Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.

Disabled CPSEC, but APs didn't get the memo

  • 1.  Disabled CPSEC, but APs didn't get the memo

    Posted Jun 21, 2019 09:45 AM

    I've tried enabling CPSEC on our 7220, but due to network issues on a couple of our MPLS locations I had to disable it again. While that's an acceptable workaround until our ISP fixes their issues, the APs still try to set up an IPSEC tunnel when they boot. After the tunnel attempt finally times out, it reboots and connects normally, but by then almost half an hour has gone by. Each AP logs one error message after connecting:

     

    An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4529 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKEV2_TIMEOUT. Ipsec not successful after reboot.

     

    When I reset an AP to factory default, or provision a new one, it connects in a couple of minutes. Physically resetting 900 APs at 100 locations is not an option, though...

     

    For the record; all APs, an unholy mix of 100, 200 and 300 series, behave exactly the same. I was running AOS 8.1 when I tried enabling CPSEC several months back, and was up to AOS 8.3 when our ISP finally told me to try again, and both versions gave the same result.

     

    Is there any way to make the APs "forget" CPSEC, other than physically resetting them?