Security

Reply
Occasional Contributor I

Can't provision access point

Hi all!

 

I tried to provision access point, but see that in logs

Dec 10 12:41:36 authmgr[3583]: <522275> <ERRS> |authmgr| User Authentication failed. username=ac:a3:1e:c4:ab:e4 userip=10.1.190.2 usermac=ac:a3:1e:c4:ab:e4 servername=Internal serverip=10.1.100.1 apname=N/A bssid=00:00:00:00:00:00
Dec 10 12:41:40 authmgr[3583]: <522275> <ERRS> |authmgr| User Authentication failed. username=ac:a3:1e:c4:ab:e4 userip=10.1.190.2 usermac=ac:a3:1e:c4:ab:e4 servername=Internal serverip=10.1.100.1 apname=N/A bssid=00:00:00:00:00:00
Dec 10 12:41:44 authmgr[3583]: <522275> <ERRS> |authmgr| User Authentication failed. username=ac:a3:1e:c4:ab:e4 userip=10.1.190.2 usermac=ac:a3:1e:c4:ab:e4 servername=Internal serverip=10.1.100.1 apname=N/A bssid=00:00:00:00:00:00
Dec 10 12:41:48 authmgr[3583]: <522275> <ERRS> |authmgr| User Authentication failed. username=ac:a3:1e:c4:ab:e4 userip=10.1.190.2 usermac=ac:a3:1e:c4:ab:e4 servername=Internal serverip=10.1.100.1 apname=N/A bssid=00:00:00:00:00:00

 

 

ap get dhcp options

option 43 ascii 10.1.190.1,RU
option 60 ascii ArubaMC

 

I add mac like username  address in local DB, but none changes

Highlighted
MVP Guru

Re: Can't provision access point

Is this a RAP? What kind of AP is this, what is the firmware version of your controller? Do you have CPSEC enabled?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: Can't provision access point

Senks for answer!

It is a local AP. Access point and controller in same l2 domain.

 

The version is

ArubaOS (MODEL: Aruba7005), Version 6.4.3.4

 

Control plane security (CPSEC) is disables

MVP Guru

Re: Can't provision access point

What is the model of the AP?  Some APs for example, the 3xx series require the controller to be running AOS 6.5 and higher.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: Can't provision access point

AP model is "Apin0205"

MVP Guru

Re: Can't provision access point

What state is it in? CAP, IAP? From the logs it might be already configured
as a RAP. Have you factory reset it?

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: Can't provision access point

Excuse me for long answer.

It is a RAP.

Yesterday I didn't add it to whitelist. Today I was add it.

Now I see that:

Dec 11 17:28:17 isakmpd[3508]: <103046> <ERRS> |ike| IKE XAuth client UP failed 10.1.190.2 (External 10.1.190.2)

 

I run this command for debug "logging level debug security process authmgr", but I can't found why provisioning not work.

 

Dec 11 17:28:13 authmgr[3583]: <124003> <INFO> |authmgr| Authentication result=Authentication Successful(0), method=VPN, server=Internal, user=ac:a3:1e:c4:ab:e4
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| logging role event for 0x13bc1e4: 0x130951c,0x2, index 0
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| role 'value-of'
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| server=Internal, ena=1, ins=1 (1)
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| Matching `default' rules to derive role ...
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| RX (sock) message of type 19, len 28
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| RX (sock) message of type 66, len 1016
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| Select server for method=VPN, user=ac:a3:1e:c4:ab:e4, essid=<>, server-group=default, last_srv <>
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| aal_authenticate (975)(INC) : os_auths 1, s Internal type 1 inservice 1 markedD 0 sg_name default
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| auth_ip_down: send IP down to SAPM for RAP with inner ip 10.1.190.2 outer ip 10.1.190.2
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ip=10.1.190.2, sg=default
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ip=10.1.190.2, sg=default
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match AP_Authenticated : 0
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match AP_Group : default
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match AP_Name : ac:a3:1e:c4:ab:e4
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match Authentication-Sub-Type : 7
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match Authentication-Type : 3
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match DB_Entry_State : 0
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match Remote-IP : 10.1.190.2
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match Server-Group : default
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match Server-Name : Internal
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match User-Name : ac:a3:1e:c4:ab:e4
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match User-Name : ac:a3:1e:c4:ab:e4
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match essid :
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match fw_mode : 0
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match location : N/A
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| match_rule Value Pair to match macaddr : 00:00:00:00:00:00
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ncfg_auth_server_group_authtype ip=10.1.190.2, method=VPN vpnflags:2
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ncfg_auth_server_group_authtype ip=10.1.190.2, method=VPN vpnflags:2
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ncfg_auth_server_group_authtype vpnflags:2 vpn-profile:default-rap
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| ncfg_auth_server_group_authtype vpnflags:2 vpn-profile:default-rap
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| rule: set role condition role value-of
Dec 11 17:28:13 authmgr[3583]: <124004> <DBUG> |authmgr| server_cbh (477)(DEC) : os_auths 0, s Internal type 1 inservice 1 markedD 0 sg_name default
Dec 11 17:28:13 authmgr[3583]: <124038> <INFO> |authmgr| Selected server Internal for method=VPN; user=ac:a3:1e:c4:ab:e4, essid=<>, domain=<>, server-group=default
Dec 11 17:28:13 authmgr[3583]: <124097> <DBUG> |authmgr| Setting authserver 'Internal' for user 10.1.190.2, client VPN.
Dec 11 17:28:13 authmgr[3583]: <124098> <DBUG> |authmgr| Setting authstate 'started' for user 10.1.190.2, client VPN.
Dec 11 17:28:13 authmgr[3583]: <124099> <DBUG> |authmgr| Setting auth type 'VPN' for user 10.1.190.2, client VPN.
Dec 11 17:28:13 authmgr[3583]: <124100> <DBUG> |authmgr| Setting auth subtype 'EAP-LEAP' for user 10.1.190.2, client VPN.
Dec 11 17:28:13 authmgr[3583]: <124150> <DBUG> |authmgr| Create ipuser and user 00:00:00:00:00:00.
Dec 11 17:28:13 authmgr[3583]: <124153> <DBUG> |authmgr| Free ipuser 0x0xeda94c (10.1.190.2) for user 0x0x13bc1e4.
Dec 11 17:28:13 authmgr[3583]: <124154> <DBUG> |authmgr| Free user 0x0x13bc1e4.
Dec 11 17:28:13 authmgr[3583]: <124155> <DBUG> |authmgr| No macuser for ip 10.1.190.2, mac 00:00:00:00:00:00.
Dec 11 17:28:13 authmgr[3583]: <124156> <DBUG> |authmgr| Called ip_user_new() for ip 10.1.190.2.
Dec 11 17:28:13 authmgr[3583]: <124184> <DBUG> |authmgr| {L3} Authenticating Server is Internal.
Dec 11 17:28:13 authmgr[3583]: <124230> <DBUG> |authmgr| Rx message 62/79, length 739 from 127.0.0.1:8344
Dec 11 17:28:13 authmgr[3583]: <124234> <DBUG> |authmgr| Tx message to Sibyte, blocking with ack, Opcode = 17, msglen = 332 action = 5
Dec 11 17:28:13 authmgr[3583]: <124441> <DBUG> |authmgr| auth_user_query_resp: vpnflags:2
Dec 11 17:28:13 authmgr[3583]: <124453> <DBUG> |authmgr| auth_user_query_resp: response user:ac:a3:1e:c4:ab:e4 ip:10.1.190.2 cookie:-519738132
Dec 11 17:28:13 authmgr[3583]: <124454> <DBUG> |authmgr| auth_user_query_raw: recvd request user:ac:a3:1e:c4:ab:e4 ip:10.1.190.2 cookie:-519738132
Dec 11 17:28:13 authmgr[3583]: <124459> <DBUG> |authmgr| IP DN int: 10.1.190.2, ext:10.1.190.2
Dec 11 17:28:13 authmgr[3583]: <124467> <DBUG> |authmgr| Framed IP: found 0x0xa01be02 (mask 0x0x0)
Dec 11 17:28:13 authmgr[3583]: <124546> <DBUG> |authmgr| aal_authenticate user:ac:a3:1e:c4:ab:e4 vpnflags:2.
Dec 11 17:28:13 authmgr[3583]: <124547> <DBUG> |authmgr| aal_authenticate server_group:default.
Dec 11 17:28:13 authmgr[3583]: <124607> <DBUG> |authmgr| server_cbh(): response=0 from Auth server 'Internal for client:3 proto:7 eap-type:0'.
Dec 11 17:28:13 authmgr[3583]: <124861> <DBUG> |authmgr| Auth GSM : IP_USER delete for IP 10.1.190.2
Dec 11 17:28:13 authmgr[3583]: <124862> <DBUG> |authmgr| Auth GSM : IP_USER delete failed for IP 10.1.190.2 result error_htbl_key_not_found
Dec 11 17:28:13 isakmpd[3508]: <103046> <ERRS> |ike| IKE XAuth client UP failed 10.1.190.2 (External 10.1.190.2)

Occasional Contributor I

Re: Can't provision access point

After reset Controller and AP problem not repeated

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: