Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[WLA/WLC] Unable to establish new or maintain old client session when AP moves into WAN-Outage mode

0

0

Article ID: KB31468 KB Last Updated: 27 Nov 2017Version: 1.0
Summary:

This article provides an example WAN-Outage configuration for AP’s (Local-Switching) in order to maintain existing client sessions and to establish new client sessions for PSK authentication.

Solution:

Example Service-Profile/VLAN-Profile/Remote-site/Radio-Profile/AP configuration:

Service-Profile:

set service-profile aberdeen_galawpa ssid-name galawpa
set service-profile aberdeen_galawpa auth-fallthru last-resort
set service-profile aberdeen_galawpa psk-encrypted 082314485b1d03464a5a5f027928272c31662445051252560f0a0f520259514d45580b075657070d0a0a525f5b0000415e060958020d704f4d5a4157424a595b06
set service-profile aberdeen_galawpa backup-ssid mode dual
set service-profile aberdeen_galawpa wpa-ie auth-dot1x disable
set service-profile aberdeen_galawpa rsn-ie cipher-ccmp enable
set service-profile aberdeen_galawpa rsn-ie auth-psk enable
set service-profile aberdeen_galawpa rsn-ie auth-dot1x disable
set service-profile aberdeen_galawpa rsn-ie enable
set service-profile aberdeen_galawpa attr vlan-name vlan40
 

VLAN-Profile:

set vlan-profile apauth vlan vlan40 tag 40
set vlan-profile jtac-test vlan vlan40 tag 40
 

Remote-site:

set remote-site Aberdeen countrycode GB
set remote-site Aberdeen local-switching mode enable
set remote-site Aberdeen vlan-profile jtac-test
set remote-site Aberdeen wan-outage mode enable
set remote-site Aberdeen wlc-polling enable
set remote-site Aberdeen cached-config on
 

Radio-Profile:

set radio-profile Aberdeen_Radio
set radio-profile Aberdeen_Radio power-policy max-coverage
set radio-profile Aberdeen_Radio service-profile aberdeen_galawpa
 

AP:

set ap 123 serial-id pb3512274875 remote-site Aberdeen model WLA322-WW
set ap 123 force-image-download enable
set ap 123 remote-ap wan-outage mode enable
set ap 123 remote-ap wan-outage eval-period 120
set ap 123 high-latency-mode enable
set ap 123 cached-config on
set ap 123 radio 1 radio-profile Aberdeen_Radio tx-power 8 mode enable
set ap 123 radio 2 radio-profile Aberdeen_Radio mode enable
set ap 123 local-switching mode enable vlan-profile jtac-test
 

Client session output before AP moves into WAN-Outage:

WLC8# show sessions network
1 sessions total

User Name SessID Type Address VLAN AP/Rdo
------------- --- ----- -------------------- -- -----
LR-galawpa-78 85* open 10.9.221.246,V6 vlan40 L 123/2


AP status output in WAN-Outage:

========= show ap status =========

Flags: o = operational[1], c = configure[0], d = download[0], b = boot[0]
a = auto AP, m = mesh AP, p/P = mesh portal (ena/actv), r = redundant[0]
z = remote AP in outage, i/I = insecure (control/control+data)
u = unencrypted, e/E = encrypted (control/control+data)
Radio: E = enabled - 20MHz channel, S = sentry, s = spectral-data
W/w = enabled - 40MHz wide channel (HTplus/HTminus)
D = admin disabled, U = mesh uplink
IP Address: * = AP behind NAT

AP Flag IP Address Model MAC Address Radio 1 Radio 2 Uptime
---- ---- --------------- ------------ ----------------- ------- -----
123 oz-i 10.9.221.202 WLA322-WW b0:a8:6e:47:d4:00 E 6/8 W 44/17 02d06h
 

Existing client session still remains in WAN-Outage:

WLC8# show sessions network

1 sessions total

User Name SessID Type Address VLAN AP/Rdo
--------------------- ------ ----- ------------------
LR-galawpa-78 85* open 10.9.221.246,V6 vlan40 L 123/2
 

Now, AP restored from WAN-Outage mode as follows:

WLC8# show ap status

Flags: o = operational[1], c = configure[0], d = download[0], b = boot[0]
a = auto AP, m = mesh AP, p/P = mesh portal (ena/actv), r = redundant[0]
z = remote AP in outage, i/I = insecure (control/control+data)
u = unencrypted, e/E = encrypted (control/control+data)
Radio: E = enabled - 20MHz channel, S = sentry, s = spectral-data
W/w = enabled - 40MHz wide channel (HTplus/HTminus)
D = admin disabled, U = mesh uplink
IP Address: * = AP behind NAT

AP Flag IP Address Model MAC Address Radio 1 Radio 2 Uptime
---- ---- --------------- ------------ ----------------- ------- -----
123 o--i 10.9.221.202 WLA322-WW b0:a8:6e:47:d4:00 E 6/8 W 44/17 02d06h

Now, we can see old and new client sessions which are established while AP’s in WAN-Outage:
WLC8# show sessions

2 sessions total

User Name SessID Type Address VLAN AP/Rdo
--------------------- ------ ----- ------------------
LR-galawpa-80 89* open 10.9.221.254,V6 vlan40 L 123/2
LR-galawpa-78 85* open 10.9.221.246,V6 vlan40 L 123/2
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search