How long did you let the access point sit there? Did you try to factory reset the AP? Was the AP new or was it on a different system?
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Jun 09, 2022 01:22 PM
From: David Sanchez
Subject: Disabled CPSEC, but APs didn't get the memo
Hi Novec,
I am experiencing a similar issue.
sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4529 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKE_XAUTH_AUTHORIZATION_FAILED. Ipsec not successful after reboot.
+AOS 8.9
+CPSEC enabled
-AutoCert Provision disabled
-Auto Cert Allow All enabled
+AP is in Denied status despite being in the CPSEC allowlist.
+Have tried rebooting the AP, removing/adding to the whitelist.
+ AP is getting an IP@ fine. Other APs on the same switch, same vlan working ok. Would discard traffic being blocked between AP and MC.
Did you get it resolved ?
Thanks,
Original Message:
Sent: Jun 21, 2019 09:45 AM
From: Lars Bjerke
Subject: Disabled CPSEC, but APs didn't get the memo
I've tried enabling CPSEC on our 7220, but due to network issues on a couple of our MPLS locations I had to disable it again. While that's an acceptable workaround until our ISP fixes their issues, the APs still try to set up an IPSEC tunnel when they boot. After the tunnel attempt finally times out, it reboots and connects normally, but by then almost half an hour has gone by. Each AP logs one error message after connecting:
An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4529 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKEV2_TIMEOUT. Ipsec not successful after reboot.
When I reset an AP to factory default, or provision a new one, it connects in a couple of minutes. Physically resetting 900 APs at 100 locations is not an option, though...
For the record; all APs, an unholy mix of 100, 200 and 300 series, behave exactly the same. I was running AOS 8.1 when I tried enabling CPSEC several months back, and was up to AOS 8.3 when our ISP finally told me to try again, and both versions gave the same result.
Is there any way to make the APs "forget" CPSEC, other than physically resetting them?