Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

AP205 Won't Provision

Jump to Best Answer
  • 1.  AP205 Won't Provision

    Posted Jul 19, 2017 02:59 PM

    Hi , i have 8 ap's at one of our remote locations and they all work fine connecting back to our controler which is a 7205 unit. We have a total of 32 ap's and have 32 licences for them. The controler is at our main campus location and this remote location is connected back via a IPSec VPN. All 8 have been working great and managment wanted to add a few more units to that location. So after provisioning them at our main campus i moved them over to the remote location and hooked them up. They get a valid ip that is pingable, can ping the aruba-master from the local subnet at that location. The ap's get a good ip, but never come up in the controler! Besides it being a licenseing issue which i doubt as i can plug these units in at our main campus and they work 100% with out issues. The ap just has a blinking power light and a flashing enet light. On a side note i have other ap's on other vpn's with out any of these issues as well. Any other ideas why the first 8 are working but anything after that dosent?



  • 2.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 03:16 PM
    "Show log system" on the controller command line might give you an idea.


  • 3.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 04:11 PM

    When i do a "Show log system" i get incomplete comand I have tried this in enable mode as well as the normal login mode via cli.

     

    Is there a syntax change due to os versions like on cisco iso sometimes? Im running 6.4.3.1 on the 7205 unit.



  • 4.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 04:31 PM

    show log system all

     

    show ap database

     



  • 5.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 04:39 PM

    Jul 19 13:54:21 :307027: <DBUG> |cfgm| Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 19 13:54:21 :311002: <WARN> |AP OCWAP12@10.10.3.0 sapd| Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT. Last rebootstrap reason: HELLO-TIMEOUT, 240 sec before: Last Ctrl msg: HELLO len=1168 dest=10.10.0.13 tries=10 seq=0
    Jul 19 13:54:22 :303086: <ERRS> |AP OCWAP12@10.10.3.0 nanny| Process Manager (nanny) shutting down - AP will reboot!

     

    Jul 19 14:07:34 :311020:  <ERRS> |AP OCWAP12@10.10.3.0 sapd|  An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4488 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKEV2_TIMEOUT. Ipsec not successful after reboot.



  • 6.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 04:40 PM

    above is the errors i saw for the ap i was working with no other errors in the log. the ap is listed in the ap database.

     

    AP Database
    -----------
    Name        Group             AP Type  IP Address    Status             Flags  Switch IP   Standby IP
    ----        -----             -------  ----------    ------             -----  ---------   ----------
    CHCOOKAP1   CH-CookStreet     205      10.10.26.2    Up 6d:1h:27m:45s   2      10.10.0.13  0.0.0.0
    MCFECAP1    MC-FEC            205      10.10.10.78   Up 7d:7h:44m:35s   2      10.10.0.13  0.0.0.0
    MCFECAP2    MC-FEC            205      10.10.10.198  Up 7d:7h:44m:21s   2      10.10.0.13  0.0.0.0
    MCFECAP3    MC-FEC            205      10.10.10.145  Up 7d:7h:44m:42s   2      10.10.0.13  0.0.0.0
    MCFECAP4    MC-FEC            205      10.10.10.76   Up 7d:7h:44m:37s   2      10.10.0.13  0.0.0.0
    MCFECAP5    MC-FEC            205      10.10.10.188  Up 7d:7h:44m:35s   2      10.10.0.13  0.0.0.0
    MCFECAP6    MC-FEC            205      10.10.10.196  Up 7d:7h:44m:36s   2      10.10.0.13  0.0.0.0
    MCPENTAP1   MC-Penthouse      205      10.10.8.252   Up 57d:2h:9m:51s   2      10.10.0.13  0.0.0.0
    MCSNELLAP1  MC-Snell          205      10.10.8.153   Up 57d:2h:9m:11s   2      10.10.0.13  0.0.0.0
    MCSNELLAP2  MC-Snell          205      10.10.8.246   Up 57d:2h:9m:23s   2      10.10.0.13  0.0.0.0
    MCSQAP1     SusquehannaHouse  205      10.10.0.45    Up 22d:5h:33m:55s  2      10.10.0.13  0.0.0.0
    MCSQAP2     SusquehannaHouse  205      10.10.0.46    Up 22d:5h:33m:35s  2      10.10.0.13  0.0.0.0
    MCSQAP3     SusquehannaHouse  205      10.10.0.82    Up 22d:5h:14m:35s  2      10.10.0.13  0.0.0.0
    MCSQAP4     SusquehannaHouse  205      10.10.0.48    Up 22d:5h:14m:37s  2      10.10.0.13  0.0.0.0
    MCSQAP5     SusquehannaHouse  205      10.10.0.61    Up 22d:5h:14m:30s  2      10.10.0.13  0.0.0.0
    MCSQAP6     SusquehannaHouse  205      10.10.0.27    Up 21d:7h:41m:3s   2      10.10.0.13  0.0.0.0
    MCWBAP1     MC-WhiteBuilding  205      10.10.8.185   Down               2      10.10.0.13  0.0.0.0
    MCWBAP2     MC-WhiteBuilding  205      10.10.10.55   Down               2      10.10.0.13  0.0.0.0
    OCWAP01     OneontaCampus     205      10.10.2.40    Up 5d:19h:55m:34s  2      10.10.0.13  0.0.0.0
    OCWAP02     OneontaCampus     205      10.10.2.41    Up 5d:19h:55m:34s  2      10.10.0.13  0.0.0.0
    OCWAP03     OneontaCampus     205      10.10.2.42    Up 5d:19h:55m:33s  2      10.10.0.13  0.0.0.0
    OCWAP04     OneontaCampus     205      10.10.2.43    Up 5d:19h:55m:33s  2      10.10.0.13  0.0.0.0
    OCWAP05     OneontaCampus     205      10.10.2.45    Up 5d:19h:57m:55s  2      10.10.0.13  0.0.0.0
    OCWAP06     OneontaCampus     205      10.10.2.46    Up 5d:19h:57m:56s  2      10.10.0.13  0.0.0.0
    OCWAP07     OneontaCampus     205      10.10.2.30    Up 5d:19h:57m:55s  2      10.10.0.13  0.0.0.0
    OCWAP08     OneontaCampus     205      10.10.2.31    Up 5d:19h:57m:54s  2      10.10.0.13  0.0.0.0
    OCWAP09     OneontaCampus     205      10.10.8.152   Down               2      10.10.0.13  0.0.0.0
    OCWAP10     OneontaCampus     205      10.10.2.233   Down               2      10.10.0.13  0.0.0.0
    OCWAP11     OneontaCampus     205      10.10.10.105  Down               2      10.10.0.13  0.0.0.0
    OCWAP12     default           205      10.10.3.0     Down                      10.10.0.13  0.0.0.0
    OCWAP13     OneontaCampus     205      10.10.7.12    Down               2      10.10.0.13  0.0.0.0
    OCWAP14     OneontaCampus     205      10.10.7.17    Down               2      10.10.0.13  0.0.0.0



  • 7.  RE: AP205 Won't Provision

    Posted Jul 19, 2017 05:24 PM

    In the AP-Group that the AP is in, there is an AP system profile.  I would try setting the SAPD MTU to 1400 to see if it helps.  That would lower the MTU so that it would not be fragmented through a VPN tunnel.



  • 8.  RE: AP205 Won't Provision

    Posted Jul 20, 2017 10:15 AM

    That helped a bit. The unit in question showed up under the provisoning tab then went away and came back. I then tried to push it to the correct group and now shows up on that tab randomly. Is there any thing else i can try or tweak?



  • 9.  RE: AP205 Won't Provision

    Posted Jul 21, 2017 07:45 AM

    Could any of this have to do with licensing? One of these ap's at this location just went into  hold status after a reboot of the controler. It says i have a total of 31 ap's i can have but only 24 are currently working. Or is this all the same issue with the vpn?



  • 10.  RE: AP205 Won't Provision

    Posted Jul 21, 2017 08:39 AM

    Type "show ap database".  If your problem is with licensing the AP will have the "IL" flags.

     

    Type "show log system 50" to see if you have any clues about what the problem could be...



  • 11.  RE: AP205 Won't Provision

    Posted Jul 21, 2017 09:34 AM

    The one ap shows I = inactive.

     

    and shows this in the database area

    OCWAP12     default           205      10.10.3.0     Down                   10.10.0.13  0.0.0.0

    but keeps showing up under provisioning as I.

     

    show log system 50

    Jul 21 13:30:56 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:30:56 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:31:06 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:31:06 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:31:06 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:31:16 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:31:16 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:31:21 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:31:21 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:31:21 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:31:22 :307048:  <DBUG> |cfgm|  Got a message from 8344:5005
    Jul 21 13:31:22 :399814:  <DBUG> |cfgm|  replyGetLmsListRequest:327 Sending IP 10.10.0.13 to 8344
    Jul 21 13:31:36 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:31:36 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:31:36 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:31:36 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:31:36 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:31:51 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:31:51 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:31:51 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:31:56 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:31:56 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:32:06 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:32:06 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:32:06 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:32:16 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:32:16 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:32:21 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:32:21 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:32:21 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:32:36 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:32:36 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:32:36 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:32:36 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:32:36 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:32:51 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:32:51 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:32:51 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:32:56 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:32:56 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:33:06 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:33:06 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:33:06 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:33:16 :307026:  <DBUG> |cfgm|  master: Refreshing the lms list
    Jul 21 13:33:16 :307027:  <DBUG> |cfgm|  Checking the LMS not responding flag for local 10.10.0.13 flag value is 1, missedHB 0 socketID -1
    Jul 21 13:33:21 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
    Jul 21 13:33:21 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
    Jul 21 13:33:21 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
    Jul 21 13:33:22 :307048:  <DBUG> |cfgm|  Got a message from 8344:5005
    Jul 21 13:33:22 :399814:  <DBUG> |cfgm|  replyGetLmsListRequest:327 Sending IP 10.10.0.13 to 8344



  • 12.  RE: AP205 Won't Provision

    Posted Jul 21, 2017 10:57 AM

    What is the device at 10.10.0.13?



  • 13.  RE: AP205 Won't Provision

    Posted Jul 21, 2017 11:09 AM

    10.10.0.13 is the ip of the controler



  • 14.  RE: AP205 Won't Provision
    Best Answer

    Posted Jul 24, 2017 12:19 PM

    I was able to solve this. One, the config would not fully download over the vpn. I reprovisined the unit i was working on by bringing it back to my office and loaded the config with the new MTU and when i brought it back to the other campus it came online with out any issues even after reboots.

     

    Thanks for your help.