Wing ap7522 is not managing with WING RFS4000 controller

  • 0
  • 1
  • Problem
  • Updated 4 weeks ago
  • Solved

Hello,
I have an ap7522 that is adopted by a rfs4000 controller,but when I make
changes to the controller the ap does not take into account the changes.
Best regards
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb

Posted 4 weeks ago

  • 0
  • 1
Photo of Christoph S.

Christoph S., Employee

  • 3,230 Points 3k badge 2x thumb
Are they both on the same firmware version?

Please provide results of command: #show adoptions status
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
yes , they are in the same firmware version

ap7522-74D840*#sh adoption status
Adopted by:
Type          : RFS4000
System Name   : rfs4000-F9B7DD
MAC address   : B4-C7-99-F9-B7-DD
MiNT address  : 19.F9.B7.DD
Time          :   0 days 00:59:53 ago



Photo of Christoph S.

Christoph S., Employee

  • 3,190 Points 3k badge 2x thumb
Please run command on controller and provide output. 

Are you making the changes in the AP profile or overrides on the controller?

Is the country code properly set on both?
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
The ap is wrong is calle test

rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME       VERSION         CFG-STAT         MSGS ADOPTED-BY        LAST-ADOPTION                  UPTIME
---------------------------------------------------------------------------------------------------------------
LT2               5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:56:59    29 days 06:34:52
SupervGSI         5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:03    20 days 00:24:58
test              5.8.4.0-034R    error            Yes  rfs4000-F9B7DD      0 days 01:17:00     0 days 01:18:31
CODIS             5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:01    19 days 05:10:00
Techniques        5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:02    82 days 21:17:34
FORM-CTA-CODIS-.. 5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:04    20 days 00:53:41
Ardoisieres       5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:01    95 days 22:46:07
Etat-major        5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:01    95 days 22:46:30
Amphi             5.8.4.0-034R    configured       No   rfs4000-F9B7DD      0 days 22:57:03    95 days 22:46:31
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9


Photo of Christoph S.

Christoph S., Employee

  • 3,190 Points 3k badge 2x thumb
As you can see there's an error in CFG-STAT. Probably a mismatch in configs between what's on the controller and what's on the AP. Have you tried rebooting said AP first?
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
yes,
Photo of Andrew Blomley

Andrew Blomley, Employee

  • 792 Points 500 badge 2x thumb
the config being sent is causing the ap to loses connection to the controller.

1) confirm you have configured a virtual interface 
2) confirm you have configured a DFG (if dhcp make sure request all options has been selected)

Andy
 

Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
the ap is not on the same site, is behind a router

below the config ap
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
 mtu 1300
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
 telnet
 no http server
 https server
 ssh
 user admin password 1 46a001a418ab5129e2d819aea71579abb50a66709139b5832b75507274d5e300 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy default
!
profile ap7522 default-ap7522
 bridge vlan 119
  bridging-mode tunnel
  ip igmp snooping
  ip igmp snooping querier
  ipv6 mld snooping
  ipv6 mld snooping querier
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 l2tpv3 tunnel vlan119
  peer 1 ip-address 172.26.1.48 hostname rfs4000-F9B7DD
  session vlan119 pseudowire-id 119 traffic-source vlan 119
  establishment-criteria rf-domain-manager
 l2tpv3 inter-tunnel-bridging
!
rf-domain default
 country-code g1
 use nsight-policy default
!
ap7522 B8-50-01-74-D8-40
 use profile default-ap7522
 use rf-domain default
 hostname ap7522-74D840
 location default
 adoption-mode controller
 ip default-gateway 172.27.1.254
 interface vlan1
  no description
  ip address 172.27.1.250/24
 no virtual-controller
 rf-domain-manager capable
 controller host 172.26.1.48 level 2
!
!
end


Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,470 Points 4k badge 2x thumb
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,610 Points 4k badge 2x thumb
please mint ping RFS4k form the AP & provide output. 


mint ping 19.F9.B7.DD size 1300
Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,610 Points 4k badge 2x thumb
I also noticed that your AP has crashed,  ' ap7522-74D840*#' , An asterisk (*)  indicates crash files are present. Please run the following command & provide output. 

service show crash-info
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
 Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
 Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
 Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms


Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,470 Points 4k badge 2x thumb
Can you also mint ping AP from the RFS ( to see mint-id use command sh mint-id )

mint ping <APmitid> size 1300

Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
rfs4000-F9B7DD#mint ping 1B.74.D8.40 size 1300
MiNT ping 1B.74.D8.40 with 1300 bytes of data.
 Response from 1B.74.D8.40: id=1 time=51.811 ms
 Response from 1B.74.D8.40: id=2 time=52.356 ms
 Response from 1B.74.D8.40: id=3 time=51.636 ms


Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
ap7522-74D840*#service show crash-info
--------------------------------------------------------------------------------
                CRASH FILE                 SIZE           LAST MODIFIED
--------------------------------------------------------------------------------
  cfgd.log_AP7522_5.8.4.0-034R.crash.1    26812    Sun Jan 01 01:25:54 2017
  cfgd.log_AP7522_5.8.4.0-034R.crash.2    27067    Sun Jan 01 01:32:08 2017
  cfgd.log_AP7522_5.8.4.0-034R.crash.3    56398    Sun Apr 23 09:47:18 2017
  cfgd.log_AP7522_5.8.4.0-034R.crash.4    52477    Sun Apr 23 09:55:05 2017
  cfgd.log_AP7522_5.8.4.0-034R.crash.5    25629    Sun Apr 23 11:03:47 2017
--------------------------------------------------------------------------------


Photo of Robert Zarzycki

Robert Zarzycki, Employee

  • 4,610 Points 4k badge 2x thumb
also can run command ' show clock' on both rfs & ap
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
rfs4000-F9B7DD#sh clock
2018-08-28 16:34:00 CEST

ap7522-74D840*#sh clock
2018-08-28 14:34:34 UTC




Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
i configure firewall with the best pratice

Photo of Chris Kelly

Chris Kelly, Employee

  • 410 Points 250 badge 2x thumb
Maybe I'm just not seeing it, but I cannot confirm based on the feedback that this AP is actually adopted.
In the running config posted, the AP's hostname is "ap7522-74D840", but in the earlier output of the APs that are adopted to the RFS4K, I don't see this name listed.

Please run the CLI command on the RFS4K:
#show adoption info

On the AP's CLI, run the command:
#show adoption status
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
from the rfs4k
rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME       VERSION         CFG-STAT         MSGS ADOPTED-BY        LAST-ADOPTION                  UPTIME
---------------------------------------------------------------------------------------------------------------
LT2               5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:13    30 days 01:14:06
SupervGSI         5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:17    20 days 19:04:12
ap7522-74D840     5.8.4.0-034R    error            Yes  rfs4000-F9B7DD      0 days 18:17:43     0 days 18:19:14
CODIS             5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:15    19 days 23:49:14
Techniques        5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:16    83 days 15:56:48
FORM-CTA-CODIS-.. 5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:18    20 days 19:32:55
Ardoisieres       5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:15    96 days 17:25:21
Etat-major        5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:15    96 days 17:25:44
Amphi             5.8.4.0-034R    configured       No   rfs4000-F9B7DD      1 days 17:36:17    96 days 17:25:45
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9
 

From the ap
ap7522-74D840*#sh adoption status
Adopted by:
Type          : RFS4000
System Name   : rfs4000-F9B7DD
MAC address   : B4-C7-99-F9-B7-DD
MiNT address  : 19.F9.B7.DD
Time          :   0 days 18:18:57 ago





Photo of Andrew Blomley

Andrew Blomley, Employee

  • 792 Points 500 badge 2x thumb
Please send the config of the controller, it looks like when the new config is pushed to the ap, connection to the controller is lost, this will cause the ap to reboot and revert to the original configuration.

