Wireless Access

Hi All!

I've got a problem with a RAP (RAP-155) terminating on a MD running 8.6.0.6.

There are lots of other RAPs working fine. Even another RAP at the same remote site is working fine.

I can see the isakmp & ipsec sa get established at which point I can ping the IP address that the RAP is assigned. 

The problem is, the RAP doesn't appear in the ap database and the ipsec tunnel drops after 20 seconds or so.

The RAP is being migrated from a 6.x controller so perhaps TFTP connectivity is the issue? I can't see any TFTP traffic in the datapath.

What do you reckon?

Cheers

------------------------------
James Whitehead
------------------------------

Did you check your RAP whitelist and see if the Name and AP-Group are getting overridden? I've chased my tail on this before when that stuff hasn't been updated/changed and its pointing to a Group with the LMS/BLMS of another controller/controllers....


------------------------------
Dustin Burns
------------------------------

Original Message:
Sent: Feb 24, 2021 02:11 PM
From: James Whitehead
Subject: RAP ipsec is established then drops repeatedly

Hi All!

I've got a problem with a RAP (RAP-155) terminating on a MD running 8.6.0.6.

There are lots of other RAPs working fine. Even another RAP at the same remote site is working fine.

I can see the isakmp & ipsec sa get established at which point I can ping the IP address that the RAP is assigned. 

The problem is, the RAP doesn't appear in the ap database and the ipsec tunnel drops after 20 seconds or so.

The RAP is being migrated from a 6.x controller so perhaps TFTP connectivity is the issue? I can't see any TFTP traffic in the datapath.

What do you reckon?

Cheers

------------------------------
James Whitehead
------------------------------

I thought that too but double checked the AP system profile for those settings and they're blank. I even tried the default AP groups. Same result.

Looking at the datapath I can see RAP connecting to the controller (and another one at the same site) but there are no return packets. 

Below, red is the working RAP, Light blue is the one that doesn't work with no return packets and no syn flag.



------------------------------
James Whitehead
------------------------------

Original Message:
Sent: Feb 24, 2021 04:03 PM
From: Dustin Burns
Subject: RAP ipsec is established then drops repeatedly

Did you check your RAP whitelist and see if the Name and AP-Group are getting overridden? I've chased my tail on this before when that stuff hasn't been updated/changed and its pointing to a Group with the LMS/BLMS of another controller/controllers....


------------------------------
Dustin Burns

Original Message:
Sent: Feb 24, 2021 02:11 PM
From: James Whitehead
Subject: RAP ipsec is established then drops repeatedly

Hi All!

I've got a problem with a RAP (RAP-155) terminating on a MD running 8.6.0.6.

There are lots of other RAPs working fine. Even another RAP at the same remote site is working fine.

I can see the isakmp & ipsec sa get established at which point I can ping the IP address that the RAP is assigned. 

The problem is, the RAP doesn't appear in the ap database and the ipsec tunnel drops after 20 seconds or so.

The RAP is being migrated from a 6.x controller so perhaps TFTP connectivity is the issue? I can't see any TFTP traffic in the datapath.

What do you reckon?

Cheers

------------------------------
James Whitehead
------------------------------

This may not be relevant but you may want to warn the customer that 8.6 is the last supported release for RAP-155.

I seem to recall a command to default the OS on the AP / RAP. It may be worth doing that & updating again in case it got a bad software load?

------------------------------
Bruce Osborne
------------------------------

Original Message:
Sent: Feb 24, 2021 02:11 PM
From: James Whitehead
Subject: RAP ipsec is established then drops repeatedly

Hi All!

I've got a problem with a RAP (RAP-155) terminating on a MD running 8.6.0.6.

There are lots of other RAPs working fine. Even another RAP at the same remote site is working fine.

I can see the isakmp & ipsec sa get established at which point I can ping the IP address that the RAP is assigned. 

The problem is, the RAP doesn't appear in the ap database and the ipsec tunnel drops after 20 seconds or so.

The RAP is being migrated from a 6.x controller so perhaps TFTP connectivity is the issue? I can't see any TFTP traffic in the datapath.

What do you reckon?

Cheers

------------------------------
James Whitehead
------------------------------

Yeah, they're aware but thanks for the heads up and the reset recommendation. :)

------------------------------
James Whitehead
------------------------------

Original Message:
Sent: Feb 25, 2021 07:29 AM
From: Bruce Osborne
Subject: RAP ipsec is established then drops repeatedly

This may not be relevant but you may want to warn the customer that 8.6 is the last supported release for RAP-155.

I seem to recall a command to default the OS on the AP / RAP. It may be worth doing that & updating again in case it got a bad software load?

------------------------------
Bruce Osborne

Original Message:
Sent: Feb 24, 2021 02:11 PM
From: James Whitehead
Subject: RAP ipsec is established then drops repeatedly

Hi All!

I've got a problem with a RAP (RAP-155) terminating on a MD running 8.6.0.6.

There are lots of other RAPs working fine. Even another RAP at the same remote site is working fine.

I can see the isakmp & ipsec sa get established at which point I can ping the IP address that the RAP is assigned. 

The problem is, the RAP doesn't appear in the ap database and the ipsec tunnel drops after 20 seconds or so.

The RAP is being migrated from a 6.x controller so perhaps TFTP connectivity is the issue? I can't see any TFTP traffic in the datapath.

What do you reckon?

Cheers

------------------------------
James Whitehead
------------------------------