Wireless Access

Reply
Contributor I
Posts: 42
Registered: ‎09-21-2015

authmgr[1650] error

Hi, everyone..
I faced next problem:
I have controller which terminates RAPs.
One AP was rebooted. After that AP cannot connect to controller. I found next log at AP:
    AP rebooted Fri Dec 31 16:02:27 PST 1999; Unable to set up IPSec tunnel after 85 tries.

Also, found nex logs at controller:
    Dec 24 13:37:12  isakmpd[1611]: <103048> <ERRS> |ike|  IKE XAuth failed for AP_NAME
    Dec 24 13:37:13  authmgr[1650]: <124004> <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
    Dec 24 13:37:13  authmgr[1650]: <124004> <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
    Dec 24 13:37:13  authmgr[1650]: <124149> <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.
    Dec 24 13:37:13  authmgr[1650]: <124494> <ERRS> |authmgr|  Auth request for unknown user (name='AP_NAME' IP=X.X.X.X, method=VPN).

During detailed investigation I found next:
    Dec 24 13:42:11 :103048:  <ERRS> |ike|  IKE XAuth failed for AP_NAME
    Dec 24 13:42:12 :124004:  <DBUG> |authmgr|  RX (sock) message of type 98, len 1016
    Dec 24 13:42:12 :124155:  <DBUG> |authmgr|  No macuser for ip X.X.X.X, mac 00:00:00:00:00:00.
    Dec 24 13:42:12 :124149:  <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.
    Dec 24 13:42:12 :124449:  <DBUG> |authmgr|  auth_vpn_raw: Add user X.X.X.X failed
    Dec 24 13:42:12 :124447:  <DBUG> |authmgr|  auth_vpn_resp_raw: user name AP_NAME, check_vpn_cp_single_session ret -1
    Dec 24 13:42:12 :124494:  <ERRS> |authmgr|  Auth request for unknown user (name='AP_NAME' IP=X.X.X.X, method=VPN).
    Dec 24 13:42:12 :124441:  <DBUG> |authmgr|  auth_vpn_resp_raw: vpnflags:1

I'm using ArubaOS 6.3.1.13, Control Plane Security is enebled.
And about licensing:

Service Status and Current Limits

Access Points 128
RF Protect 128
VPN Server Module 2048

AP Usage
Active CAPs 0
Standby CAPs 0
RAPs 127
Remote-node APs 0
Tunneled nodes 0
Total APs 127


Remaining AP Capacity
CAPs 0
RAPs 1

Does anyone know how to solve this problem? Which limit did I reach?

Guru Elite
Posts: 20,760
Registered: ‎03-29-2007

Re: authmgr[1650] error

RAPs are not related to control plane security.

What model are these access points?

Are you using the RAP whitelist, or IKE PSK and username and password to provision those access points?

Use the "show vpdn l2tp local pool" command to see how many addresses you have in your pool.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 42
Registered: ‎09-21-2015

Re: authmgr[1650] error

I'm using AP-93.

To provision those access points I'm using IKE PSK and username and password.

About IP pool:

Total:-
         129 IPs used - 368 IPs free - 497 IPs configured
IP pool allocations / de-allocations - L2TP: 0/0  IKE: 90285/90488

Guru Elite
Posts: 20,760
Registered: ‎03-29-2007

Re: authmgr[1650] error

If Xauth fails, that typically means that the IKE PSK might have been changed.  Unfortunately the audit trail does not survive a reboot, so you cannot look at that to see if there was a change.  How many RAPs are failing? 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 42
Registered: ‎09-21-2015

Re: authmgr[1650] error

Just 1 RAP failed.

I suspect, that there is a problem:

   Dec 24 13:42:12 :124149:  <ERRS> |authmgr|  Failed to create internal IP user entry and user entry due to too many user entries 256.

 

Nearly week ago we added new RAPs to controller and used all possible licenses.
Its 3200 controller which terminates 127 RAP and have 1 free license.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: