Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAP migration from one controller to another

This thread has been viewed 4 times

  • 1.  RAP migration from one controller to another

    Posted May 29, 2018 02:41 AM

     

    ike.jpgI have a customer, with a 3200 and a cluster of 7210 controllers, and I need to migrate all RAPs currently conected to the 3200 to the other cluster. Both controllers are behind the same public IP and the router forwards currently port 4500 towards the 3200. The guy responsible for the network infrastructure said, he changed the prerouting for one of the RAPs forwarding that to the new cluster, and after I rebooted that it started an IKE negotiation, however it would not connect, although all the necessary profiles and setting have been copied to the 7210s.


    Can you point out what am I doing wrong, please?



  • 2.  RE: RAP migration from one controller to another

    MVP EXPERT
    Posted May 29, 2018 03:02 AM

    Are you able to provide the logs from the controller which these are attempting to connect too? Make sure you have the following set up on the new controller.

     

    - RAP is added to the whitelist (if using cert based)

    - RAP username/password is defined.

    - RAP IP Pool is defined.

    - Aruba AP Group is defined.


    You've advised these are previously running on a 3200. What is the model of RAP and the ArubaOS version on the 

     

    This may help too

     

    https://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74894/3/Aruba%20Remote%20Access%20Point%20(RAP)%20Troubleshooting.pdf



  • 3.  RE: RAP migration from one controller to another

    Posted May 29, 2018 03:11 AM

    Unfortunately not... I am only able to get them out in the evening, but I will do that. What logs do I need to look for?

    As for the rest, yes, I have created the whitelist, the AP group is defined, and IP pool set up as needed.



  • 4.  RE: RAP migration from one controller to another

    MVP EXPERT
    Posted May 29, 2018 03:18 AM

    Here is the commands:

     

     

    • L2TP debugging:
         #logging level debugging security process l2tp
    • IKE debugging:
         #logging level debugging security process crypto
    • Authmgr debugging:
         #logging level debugging security process authmgr
    • Localdb debugging:
         #logging level debugging security process localdb

    Can you confirm which ArubaOS the 7210 is running and the RAP models in your enviroment.

     



  • 5.  RE: RAP migration from one controller to another

    Posted May 29, 2018 04:00 AM

    Oh, yes, sorry. The 3200 is running on version 6.3.1.25 and the 7210 is on 6.4.4.16.



  • 6.  RE: RAP migration from one controller to another

    MVP EXPERT
    Posted May 29, 2018 04:12 AM
    What are the RAP models in your environment?


  • 7.  RE: RAP migration from one controller to another

    Posted May 29, 2018 08:03 AM

    Seems that I was able to sort it out.

     

    By monitoring the logs, and actually it was the performance logs that helped in this respect - I was able to track it down to xauth issues. Somebody modified the default server group for the VPN auth profile, and a Radius server had priority there which - of course was not able to authenticate the RAP by its MAC as username and password.

    I set up a RAP-109 in the office, and tweak the system, until it started to work. There was of course another mistake in the AP system profile, as during one of the tests I entered there a VRRP address of the cluster. By removing that the RAP went up and started to work.

    So thanks for the assistance case can be considered solved. :-)