Network Management

Hi all

Since a few months, I have a strange issue with some RAP (3WN): when a RAP is factory reset, sometime I no longer able to communicate with my airwave server. A "show log provision" show   "Error establishing SSL connection to AMP server at ip xx.xx.xx.xx: ASN no signer error to confirm failure" "show log ap-debug" say: "Failed to establish SSL connection: Error code is -1:ASN no signer error to confirm failure". 

I have about 3500 RAPs and only a few one (about 20) have this behavior.

Someone any Idea?

Thanks

 Allan

I haven't observed this behavior, seems like it might get better traction in a support case.

We would have to confirm that the device had access to NTP and got the correct time.  If the time is incorrect, it would think that the Airwave server's certificate is not yet valid.  On the other hand, a A RAP5WN can only be connected to a controller as a RAP, and not to Airwave.  Are you sure you have that model correct and what method are you using to connect the AP.

Hi

 To clear some things (may be my vocabulary isn't exact). I'm talking about the Device type: RAP-3WN. We use them as remote access points with following deployment process:

1. The RAP3-WN connects first to activate.arubanetworks.com and gets its provisioning rule: IAP to Airwave. (this part is working)
2. The RAP3-WN connect to our Airwave server and ask about its configuration. (Here is our Problem – the 2 devices are able to communicate – I can see traffic with tcpdump. But the RAP3-WN gets the mentioned errors)
3. When the RAP-3WN has its configuration, it connect to one of our controller and build up the VPN tunnel.

 NTP is accessible by ping and show clock display the exact time. Activate and the airwave server are reachable.

A support case was already open, but after weeks of troubleshooting the “problem-devices” have been replaced (RMA), and now I’ve got some new devices with this problem.

You should continue working with TAC.

How did you execute "show clock" on the AP?  Do you have a console cable?

"How did you execute "show clock" on the AP?  Do you have a console cable?"

Yes.

What version of InstantOS does the RAP-3WN have on them if they cannot contact Activate/Airwave?

RAP-3WN : 6.4.4.8-4.2.4.5_57965

Airwave : 8.2.4

And as I already told, I've got about 3500 RAPs working fine. The "problem RAPs" were also working fine until I did a factory reset.

Please see if the support announcements here: 

 http://support.arubanetworks.com/LinkClick.aspx?link=http%3a%2f%2fsupport.arubanetworks.com%2fDocumentation%2ftabid%2f77%2fDMXModule%2f512%2fCommand%2fCore_Download%2fDefault.aspx%3fEntryId%3d16996&tabid=139&mid=381

and here:  http://support.arubanetworks.com/LinkClick.aspx?link=http%3a%2f%2fsupport.arubanetworks.com%2fDocumentation%2ftabid%2f77%2fDMXModule%2f512%2fCommand%2fCore_Download%2fMethod%2fattachment%2fDefault.aspx%3fEntryId%3d20885&tabid=139&mid=381

..maybe apply to your situation.  If that is the case, resetting the RAP3WN puts it in a state where it cannot contact activate and you need to upgrade before trying to provision it.