I have a feeling that the AP once converted to RAP is still trying to talk to the private IP rather than the public. You might be able to re-provision the RAP while still one the internal network to an AP group that specifies the LMS as one of the public IP addresses.
Original Message:
Sent: Feb 28, 2024 08:03 PM
From: hornp
Subject: Remote Access Point unable to connect, Auth Request
I thought that too but it isn't working. I can set them as RAP in the controller, it will even show them in the RAP section, but when I take the device off site, it doesn't connect. I'm not sure what the most effective way for troubleshooting this is - I suppose I will need to locate console cables and see what the APs are doing.
I thought there was a section on the activate site (activate.arubanetworks.com) that I could add the details, but then when I went there it said it was moved and now I can't find it. ��
Original Message:
Sent: 2/27/2024 10:34:00 AM
From: chulcher
Subject: RE: Remote Access Point unable to connect, Auth Request
The 505H can be easy, just factory default the AP and convert from IAP.
For Campus APs, should just need to re-provision the AP to remote mode. As long as the AP can get an IP address and reach one of the cluster nodes as seen in the node-list environment variable, that should work.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Feb 27, 2024 12:30 AM
From: hornp
Subject: Remote Access Point unable to connect, Auth Request
Hello everyone,
I'm back with another question that should have a simple answer, but I've been having a hard time finding it.
We're all set up with the above - I have a RAP that works fine connecting to the controller from a remote location. The working AP is an AP303H that originally shipped with IAP mode, and I was able to go in and provision it to the controller and convert it to RAP.
What I can't figure out is how to configure existing campus APs to work remotely. I have tried with a 505H, and a 315 and a 325 (though I'll admit that I can't remember if these are the universal AP or if they are only campus APs - JW797A and JW327A (both have the model and then -61001 on the sticker if I am reading that right).
Anyway - what would be the process to get these converted to RAP? We had them online, and then set them up on the controller as RAP, and they showed up like they were going to work, but they never come online. I don't have handy the serial adapter for the 315, but I could console in to the 325 if I knew what I needed to do.
Any help or nudge in the correct direction would be appreciated!
Original Message:
Sent: Dec 08, 2023 09:13 AM
From: Herman Robers
Subject: Remote Access Point unable to connect, Auth Request
Did you set the RAP Public IP in your cluster?
With controller clusters, most of LMS configuration is ignored and an AP will connect directly to the controller IP as configured in the cluster, or when in RAP mode to the RAP Public IP.
The Auth Request message suggests an authentication problem, but it may be that the RAP just cannot reach its anchor or user controllers.
If this is not your issue, it may be more effective to work with your partner or Aruba Support as there are many things to look at and verify.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Dec 07, 2023 04:08 PM
From: hornp
Subject: Remote Access Point unable to connect, Auth Request
Thanks Herman! I was hoping it was something simple. I had followed that guide, but somehow missed the remote AP tab. I'll try that and see if it comes online.
I did have the AP in the wrong list (Campus)
I do have the LMS ip set for both controllers in the cluster here in the IP address and Backup IP address field. This is the public NAT address (which is surely working since I can see the RAP trying to connect.
I'm not in the same area as the AP right now but I'll give it another reset this eve and see if it will come online if it doesn't before that.
Original Message:
Sent: Dec 07, 2023 08:24 AM
From: Herman Robers
Subject: Remote Access Point unable to connect, Auth Request
Are your controllers in a cluster? In that case you would need to configure the public IPs in your configuration as well... and there is a separate allow list for remote APs (from normal / Campus APs).
If the controllers are not in a cluster, the NAT should be enough.
This page seems to have a good summary... a bit down from the top there is the cluster configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Dec 07, 2023 02:41 AM
From: hornp
Subject: Remote Access Point unable to connect, Auth Request
Hey everyone,
I have an ArubaMM-VA (pri/backup) on version 8.10.0.7 LSR orchestrating two Physical 7210 controllers. I am trying to get some remote APs going, but am hitting a snag and I haven't been able to find the cause. The traffic is coming from a typical home user network with a NAT to the public Internet over to the corporate Palo firewall. There are two NAT addresses configured both in the firewall and the profile for the RAP in the controller, and a corresponding policy to allow "any" traffic from the home location ip address to the two NAT addresses on the controller. The controllers have private IP addresses, but the NAT rule points to those IPs. I don't think I should have to include specific ports, but I can do that (I'm testing now with wide open settings to get it working).
The AP is an AP-303, it's in the allow list, and I can see it connect to the controller, but it will never come all the way online. I'm unsure what I have missed, but I did see the AP go Up, then Down a few times
The message is:
AP is down since 2023-12-07 02:01:02 because of the following reason: Auth Request.
On the controller:
show datapath session table 10.200.200.51
Source IP or MAC Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags CPU ID
----------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------- ---------- --------------- -------
10.200.200.51 10.29.0.101 17 8211 8515 0/0 0 0 1 local 4 0 0 FYI 11
10.29.0.101 10.200.200.51 17 8515 8211 1/0 0 0 0 local 6 2 786 FCI 11
I'm not sure what else to check. I'm sure I missed a step, as the RAP configuring isn't as well documented as I hoped. Where do I go next?
Thanks!
PH