Wireless Access

 View Only
  • 1.  Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 08, 2024 08:49 PM
    Edited by mvanoverbeek Apr 08, 2024 08:58 PM

    I am trying to test migration from Remote AP to Aruba central but am still new to Aruba in general. This means I actually never configured an Virtual Controller with Remote APs. I looked on Youtube, validated designs, and this forum, but now have to conclude I am unable to find any. 

    Can anyone point me to preferably a step-by-step on how to configure remote APs on a (virtual) controller running ArubaOS 8.10.0.10 LSR? This will really help me out testing the migration of Remote APs to Microbranch APs. 

    One thing I run into is that I cannot even access the AP through console, for some reason passwords do not get accepted, it does not accept the serial number or anything I know I use as a password. Logs below are from the VMC (i x-ed out three digits of my IP address)

       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092063 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:d8324c00 OppSPI:50a96c00 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092064 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:dbf89d00 OppSPI:60b88a00 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092065 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IPSec SA Deletion: IPSEC_delSa SPI:63d2da00 OppSPI:e5d18400 Dst:97.140.15x.xx Src:10.20.202.10 flags:1001 dstPort:0 srcPort:0
       isakmpd[5624]: <103103> <5624> <WARN> |ike|  97.140.15x.xx:63554-> IKE SA Deletion: IKE2_delSa peer:97.140.15x.xx:63554 id:2286092066 errcode:ERR_IKESA_CLEARED saflags:0x10000051 arflags:0x5



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------



  • 2.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 08, 2024 11:04 PM

    In your logs, what is talking to what?  Which IP address is associated with which device?  Is the VMC running in a cluster or standalone?  Are you running NAT or directly with a public IP address?

    What model is the AP and what software is the AP running?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 11, 2024 08:56 AM

    Hi Carson,

    10.20.202.10 = VMC in standalone mode

    97.140.15x.xx = Verizon IP address of Remote AP

    The remote AP (345) is behind the FWA Verizon device

    The VMC is behind a Fortigate Firewall and I had port-forwarding set up for UDP port 4500 and I am running NAT



    ------------------------------
    Martijn van Overbeek
    Architect, Netcraftsmen a BlueAlly Company
    ------------------------------



  • 4.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 11, 2024 09:15 AM

    Can you get the AP associated with the controller by using the local network?  Can you convert the AP to a RAP



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 11, 2024 09:21 AM

    I think I was able to do that yes, the AP was working on the controller. Are there any special steps I should have followed?

     

    Martijn Paul van Overbeek
    Architect
    Work 443-333-5809
    Mobile 984-528-1279
    Email mvanoverbeek@blueally.com

     






  • 6.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 11, 2024 09:36 AM

    If you take that AP that was associated on the internal network, convert the AP to a RAP while still on the internal network, then move the RAP to an AP group where the LMS entry points at the public IP address for the controller, that AP should be properly configured to work from a remote network.  Test to see if that process works.  If that doesn't work then there is likely a configuration issue to be looked at.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: Remote AP Configuration on Virtual Controller ArubaOS 8.10.0.10 LSR

    Posted Apr 11, 2024 09:45 AM

    Thanks Carson,


    I will test your procedure, it will take me a little bit of time as I have converted my lab into testing the Virtual VPNC (with litle luck so far)