Wireless Access

 View Only
  • 1.  3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages

    Posted Feb 26, 2024 04:20 AM

    I have 3 WiFi Access Points at a remote site behind a Firewall that are able to connect to our Mobility controller, however consistently reboot within 30 minutes and the logs show getting denied by PAPI ports.  After working with HPE Support, we validated that we have enough licenses.  The site is 2.5 hours drive, and I'd prefer not to make the drive.  Is it possible to resolve this remotely?

    Here is logs:

       ble_relay[6000]: PAPI_Security: Denying message 24309 received from unauthenticated source x.x.x.x:8514 for PAPI port 8515
       ble_relay[6000]: PAPI_Security: Denying message 24334 received from unauthenticated source x.x.x.x:8514 for PAPI port 8515
       stm[5568]: PAPI_Security: Denying message 16200 received from unauthenticated source x.x.x.x:17103 for PAPI port 8222

    Checking the Console, it says these AP's are "Generating CSR" and never get past that.

    In the Mobility Controller GUI, all 3 do show up, but constantly reboot.

    Any thoughts on how to resolve?



  • 2.  RE: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages

    Posted Feb 26, 2024 05:15 AM
    Edited by Mr.RFC Feb 26, 2024 05:27 AM

    1. The only ports you would need for the AP to function is PAPI - 8211 [ first boot ] and 8209 [ when cpsec is enabled ] to establish communication and talk to the controller.

    2. What other logs do you see? I dont think this is a PAPI port issue

    3. What flags do you see in " show ap database " , and what do you see in the " show datapath session table | include <IP of AP>"

    4. Is the mode set to auto-cert-provision under control-plane-security?

    5. Do you have papi security enabled? if its not a requirement for the network, id suggest toggling that setting to see if the APs are able to establish communication and stay that way. 

    " https://www.arubanetworks.com/techdocs/CLI-Bank/Content/aos8/papi-security.htm"

    6. Is the AP in the whitelist section of cpsec?

    show whitelist-db cpsec

    7. Try removing one of the problematic APs from this list and re adding them. ( bounce your switch ports for a forced reboot ).



    ------------------------------
    /AJ
    ------------------------------



  • 3.  RE: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages

    Posted Mar 21, 2024 11:17 AM
    Edited by JohnB-Airhead 12 days ago

    Issue resolved



  • 4.  RE: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages

    Posted Mar 21, 2024 11:29 AM

    Also, To clarify as well. When I originally had this Issue, we opened a TAC with Aruba Support. They looked at our logs and saw we were out of licenses.  So Once we got the licenses registered, I assumed it would resolve this issue.  It may be possible that it did resolve the issue, but I needed to physically reprovision the AP's again, whitelist them, etc.

    That may have been the initial cause all along...




  • 5.  RE: 3 WiFi Access Points not functioning correctly - getting denied PAPI Port messages

    Posted 12 days ago

    If anyone was wanting a solution to this issue - This issue was caused due to a Typo in the Subnetmask for Wifi on the FW.  Resolving that, fixed this issue. Like AJ said, this wasn't a PAPI issue..