Hey guys,
I've reprovisioned a RAP to change its ap group, I've just changed the group and ignore the FQLN parameters. So I guess that the only parameters that were changed was those.
Anyway the RAP (AP-105) is now offline so it can't pass ipsec sa, so I think this is like an authentication issue.
Here's the reprovisioned log.
Mar 6 14:08:56 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<clear provisioning-ap-list > -- command executed successfully
Mar 6 14:08:56 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap read-bootinfo ap-name "AP-QRO-01" > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap copy-provisioning-params ap-name "AP-QRO-01" > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap installation default > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap no external-antenna > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap no master > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap ap-group "APG-AP-FORANEA" > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap ap-name "AP-QRO-01" > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap no syslocation > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap remote-ap > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap no fqln > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<provision-ap reprovision ap-name "AP-QRO-01" > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<clear provisioning-ap-list > -- command executed successfully
Mar 6 14:09:04 webui[1410]: USER:admin@xxx.xxx.xxx.xxx COMMAND:<clear provisioning-params > -- command executed successfully
And here is the log of SAs
(MXMEXWLANMASTER01) #show crypto isakmp sa
ISAKMP SA Active Session Information
------------------------------------
Initiator IP Responder IP Flags Start Time Private IP
------------ ------------ ----- --------------- ----------
10.49.164.127 10.49.124.1 r-m-p-x-R Mar 6 09:23:24 192.168.69.4
10.49.124.3 10.49.124.2 r-a-p Mar 6 11:57:22 -
Flags: i = Initiator; r = Responder
m = Main Mode; a = Agressive Mode v2 = IKEv2
p = Pre-shared key; c = Certificate/RSA Signature; e = ECDSA Signature
x = XAuth Enabled; y = Mode-Config Enabled; E = EAP Enabled
3 = 3rd party AP; C = Campus AP; R = RAP
V = VIA; S = VIA over TCP
Total ISAKMP SAs: 2
(MXMEXWLANMASTER01) #show crypto ipsec sa
IPSEC SA Active Session Information
-----------------------------------
Initiator IP Responder IP InitiatorID ResponderID Flags Start Time Inner IP
------------ ------------ ----------- ----------- ----- --------------- --------
10.49.124.3 10.49.124.2 10.49.124.3/32 10.49.124.2/32 T Mar 6 14:23:08 -
Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2
Total IPSEC SAs: 1
IP address 10.49.164.127 is the outer IP of the AP
Is there a way to ensure the AP has all the correct parameters?
Regards,