Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can not convert IAP103 to CAP:( Urgently(((

This thread has been viewed 0 times

  • 1.  Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 26, 2015 07:01 AM

    Hi everybody, 

    Got a problem:( I have a pair of 7210 controllers and 93 IAP103 working as APs. 

    I use PSK+MAC authorisation on Internal DB for my clients. 

    Now I want to add 3 new APs. I've got 3 new IAP103. They can see the controller, ping is OK. When I try to convert them to CAPs I've got just nothing:(

    When I see the log at controller, It looks like the controller treats these new IAPs as Cliens and checks if their's MACs exist in the Internal DB and connection failed. 

    ANy ideas how to fix?

    Many thanks in advance!

     

    My new APs MACs are:

    94:b4:0f:c3:ec:cc

    94:b4:0f:c3:ed:e4

    94:b4:0f:c3:ef:26

    The log is here

    ----------------------------------------------------

    Feb 26 11:55:12

    cfgm[3431]: <307048> <DBUG> |cfgm| Got a message from 8231:5010

    Feb 26 11:55:12

    cfgm[3431]: <307050> <DBUG> |cfgm| Received a IPSEC CFG Message

    Feb 26 11:55:12

    cfgm[3431]: <307218> <INFO> |cfgm| CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0

    Feb 26 11:55:12

    cfgm[3431]: <307219> <DBUG> |cfgm| Sending the IPSEC Configuration

    Feb 26 11:55:14

    localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ec:cc Failed Authentication

    Feb 26 11:55:14

    authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ec:cc userip=192.168.47.13 usermac=94:b4:0f:c3:ec:cc servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

    Feb 26 11:55:15

    localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ed:e4 Failed Authentication

    Feb 26 11:55:15

    authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ed:e4 userip=192.168.47.14 usermac=94:b4:0f:c3:ed:e4 servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

    Feb 26 11:55:15

    sapd[2628]: <404098> <WARN> |AP UBR 2-4@192.168.46.20 sapd| AM 94:b4:0f:c0:80:80: ARM - HT decreasing power cov-index 12/0 tx-power 4 new_rra 11-/3

    Feb 26 11:55:19

    authmgr[15698]: <522245> <DBUG> |authmgr| user_age() called for MAC 40:fc:89:3a:f0:34 IP 10.112.57.203.

    Feb 26 11:55:21

    localdb[3628]: <133019> <ERRS> |localdb| User C0-9F-42-68-A8-A2 was not found in the database

    Feb 26 11:55:21

    localdb[3628]: <133006> <ERRS> |localdb| User C0-9F-42-68-A8-A2 Failed Authentication

    Feb 26 11:55:21

    authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=C0-9F-42-68-A8-A2 userip=0.0.0.0 usermac=c0:9f:42:68:a8:a2 servername=Internal serverip=192.168.46.10 apname=UBR 2-3 bssid=94:b4:0f:be:c7:c1

    Feb 26 11:55:22

    cfgm[3431]: <399814> <DBUG> |cfgm| Recvd msg type MESSAGE_TYPE_HEARTBEAT 12 bytes, magic 4972 len 284 from local 192.168.46.6(00:1a:1e:01:91:e0) over socket 22

    Feb 26 11:55:22

    cfgm[3431]: <307093> <DBUG> |cfgm| master: My active_ts 2, Received heartbeat message version 4 from a LMS 192.168.46.6, pkt active_ts 2

    Feb 26 11:55:22

    cfgm[3431]: <307095> <DBUG> |cfgm| Setting switch entry not responding to false

    Feb 26 11:55:22

    cfgm[3431]: <399814> <DBUG> |cfgm| setSwitchUpgradeEntry:1179, IP: 192.168.46.6 - current state: Unknown, next state: Waiting, image not verified

    Feb 26 11:55:22

    cfgm[3431]: <399814> <DBUG> |cfgm| Received TLV HB message from 192.168.46.6(00:1a:1e:01:91:e0) entry config state UPDATE SUCCESSFUL outstandingUpdateCount 0 maxOutstandingUpdateCounter 5

    Feb 26 11:55:22

    cfgm[3431]: <307099> <DBUG> |cfgm| Timestamps are same, state is UPDATE SUCCESSFUL

    Feb 26 11:55:22

    cfgm[3431]: <307100> <DBUG> |cfgm| Sending heartbeat version 4 response over TCP to 192.168.46.6 config state UPDATE SUCCESSFUL, my config ID 2 incoming packet cfgid 2

    Feb 26 11:55:25

    cfgm[3431]: <307026> <DBUG> |cfgm| master: Refreshing the lms list

    Feb 26 11:55:25

    cfgm[3431]: <307027> <DBUG> |cfgm| Checking the LMS not responding flag for local 192.168.46.5 flag value is 1, missedHB 0 socketID -1

    Feb 26 11:55:25

    cfgm[3431]: <307027> <DBUG> |cfgm| Checking the LMS not responding flag for local 192.168.46.6 flag value is 0, missedHB 0 socketID 22

    Feb 26 11:55:27

    cfgm[3431]: <307048> <DBUG> |cfgm| Got a message from 8231:5010

    Feb 26 11:55:27

    cfgm[3431]: <307050> <DBUG> |cfgm| Received a IPSEC CFG Message

    Feb 26 11:55:27

    cfgm[3431]: <307218> <INFO> |cfgm| CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0

    Feb 26 11:55:27

    cfgm[3431]: <307219> <DBUG> |cfgm| Sending the IPSEC Configuration

    Feb 26 11:55:29

    localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ef:26 Failed Authentication

    Feb 26 11:55:29

    authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ef:26 userip=192.168.47.15 usermac=94:b4:0f:c3:ef:26 servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

     


    #7210


  • 2.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 26, 2015 09:13 AM
    Do you have cpsec enabled? What's your license count look like?


  • 3.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 26, 2015 10:01 AM

    Hi!

    Control plane security is disabled. 

    I've got 100 device licencies installed (using now 99 - including these 3 new APs)

     

    Thanks!



  • 4.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 26, 2015 10:27 PM

    May be I should enable CPSec and add manually these new IAPs to white list?

    Will it solve the problem?



  • 5.  RE: Can not convert IAP103 to CAP:( Urgently(((

    EMPLOYEE
    Posted Feb 27, 2015 06:57 AM

    Petgovich,

     

    What version of ArubaOS are you running on your 7200 controller?

     

     

     



  • 6.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 27, 2015 07:14 AM

    Cjoseph,

    I'm running 6.4.2.3 now



  • 7.  RE: Can not convert IAP103 to CAP:( Urgently(((

    EMPLOYEE
    Posted Feb 27, 2015 07:36 AM

    Petgovich,

     

    That should absolutely work.  You might want to contact TAC, because you could have changed something that would affect the conversion process.  I don't want to guess and have you break something in your production network.



  • 8.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Feb 27, 2015 08:41 AM
    At initial deployment I had no PEFNG installed. Now I have it. Are there any firewall rules I should check?


  • 9.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Mar 03, 2015 03:29 PM

    you could check if your interfaces are set to trusted, but further there shouldn't be any rules involved.

     

    your log does indicate the AP doesn't authentication correctly. did you convert them really to CAP and not RAP? and is CPSEC really turned off?

     

    also for urgent questions there is TAC.



  • 10.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Mar 04, 2015 12:49 AM

    Many thanks to everybody!

    The problem is solved 



  • 11.  RE: Can not convert IAP103 to CAP:( Urgently(((

    Posted Mar 04, 2015 02:51 AM

    that is good news Petgovich.

     

    could you be so kind to share how you solved it, that might help other people who find this thread later on.