Wireless Access

last person joined: 12 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

authmgr[1650] error

This thread has been viewed 5 times

  • 1.  authmgr[1650] error

    Posted Dec 24, 2015 06:50 AM

    Hi, everyone..
    I faced next problem:
    I have controller which terminates RAPs.
    One AP was rebooted. After that AP cannot connect to controller. I found next log at AP:
        AP rebooted Fri Dec 31 16:02:27 PST 1999; Unable to set up IPSec tunnel after 85 tries.

    Also, found nex logs at controller:
        Dec 24 13:37:12  isakmpd[1611]: <103048> <ERRS> |ike|  IKE XAuth failed for AP_NAME
        Dec 24 13:37:13  authmgr[1650]: <124004> <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
        Dec 24 13:37:13  authmgr[1650]: <124004> <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
        Dec 24 13:37:13  authmgr[1650]: <124149> <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.
        Dec 24 13:37:13  authmgr[1650]: <124494> <ERRS> |authmgr|  Auth request for unknown user (name='AP_NAME' IP=X.X.X.X, method=VPN).

    During detailed investigation I found next:
        Dec 24 13:42:11 :103048:  <ERRS> |ike|  IKE XAuth failed for AP_NAME
        Dec 24 13:42:12 :124004:  <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
        Dec 24 13:42:12 :124155:  <DBUG> |authmgr|  No macuser for ip X.X.X.X, mac 00:00:00:00:00:00.
        Dec 24 13:42:12 :124149:  <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.
        Dec 24 13:42:12 :124449:  <DBUG> |authmgr|  auth_vpn_raw: Add user X.X.X.X failed
        Dec 24 13:42:12 :124447:  <DBUG> |authmgr|  auth_vpn_resp_raw: user name AP_NAME, check_vpn_cp_single_session ret -1
        Dec 24 13:42:12 :124494:  <ERRS> |authmgr|  Auth request for unknown user (name='AP_NAME' IP=X.X.X.X, method=VPN).
        Dec 24 13:42:12 :124441:  <DBUG> |authmgr|  auth_vpn_resp_raw: vpnflags:1

    I'm using ArubaOS 6.3.1.13, Control Plane Security is enebled.
    And about licensing:

    Service Status and Current Limits

    Access Points 128
    RF Protect 128
    VPN Server Module 2048

    AP Usage
    Active CAPs 0
    Standby CAPs 0
    RAPs 127
    Remote-node APs 0
    Tunneled nodes 0
    Total APs 127


    Remaining AP Capacity
    CAPs 0
    RAPs 1

    Does anyone know how to solve this problem? Which limit did I reach?



  • 2.  RE: authmgr[1650] error

    EMPLOYEE
    Posted Dec 24, 2015 07:02 AM

    RAPs are not related to control plane security.

    What model are these access points?

    Are you using the RAP whitelist, or IKE PSK and username and password to provision those access points?

    Use the "show vpdn l2tp local pool" command to see how many addresses you have in your pool.



  • 3.  RE: authmgr[1650] error

    Posted Dec 24, 2015 07:10 AM

    I'm using AP-93.

    To provision those access points I'm using IKE PSK and username and password.

    About IP pool:

    Total:-
             129 IPs used - 368 IPs free - 497 IPs configured
    IP pool allocations / de-allocations - L2TP: 0/0  IKE: 90285/90488



  • 4.  RE: authmgr[1650] error

    EMPLOYEE
    Posted Dec 24, 2015 07:14 AM

    If Xauth fails, that typically means that the IKE PSK might have been changed.  Unfortunately the audit trail does not survive a reboot, so you cannot look at that to see if there was a change.  How many RAPs are failing? 



  • 5.  RE: authmgr[1650] error

    Posted Dec 24, 2015 07:20 AM

    Just 1 RAP failed.

    I suspect, that there is a problem:

       Dec 24 13:42:12 :124149:  <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.

     

    Nearly week ago we added new RAPs to controller and used all possible licenses.
    Its 3200 controller which terminates 127 RAP and have 1 free license.