Controllerless Networks

last person joined: 21 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How to stop IAP Cluster with IAP225 attempting to authenticate all the time

This thread has been viewed 0 times

  • 1.  How to stop IAP Cluster with IAP225 attempting to authenticate all the time

    Posted Dec 10, 2015 03:08 PM

    Hello

    I have a IAP Cluster with a mesh AP225 on a completely separate network with internet access and somehow the IAP-225 acting a virtual controller is all the time trying to authenticate to one my controllers connected on a DMZ which I use for RAP access to be converted to RAP.

    It sounds during one my my tests, this IAP took the controller IP address and is sending 3-4 authentications/sec to my controller. I don't see anything on the configuration related to this.

    This is the output from the log:

    ec 10 08:18:21 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
    Dec 10 08:18:21 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
    Dec 10 08:48:35 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
    Dec 10 08:48:35 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
    Dec 10 09:17:50 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
    Dec 10 09:17:50 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
    Dec 10 09:48:04 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
    Dec 10 09:48:04 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
    Dec 10 10:18:19 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
    Dec 10 10:18:19 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
    Dec 10 10:44:16 cli[2994]: <341108> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| sess_sid_type_get: 310 invalid session client-192.168.1.8 sid-xfLOU45tv0KpU0UXNnIr.
    Dec 10 10:48:34 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X10.
    Dec 10 10:48:34 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending

     

    How can I stop this IAP to send all this traffic?  I tried several times to wipe the AP and still working like that.

     

    Thanks,

     


    #AP225


  • 2.  RE: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

    EMPLOYEE
    Posted Dec 10, 2015 03:12 PM
    Do you have a provisioning rule tied to it in Activate?


  • 3.  RE: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

    Posted Dec 10, 2015 03:21 PM

    I've checked this several times and this IAP devices is on my  activate database without any provisioning rule although looking in detail I see it as RAP Mode

    This guy is like a little DDOS and I had to put a rule on my internet firewall to stop this traffic



  • 4.  RE: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

    Posted Dec 10, 2015 03:22 PM

    Guess what.... I have a nice default rule in activate



  • 5.  RE: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

    Posted Dec 10, 2015 03:34 PM

    Tim, thank you to guide me to the right path. it was driving me crazy and I believe this issue has been causing some other problems with RAPs using the same egress access.

    Now I see the endpoint on activate as IAP VC