Andy   
Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
!
! Configuration of RFS4000 version 5.8.4.0-034R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 alg sip
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
dns-whitelist CP-DNS
 permit 172.26.1.102
 permit 172.26.1.21
!
captive-portal Prestataires
 access-type logging
 inactivity-timeout 300
 terms-agreement
 webpage internal org-name SDIS 49 Portail Captif
 webpage internal org-signature SDIS 49. All right reserved
 webpage internal login description Merci d'entrer le nom de votre entreprise. Ou votre nom et votre pr&eacute;nom.
 webpage internal login footer En cas d'incident, contactez le service technique du SDIS 49.
 webpage internal login header Bienvenue sur le r&eacute;seau sans fils du SDIS 49
 webpage internal login title Page de connexion
 webpage internal welcome description Veuillez conserver cette page ouverte pendant toute la dur&eacute;e de votre navigation.
 webpage internal welcome footer En cas d'incident, contactez le service technique du SDIS 49.
 webpage internal welcome header Bienvenue. Vous pouvez maintenant vous connecter sur Internet.
 webpage internal welcome title Intervenants Bienvenue
 webpage internal fail description Erreur lors de l'authentification ou services indisponnibles. Veuillez contacter le service technique du SDIS 49.
 webpage internal fail footer En cas d'incident, contactez le service technique du SDIS 49.
 webpage internal fail header ACCES REFUSE
 webpage internal fail title Intervenants Failed Page
 webpage internal agreement description <a href="Charte.pdf">Charte Informatique SDIS 49</a>
 webpage internal agreement footer En cas d'incident, contactez le service technique du SDIS 49.
 webpage internal agreement header L'utilisation du r&eacute;seau sans fils du SDIS 49 est soumis aux conditions suivantes :
 webpage internal agreement title Intervenants Conditions
 use dns-whitelist CP-DNS
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan "SDIS 49"
 ssid "SDIS 49"
 vlan 151
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 xxxxx
!
wlan "SDIS 49 Intervenant"
 ssid "SDIS 49 Intervenant"
 vlan 151
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 xxxxx
 use captive-portal Prestataires
 captive-portal-enforcement
!
smart-rf-policy SDIS49-RFP
 sensitivity low
 assignable-power 5GHz max 20
 assignable-power 5GHz min 10
 assignable-power 2.4GHz max 20
 assignable-power 2.4GHz min 10
 smart-ocs-monitoring frequency 5GHz 10
 smart-ocs-monitoring frequency 2.4GHz 10
 smart-ocs-monitoring sample-count 5GHz 7
 smart-ocs-monitoring sample-count 2.4GHz 7
 smart-ocs-monitoring extended-scan-frequency 5GHz 7
 smart-ocs-monitoring extended-scan-frequency 2.4GHz 7
 interference-recovery client-threshold 30
 interference-recovery channel-switch-delta 5GHz 30
 interference-recovery channel-switch-delta 2.4GHz 30
 coverage-hole-recovery interval 5GHz 45
 coverage-hole-recovery interval 2.4GHz 45
 coverage-hole-recovery coverage-interval 5GHz 30
 coverage-hole-recovery coverage-interval 2.4GHz 30
 coverage-hole-recovery client-threshold 5GHz 5
 coverage-hole-recovery client-threshold 2.4GHz 5
 interference-recovery channel-hold-time 7200
 neighbor-recovery power-hold-time 3600
!
!
management-policy default
 no telnet
 no http server
 https server
 ssh
 user admin password 1 884967166cd6abdae3a314bf454b418094a4f813766fbae5acaefc23cc001abe role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
 t5 snmp-server community public ro 192.168.0.1
 t5 snmp-server community private rw 192.168.0.1
!
event-system-policy CP-Login
 event dot11 eap-cached-keys syslog on forward-to-switch on
 event dot11 wpa-wpa2-failed syslog on forward-to-switch on
 event captive-portal inactivity-timeout syslog on forward-to-switch on email off
 event dot11 kerberos-wlan-failed syslog on forward-to-switch on
 event dot11 kerberos-wlan-success syslog on forward-to-switch on
 event dot11 wlan-time-access-enable syslog on forward-to-switch on
 event captive-portal session-timeout forward-to-switch off
 event captive-portal data-limit-exceed forward-to-switch off
 event captive-portal client-disconnect forward-to-switch off
 event dot11 neighbor-denied-assoc syslog on forward-to-switch on
 event dot11 voice-call-failed syslog on forward-to-switch on
 event dot11 kerberos-wlan-timeout syslog on forward-to-switch on
 event captive-portal page-cre-failed forward-to-switch off
 event captive-portal client-removed forward-to-switch off
 event captive-portal auth-success syslog on forward-to-switch on email on
 event dot11 client-disassociated syslog on forward-to-switch on
