Also, To clarify as well. When I originally had this Issue, we opened a TAC with Aruba Support. They looked at our logs and saw we were out of licenses. So Once we got the licenses registered, I assumed it would resolve this issue. It may be possible that it did resolve the issue, but I needed to physically reprovision the AP's again, whitelist them, etc.
That may have been the initial cause all along...
Original Message:
Sent: Feb 26, 2024 05:14 AM
From: Mr.RFC
Subject: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages
1. The only ports you would need for the AP to function is PAPI - 8211 [ first boot ] and 8209 [ when cpsec is enabled ] to establish communication and talk to the controller.
2. What other logs do you see? I dont think this is a PAPI port issue
3. What flags do you see in " show ap database " , and what do you see in the " show datapath session table | include <IP of AP>"
4. Is the mode set to auto-cert-provision under control-plane-security?
5. Do you have papi security enabled? if its not a requirement for the network, id suggest toggling that setting to see if the APs are able to establish communication and stay that way.
" https://www.arubanetworks.com/techdocs/CLI-Bank/Content/aos8/papi-security.htm"
6. Is the AP in the whitelist section of cpsec?
show whitelist-db cpsec
7. Try removing one of the problematic APs from this list and re adding them. ( bounce your switch ports for a forced reboot ).
------------------------------
/AJ
Original Message:
Sent: Feb 23, 2024 01:49 PM
From: JohnB-Airhead
Subject: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages
I have 3 WiFi Access Points at a remote site behind a Firewall that are able to connect to our Mobility controller, however consistently reboot within 30 minutes and the logs show getting denied by PAPI ports. After working with HPE Support, we validated that we have enough licenses. The site is 2.5 hours drive, and I'd prefer not to make the drive. Is it possible to resolve this remotely?
Here is logs:
ble_relay[6000]: PAPI_Security: Denying message 24309 received from unauthenticated source x.x.x.x:8514 for PAPI port 8515
ble_relay[6000]: PAPI_Security: Denying message 24334 received from unauthenticated source x.x.x.x:8514 for PAPI port 8515
stm[5568]: PAPI_Security: Denying message 16200 received from unauthenticated source x.x.x.x:17103 for PAPI port 8222
Checking the Console, it says these AP's are "Generating CSR" and never get past that.
In the Mobility Controller GUI, all 3 do show up, but constantly reboot.
Any thoughts on how to resolve?