Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP cannot keep contact with AC after provision, full connectivity before provision

This thread has been viewed 0 times

  • 1.  AP cannot keep contact with AC after provision, full connectivity before provision

    Posted Jul 06, 2017 09:44 AM

    Hello all.

     

    This is something that i have been trying to troubleshoot for some days now. 

     

    I have a setup where i have a wireless network mostly contained on my campus, with LAN connections to the AC. But i also have a few APs outside the campus, which is where one is giving me trouble.

     

    Specs:

    AC = Aruba Mobility Controller 7205 6.4.3.4

    AP = Aruba IAP215

     

    To start with networking: The network between the AP and AC appears as a LAN to the nodes, but it is in fact a GRE tunnel over a permanent tunnel to another country. To the AP and AC, it appears as a LAN. 

    I have verified that the firewalls along the path are allowing all traffic in both directions between the AP and AC.

     

    Starting from scratch, i had the people on site do a factory reset on the AP and make it so i could access AP using HTTPS and SSH. Ping from the AP to the AC worked from the console, so network connectivity was good. I went to maintenence > convert to convert it to a campus AP (as it wasn't going over internet as such, RAP is not needed). 

     

    I had to add a permit rule in the AC stateful firewall, but then the AP downloaded the image it needed and rebooted. After that, the web UI was not reachable as expected and i coud see it as part of the default group in the AC. 

     

    I provisioned it using the group settings used for the other APs and i could see in the logs that the provisioning commands went through and the AP rebooted.

     

    Problem is that it never stopped rebooting. I can still see it in the AP database list, but it's never up for long. Time seems to vary slightly, but it shows as up for around 10 seconds every few minutes. Ping from the machine i used to access the web UI is contant and working however.

     

    Looking at the logs in the AC i see this message:

    Jul  6 09:21:49  sapd[1924]: <311002> <WARN> |AP [MAC-ADDR]@[AP-IP] sapd|  Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT. Last rebootstrap reason: HELLO-TIMEOUT, 228 sec before: Last Ctrl msg: HELLO len=1231 dest=[AC-LOOPBACK-IP] tries=10 seq=0

     

    Checking the AP database shows the AP as down, but running any type of show command towards the AP returns the message that the AP cannot be found. I have tried this using the name and address of the AP.

     

    I currently don't have console access to the AP, but am hoping to be able to check the console output somehow with help from the people on site.

    This is the setup of the AP, so it has not worked before. 

     

    PS: Anyone know how to contact TAC. I have tried to create an account and find somewhere to add the serial number or similar for support. Can't find it.



  • 2.  RE: AP cannot keep contact with AC after provision, full connectivity before provision

    EMPLOYEE
    Posted Jul 06, 2017 10:05 AM

    In the AP-Group that the AP should be in, find the AP System Profile and change the MTU to 1400...



  • 3.  RE: AP cannot keep contact with AC after provision, full connectivity before provision

    Posted Jul 06, 2017 10:23 AM

    Tried that with no change. The AP still briefly shows up as inactive in the AP database, and still in the default group instead of the group assigned during provision.

     

     



  • 4.  RE: AP cannot keep contact with AC after provision, full connectivity before provision

    EMPLOYEE
    Posted Jul 06, 2017 10:26 AM

    The hellos typically occur over GRE.  Check to make sure that GRE is not blocked anywhere in both directions...



  • 5.  RE: AP cannot keep contact with AC after provision, full connectivity before provision

    Posted Jul 06, 2017 10:45 AM

    I've talked to the people on the remote end and all traffic should be permitted there, same on my end. Checking the firewall i'm sessions from the AP using port 8211. I can see packets going in (170st) but none returning.

     

     



  • 6.  RE: AP cannot keep contact with AC after provision, full connectivity before provision

    Posted Jul 18, 2017 04:04 AM

    Hi again.

     

    I've done some more digging after a short vacation. I managed to get a spare AP (identical model) to connect to the AC using the configuration and group the remote site AP is supposed to use. The issue there was that the automatic discovery using aruba-master wasn't working. 

     

    I tried to replicate this with the original AP but got the same issue again. The AP shows as down for about a minute, then shows as up but inactive for about 10 seconds and then repeats the shutdown.

     

    I was informed that the people at the remote site didn't have a switch with PoE, or didn't know how to use it and were provided with an AC adapter. Could power be the problem?

     

    The AP works normally when in IAP mode, as well as unprovisioned Campus mode. But as soon as it's provisioned the AP just starts connecting and disconnecting.

     

    I've also noticed in our firewall that i can see traffic coming from the AP using UDP 8211 (113 packets) but there is no traffic sent back. Even when i try to provision the AP during the 10 second uptime there is no traffic sent towards the AP, even though the logs show that the commands were successful.