Wireless Access

I have a controller and a set of access points located across multiple sites. Initially, there were no issues when the branches were connected to the main site via MPLS. However, after transitioning to site-to-site VPN, many problems arose: access points disconnecting, wireless networks not appearing, and sometimes access points remain offline for up to 8 hours before reconnecting.

How can I perform troubleshooting and identify the problem? Note that the VPN is stable and all other services are stable; only the controller and access points are affected. I have already updated the controller and access points, but the issue persists.

Running Campus APs with a controller over a WAN/VPN is not supported.

One difference between MPLS and a VPN is that most VPNs are configured between stateful firewalls. That means that out-of-state traffic (packets for which the firewall doesn't know an established connection) as well fragmented traffic is dropped. Some firewalls also handle/inspect IPSec traffic (udp/4500), but the traffic between AP and controller must be untouched. Make sure there is no processing/inspection on the traffic between AP and controller. The connection between AP and controller should support large MTU, low latency and high bandwidth. You probably broke one of those parameters; where it's hard to do all correct on VPN/WAN, and which is why it's unsupported.

What may help troubleshooting is to capture traffic on the port to your AP, and on the port to your gateway, then find traffic which is modified/fragmented/dropped. From there find out where that happens and remediate; which still doesn't make the solution supported, but it may work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jul 13, 2024 02:55 AM
From: JordanWifi
Subject: controller and a set of access points from mpls to site to site

I have a controller and a set of access points located across multiple sites. Initially, there were no issues when the branches were connected to the main site via MPLS. However, after transitioning to site-to-site VPN, many problems arose: access points disconnecting, wireless networks not appearing, and sometimes access points remain offline for up to 8 hours before reconnecting.

How can I perform troubleshooting and identify the problem? Note that the VPN is stable and all other services are stable; only the controller and access points are affected. I have already updated the controller and access points, but the issue persists.

how can i convert from compose Compuse Ap to  remote ap ?and how i can make APs

work as controller when controller is disconnect?

Running Campus APs with a controller over a WAN/VPN is not supported.

One difference between MPLS and a VPN is that most VPNs are configured between stateful firewalls. That means that out-of-state traffic (packets for which the firewall doesn't know an established connection) as well fragmented traffic is dropped. Some firewalls also handle/inspect IPSec traffic (udp/4500), but the traffic between AP and controller must be untouched. Make sure there is no processing/inspection on the traffic between AP and controller. The connection between AP and controller should support large MTU, low latency and high bandwidth. You probably broke one of those parameters; where it's hard to do all correct on VPN/WAN, and which is why it's unsupported.

What may help troubleshooting is to capture traffic on the port to your AP, and on the port to your gateway, then find traffic which is modified/fragmented/dropped. From there find out where that happens and remediate; which still doesn't make the solution supported, but it may work.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jul 13, 2024 02:55 AM
From: JordanWifi
Subject: controller and a set of access points from mpls to site to site

I have a controller and a set of access points located across multiple sites. Initially, there were no issues when the branches were connected to the main site via MPLS. However, after transitioning to site-to-site VPN, many problems arose: access points disconnecting, wireless networks not appearing, and sometimes access points remain offline for up to 8 hours before reconnecting.

How can I perform troubleshooting and identify the problem? Note that the VPN is stable and all other services are stable; only the controller and access points are affected. I have already updated the controller and access points, but the issue persists.