Wireless Access

Reply
Highlighted
Occasional Contributor I

Re: RAP not connecting to cluster after provisioning

@jgoff
Sure thing. I've attached the PDF here.

The geniuses who made changes to the default server group is this case were the professional services outfit that helped us stand up our solution back in early 2019. Make a change on a default profile and then don't reference it. That's smart right? /s I find myself still chasing little things like this down a year and a half later.

When I was having issues, I noticed the APs were hitting our ClearPass Publisher strangely considering we were only planning on using the internal RAP whitelist DB on the MMs. To get it to stop showing up in access tracker, incorrectly, I thought it wise to disable "Check certificate common name against AAA server" in the L3 Authentication/VPN Authentication/default-rap profile. A combination of these 2 items made the RAPs not able to complete joining the cluster.

Highlighted
Moderator

Re: RAP not connecting to cluster after provisioning

@FPU_RB,

Thanks for the doc, ok, that's the one I thought it was going to be. I'll reach out to the author and see about putting a note in about this little gotcha (or a quick cross check for it).

 

I hear you regarding twiddling of knobs, it's an unfortunate double edge sword - having so many things to tweak increases the surface area for making changes that appear benign but turn out to have an impact (which is not least on us, as there is little warning or documentation to really deeply explain what might happen). But, if we take those options away or hide them, then sure enough we will find out there are a few customers using them.

 

Highlighted
Contributor I

Re: RAP not connecting to cluster after provisioning

Hello all,

 

Similar issues here.I have two 7210 lab controllers with internal IPs. They also have public IPs that I have configured in the Cluster. I have the RAPs pointing to the public IPs for their LMS, and they pop up briefly on the MM, but soon fall off again.

 

Can you guys tell me what command you ran to get to get the log output that pointed you to the cert CN check? I'd like to try and pinpoint where it's failing to reach the MM.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: