Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RemoteAP to VMC (No cert? What should we configure?)

This thread has been viewed 14 times

  • 1.  RemoteAP to VMC (No cert? What should we configure?)

    Posted Nov 26, 2017 04:45 AM

    Hi AirHeads,

    Good morning,

    Recently We deployed VMC (Version 8.2.0.1) , My client requested RAP solution , But not like normal controller its seems that normal config process , VPN settings/IP Settings/Whitelisting isnt enough) what extra steps needed? (Please advise)

    VPN POOL CONFIGURED

    WHITELISTED ADDED

    CONTROL PLANE SEC - AUTO CERT

    PEF ENABLED

    AP ENABLED

    Controller log output

    Nov 21 02:52:46  isakmpd[5116]: <103061> <5116> <ERRS> |ike|   IKE_CUSTOM_useCert: can't find Server-Cert
    Nov 21 02:53:47  isakmpd[5116]: <103061> <5116> <ERRS> |ike|   IKE_CUSTOM_useCert: can't find Server-Cert

     

    Please advise.

     

    Regards,

     

    Asa

     



  • 2.  RE: RemoteAP to VMC (No cert? What should we configure?)
    Best Answer

    EMPLOYEE
    Posted Jun 24, 2018 02:44 PM

    Hi Asa,

     

    As the VMC has no TPM chip, you must first get the AP as CAP on the VMC. Then you provision the CAP to RAP with PSK and username/password,  or self signed CERT!.

     

    https://www.arubanetworks.com/techdocs/ArubaOS_82_Web_Help/Content/ArubaFrameStyles/Remote_AP/Bringing_up_Certificate_Based_RAP_in_VMC.htm

     

    Hope it helps.

     

     



  • 3.  RE: RemoteAP to VMC (No cert? What should we configure?)

    Posted Aug 30, 2018 05:44 PM

    Asa, Frank

    The procedure didn't work on my environment.

    AP came UP as CAP and was managable.

    After coverion to RAP mode with the same LMS-IP it didn't contact controller more.



  • 4.  RE: RemoteAP to VMC (No cert? What should we configure?)

    Posted Aug 31, 2018 02:48 AM
    After converting it to CAP on the VMC
    Be sure that u got VPN settings / VPN pool .

    Set the RAP to connect with user pass / key.
    Please send me the show log security from the VMC after the RAP failed to contact .


  • 5.  RE: RemoteAP to VMC (No cert? What should we configure?)

    MVP EXPERT
    Posted Aug 31, 2018 03:36 AM

    Also bear in mind that if you are using clustering, PSK-RAP is not supported (at least in 8.2 anyway...)



  • 6.  RE: RemoteAP to VMC (No cert? What should we configure?)

    Posted Dec 06, 2019 05:56 AM
      |   view attached

    Hi

    I have new VM envirmeont and I want to terminate RAP on my VMC (managed by VMM - soft 8.5.0.0). I think checked all tej configurations and still RAP is not connecting.

    Please see the rap log

    I'm using 105 AP convert to RAP

     

    Waiting for reply

    Attachment(s)

    txt
    log_rap.txt   6 KB 1 version


  • 7.  RE: RemoteAP to VMC (No cert? What should we configure?)

    EMPLOYEE
    Posted Dec 06, 2019 07:57 AM

    Hi,

     

    How did you setup the RAP VPN with user pass / key ?

     

     



  • 8.  RE: RemoteAP to VMC (No cert? What should we configure?)

    Posted Dec 31, 2019 07:01 AM

    Issue was resolved with the support (Thank You).

    On the VMC when You try get up RAP You need to get up AP as a CAP first and then convert to RAP (VMC don't have certs [self-signed] to communicate with the RAP)
    On the Hardware MC problem dosten't exists.