Now wireless Accesspoints on this site that use CAP mode (GRE protocol) communicate with the wireless controller at HQ
Now this problem has arisen again. And I haven't restarted HUB HQ to investigate the issue. As I have tested this issue, HUB HQ only needs to be restarted. Please help expedite this problem.
Solved! Go to solution.
Hi @Amnaj_Pi , could you confirm the model of AP please? This is a Cisco Meraki forum. Sounds like you’re using legacy Cisco AP and Controllers?
Hi @Amnaj_Pi , could you confirm the model of AP please? This is a Cisco Meraki forum. Sounds like you’re using legacy Cisco AP and Controllers?
This case is Aruba AP connect to controller.
If I connect after connect after Meraki SD-WAN, Aruba will can not connect to controller.
I tried to restart Meraki HQ (HUB at HQ) and after that Aruba AP can connect to controller. And after a period of time it will not be able to connect to the controller.
Now this problem is still there.
I would make packet captures at the ap and controller to see if something is lost or that something reset the session
BTGNP_HQHUB-01
=========================================================================================
10:15:46.030164 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:47.089641 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:47.090160 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:47.129737 IP 10.10.255.54.4500 > 10.254.100.24.4500: UDP-encap: ESP(spi=0x5e9c1200,seq=0x81), length 228
10:15:48.049570 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:48.050111 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:49.029628 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:49.030102 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:50.029686 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:50.030048 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:51.049709 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:51.050170 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:52.049650 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:52.050183 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:53.049586 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:53.050040 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:54.049581 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
------------------------------------------------------------------------------------
Betagro_BRN_Standby
=========================================================================================
10:15:46.995644 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:47.097664 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:47.103708 IP 10.10.255.54.4500 > 10.254.100.24.4500: UDP-encap: ESP(spi=0x5e9c1200,seq=0x81), length 228
10:15:47.997642 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:48.056786 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:48.999639 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:49.037530 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:50.001643 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:50.036791 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:51.003636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:51.057284 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:52.005636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:52.057660 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:53.007633 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
10:15:53.058661 IP 10.254.100.24 > 10.10.255.54: ICMP 10.254.100.24 protocol 47 unreachable, length 96
10:15:54.009636 IP 10.10.255.54 > 10.254.100.24: GREv0, length 68: gre-proto-0x9000
I not sure for how to capture option level. which I select "Low".
You can see the GRE uni-directional traffic reaching the HQHUB from the Branch site so the SD-WAN element is working:
What are the logs on the Aruba controller showing?
I can not look at the log message to tell what happened.
But I can see the status of the connection to find the access point. It indicates the connection status as "2D".
Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2
B = Built-in AP; C = Cellular RAP; D = Dirty or no config
E = Regulatory Domain Mismatch; F = AP failed 802.1x authentication
G = No such group; I = Inactive; J = USB cert at AP; L = Unlicensed
M = Mesh node
N = Duplicate name; P = PPPoe AP; R = Remote AP; R- = Remote AP requires Auth;
S = Standby-mode AP; U = Unprovisioned; X = Maintenance Mode
Y = Mesh Recovery
c = CERT-based RAP; e = Custom EST cert; f = No Spectrum FFT support
i = Indoor; o = Outdoor; s = LACP striping; u = Custom-Cert RAP; z = Datazone AP
p = In deep-sleep status
4 = WiFi Uplink
r = Power Restricted; T = Thermal ShutDown
Please, find this capture.