Hi,
for us there is no différences between the two ap-group that rely on the problem (only rf domain or arm )
We spend more than 2 hours to compare ( from sh run ) the two ap-group without finding something .
but from "show running" command :
ap-group "dddd_BUREAUX"
virtual-ap "XXXXXXX_visiteurs.vap"
virtual-ap "XXXXXXX_dddd_bureaux.vap"
virtual-ap "XXXXXXX_dddd_exploit_OLD.vap"
virtual-ap "XXXXXXX_dddd_exploit.vap"
virtual-ap "XXXXXXX_dddd_mobile.vap"
virtual-ap "XXXXXXX_gggggg.vap"
virtual-ap "XXXXXXX_ppppppp.vap"
dot11a-radio-profile "XXXXXXX_bureaux_a.radio"
dot11g-radio-profile "XXXXXXX_bureaux_g.radio"
ap-system-profile "XXXXXXX.ap"
regulatory-domain-profile "XXXXXXX_bureaux.reg"
and
ap-group "bbb_ENTREPOTS"
virtual-ap "XXXXXXX_bbb_exploit_OLD.vap"
virtual-ap "XXXXXXX_bbb_bureaux.vap"
virtual-ap "XXXXXXX_gggggg.vap"
virtual-ap "XXXXXXX_bbb_mobile.vap"
virtual-ap "XXXXXXX_bbb_exploit.vap"
virtual-ap "XXXXXXX_ppppppp.vap"
dot11a-radio-profile "XXXXXXX_entrepots_a.radio"
dot11g-radio-profile "XXXXXXX_entrepots_g.radio"
ap-system-profile "XXXXXXX.ap"
regulatory-domain-profile "XXXXXXX_entrepots.reg"
the vap and ssid profile :
wlan virtual-ap "XXXXXXX_ppppppp.vap"
aaa-profile "ddddddddddd_wpa.aaa"
ssid-profile "PPPP.ssid"
vlan 3090
dynamic-mcast-optimization
dynamic-mcast-optimization-thresh 80
wlan ssid-profile "PPPP.ssid"
essid "SSSSSSSSSSSSS"
opmode wpa2-psk-aes
hide-ssid
deny-bcast
wpa-passphrase XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ht-ssid-profile "ddddd.htssid"
it is 'virtual-ap "XXXXXXX_ppppppp.vap" ' that have problem ( tunnel ) .
the others one whitch are bridge mode vap are ok
'ap-system-profile' are the same.
dot11g-radio-profile and regulatory-domain-profile are not the same but they talk about channel or arm profile so I think this is not the problem.
so we made an correct connection on a AP tha is on the "bbb_ENTREPOTS" ap-group :
Jan 2 10:47:45 :501093: <NOTI> |AP BOAA04AP02@172.29.59.56 stm| Auth success: 00:23:15:e7:25:43: AP 172.29.59.56-38:17:c3:f9:39:11-BOAA04AP02
Jan 2 10:47:45 :501095: <NOTI> |AP BOAA04AP02@172.29.59.56 stm| Assoc request @ 10:47:45.253697: 00:23:15:e7:25:43 (SN 0): AP 172.29.59.56-38:17:c3:f9:39:11-BOAA04AP02
Jan 2 10:47:45 :501218: <NOTI> |AP BOAA04AP02@172.29.59.56 stm| stm_sta_assign_vlan 18455: VLAN: sta 00:23:15:e7:25:43, STM assigns MAC based vlan_id 3090
Jan 2 10:47:45 :501218: <4172> <NOTI> |stm| stm_sta_assign_vlan 18449: VLAN: sta 00:23:15:e7:25:43, STM assigns MAC based vlan_id 3090
Jan 2 10:47:45 :501100: <NOTI> |AP BOAA04AP02@172.29.59.56 stm| Assoc success @ 10:47:45.254572: 00:23:15:e7:25:43: AP 172.29.59.56-38:17:c3:f9:39:11-BOAA04AP02
Jan 2 10:47:45 :501100: <4172> <NOTI> |stm| Assoc success @ 10:47:45.257576: 00:23:15:e7:25:43: AP 172.29.59.56-38:17:c3:f9:39:11-BOAA04AP02
Jan 2 10:47:45 :522035: <4956> <INFO> |authmgr| MAC=00:23:15:e7:25:43 Station UP: BSSID=38:17:c3:f9:39:11 ESSID=SSSSSSSSSS VLAN=3090 AP-name=BOAA04AP02
Jan 2 10:47:45 :522049: <4956> <INFO> |authmgr| MAC=00:00:00:00:00:00,IP=N/A User role updated, existing Role=none/none, new Role=logon/none, reason=mac user created
Jan 2 10:47:45 :522049: <4956> <INFO> |authmgr| MAC=00:23:15:e7:25:43,IP=N/A User role updated, existing Role=logon/none, new Role=allowall/none, reason=Set AAA profile defaults
Jan 2 10:47:45 :522050: <4956> <INFO> |authmgr| MAC=00:23:15:e7:25:43,IP=N/A User data downloaded to datapath, new Role=allowall/74, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Jan 2 10:47:45 :522026: <4168> <INFO> |authmgr| MAC=00:23:15:e7:25:43 IP=192.168.93.69 User miss: ingress=0x10317, VLAN=3090 flags=0x40000040
Jan 2 10:47:45 :522006: <4168> <INFO> |authmgr| MAC=00:23:15:e7:25:43 IP=192.168.93.69 User entry added: reason=Sibtye
Jan 2 10:47:45 :527004: <4370> <INFO> |mdns| mdns_parse_auth_useradd_message 226 Auth User ADD: MAC:00:23:15:e7:25:43, IP:192.168.93.69, VLAN:3090, Role:allowall Name: APName:BOAA04AP02 Type:1. Groups:
Jan 2 10:47:45 :522050: <4168> <INFO> |authmgr| MAC=00:23:15:e7:25:43,IP=192.168.93.69 User data downloaded to datapath, new Role=allowall/74, bw Contract=0/0, reason=New user IP processing, idle-timeout=300
and on a AP on the "dddd_BUREAUX" ap-group :
Jan 2 10:55:39 :501093: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Auth success: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 10:55:39 :501095: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc request @ 10:55:39.486827: 00:23:15:e7:26:a1 (SN 2056): AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 10:55:39 :501218: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| stm_sta_assign_vlan 18455: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 10:55:39 :501218: <4172> <NOTI> |stm| stm_sta_assign_vlan 18449: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 10:55:39 :501100: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc success @ 10:55:39.487764: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 10:55:39 :501100: <4172> <NOTI> |stm| Assoc success @ 10:55:39.494076: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 10:55:39 :522035: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1 Station UP: BSSID=80:8d:b7:e5:85:73 ESSID=SSSSSSSSSSS VLAN=3090 AP-name=DYDDD2AP04
Jan 2 10:55:39 :522049: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1,IP=N/A User role updated, existing Role=logon/none, new Role=allowall/none, reason=Set AAA profile defaults
Jan 2 10:55:39 :522050: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1,IP=N/A User data downloaded to datapath, new Role=allowall/74, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Jan 2 10:55:42 :501106: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 wifi_deauth_sta
Jan 2 10:55:42 :522036: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1 Station DN: BSSID=80:8d:b7:e5:85:73 ESSID=SSSSSSSSSS VLAN=3090 AP-name=DYDDD2AP04
Jan 2 10:55:42 :527004: <4370> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:00:23:15:e7:26:a1
Jan 2 10:55:42 :501080: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 Ptk Challenge Failed
Jan 2 10:55:42 :501105: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Deauth from sta: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 Reason Ptk Challenge Failed
when we compare the two log they differ at this point :
User data downloaded to datapath, new Role=allowall/74, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300 (same in the two log )
if good , no delay we see this 2 line :
Jan 2 10:47:45 :522026: <4168> <INFO> |authmgr| MAC=00:23:15:e7:25:43 IP=192.168.93.69 User miss: ingress=0x10317, VLAN=3090 flags=0x40000040
Jan 2 10:47:45 :522006: <4168> <INFO> |authmgr| MAC=00:23:15:e7:25:43 IP=192.168.93.69 User entry added: reason=Sibtye
if not good , 3 secondes delay and we have this line
Jan 2 10:55:42 :501106: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 wifi_deauth_sta
we also made "logging level debugging user-debug 00:23:15:e7:26:a1" and after a failed test a "show log user-debug all | include 00:23:15:e7:26:a1"
Jan 2 12:07:41 :501093: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Auth success: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:41 :501095: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc request @ 12:07:41.718981: 00:23:15:e7:26:a1 (SN 768): AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:41 :501218: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| stm_sta_assign_vlan 18455: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 12:07:41 :501100: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc success @ 12:07:41.719950: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:41 :501218: <4172> <NOTI> |stm| stm_sta_assign_vlan 18449: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 12:07:41 :501065: <4172> <DBUG> |stm| a2c_sm_process_stalist: client (00:23:15:e7:26:a1) is 11k-enabled
Jan 2 12:07:41 :501100: <4172> <NOTI> |stm| Assoc success @ 12:07:41.726256: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:41 :522295: <4956> <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user 00:23:15:e7:26:a1
Jan 2 12:07:41 :522035: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1 Station UP: BSSID=80:8d:b7:e5:85:73 ESSID=SSSSSSSSSSSSS VLAN=3090 AP-name=DYDDD2AP04
Jan 2 12:07:41 :522077: <4956> <DBUG> |authmgr| MAC=00:23:15:e7:26:a1 ingress 0x0x10b6d (tunnel 2925), u_encr 32, m_encr 32, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Jan 2 12:07:41 :522264: <4956> <DBUG> |authmgr| "MAC:00:23:15:e7:26:a1: Allocating UUID: 0xb26df04d2001e1f
Jan 2 12:07:41 :522258: <4956> <DBUG> |authmgr| "VDR - Add to history of user user 00:23:15:e7:26:a1 vlan 0 derivation_type Reset VLANs for Station up index 0.
Jan 2 12:07:41 :522255: <4956> <DBUG> |authmgr| "VDR - set vlan in user for 00:23:15:e7:26:a1 vlan 3090 fwdmode 0 derivation_type Default VLAN.
Jan 2 12:07:41 :522258: <4956> <DBUG> |authmgr| "VDR - Add to history of user user 00:23:15:e7:26:a1 vlan 3090 derivation_type Default VLAN index 1.
Jan 2 12:07:41 :522255: <4956> <DBUG> |authmgr| "VDR - set vlan in user for 00:23:15:e7:26:a1 vlan 3090 fwdmode 0 derivation_type Current VLAN updated.
Jan 2 12:07:41 :522258: <4956> <DBUG> |authmgr| "VDR - Add to history of user user 00:23:15:e7:26:a1 vlan 3090 derivation_type Current VLAN updated index 2.
Jan 2 12:07:41 :522158: <4956> <DBUG> |authmgr| Role Derivation for user N/A-00:23:15:e7:26:a1- N/A Set AAA profile defaults.
Jan 2 12:07:41 :522142: <4956> <DBUG> |authmgr| Setting default role to allowall for user 00:23:15:e7:26:a1".
Jan 2 12:07:41 :522127: <4956> <DBUG> |authmgr| {L2} Update role from logon to allowall for IP=N/A, MAC=00:23:15:e7:26:a1.
Jan 2 12:07:41 :522049: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1,IP=N/A User role updated, existing Role=logon/none, new Role=allowall/none, reason=Set AAA profile defaults
Jan 2 12:07:41 :522246: <4956> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 00:23:15:e7:26:a1.
Jan 2 12:07:41 :524141: <4956> <DBUG> |authmgr| clr_pmkcache_ft():1016: MAC:00:23:15:e7:26:a1 BSS:80:8d:b7:e5:85:73
Jan 2 12:07:41 :522287: <4956> <DBUG> |authmgr| Auth GSM : MAC_USER publish for mac 00:23:15:e7:26:a1 bssid 80:8d:b7:e5:85:73 vlan 3090 type 1 data-ready 0
Jan 2 12:07:41 :522254: <4956> <DBUG> |authmgr| VDR - mac 00:23:15:e7:26:a1 rolename allowall fwdmode 0 derivation_type Initial Role Contained vp not present.
Jan 2 12:07:41 :522258: <4956> <DBUG> |authmgr| "VDR - Add to history of user user 00:23:15:e7:26:a1 vlan 0 derivation_type Reset Role Based VLANs index 3.
Jan 2 12:07:41 :522320: <4956> <DBUG> |authmgr| handle_sta_up_dn (3007): rtts user=00:23:15:e7:26:a1 enabled=0 initial tput=395200
Jan 2 12:07:41 :524124: <4956> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:00:23:15:e7:26:a1, pmkid_present:False, pmkid:N/A
Jan 2 12:07:41 :522255: <4956> <DBUG> |authmgr| "VDR - set vlan in user for 00:23:15:e7:26:a1 vlan 3090 fwdmode 0 derivation_type Current VLAN updated.
Jan 2 12:07:41 :522258: <4956> <DBUG> |authmgr| "VDR - Add to history of user user 00:23:15:e7:26:a1 vlan 3090 derivation_type Current VLAN updated index 4.
Jan 2 12:07:41 :522260: <4956> <DBUG> |authmgr| "VDR - Cur VLAN updated 00:23:15:e7:26:a1 mob 0 inform 1 remote 0 wired 0 defvlan 3090 exportedvlan 0 curvlan 3090.
Jan 2 12:07:41 :522308: <4956> <DBUG> |authmgr| Device Type index derivation for 00:23:15:e7:26:a1 : dhcp (0,0,0) oui (0,0) ua (16,39,27) derived Win 10(39)
Jan 2 12:07:41 :522299: <4956> <DBUG> |authmgr| Auth GSM : DEV_ID_CACHE publish for mac 00:23:15:e7:26:a1 dev-id Win 10 index 39
Jan 2 12:07:41 :522050: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1,IP=N/A User data downloaded to datapath, new Role=allowall/74, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Jan 2 12:07:41 :522242: <4956> <DBUG> |authmgr| MAC=00:23:15:e7:26:a1 Station Created Update MMS: BSSID=80:8d:b7:e5:85:73 ESSID=SSSSSSSSSSSSS VLAN=3090 AP-name=DYDDD2AP04
Jan 2 12:07:41 :522301: <4956> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb26df04d2001e1f mac 00:23:15:e7:26:a1 name role allowall devtype Win 10 wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8448 fwd-mode 0
Jan 2 12:07:44 :522289: <4168> <DBUG> |authmgr| Auth GSM : MAC_USER mu_delete publish for mac 00:23:15:e7:26:a1 bssid 80:8d:b7:e5:85:73 vlan 3090 type 1 data-ready 0 deauth-reason 52
Jan 2 12:07:44 :501106: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 wifi_deauth_sta
Jan 2 12:07:44 :522296: <4956> <DBUG> |authmgr| Auth GSM : USER_STA delete event for user 00:23:15:e7:26:a1 age 0 deauth_reason 52
Jan 2 12:07:44 :522036: <4956> <INFO> |authmgr| MAC=00:23:15:e7:26:a1 Station DN: BSSID=80:8d:b7:e5:85:73 ESSID=SSSSSSSSSSSSS VLAN=3090 AP-name=DYDDD2AP04
Jan 2 12:07:44 :522234: <4956> <DBUG> |authmgr| Setting idle timer for user 00:23:15:e7:26:a1 to 300 seconds (idle timeout: 300 ageout: 0).
