ExtremeWireless (WiNG)

Expand all | Collapse all

AP not adopted to Virtual Controller

Carlos Assunção

Carlos Assunção05-10-2018 15:01

  • 1.  AP not adopted to Virtual Controller

    Posted 05-10-2018 08:12
    Hi, i have two AP7522E. This firmware is AP7522E-5.9.1.3-007R. virtual controller IP is 192.168.20.12 & another AP ip is 192.168.20.10. Those are communicating one to one. but ap not adopted to vc. I checked following commands on AP & VC
    1. ping 192.168.20.10 from vc
    2. ping 192.168.20.10 source 192.168.20.12
    3. ping google.com

    Above all are working fine. but ap not adopted to VC. Kindly advice me where is the problem like AP configuration or Switching side.


  • 2.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 10:58
    SSH into the VC and run the command: >show mint neighbors
    Does it see the other AP/s?
    If not, then they are not seeing each other at Mint level (Mint protocol) and are not in the same broadcast domain. They should be in the same broadcast domain for layer 2 adoption.
    If the APs are connected to a routed switch, you will have to adopt via layer 3. on the client AP (non-vc AP) under Basic >> Controller adoption >> add the VC's IP address in there >> Apply.
    Important note: With layer 3 adoption through a routed switch, you will not have seamless roaming. Meaning that when roaming from AP to AP, the wireless client will disconnect from one and reconnect to the other. If seamless roaming (no disconnects) is critical to your operation, all APs must be in the same broadcast domain.

    Thank you,

    Chris


  • 3.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 11:01
    with CLI command 'show min neighbors' do each AP see each other?
    Also, can you run the command 'sh adoption status'?


  • 4.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 11:13
    i check show mint neighbors. but its show
    0 mint neighbors of 75.A1.B1.80


  • 5.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 11:16
    are you certain that both APs are a AP7522E. Can you verify with command ' sh version' .



  • 6.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 11:20
    i did this in non-vc , under basic i give ip address of controller. like 192.168.20.12/24 & apply.

    both are same AP & same version.

    but it showing 0 mint neighbors.


  • 7.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 11:21
    On the VC, go to Access points, do you see both APs listed there?


  • 8.  RE: AP not adopted to Virtual Controller



  • 9.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 13:42
    I recommend getting a support case generated and collect the tech-support files from the VC AP and non-VC AP for review:

    Please reference the following to export the tech-supports:

    https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Collect-a-Tech-Support-file-from-Wi...



  • 10.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 15:01
    Try force the connection between AP -> VC



  • 11.  RE: AP not adopted to Virtual Controller

    Posted 05-10-2018 15:22
    1. Make sure both AP and VC are on same VLAN
    2. If NOT, configure "controller host [i]" on AP's profile/Device context

    At this point they should form mint neighbor-ship. And "show mint known adopters" on AP should show VC's mint-id.
    You may also try "mint ping


  • 12.  RE: AP not adopted to Virtual Controller

    Posted 05-12-2018 10:33
    Dear Team

    I tired above all way. but i can't adopt the AP.
    Now i am sharing VC & AP Config file. pls check and update me.

    VC Configuration

    ap7522-A1AA18#sh running-config
    !
    ! Configuration of AP7522 version 5.9.1.3-007R
    !
    !
    version 2.5
    !
    !
    client-identity-group default
    load default-fingerprints
    !
    ip access-list BROADCAST-MULTICAST-CONTROL
    permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
    permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
    deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
    deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
    deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
    permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
    !
    ip access-list default-7467F7A1AA18-nat
    permit ip any any rule-precedence 1
    !
    mac access-list PERMIT-ARP-AND-IPv4
    permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
    permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
    !
    ip snmp-access-list default
    permit any
    !
    firewall-policy default
    no ip dos tcp-sequence-past-window
    no stateful-packet-inspection-l2
    !
    !
    mint-policy global-default
    mtu 1500
    !
    meshpoint-qos-policy default
    !
    wlan-qos-policy Golil_Guest
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    wlan-qos-policy Golil_Prof
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    wlan-qos-policy Golil_Users
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    radio-qos-policy default
    !
    wlan Golil_Guest
    ssid Golil_Guest
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    wep64 key 1 hex 0 6368403235
    use wlan-qos-policy Golil_Guest
    !
    wlan Golil_Prof
    ssid Golil_Professional
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    wep64 key 1 hex 0 6368403234
    use wlan-qos-policy Golil_Prof
    !
    wlan Golil_Users
    ssid Golil_Users
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    wep64 key 1 hex 0 6368403236
    use wlan-qos-policy Golil_Users
    !
    smart-rf-policy default
    !
    dhcp-server-policy WiNGExpressDhcpSvrPolicy
    !
    !
    management-policy default
    no telnet
    http server
    https server
    ssh
    user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373bbc2b33 role superuser access all
    snmp-server community 0 private rw
    snmp-server community 0 public ro
    snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
    snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
    !
    profile ap7522 default-ap7522
    no autoinstall configuration
    no autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    wlan Golil_Users bss 1 primary
    wlan Golil_Guest bss 2 primary
    wlan Golil_Prof bss 3 primary
    interface radio2
    wlan Golil_Users bss 1 primary
    wlan Golil_Guest bss 2 primary
    wlan Golil_Prof bss 3 primary
    interface ge1
    interface vlan1
    ip address dhcp
    ip address zeroconf secondary
    ip dhcp client request options all
    interface pppoe1
    use firewall-policy default
    use client-identity-group default
    ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vlan1 overload
    service pm sys-restart
    router ospf
    adoption-mode controller
    !
    rf-domain default
    timezone Asia/Calcutta
    country-code in
    use smart-rf-policy default
    !
    ap7522 74-67-F7-A1-AA-18
    use profile default-ap7522
    use rf-domain default
    hostname ap7522-A1AA18
    ip name-server 192.168.2.22
    ip name-server 4.2.2.2
    ip default-gateway 192.168.20.1
    interface vlan1
    description "WAN Interface"
    ip address 192.168.20.5/24
    no ip dhcp client request options all
    ip nat inside
    no shutdown
    virtual-controller
    rf-domain-manager capable
    ip dns-server-forward
    logging on
    logging console warnings
    logging buffered warnings
    ip nat inside source list default-7467F7A1AA18-nat precedence 1 interface vlan1 overload
    !
    !
    end

    AP Configuration

    ap7522-A1B508#sh running-config
    !
    ! Configuration of AP7522 version 5.9.1.3-007R
    !
    !
    version 2.5
    !
    !
    client-identity-group default
    load default-fingerprints
    !
    ip access-list BROADCAST-MULTICAST-CONTROL
    permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
    permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D HCP replies"
    deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio n "deny windows netbios"
    deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
    deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l ocal broadcast"
    permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
    !
    ip access-list default-7467F7A1B508-nat
    permit ip any any rule-precedence 1
    !
    ip snmp-access-list default
    permit any
    !
    firewall-policy default
    no ip dos tcp-sequence-past-window
    no stateful-packet-inspection-l2
    !
    !
    mint-policy global-default
    mtu 1500
    !
    wlan-qos-policy Golil_Guest
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    wlan-qos-policy Golil_Prof
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    wlan-qos-policy Golil_Users
    rate-limit client to-air rate 5000
    rate-limit client from-air rate 5000
    qos trust dscp
    qos trust wmm
    !
    radio-qos-policy default
    !
    wlan Golil_Guest
    ssid Golil_Guest
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    use wlan-qos-policy Golil_Guest
    !
    wlan Golil_Prof
    ssid Golil_Professional
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    use wlan-qos-policy Golil_Prof
    !
    wlan Golil_Users
    ssid Golil_Users
    vlan 1
    bridging-mode local
    encryption-type ccmp
    authentication-type none
    no fast-bss-transition over-ds
    wpa-wpa2 psk 0 ch@2405$
    use wlan-qos-policy Golil_Users
    !
    smart-rf-policy default
    !
    !
    management-policy default
    no telnet
    http server
    https server
    no ftp
    ssh
    user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373 bbc2b33 role superuser access all
    snmp-server community 0 private rw
    snmp-server community 0 public ro
    snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
    snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
    !
    profile ap7522 default-ap7522
    no autoinstall configuration
    no autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    wlan Golil_Users bss 1 primary
    wlan Golil_Guest bss 2 primary
    wlan Golil_Prof bss 3 primary
    interface radio2
    wlan Golil_Users bss 1 primary
    wlan Golil_Guest bss 2 primary
    wlan Golil_Prof bss 3 primary
    interface ge1
    interface vlan1
    ip address dhcp
    ip address zeroconf secondary
    ip dhcp client request options all
    interface pppoe1
    use firewall-policy default
    use client-identity-group default
    ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vl an1 overload
    service pm sys-restart
    router ospf
    adoption-mode controller
    !
    rf-domain default
    timezone Asia/Calcutta
    country-code in
    use smart-rf-policy default
    !
    ap7522 74-67-F7-A1-B5-08
    use profile default-ap7522
    use rf-domain default
    hostname ap7522-A1B508
    location default
    ip name-server 192.168.2.22
    ip name-server 4.2.2.2
    ip default-gateway 192.168.20.1
    interface vlan1
    description "WAN Interface"
    ip address 192.168.20.7/24
    no ip dhcp client request options all
    no ip nat
    no shutdown
    no virtual-controller
    rf-domain-manager capable
    ip dns-server-forward
    controller host 192.168.20.5/24 level 1
    ip nat inside source list default-7467F7A1B508-nat precedence 1 interface vlan1 overload
    !
    !
    end



  • 13.  RE: AP not adopted to Virtual Controller

    Posted 05-14-2018 14:43
    Either you open up a support case, for a speedy resolution

    or do the following;

    1. On both APs enable "logging console debugging" (Assume you do SSH to the devices) and commit
    2. On both SSH consoles execute the following action commands
    logging monitor debugging
    debug cfgd join
    3. On VC:
    debug adoption server level debug4
    4. On non-VC AP
    debug adoption client level debug4

    Attach the resultant logs here.


  • 14.  RE: AP not adopted to Virtual Controller

    Posted 11-21-2018 02:09
    Saravanamurthy K was you able to fix this issue, were you able to identify the root cause.

    I had a faced similar issue where 8 of my 10 AP7632i were not getting adopted in spite of being in the same broadcast domain, the problem was different firmware level, I ran a command "show adoption status" and there it was giving firmware error.
    hence i was able to troubleshoot and fix the issue.