Wireless Access

Hey guys,

last month i successfully installed my first MM/MC Infrastructure at a customer site. everything went very smoothly. 

The customer has a monitoring system which pings the access points, but fails at that. So there are a lot of error messages on the monitoring screen. 

Question is - why are the access points not pingable? the ping doesnt work for any subnet (the APs are installed all around the globe), routing is working fine, the access points wont respond to pings on the same subnet either. 

Do you have some tips for me? 

The installed version is 8.3.0.2

thanks !

Is CPSec enabled? (It is be default)

CPSec changes the way AP management traffic is routed. Here's a recent thread on the topic: https://community.arubanetworks.com/t5/Wireless-Access/Ping-and-CPsec-how-to-manage-monitoring/td-p/446305

Hello Charlie,

yes, CPsec is enabled. 

if i understand the post correctly this problem occurs only if there is routed traffic. 

while this is helpful for other networks, where traffic has to be routed it does not tell me why i cant ping the APs from the same subnet. any tips for that? 

Thank you very much

---

@schweinbeitl420 wrote:

Hello Charlie,

 

yes, CPsec is enabled. 

if i understand the post correctly this problem occurs only if there is routed traffic. 

 

while this is helpful for other networks, where traffic has to be routed it does not tell me why i cant ping the APs from the same subnet. any tips for that? 

 

Thank you very much

---

Missed the part about local subnet pinging. That should be able to work unless there's been a configuration change pushed to the APs. Are there mgmt stations at each site on the AP's local subnets for pinging? In other words, does solving the local ping problem resolve the managment issue, or is this a separate issue uncovered when trying to troubleshooting pinging from a centralized management console? 

hi charlie, 

thanks for your reply. 

you got it right, while troubleshooting why i cant ping the access points i stumbled over the issue with the local subnet ping. 

Would disabling CPsec do the trick? is this even recommended?

Thanks again

---

@schweinbeitl420 wrote:

hi charlie, 

 

thanks for your reply. 

you got it right, while troubleshooting why i cant ping the access points i stumbled over the issue with the local subnet ping. 

Would disabling CPsec do the trick? is this even recommended?

 

Thanks again

---

CPSec is required if your configuration uses Virtual AP profiles that are forwarding in either bridge mode or decrypt-tunnel mode. For standard tunnel mode (the default), CPSec is not required. It is a global setting for the controller, however, and affects all APs on the controller.

That said, since you have an issue with ping from any source, I don't yet feel that this would be a likely fix. From the CLI, can you get the output from:

show ip access-list ap-uplink-acl

Hi Charlie, 

sorry for the late reply. I dont have access to the Customer Site, so i had to make an appointment to check further steps. 

Attached is the outcome of the uplink ACL. Looking good in my opinion.

But while i was working on the customer site myself i figured out that i did not get correct information, the Access Points in the same Subnet are answering to ping requests. So it seems CPsec is our Problem. 

All the SSIDs are in Bridge Mode...any idea how i could make this work somehow without disabling CPsec? 

thank you in advance