That looks like Airwave or another management system logging in to get your configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 14, 2023 03:32 AM
From: Hero Haya
Subject: Connection Denial due to "Incorrect Passphrase"
I have a lot of detection of rogue APs. I also have what appears to be logins and commands being executed.
May 9 12:03:53 2023 cli[17877]: USER: admin has logged in from X.X.X.X.
May 9 12:03:53 2023 cli[17877]: USER: admin connected from X.X.X.X has logged out.
May 9 12:03:53 2023 cli[17877]: USER:admin@X.X.X.X NODE:"/mm/mynode" COMMAND:<no paging > -- command executed successfully.
May 9 12:03:53 2023 cli[17877]: USER:admin@X.X.X.X NODE:"/mm/mynode" COMMAND:<encrypt disable > -- command executed successfully.
Im seeing this string of output all through my logs. Any suggestions?
Original Message:
Sent: May 12, 2023 12:00 PM
From: DB86
Subject: Connection Denial due to "Incorrect Passphrase"
Is it still going on? Maybe check to see if there is a rogue detected on nearby APs?
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
If my post was useful accept solution and/or give kudos
Original Message:
Sent: May 12, 2023 03:09 AM
From: Hero Haya
Subject: Connection Denial due to "Incorrect Passphrase"
Hello Airheads,
Had a weird issue the other day. My users were kicked off of the SSID and then prompted to re-connect. When they attempted to re-connect they were denied due to "Incorrect Passphrase" but the passphrase hadn't been changed. What might have caused this?