Wireless Access

Reply
MVP

remote cap issues

I'm trying to configure a AP61 as remote AP with the old username/passwd method. I'm doing this on a controller with only the base license so no toying around with my roles. This remote AP then connects over the LAN to the controller. 

Reasoning is to get a bridges SSID without enabling CPS on the controller

 

I've configured the vpn settings, created a local-userdb user and provisioned the AP with those settings.

After provisioning the AP does not show up in the database but it does not reboot at all either. I do not have any ipsec or isakmp sa's for this rap though.

 

Looking at the datapath I can see the 4500 from ap to controller fine, but the reverse direction (controller > AP) has a Y flag (no syn).

There is only a single router between rap and controller without any ACL or firewalling. A traceroute or ping works fine in either direction.

 

What is going wrong here? Anybody got a clue?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: remote cap issues

I would type "show log security 50" to see if there are any errors.  That is my first guess based on the information you submitted.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: remote cap issues

Nothing regarding this ap in the security (or any other) log I'm affraid.

 

Even the ap-debug I configured only lists a "<INFO> |stm|  AP 6c:f3:7f:c4:5a:6b is down" after the provisioning message there. No additional entries even after rebooting half a dozen times.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: remote cap issues

Okay.  Turn on the debugs below and try "show log security 50" again.

config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: remote cap issues

 

logging level debugging security process l2tp

but still nothing in there. Searched both for ip and mac-address of the remote-ap and did a scan to find anything usefull.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: remote cap issues

Can you try a different AP besides an AP61?  That would eliminate any AP-specific issues.  I cannot say that I have tried configuring an AP61 as a RAP since the 5.x, and it is not very common, so it is entirely possible that there is a bug, due to the fact that it is something that is not seen often.  Please try a different model of access point as any type of RAP to confirm your configuration is working.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: remote cap issues

Actually did that already.. used a ap61, ap68 and now an ap104.. all the same.

 

This is actually on a new 7240 controller (v6.3.1.7) replacing and old M3 (v6.1.3.9) as master.

On the 7240 I have this issue, on the old master I don't. Double and triplechecked my config so I'm leaning towards bug too :(

 

I need this rap working before I can rejoin the M3 as local and get my redundancy back in order though.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: remote cap issues

Did you configure the AP104 as a cert-based RAP?  If there are any crypto issues it should have showed up in the security log if you enable the debugs that I pasted into the post above.  In addition, you should connect to the AP console of the 104 to see if anything shows up.  There are 104s and 105s that work as cert-based APs on that code and on that platform.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: remote cap issues

No, was trying to get it back as it was so configured the ap104 also with username/passwd. But good idea.. let me try that before wasting even more time on this.

 

Nothing shows up on the AP console by the way. It finishes its boot 

shutting down watchdog process (nanny will restart it)...
 
        <<<<<       Welcome to the Access Point     >>>>>
 
~ #    

 and then just sits there.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: remote cap issues

When you do  a "printenv" at the apboot> prompt, do you see the master ip address and the fact that it is a remote AP and PSK configured?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: