Wireless Access

New Contributor

AP-225 auth issue with CPSEC enabled in master-local environment.

Hi There!


This is my first ever post!


We have recently completed a number of refresh activites with our Aruba wireless infrastructure in our lab environment. One of these activities was to replace a local mobility controller with a 7030 series. We appear to have sucessfully carried out the local controller replacement in Airwave and there are no issues with master-local communication.


We are using fast failover in our environment as well as CPSEC. With fast failover the master is a 'dual mode' and the local is 'active'. Prior to the replacement there were no issues whatsoever with fast failover or with CPSEC. However since the 7030 was installed in place of a 3400 series I am unable to get a previously provisioned AP-225 to associate to the local mobility controller as specified in its AP system profile. The AP will however contine to associate to the master mobility controller (as its backup LMS).


The problem appears to be related to the use of CPSEC as disabling it results in MC association and fast failover to both controllers working properly once again. However disabling CPSEC in our production environment is not an option.


Interestingly, the IPSEC portion of CPSEC seems to be working ok - on the LMC I can see both the ISAKMP and IPSEC security asssociations to that AP. I cant ping the AP from the LMC, which is strange since they are on the same subnet and I can ping the AP from everywhere else.


I have tried purging the CPSEC whitelists as well as factory defaulting and reprovisioning the access point - neither of which seem to work. This issue appears a bit unique as well - as a different model local controller with a different AP system profile does not appear to have the same issue.


I am a bit of a newbie with ArubaOS so any advice for fault finding will be most helpful. I am planning to raise a TAC case tomorrow regardless but interested to know if anyone has seen this issue before.


Thanks very much! 



Guru Elite

Re: AP-225 auth issue with CPSEC enabled in master-local environment.

When you attempt to fail over to that controller, type "show log system 50" on the new controller so you can possibly understand what is going wrong.  With those details we might be able to give you a direction.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
Showing results for 
Search instead for 
Did you mean: