Access Point can not connect to Controller Server.

SOLVED
Amnaj_Pi
Comes here often

Access Point can not connect to Controller Server.

Now wireless Accesspoints on this site that use CAP mode (GRE protocol) communicate with the wireless controller at HQ

 

Now this problem has arisen again. And I haven't restarted HUB HQ to investigate the issue. As I have tested this issue, HUB HQ only needs to be restarted. Please help expedite this problem.

1 ACCEPTED SOLUTION
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Amnaj_Pi , could you confirm the model of AP please?  This is a Cisco Meraki forum. Sounds like you’re using legacy Cisco AP and Controllers?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

View solution in original post

8 REPLIES 8
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @Amnaj_Pi , could you confirm the model of AP please?  This is a Cisco Meraki forum. Sounds like you’re using legacy Cisco AP and Controllers?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

This case is Aruba AP connect to controller.

 

If I connect after connect after Meraki SD-WAN, Aruba will can not connect to controller.

 

I tried to restart Meraki HQ (HUB at HQ) and after that Aruba AP can connect to controller. And after a period of time it will not be able to connect to the controller.


Now this problem is still there.

ww
Kind of a big deal
Kind of a big deal

I would make packet captures at the ap and controller to see if  something  is lost or that something reset the session

Amnaj_Pi
Comes here often

BTGNP_HQHUB-01
=========================================================================================
10:15:46.030164 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96


10:15:47.089641 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:47.090160 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:47.129737 IP 10.10.255.54.4500 > 10.254.100.24.4500: UDP-encap: ESP(spi=0x5e9c1200,seq=0x81), length 228
10:15:48.049570 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:48.050111 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:49.029628 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:49.030102 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:50.029686 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:50.030048 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:51.049709 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:51.050170 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:52.049650 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:52.050183 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:53.049586 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:53.050040 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96


10:15:54.049581 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000

 

 

------------------------------------------------------------------------------------

Betagro_BRN_Standby
=========================================================================================
10:15:46.995644 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000


10:15:47.097664 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:47.103708 IP 10.10.255.54.4500 > 10.254.100.24.4500: UDP-encap: ESP(spi=0x5e9c1200,seq=0x81), length 228
10:15:47.997642 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:48.056786 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:48.999639 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:49.037530 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:50.001643 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:50.036791 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:51.003636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:51.057284 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:52.005636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:52.057660 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:53.007633 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:53.058661 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96

 

10:15:54.009636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000

Amnaj_Pi
Comes here often

MicrosoftTeams-image.png

I not sure for how to capture option level. which I select "Low".

DarrenOC
Kind of a big deal
Kind of a big deal

You can see the GRE uni-directional traffic reaching the HQHUB from the Branch site so the SD-WAN element is working:

 

UCcert_0-1612523193802.png

 

What are the logs on the Aruba controller showing?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

I can not look at the log message to tell what happened.

 

But I can see the status of the connection to find the access point. It indicates the connection status as "2D".

 

Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2
B = Built-in AP; C = Cellular RAP; D = Dirty or no config
E = Regulatory Domain Mismatch; F = AP failed 802.1x authentication
G = No such group; I = Inactive; J = USB cert at AP; L = Unlicensed
M = Mesh node
N = Duplicate name; P = PPPoe AP; R = Remote AP; R- = Remote AP requires Auth;
S = Standby-mode AP; U = Unprovisioned; X = Maintenance Mode
Y = Mesh Recovery
c = CERT-based RAP; e = Custom EST cert; f = No Spectrum FFT support
i = Indoor; o = Outdoor; s = LACP striping; u = Custom-Cert RAP; z = Datazone AP
p = In deep-sleep status
4 = WiFi Uplink
r = Power Restricted; T = Thermal ShutDown

 

Please, find this capture.

Amnaj_Pi_0-1612670767536.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels