vlan60_vap" ssid-profile "uzaklokasyon"':Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"
Error processing command 'ap-group "uzak_lokasyon_APG" virtual-ap "vlan60_vap"':Virtual AP profile "vlan60_vap" does not exist.

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: Virtual AP profile error

do this:

 

config t
wlan virtual-ap "vlan60_vap"
clone virtual-ap test
vlan 60
exit

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: Virtual AP profile error

Thanks for your quick return. I entered the first line of your commands;

wlan virtual-ap "vlan60_vap"

 

And the output from the CLI is:

 

Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa2-psk-aes" configured in ssid profile "default"

Guru Elite
Posts: 21,294
Registered: ‎03-29-2007

Re: Virtual AP profile error

[ Edited ]

Then remove it:

 

config t
no wlan virtual-ap "vlan60_vap

 After that, try the commands again.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: