Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP failing to come up on controller

This thread has been viewed 7 times

  • 1.  AP failing to come up on controller

    Posted Apr 16, 2019 05:25 AM

    Hello,

     

    I am configuring a new 6.5.4.10 test controller. The test controller is a single 7010.

     

    The AP gets an IP address, and has at some point managed to talk to the controller (I have whitelisted it and it's in the db) but now it is in a reboot cycle. In the logs there are lots of these messages:

     

    Apr 16 10:09:52 localdb[3928]: <133006> <3928> <ERRS> |localdb| User 18:64:72:x:x:x Failed Authentication
    Apr 16 10:09:52 authmgr[3880]: <522275> <3880> <ERRS> |authmgr| User Authentication failed. username=18:64:72:x:x:x userip=172.x.x.x usermac=18:64:72:x:x:x authmethod=VPN servername=Internal serverip=131.x.x.x apname=N/A bssid=00:00:00:00:00:00

     

    The MAC and userip are that of the AP. This looks kind've self-explanatory, but I haven't come across it before and I don't know where this authentication is configured or why it's happening. Can anyone help please?

     

    Thanks

     



  • 2.  RE: AP failing to come up on controller

    Posted Apr 16, 2019 07:32 AM
    Is the port and VLAN trusted at the controller where the AP traffic is reaching the controller?
    If not the mac address needs to be authenticated.


  • 3.  RE: AP failing to come up on controller

    EMPLOYEE
    Posted Apr 16, 2019 07:46 AM
    @cauliflower wrote:

    Hello,

     

    I am configuring a new 6.5.4.10 test controller. The test controller is a single 7010.

     

    The AP gets an IP address, and has at some point managed to talk to the controller (I have whitelisted it and it's in the db) but now it is in a reboot cycle. In the logs there are lots of these messages:

     

    Apr 16 10:09:52 localdb[3928]: <133006> <3928> <ERRS> |localdb| User 18:64:72:x:x:x Failed Authentication
    Apr 16 10:09:52 authmgr[3880]: <522275> <3880> <ERRS> |authmgr| User Authentication failed. username=18:64:72:x:x:x userip=172.x.x.x usermac=18:64:72:x:x:x authmethod=VPN servername=Internal serverip=131.x.x.x apname=N/A bssid=00:00:00:00:00:00

     

    The MAC and userip are that of the AP. This looks kind've self-explanatory, but I haven't come across it before and I don't know where this authentication is configured or why it's happening. Can anyone help please?

     

    Thanks

     

    To be honest, It looks like you have control plane security enabled.  Type "show ap database" to see if the access point has the denied flag set.  If it does, type "show control-plane-security" to see if control plane security is enabled.  If it is not enabled, you have a different problem.  If it is enabled, you can allow it to admit new access points by typing the following:

     

    config t

    control-plane-security

    allow-cert-allow-all

    write mem

     



  • 4.  RE: AP failing to come up on controller

    Posted Apr 16, 2019 11:01 AM

    Ok so face-palm time - it seems I had remote-ap set in the provisioning profile.

     

    I do have control-plane-security turned on - but I am allowing the address range that this AP is within. It wasn't showing as Denied, I think it couldn't talk to the controller at all. So it must have been the RAP setting, I guess because it was not in the rap whitelist? Would that be consistent with those messages?



  • 5.  RE: AP failing to come up on controller

    Posted Apr 16, 2019 12:04 PM

    Hi cauliflower

     

    Yes. This message is shown when there is no entry in the rap-whitelist and you are using rap with certificate. Seen it yesterday in a customer installation.

     

    Regards

    Manuel