That is weird indeed. Both APs show up in the controller? APs should always run on the same firmware version as the controller, and download the running firmware version once connected.
What I may think of is that there is a connectivity issue between the AP2 and the controller. Might be a bad cable, switchport, or so.
Please check cabling/switchport config/everything that is different between the path AP1-controller and AP2-controller.
It's also that I read between the lines that the firmware is not updated correctly. You may try a factory-reset of AP2, however I would not expect too much from it. Your Aruba partner may be able to have a look on-site what is wrong.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 20, 2022 11:03 AM
From: Michael Guyear
Subject: 802.1x users stuck in logon role on one AP
I have a strange problem.
AP1 and AP2 both AP-575s and on the same 7005 controller which was just updated to 8.7.1.9 from 8.7.1.7 to force a firmware update on AP2
Both APs are in the same AP group and have no AP specific settings.
802.1x auth work just fine on AP2 but gets stuck at logon role on AP1.
Nothing in logs in Clearpass from AP1. It is as if the auths are getting dropped at the AP or Controller.
If I switch AP1 from a CAP to a RAP all 802.1x authentications work fine.
I am stumped.
------------------------------
Michael Guyear
------------------------------