Controllerless Networks

Hello all,

 

I'm newbie on aruba. I have two 7010 controller as cluster.(ArubaOS 8.2.2.3). I'm using all APs normally in HQ. But I located 2 IAP on my remote location that we connected via IPSEC vpn. (via Firewalls). But I cannot provise my remote IAPs. I'm sharing the logs with you. Please can you help me how I need a configuration? Thanks.

 

#show log system 10 | include 192.168.50
Nov 8 10:34:20 :311020: <ERRS> |AP b0:b8:67:c9:21:2c@192.168.50.111 sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4530 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_IKEV2_TIMEOUT. Ipsec not successful after reboot.
Nov 8 10:34:44 :305049: <3801> <WARN> |stm| Unsecure AP "b0:b8:67:c9:21:2c" (MAC b0:b8:67:c9:21:2c, IP 192.168.50.111) has been denied access because Control Plane Security is enabled and the AP is not approved.
Nov 8 10:35:29 :305049: <3801> <WARN> |stm| Unsecure AP "b0:b8:67:c9:21:2c" (MAC b0:b8:67:c9:21:2c, IP 192.168.50.111) has been denied access because Control Plane Security is enabled and the AP is not approved.
Nov 8 10:36:31 :311002: <WARN> |AP b0:b8:67:c9:21:2c@192.168.50.111 sapd| Rebooting: SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Nov 8 10:36:33 :303086: <ERRS> |AP b0:b8:67:c9:21:2c@192.168.50.111 nanny| Process Manager (nanny) shutting down - AP will reboot!
Nov 8 10:37:34 :303022: <WARN> |AP b0:b8:67:c9:21:2c@192.168.50.111 nanny| Reboot Reason: AP rebooted Fri Nov 8 10:36:33 +03 2019; SAPD: Rebooting after setting cert_cap=1. Need to open a secure channel(IPSEC)
Nov 8 10:49:05 :311020: <ERRS> |AP b0:b8:67:c9:22:18@192.168.50.55 sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4525 error redun_retry_tunnel: Ipsec not successful to saved lms. Error:RC_ERROR_IKEV2_TIMEOUT. rebooting.
Nov 8 10:49:06 :311002: <WARN> |AP b0:b8:67:c9:22:18@192.168.50.55 sapd| Rebooting: Unable to set up IPSec tunnel to saved lms, Error:RC_ERROR_IKEV2_TIMEOUT
Nov 8 10:49:06 :303086: <ERRS> |AP b0:b8:67:c9:22:18@192.168.50.55 nanny| Process Manager (nanny) shutting down - AP will reboot!
Nov 8 10:50:07 :303022: <WARN> |AP b0:b8:67:c9:22:18@192.168.50.55 nanny| Reboot Reason: AP rebooted Wed Dec 31 16:24:13 PST 1969; Unable to set up IPSec tunnel to saved lms, Error:RC_ERROR_IKEV2_TIMEOUT

It looks like your access points are connecting as Campus APs but are not in the CPSEC whitelist.  What model numbers are these access points, and do you have auto cert provisioning enabled in your CPSEC whitelist?

APs model is 305. The working APs are seeming in CampusAPs section. Actually I'm not sure that what is CPSEC. But I attached CPSEC screenshot on the attachment.

Did you say that there was a firewall between the remote location and the controller?

Absolutely yes. Firewalls provides IPSEC vpn. But all ports and services allowed for APs and APController's IPs. I attached detailed network diagram.

Did you add the Aps mac address to the RAP-Whitelist ?

Are you attempting to use IAP-VPN or as a RAP ?

Is this the mac address of the AP ? b0:b8:67:c9:21:2c

Sent from Mail for Windows 10

Actually I have no idea what is IAP-VPN and RAP. I think I need a detailed guide for setup. Also I add a screenshot, methinks its RAP WhiteList.

Thanks.