Jan 2 12:07:44 :522244: <4956> <DBUG> |authmgr| MAC=00:23:15:e7:26:a1 Station Deleted Update MMS
Jan 2 12:07:44 :522301: <4956> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb26df04d2001e1f mac 00:23:15:e7:26:a1 name role allowall devtype Win 10 wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8448 fwd-mode 0
Jan 2 12:07:44 :522290: <4956> <DBUG> |authmgr| Auth GSM : MAC_USER delete for mac 00:23:15:e7:26:a1
Jan 2 12:07:44 :522303: <4956> <DBUG> |authmgr| Auth GSM : USER delete for mac 00:23:15:e7:26:a1 uuid 0xb26df04d2001e1f
Jan 2 12:07:44 :527004: <4370> <INFO> |mdns| mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:00:23:15:e7:26:a1
Jan 2 12:07:44 :527000: <4370> <DBUG> |mdns| ag_ssdp_get_token_list_for_mac 348 AirGroup user doesn't exist: mac=00:23:15:e7:26:a1
Jan 2 12:07:44 :527000: <4370> <DBUG> |mdns| ag_mdns_get_token_list_for_mac 650 AirGroup user doesn't exist: mac=00:23:15:e7:26:a1
Jan 2 12:07:44 :527000: <4370> <DBUG> |mdns| mdns_client_purge 1162 Purge mdns client, mac=00:23:15:e7:26:a1, del_client = 1
Jan 2 12:07:44 :501080: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 Ptk Challenge Failed
Jan 2 12:07:44 :501000: <5218> <DBUG> |stm| Station 00:23:15:e7:26:a1: Clearing state
Jan 2 12:07:44 :501105: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Deauth from sta: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 Reason Ptk Challenge Failed
Jan 2 12:07:44 :501000: <DBUG> |AP DYDDD2AP04@172.29.123.215 stm| Station 00:23:15:e7:26:a1: Clearing state
Jan 2 12:07:44 :501093: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Auth success: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:44 :501095: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc request @ 12:07:44.827322: 00:23:15:e7:26:a1 (SN 0): AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:44 :501218: <4172> <NOTI> |stm| stm_sta_assign_vlan 18449: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 12:07:44 :501218: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| stm_sta_assign_vlan 18455: VLAN: sta 00:23:15:e7:26:a1, STM assigns MAC based vlan_id 3090
Jan 2 12:07:44 :501100: <NOTI> |AP DYDDD2AP04@172.29.123.215 stm| Assoc success @ 12:07:44.828822: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:44 :501065: <4172> <DBUG> |stm| a2c_sm_process_stalist: client (00:23:15:e7:26:a1) is 11k-enabled
Jan 2 12:07:44 :501100: <4172> <NOTI> |stm| Assoc success @ 12:07:44.834375: 00:23:15:e7:26:a1: AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04
Jan 2 12:07:44 :522295: <4956> <DBUG> |authmgr| Auth GSM : USER_STA event 0 for user 00:23:15:e7:26:a1
we think the problem is here on the log :
Jan 2 12:07:41 :522301: <4956> <DBUG> |authmgr| Auth GSM : USER publish for uuid 0xb26df04d2001e1f mac 00:23:15:e7:26:a1 name role allowall devtype Win 10 wired 0 authtype 0 subtype 0 encrypt-type 9 conn-port 8448 fwd-mode 0
Jan 2 12:07:44 :522289: <4168> <DBUG> |authmgr| Auth GSM : MAC_USER mu_delete publish for mac 00:23:15:e7:26:a1 bssid 80:8d:b7:e5:85:73 vlan 3090 type 1 data-ready 0 deauth-reason 52
Jan 2 12:07:44 :501106: <5218> <NOTI> |stm| Deauth to sta: 00:23:15:e7:26:a1: Ageout AP 172.29.123.215-80:8d:b7:e5:85:73-DYDDD2AP04 wifi_deauth_sta
we see the 3 second delay and a
deauth-reason 52 ( google search said ) :
52 | MESH-PEERING-CANCELLED | SME cancels the mesh peering instance with the reason other than reaching the maximum number of peer mesh STAs |
but we don't use mesh in this wlan , all ap are connected to aruba switchs and all switchs are connected togethers .
AP on the AP-group that work are on the same ip network that the controller ( AP 172.29.59.XXX /23 and controleur 172.29.58.150/23 ) and ap on the AP group that does'nt work are on another IP network (172.29.123.XXX/23 ) but ap are adopted on the controler, no firewalling betwen the two network ...
let us known if you want more information (sh run / others )
Regards