WLA/WLC Series
Highlighted
WLA/WLC Series

WLA532 showing UP in status but is not allowing users on guest network

‎09-19-2013 01:27 PM

I've got a situation with a WLC 2800 running code 8.0.3.6 where a WLA532 appears to be up and functioning according to Ringmaster and the cli, its pingable on the network as well, but it is not allowing clients onto the guest network.  In the log I am only seeing this one error in relation to this one AP.

 

WLA Sep 18 19:53:32.016921 ERROR AP 1 fpm: fp_tunnel_modify_dispatch: tunnel id=0  ip=0xa010ed1 udp port=50000 delete no node

 

Does this mean anything?  This was taken from this AP's PAM.  The AP in question has been rebooted several times in which regular service returns for a short period of time, usually half a day or so, and then it stops accepting clients again.  This AP has also been replaced with other WLA532's.  This client also uses a smartpass server to authenticate users. 

 

I have a show tech and log buffer should you need to see them.

8 REPLIES 8
Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎09-19-2013 02:43 PM

Is the radio status enabled for that AP?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎09-19-2013 03:00 PM

Yes, the radios appear to enabled.  As I said, if the AP is rebooted it will work for awhile then at some point it stops.  Yet it still broadcasts the SSID...

Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎09-20-2013 03:21 AM

I assume that this AP has the same config as others which work fine.

 

"This AP has also been replaced with other WLA532's."

 

What's that mean? You've removed the bad AP, and physically replaced it, and there's still an issue? If it's just that one location, then I'd look at network cabling, the switch and port it's connected to, and the path back to the controller.

 

Otherwise, it sounds like a hardware issue - maybe it's got a bad RAM chip, and a bit is dropping after a while, causing problems.

Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎09-20-2013 06:37 AM

Yes, its been physically replaced multiple times.  As far as I know its just the one location at this point.  And apparently from what I've been told, the controller has also been replaced at some point in the recent past.  And the only log message yesterday pertaining to that particular AP during the issue was this:

 

WLA Sep 18 19:53:32.016921 ERROR AP 1 fpm: fp_tunnel_modify_dispatch: tunnel id=0  ip=0xa010ed1 udp port=50000 delete no node

 

I am going to gather more connection logs from clients and report back.

Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎09-20-2013 07:38 AM

That points to something with either the wired network infrastructure from that AP back, or environmental. For instance, an AP mounted on the ceiling in a hospital, where there's an MRI in the room above.

Highlighted
WLA/WLC Series
Solution
Accepted by topic author peterbishop
‎08-26-2015 01:27 AM

Re: WLA532 showing UP in status but is not allowing users on guest network

‎10-13-2013 10:06 AM

Sorry I haven't written back on this issue in awhile, but we ended up getting the JTAC advanced wireless team involved and apparently this is a known PR, PR899940.  BUT the PR isn't searchable on Juniper's website PR search.  It's hidden so only certain users can see it.

 

But basically, the issue is that the tunnel between the AP and the controller was being lost.  I guess during normal operation the tunnel ID cycles throughout normal operation, but for some reason the controller was hanging onto a Tunnel ID of "0" and that number is apparently reserved for the AP and can't be used by the controller.  The only work around is to reset the AP manually. 

 

However, the fix is to upgrade to a special service release of code 8.0.3.7, a code version that you can't even download off the Juniper website, it had to be provided to me via a secure download link. 

 

The client has put this special code release onto their 2800's and it has resolved the tunnel issue. 

Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

[ Edited ]
‎10-13-2013 06:33 PM

Any explanation why APs, replaced multiple times,  in that particular location had this issue and others not? There must have been something different which brought out this issue. Network latency? Firewall?

Highlighted
WLA/WLC Series

Re: WLA532 showing UP in status but is not allowing users on guest network

‎10-14-2013 08:28 AM

It turns out the client wasn't exactly sure how wide spread the issue was.  They have a large campus with many AP's across different buildings and they did not have the resources to go to each and every room/AP to diagnose it.  It ended up happening in multiple areas off multiple AP's, but it was most noticeable in the area they were calling in about since that particular AP serviced a lot of higher profile users.  But since the code upgrade, all has been well.