Wireless Access

 View Only
Expand all | Collapse all

Problem with RAP

This thread has been viewed 23 times
kdisc98

kdisc98Feb 08, 2013 09:04 AM

  • 1.  Problem with RAP

    Posted Feb 08, 2013 08:04 AM
      |   view attached

    Dear Friends,

    I am trying to configure RAP-2WG with Aruba200 controller. When i connect RAP with controller its show up but when I provision the AP to any AP Group it does not come up and shows as down.

    Details of configurations are in attached file. Please have a look into it and advice.

    Attachment(s)

    docx
    RAP Problem.docx   18 KB 1 version


  • 2.  RE: Problem with RAP

    Posted Feb 08, 2013 08:15 AM

    in your log ,i can see the following error:

     

    No ISAKMP PSK found for peer 192.168.2.125

    1.did u configured the right VPN settings? (that allowing u to use cert or user/password/shared)?

    2.did u whitelisted this RAP?

    3.seems like a cert\secret issue.

     

    Another thing,that u might wanna check: (That might sending wrong internal controller address to the rap unit)

    Do u have any LMS or BACKUPLMS configured in the AP-system-profile default? Or in the AP-system-profile that attached to any of those groups?

     

    It's seems that after you provision the RAP,he getting some wrong configuration (might be the LMS and BACKUP LMS - check it)

     

    update us if it solve your issue.

     

    Me.



  • 3.  RE: Problem with RAP

    Posted Feb 08, 2013 08:58 AM
    Thank You please see the response

    1.did u configured the right VPN settings? (that allowing u to use cert or user/password/shared)?
    I think there is some problem with VPN setting but i am not able to found where the problem exist. Please do let me know what setting preview required to resolve this issue.

    2.did u whitelisted this RAP?
    Yes
    3.seems like a cert\secret issue.
    Try both certificate and PSK. Tried with different username and password and different psk as well


  • 4.  RE: Problem with RAP

    Posted Feb 08, 2013 09:01 AM

    What about the LMS / BACKLMS setting in the ap-system-profile? is there any configuration there that u did? did u checked it also?



  • 5.  RE: Problem with RAP

    Posted Feb 08, 2013 09:14 AM
    What about the LMS / BACKLMS setting in the ap-system-profile? is there any configuration there that u did? did u checked it also?

    I just added LMS IP in that.. below is output for your reference


    (ICI) #show ap system-profile MyAPSysProfile

    AP system profile "MyAPSysProfile"
    ----------------------------------
    Parameter Value
    --------- -----
    LMS IP 192.168.2.222
    Backup LMS IP N/A
    LMS Preemption Disabled
    LMS Hold-down Period 600 sec
    Number of IPSEC retries 360
    LED operating mode (AP-9x/AP-10x/AP-12x/RAP-5x only) normal
    RF Band g
    Double Encrypt Disabled
    Native VLAN ID 1
    SAP MTU N/A
    Bootstrap threshold 8
    Request Retry Interval 10 sec
    Maximum Request Retries 10
    Keepalive Interval 60 sec
    Dump Server N/A
    Telnet Disabled
    SNMP sysContact N/A
    AeroScout RTLS Server N/A
    RTLS Server configuration N/A
    Remote-AP DHCP Server VLAN N/A
    Remote-AP DHCP Server Id 192.168.11.1
    Remote-AP DHCP Default Router 192.168.11.1
    Remote-AP DHCP DNS Server N/A
    Remote-AP DHCP Pool Start 192.168.11.2
    Remote-AP DHCP Pool End 192.168.11.254
    Remote-AP DHCP Pool Netmask 255.255.255.0
    Remote-AP DHCP Lease Time 0 days
    Remote-AP Backup Ports Enabled
    Remote-AP uplink total bandwidth 0 kbps
    Remote-AP bw reservation 1 N/A
    Remote-AP bw reservation 2 N/A
    Remote-AP bw reservation 3 N/A
    Heartbeat DSCP 0
    Session ACL allowall
    Corporate DNS Domain N/A
    Maintenance Mode Disabled
    WISPr Location-ID ISO Country Code N/A
    WISPr Location-ID E.164 Country Code N/A
    WISPr Location-ID E.164 Area Code N/A
    WISPr Location-ID SSID/Zone N/A
    WISPr Operator Name N/A
    WISPr Location Name N/A
    Remote-AP Local Network Access Disabled



  • 6.  RE: Problem with RAP

    Posted Feb 08, 2013 09:01 AM

    Did you set the preshared key on the controller?  Did you set a username and password in the controller's local database for that AP?

     

    You do not need to enter the AP into the whitelist, because that is for only certificate-based APs and of course, that will not work.



  • 7.  RE: Problem with RAP

    Posted Feb 08, 2013 09:10 AM
    Hi Joseph



    Did you set the preshared key on the controller?
    YES with this command
    crypto isakmp key aruba123 address 10.10.123.0 netmask 255.255.255.0

    Did you set a username and password in the controller's local database for that AP?
    Yes


    You do not need to enter the AP into the whitelist, because that is for only certificate-based APs and of course, that will not work.
    I tried both i mean once with PSK and again with adding it into white list.
    Please confirm if the AP is in white list it will not get connected via PSK ?


  • 8.  RE: Problem with RAP

    Posted Feb 08, 2013 09:02 AM
    Thank You Kdisc

    Please see this

    iTt's seems that after you provision the RAP,he getting some wrong configuration (might be the LMS and BACKUP LMS - check it)

    LMS IP is correct but no LMS IP is available so not provided


  • 9.  RE: Problem with RAP

    Posted Feb 08, 2013 09:04 AM

    ok.



  • 10.  RE: Problem with RAP

    Posted Feb 08, 2013 09:04 AM

    @syedmuradali wrote:
    Thank You Kdisc

    Please see this

    iTt's seems that after you provision the RAP,he getting some wrong configuration (might be the LMS and BACKUP LMS - check it)

    LMS IP is correct but no LMS IP is available so not provided

    The LMS IP, should be blank.  The problem is that the AP does not connect via IPSEC in the first place, which has to happen even before the LMS-IP is applied.  We need to troubleshoot that portion first.

     



  • 11.  RE: Problem with RAP

    Posted Feb 08, 2013 09:06 AM

    But if the RAP unit if connecting to an AP-GROUP with LMS/BACKUP LMS with internal address , after the provisoning process,and the reboot the RAP will be down.

     

    That's the reason i told hom to check it. (and yes..on RAP groups it's should be blank)

     



  • 12.  RE: Problem with RAP

    Posted Feb 08, 2013 09:09 AM

    @kdisc98 wrote:

    But if the RAP unit if connecting to an AP-GROUP with LMS/BACKUP LMS with internal address , after the provisoning process,and the reboot the RAP will be down.

     

    That's the reason i told hom to check it. (and yes..on RAP groups it's should be blank)

     


    That isa  fair assessment.

     

    The AP must connect via IPSEC to get the LMS/Backup LMS instructions, so if the IPSEC connection is not happening, it cannot even get to that point.

     

    APs that have the LMS set to another controller connect via IPSEC successfully and get redirected to that blackhole, creating the "AP Down" situation.  The AP must connect via IPSEC successfully to the first controller to even get into that condition...

     



  • 13.  RE: Problem with RAP

    Posted Feb 08, 2013 09:16 AM

    Yep.That the reason that I thought about it(about the AP-system-profile LMS/BACKUPLMS) ...he wrote that the RAP is connecting the the Controller but going down after provising...

     



  • 14.  RE: Problem with RAP

    Posted Feb 08, 2013 09:15 AM


    The LMS IP, should be blank. The problem is that the AP does not connect via IPSEC in the first place, which has to happen even before the LMS-IP is applied. We need to troubleshoot that portion first.

    LMS IP has been removed but still facing the same problem


  • 15.  RE: Problem with RAP

    Posted Feb 08, 2013 09:17 AM

    But in the begining you wrote:

    syedmuradali
    Posts: 86
    Registered: ‎09-26-2012
    Problem with RAP

    Dear Friends,

    I am trying to configure RAP-2WG with Aruba200 controller. When i connect RAP with controller its show up but when I provision the AP to any AP



  • 16.  RE: Problem with RAP

    Posted Feb 08, 2013 09:23 AM
    Hi Kdisc,
    I am sorry i dont understand what you mean to say..
    let me explain again what the problem is...
    I reset the RAP to factory default and connect it with controller its show up. but when i provision it. the rap shows down..
    This was happening when LMS IP was blank, After this i added LMS IP but problem remain the same. So now i removed the LMS as per CJoseph instructions..


  • 17.  RE: Problem with RAP

    Posted Feb 08, 2013 09:21 AM

    Okay.

     

    Did you put an IPSEC preshared key on the controller?:

    shared.PNG

     

    Did you enter a username and password into the local user database for that AP?:

    localdb.PNG

     

     

    And did you provision the IPSEC key from the first step and the username and password from the second step into that into the AP?:

     

    rap-provision.PNG



  • 18.  RE: Problem with RAP

    Posted Feb 08, 2013 09:30 AM

    Yes CJoseph i have performed all these steps, See the attached screeshot may be you can help me

     

     



  • 19.  RE: Problem with RAP
    Best Answer

    Posted Feb 08, 2013 09:32 AM

    delete the IKE shared secret for 10.10.123.0

    and create a new one for 0.0.0.0 (just for the test)

     

    tell us it's it works.



  • 20.  RE: Problem with RAP

    Posted Feb 08, 2013 09:42 AM
    resolved... AP is showing up now....

    Thank you so much Cjoseph and Kdisc
    You are people are amazing...


  • 21.  RE: Problem with RAP

    Posted Feb 08, 2013 09:43 AM

    dont forget to KUDOS me and press on SOLVED!

     

    That the reason why we here. to give u some more Air into the Head :)

     

     



  • 22.  RE: Problem with RAP

    Posted Feb 08, 2013 09:48 AM
    One more question please...
    The SSID is working on "Standard" Remote AP operation.. After disconnecting from Controller how much time RAP will wait to turn the Backup SSID on ???
    Back SSID Is not working now :-(


  • 23.  RE: Problem with RAP

    Posted Feb 08, 2013 09:51 AM

    Is the SSID bridged or tunneled?  It must be bridged for backup to work.  It should come up within 30 seconds, and the AP needs to have a valid ip address (ethernet must be up, etc).

     



  • 24.  RE: Problem with RAP