It turned out I should have broadened my test device scope. I tested a Windows 10 Laptop and a Macbook and they worked fine. I think it is something with this Windows 11 Laptop.
Original Message:
Sent: Nov 18, 2024 06:20 AM
From: Herman Robers
Subject: RAP Help
Is that SSID configured with WPA2/3-Enterprise? If some devices connect, others don't, and those that don't work on the campus AP, it may be an MTU issue with the certificate being too large. The RAP has a few additional bytes for the IPSec encapsulation.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 14, 2024 09:09 AM
From: mvanoverbeek
Subject: RAP Help
Thanks Herman,
Yes it actually got weirder and I probably just open a TAC case unless you have an idea. What I found is that my Windows 11 Laptop will not connect to the SSID of the RAP but my IPhone 13 connects fine. The AP is basically less than a meter away from my Iphone and Laptop so conditions are the same.
I enabled some logging (see below), but I could not get any decent info from it.
My last request would be, is there a particular logging level that comes to mind that I can explore?
Logging that I enabled.
logging security level debugging
logging security subcat ids level warnings
logging security subcat ids-ap level warnings
logging wireless level debugging
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Nov 14, 2024 04:30 AM
From: Herman Robers
Subject: RAP Help
This sounds unexpected, but it can be basically anything. Approach would be to step by step troubleshoot where the issue is; which is quite hard in a forum where much information is missing, and finding the issue takes multiple steps each depending on the previous step. Interactive access would greatly help, and your Aruba partner or TAC may be better suited for that.
One thing that I can think of, why in CAP mode it works but in RAP it doesn't, could be Control Plane Security, which is enabled by default and must have been disabled explicitly. For RAPs, control plane security is mandatory, but I believe for bridged on CAP as well, so I'm a bit clueless.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 11, 2024 03:14 PM
From: mvanoverbeek
Subject: RAP Help
Thank you Herman and Carson
This customer purchased the Conductors (virtual) and Controllers (virtual), so we were kind of stuck trying to make it work in the network.
I changed my Mock setup and added a VLAN 122 which I routed through OSPF from the controllers to the rest of my environment
Everything works fine for Campus APs, when I create a new wlan in tunneled mode I receive IP addresses from my DHCP server and everything works out fine.
When I convert this Campus AP into a Remote AP, for some kind of reason whatever I try the passwords of the SSIDs always come up as incorrect, even for enhanced open.
When I configured a wired profile all worked fine, I was able to receive an IP address in VLAN 122.
I will keep tinkering but any gotchas would be appreciated to see why Wireless isn't authenticating the personal SSID? What am I overlooking?
Thank you
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Nov 08, 2024 05:25 AM
From: Herman Robers
Subject: RAP Help
Normally, you would run campus APs in tunneled mode. Then when you have a Remote AP, you can apply the same configuration and clients that connect and are assigned to let's say VLAN 25 break out at the controller, and will get their IP address from the DHCP server in VLAN25. For the network, it's then transparent wherever they connect. Bridging traffic on campus APs is deprecated, the controller architecture was designed to tunnel traffic, which makes RAP scenarios really simple if you want to offer the same service on campus and RAPs.
Making it routed (small DHCP subnet) will make things much harder, and would more fit in the SD-Branch scenario, for RAP more specific micro-branch; which all is managed and orchestrated from Central. That architecture matches closer what you try to design.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 07, 2024 06:12 PM
From: mvanoverbeek
Subject: RAP Help
I think I am missing something with the RAP configuration which for some reason I can't find in the documentation
Configuration is as follows:
Two Conductors
Two Controllers
1 subnet that directly connect to my router (VLAN 201)
1 subnet configured on the router only (VLAN 25) for data communication
My APs work flawlessly in Bridged mode connecting into VLAN 25
I followed the steps to configure a remote AP and it will establish a tunnel succesfully to my Controllers with a 169.254.254.x address
The problem i have is: How do I get a client connected to this AP?
I can find instructions on the web how to do this?
Ideally I want each remote AP to dynamically receive a small subnet /29 for instance and DHCP on the Remote AP.
I cant find any documentation on how to do this however.
Hope someone can help
Thank you
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------