Hi All,
I recieved this email from a colleague the other day and decyphered what was occuring. Can you work it out?
----------------
Myself and Batman just came across a seriously troublesome bug with the Aruba instant setup at <Customer Name>. Because this was a nightmare to troubleshoot I figured it would be worth sharing!
After a power outage the AP that was elected the master AP holding the Virtual controller role and VC IP of 10.10.10.250 went down.
When the AP came back up it did not replicate with the other APs and reconfigure so we had 2 Master APs with only 1 holding the VC IP.
We took the rouge master down and factory reset it so it would pull its config from the new master AP.
After this all APs were rebooted and came back up but no clients could connect using RADIUS. No errors in event viewer, no errors on the VC. All RADIUS responses were successful from NPS according to the server but the VC did not receive the response.
The problem was that the RADIUS response was going to 10.10.10.250 but none of the APs held this IP and would respond to a query on it. This meant RADIUS success responses were dropped which gave no error at either end.
We solved this by configuring a new RADIUS client on the NPS server under .249 and changed the shared secret on the VC for the NPS server. Once this was changed over the VC responded to requests on .249 and was allowed to send RADIUS requests to the NPS server. This then solved the issue with RADIUS clients and all is working as expected again.
I don’t know if you’ve seen it before but it was a nightmare to find the cause.
---------------------
I'll provide a hint tomorrow morning.
Cheers
James
P.S. Names and IPs have been change to protect the innocent.