Wireless Access

Reply
Highlighted
Regular Contributor I

AP failing to come up on controller

Hello,

 

I am configuring a new 6.5.4.10 test controller. The test controller is a single 7010.

 

The AP gets an IP address, and has at some point managed to talk to the controller (I have whitelisted it and it's in the db) but now it is in a reboot cycle. In the logs there are lots of these messages:

 

Apr 16 10:09:52 localdb[3928]: <133006> <3928> <ERRS> |localdb| User 18:64:72:x:x:x Failed Authentication
Apr 16 10:09:52 authmgr[3880]: <522275> <3880> <ERRS> |authmgr| User Authentication failed. username=18:64:72:x:x:x userip=172.x.x.x usermac=18:64:72:x:x:x authmethod=VPN servername=Internal serverip=131.x.x.x apname=N/A bssid=00:00:00:00:00:00

 

The MAC and userip are that of the AP. This looks kind've self-explanatory, but I haven't come across it before and I don't know where this authentication is configured or why it's happening. Can anyone help please?

 

Thanks

 

Super Contributor II

Re: AP failing to come up on controller

Is the port and VLAN trusted at the controller where the AP traffic is reaching the controller?
If not the mac address needs to be authenticated.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Guru Elite

Re: AP failing to come up on controller


@cauliflower wrote:

Hello,

 

I am configuring a new 6.5.4.10 test controller. The test controller is a single 7010.

 

The AP gets an IP address, and has at some point managed to talk to the controller (I have whitelisted it and it's in the db) but now it is in a reboot cycle. In the logs there are lots of these messages:

 

Apr 16 10:09:52 localdb[3928]: <133006> <3928> <ERRS> |localdb| User 18:64:72:x:x:x Failed Authentication
Apr 16 10:09:52 authmgr[3880]: <522275> <3880> <ERRS> |authmgr| User Authentication failed. username=18:64:72:x:x:x userip=172.x.x.x usermac=18:64:72:x:x:x authmethod=VPN servername=Internal serverip=131.x.x.x apname=N/A bssid=00:00:00:00:00:00

 

The MAC and userip are that of the AP. This looks kind've self-explanatory, but I haven't come across it before and I don't know where this authentication is configured or why it's happening. Can anyone help please?

 

Thanks

 


To be honest, It looks like you have control plane security enabled.  Type "show ap database" to see if the access point has the denied flag set.  If it does, type "show control-plane-security" to see if control plane security is enabled.  If it is not enabled, you have a different problem.  If it is enabled, you can allow it to admit new access points by typing the following:

 

config t

control-plane-security

allow-cert-allow-all

write mem

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Regular Contributor I

Re: AP failing to come up on controller

Ok so face-palm time - it seems I had remote-ap set in the provisioning profile.

 

I do have control-plane-security turned on - but I am allowing the address range that this AP is within. It wasn't showing as Denied, I think it couldn't talk to the controller at all. So it must have been the RAP setting, I guess because it was not in the rap whitelist? Would that be consistent with those messages?

Occasional Contributor II

Re: AP failing to come up on controller

Hi cauliflower

 

Yes. This message is shown when there is no entry in the rap-whitelist and you are using rap with certificate. Seen it yesterday in a customer installation.

 

Regards

Manuel

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: