I have a small cluster (3) AP-109s running Instant 6.5.4.3_61959. It is working as configured.
I do not have cluster security enabled.
I do not have any VPNs enabled.
My WLAN is 192.168.23.0/24
My syslog server is receiving the following two errors from all of my APs every several seconds:
cli[xxxx]: [primary tunnel] Error!!!: Received RC_OPCODE_ERROR lms192.168.10.2 tunnel 0.0.0.0 RC_EROR_IKEP2_PKT1 debug-error:-8949 (ERR_IKE_TIMEOUT)
cli[xxxx]: [primary tunnel] tunnel_err_msg_recv(1762): Error !!! Received RC_OPCODE_ERROR peer public ip 192.168.10.2 tunnel ip 0.0.0.0, controller ip 0.0.0.0, RC_EROR_IKEP2_PKT1 debug-error:-8949 (ERR_IKE_TIMEOUT)
These errors looked like crypto failures that are VPN related, but I do not have a VPN configured. Also I have no idea where the IP address 192.168.10.2 was coming from (where it had been configured). It is not in my current configuration
I decided to do a show vpn status from the cli and I found the 192.168.10.2 IP address; it is defined as the primary tunnel peer address! See below:
AP109-East# show vpn status
profile name:default
--------------------------------------------------
current using tunnel :unselected tunnel
current tunnel using time :0
ipsec is preempt status :disable
ipsec is fast failover status :disable
ipsec hold on period :600s
ipsec tunnel monitor frequency (seconds/packet) :5
ipsec tunnel monitor timeout by lost packet cnt :6
ipsec primary tunnel crypto type :Cert
ipsec primary tunnel peer address :192.168.10.2
ipsec primary tunnel peer tunnel ip :0.0.0.0
ipsec primary tunnel ap tunnel ip :0.0.0.0
ipsec primary tunnel using interface :
ipsec primary tunnel using MTU :0
ipsec primary tunnel current sm status :Retrying
ipsec primary tunnel tunnel status :Down
ipsec primary tunnel tunnel retry times :404
ipsec primary tunnel tunnel uptime :0
ipsec backup tunnel crypto type :Cert
ipsec backup tunnel peer address :N/A
ipsec backup tunnel peer tunnel ip :N/A
ipsec backup tunnel ap tunnel ip :N/A
ipsec backup tunnel using interface :N/A
ipsec backup tunnel using MTU :N/A
ipsec backup tunnel current sm status :Init
ipsec backup tunnel tunnel status :Down
ipsec backup tunnel tunnel retry times :0
ipsec backup tunnel tunnel uptime :0
AP109-East#
So my questions are why are my APs trying to establish a VPN tunnel with a controller when it is not configured? All my APs are associated with my virtual controller
And how to I reconfigure my APs in order to stop the constant barrage of log messages.