Wireless Access

Reply
Occasional Contributor I
Posts: 8
Registered: ‎08-16-2011

rapconsole access (RAP's) after first successful ipsec connection

Hi all,

 

After setting up successfully RAP5WN's , I can't access any more the WEBUI  for checking the status.

 

If a RAP2 or RAP5 is disconnected, moved to another location and can't connect to the controller, I would like to have the rapconsole WEBUI available for troubleshooting!

 

Does the access depend on the forward mode configured? 

(the "Remote-AP Backup" feature from the ethernet port config tab is enabled)

 

On the client PC, the difference between first setup (ping to 192.168.11.1 is ok and domain is provided)  and no-access (ping to 192.168.11.1 not ok, no domain provided).

 

thanks for any tipps and advices.

 

Rolf

 

 

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: rapconsole access (RAP's) after first successful ipsec connection

[ Edited ]

Yes.  the Rapconsole will only come up if you have the Remote AP backup parameter checked, BUT, it will only come up when the AP is not connected to the controller, yet.

 

For the Rapconsole to work while the AP is already connected to the controller, the wired port, or the virtual AP needs to be split tunnel or bridge.

 

Please see this section in the ArubaOS 6.1 user guide about Local Debugging (LD) and Rapconsole access:

 

 

"Configuring ACL for restricted LD homepage access

A user in split or bridge role using a remote AP (RAP) can log on to the local debug (LD) homepage (for example, (http://rapconsole.arubanetworks.com) and perform a reboot or reset operations. The LD homepage provides various information about the RAP and also has a button to reboot the RAP. You can now restrict a RAP user from resetting or rebooting a RAP by using the new localip keyword in the in the user role ACL . "........

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: rapconsole access (RAP's) after first successful ipsec connection

Hi,

Could you advise what kind of policy should I create for this access to rapconsole? I have backup ssid in bridge mode and policy from user to localip. I tried permit and route. Both does not work and I am not able to connect to rapconsole.arubanetworks.com 

Thanks

Marek

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: rapconsole access (RAP's) after first successful ipsec connection

You should permit http traffic to the "localip" alias, according to user manual.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: rapconsole access (RAP's) after first successful ipsec connection

So I tried but it did not work. Then I asked here...

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: rapconsole access (RAP's) after first successful ipsec connection

Okay.  Not 100% sure that it works on a backup SSID.  On that user who is connected to the backup SSID, do an nslookup for "rapconsole.arubanetworks.com"

 

> rapconsole.arubanetworks.com
Server:		209.18.47.61
Address:	209.18.47.61#53

Name:	rapconsole.arubanetworks.com
Address: 192.168.1.175
> 

 I got the ip address of my RAP and when I opened a page to 192.168.1.175, it opened the rapconsole.  First, find out if it is returning that ip address..

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: rapconsole access (RAP's) after first successful ipsec connection

I got the same - rapconsole.arubanetworks.com was resolved to IP of RAP external (Ethernet E0) address. But I am not able to pass any traffic to this address.

 

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: rapconsole access (RAP's) after first successful ipsec connection

What are the firewall rules for your user?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 97
Registered: ‎04-13-2009

Re: rapconsole access (RAP's) after first successful ipsec connection

Hi,

It was probably my fault - I have recreated configuration from scratch and now it works perfect form me!

Thanks,

Marek

Marek Krauze, CWNE# 174, ACMX #295, ACDX #356
Something cool, helpful or interesting in my post - click the Kudos Star.
Helped to solve your problem - Click Accept as Solution
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: rapconsole access (RAP's) after first successful ipsec connection

Marek - Glad you figured it out.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: