AP not adopted to Virtual Controller

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
Hi, i have two AP7522E. This firmware is AP7522E-5.9.1.3-007R. virtual controller IP is 192.168.20.12 & another AP ip is 192.168.20.10. Those are communicating one to one. but ap not adopted to vc. I checked following commands on AP & VC
1. ping 192.168.20.10 from vc
2. ping 192.168.20.10 source 192.168.20.12
3. ping google.com

Above all are working fine. but ap not adopted to VC. Kindly advice me where is the problem like AP configuration or Switching side.
Photo of Saravanamurthy K

Saravanamurthy K

  • 926 Points 500 badge 2x thumb

Posted 5 months ago

  • 0
  • 1
Photo of Christoph S.

Christoph S., Employee

  • 3,230 Points 3k badge 2x thumb
SSH into the VC and run the command: >show mint neighbors
Does it see the other AP/s?
If not, then they are not seeing each other at Mint level (Mint protocol) and are not in the same broadcast domain. They should be in the same broadcast domain for layer 2 adoption.
If the APs are connected to a routed switch, you will have to adopt via layer 3. on the client AP (non-vc AP) under Basic >> Controller adoption >> add the VC's IP address in there >> Apply. 
Important note: With layer 3 adoption through a routed switch, you will not have seamless roaming. Meaning that when roaming from AP to AP, the wireless client will disconnect from one and reconnect to the other. If seamless roaming (no disconnects) is critical to your operation, all APs must be in the same broadcast domain.

Thank you,

Chris
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,662 Points 4k badge 2x thumb
with CLI command 'show min neighbors' do each AP see each other? 
Also, can you run the command 'sh adoption status'?
Photo of Saravanamurthy K

Saravanamurthy K

  • 926 Points 500 badge 2x thumb
i check show mint neighbors. but its show 
 0 mint neighbors of 75.A1.B1.80
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,662 Points 4k badge 2x thumb
are you certain that both APs are a AP7522E. Can you verify with command ' sh version' .
Photo of Saravanamurthy K

Saravanamurthy K

  • 926 Points 500 badge 2x thumb
i did this in non-vc , under basic i give ip address of controller. like 192.168.20.12/24 & apply.

both are same AP & same version.

but it showing 0 mint neighbors.
Photo of Christoph S.

Christoph S., Employee

  • 3,230 Points 3k badge 2x thumb
On the VC, go to Access points, do you see both APs listed there?
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,662 Points 4k badge 2x thumb
Photo of Christopher Frazee

Christopher Frazee, Employee

  • 1,862 Points 1k badge 2x thumb
I recommend getting a support case generated and collect the tech-support files from the VC AP and non-VC AP for review:

Please reference the following to export the tech-supports:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Collect-a-Tech-Support-file-from-Wi...
Photo of Carlos Assunção

Carlos Assunção

  • 294 Points 250 badge 2x thumb
Try force the connection between AP -> VC
Photo of Mathew Sebastian

Mathew Sebastian, Employee

  • 94 Points 75 badge 2x thumb
1. Make sure both AP and VC are on same VLAN
2. If NOT, configure "controller host <ip address of VC>" on AP's profile/Device context

At this point they should form mint neighbor-ship. And "show mint known adopters" on AP should show VC's mint-id.
You may also try "mint ping <mint-id of VC>" from AP.

If all leads to void, as Christopher Frazee suggested open a support case. 
Photo of Saravanamurthy K

Saravanamurthy K

  • 926 Points 500 badge 2x thumb
Dear Team

I tired above all way. but i can't adopt the AP.
Now i am sharing VC & AP Config file. pls check and update me.

VC Configuration

ap7522-A1AA18#sh running-config
!
! Configuration of AP7522 version 5.9.1.3-007R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip access-list default-7467F7A1AA18-nat
 permit ip any any rule-precedence 1
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
 mtu 1500
!
meshpoint-qos-policy default
!
wlan-qos-policy Golil_Guest
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
wlan-qos-policy Golil_Prof
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
wlan-qos-policy Golil_Users
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan Golil_Guest
 ssid Golil_Guest
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 wep64 key 1 hex 0 6368403235
 use wlan-qos-policy Golil_Guest
!
wlan Golil_Prof
 ssid Golil_Professional
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 wep64 key 1 hex 0 6368403234
 use wlan-qos-policy Golil_Prof
!
wlan Golil_Users
 ssid Golil_Users
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 wep64 key 1 hex 0 6368403236
 use wlan-qos-policy Golil_Users
!
smart-rf-policy default
!
dhcp-server-policy WiNGExpressDhcpSvrPolicy
!
!
management-policy default
 no telnet
 http server
 https server
 ssh
 user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373bbc2b33 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
profile ap7522 default-ap7522
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan Golil_Users bss 1 primary
  wlan Golil_Guest bss 2 primary
  wlan Golil_Prof bss 3 primary
 interface radio2
  wlan Golil_Users bss 1 primary
  wlan Golil_Guest bss 2 primary
  wlan Golil_Prof bss 3 primary
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vlan1 overload
 service pm sys-restart
 router ospf
 adoption-mode controller
 !
rf-domain default
 timezone Asia/Calcutta
 country-code in
 use smart-rf-policy default
 !
ap7522 74-67-F7-A1-AA-18
 use profile default-ap7522
 use rf-domain default
 hostname ap7522-A1AA18
 ip name-server 192.168.2.22
 ip name-server 4.2.2.2
 ip default-gateway 192.168.20.1
 interface vlan1
  description "WAN Interface"
  ip address 192.168.20.5/24
  no ip dhcp client request options all
  ip nat inside
  no shutdown
 virtual-controller
 rf-domain-manager capable
 ip dns-server-forward
 logging on
 logging console warnings
 logging buffered warnings
 ip nat inside source list default-7467F7A1AA18-nat precedence 1 interface vlan1 overload
 !
 !
 end

AP Configuration

ap7522-A1B508#sh running-config
!
! Configuration of AP7522 version 5.9.1.3-007R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D                                                                                        HCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio                                                                                        n "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l                                                                                        ocal broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip access-list default-7467F7A1B508-nat
 permit ip any any rule-precedence 1
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
 mtu 1500
!
wlan-qos-policy Golil_Guest
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
wlan-qos-policy Golil_Prof
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
wlan-qos-policy Golil_Users
 rate-limit client to-air rate 5000
 rate-limit client from-air rate 5000
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan Golil_Guest
 ssid Golil_Guest
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 use wlan-qos-policy Golil_Guest
!
wlan Golil_Prof
 ssid Golil_Professional
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 use wlan-qos-policy Golil_Prof
!
wlan Golil_Users
 ssid Golil_Users
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 ch@2405$
 use wlan-qos-policy Golil_Users
!
smart-rf-policy default
!
!
management-policy default
 no telnet
 http server
 https server
 no ftp
 ssh
 user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373                                                                                        bbc2b33 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
profile ap7522 default-ap7522
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan Golil_Users bss 1 primary
  wlan Golil_Guest bss 2 primary
  wlan Golil_Prof bss 3 primary
 interface radio2
  wlan Golil_Users bss 1 primary
  wlan Golil_Guest bss 2 primary
  wlan Golil_Prof bss 3 primary
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vl                                                                                        an1 overload
 service pm sys-restart
 router ospf
 adoption-mode controller
 !
rf-domain default
 timezone Asia/Calcutta
 country-code in
 use smart-rf-policy default
 !
ap7522 74-67-F7-A1-B5-08
 use profile default-ap7522
 use rf-domain default
 hostname ap7522-A1B508
 location default
 ip name-server 192.168.2.22
 ip name-server 4.2.2.2
 ip default-gateway 192.168.20.1
 interface vlan1
  description "WAN Interface"
  ip address 192.168.20.7/24
  no ip dhcp client request options all
  no ip nat
  no shutdown
 no virtual-controller
 rf-domain-manager capable
 ip dns-server-forward
 controller host 192.168.20.5/24 level 1
 ip nat inside source list default-7467F7A1B508-nat precedence 1 interface vlan1                                                                                         overload
 !
 !
 end
Photo of Mathew Sebastian

Mathew Sebastian, Employee

  • 94 Points 75 badge 2x thumb
Either you open up a support case, for a speedy resolution

or do the following;

1. On both APs enable "logging console debugging" (Assume you do SSH to the devices) and commit
2. On both SSH consoles execute the following action commands
   logging monitor debugging
   debug cfgd join
3. On VC:
   debug adoption server level debug4
4. On non-VC AP
   debug adoption client level debug4 

Attach the resultant logs here.