Wireless Access

Trying to setup a remote site and using an LTE enabled router to backhaul the traffic to our data center. Through troubleshooting, I found that the AP-325 is trying to establish it's IPSEC tunnel (through CPSec on controller) using ESP messages that are 1390 bytes. In testing, packets over 1310 bytes fail to reach the controller through this LTE router. APs attached initially and did their code upgrade, but once they did the CPSec enrollment they never came back. This controller has over 800 other APs and we CANNOT disable CPSec on it. 

Is there a way to change the SAP MTU in the default AP group to set MTU value to 1200 or is there another recommendation to get this setup? 

It's very time sensitive and critical to get these location working, so any suggestions are greatly appreciated.

Thanks!

------------------------------
Michael Haring
------------------------------

We worked with Aruba Support and Peplink's support and found that the routers were recently upgraded to the latest firmware - which we decided to roll back and the APs connected without issue. A code bug was filed with their engineering team, but for everyone's reference - 

Peplink MBX version 8.1.1 build 5048 - issue with APs communicating back to controller - could be MTU-related, but not certain
Peplink MBX version 8.0.2 build 1409 - no issues with APs communicating back to controller


------------------------------
Michael Haring
------------------------------

Original Message:
Sent: Jan 15, 2021 05:26 PM
From: Michael Haring
Subject: AP-325 over LTE - ESP Messages Failing

Trying to setup a remote site and using an LTE enabled router to backhaul the traffic to our data center. Through troubleshooting, I found that the AP-325 is trying to establish it's IPSEC tunnel (through CPSec on controller) using ESP messages that are 1390 bytes. In testing, packets over 1310 bytes fail to reach the controller through this LTE router. APs attached initially and did their code upgrade, but once they did the CPSec enrollment they never came back. This controller has over 800 other APs and we CANNOT disable CPSec on it. 

Is there a way to change the SAP MTU in the default AP group to set MTU value to 1200 or is there another recommendation to get this setup? 

It's very time sensitive and critical to get these location working, so any suggestions are greatly appreciated.

Thanks!

------------------------------
Michael Haring
------------------------------