 event dot11 eap-failed syslog on forward-to-switch on
 event captive-portal auth-failed syslog on forward-to-switch on email on
 event dot11 tkip-mic-fail-report syslog on forward-to-switch on
 event dot11 client-associated syslog on forward-to-switch on email off
 event captive-portal flex-log-access forward-to-switch off
 event dot11 tkip-cntrmeas-start syslog on forward-to-switch on
 event dot11 move-operation-success syslog on forward-to-switch on
 event dot11 kerberos-client-failed syslog on forward-to-switch on
 event dot11 eap-preauth-client-timeout syslog on forward-to-switch on
 event dot11 eap-opp-cached-keys syslog on forward-to-switch on
 event dot11 eap-server-timeout syslog on forward-to-switch on
 event captive-portal allow-access syslog on forward-to-switch on email on
 event dot11 eap-preauth-failed syslog on forward-to-switch on
 event dot11 eap-client-timeout syslog on forward-to-switch on
 event dot11 eap-preauth-success syslog on forward-to-switch on
 event dot11 wlan-time-access-disable syslog on forward-to-switch on
 event dot11 tkip-cntrmeas-end syslog on forward-to-switch on
 event dot11 tkip-mic-failure syslog on forward-to-switch on
 event dot11 wpa-wpa2-success syslog on forward-to-switch on
 event captive-portal purge-client forward-to-switch off
 event dot11 eap-preauth-server-timeout syslog on forward-to-switch on
 event dot11 voice-call-completed syslog on forward-to-switch on
 event dot11 wpa-wpa2-key-rotn syslog on forward-to-switch on
 event dot11 client-denied-assoc syslog on forward-to-switch on
 event dot11 country-code syslog on forward-to-switch on
 event dot11 voice-call-established syslog on forward-to-switch on
 event dot11 kerberos-client-success syslog on forward-to-switch on
 event dot11 eap-success syslog on forward-to-switch on
 event dot11 country-code-error syslog on forward-to-switch on
!
ex3500-management-policy default
 snmp-server community public ro
 snmp-server community private rw
 snmp-server notify-filter 1 remote 127.0.0.1
 snmp-server view defaultview 1 included
!
l2tpv3 policy default
!
profile rfs4000 default-rfs4000
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface up1
 interface ge1
 interface ge2
 interface ge3
 interface ge4
 interface ge5
 interface wwan1
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 router bgp
!
profile ap7522 CSP-ap7522
 bridge vlan 119
  use captive-portal Prestataires
  bridging-mode tunnel
  no ip dhcp trust
  ip igmp snooping
  ip igmp snooping querier
  ipv6 mld snooping
  ipv6 mld snooping querier
 ip name-server 172.26.1.21
 ip name-server 172.26.1.102
 ip domain-name sdis49.local
 area DDSIS
 ip default-gateway 172.26.151.254
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
  off-channel-scan
  aggregation amsdu rx-only
 interface radio2
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
  off-channel-scan
  aggregation amsdu rx-only
 interface ge1
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 2100
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094
 interface vlan151
  description "VL Stations"
  ip address dhcp
  ip dhcp client request options all
 interface vlan2100
  description Management
  ip address dhcp
 interface pppoe1
 use firewall-policy default
 use captive-portal server Prestataires
 ntp server 172.16.11.50
 use client-identity-group default
 logging on
 preferred-controller-group DDSIS-group
 controller host 172.26.1.48 level 1
 controller vlan 2100
 service pm sys-restart
 router ospf
 l2tpv3 tunnel vlan119
  peer 1 ip-address 172.26.1.48 router-id any
  session vlan119 pseudowire-id 119 traffic-source vlan 119
  establishment-criteria rf-domain-manager
 l2tpv3 inter-tunnel-bridging
!
profile ap7522 default-ap7522
 ip name-server 172.26.1.21
 ip name-server 172.26.1.102
 ip domain-name sdis49.local
 area DDSIS
 ip default-gateway 172.26.151.254
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
  off-channel-scan
  aggregation amsdu rx-only
 interface radio2
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
  off-channel-scan
  aggregation amsdu rx-only
 interface ge1
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 2100
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094
 interface vlan151
  description "VL Stations"
  ip address dhcp
  ip dhcp client request options all
 interface vlan2100
  description Management
  ip address dhcp
 interface pppoe1
 use firewall-policy default
 use captive-portal server Prestataires
 ntp server 172.16.11.50
 use client-identity-group default
 logging on
 preferred-controller-group DDSIS-group
 controller host 172.26.1.48 level 1
 controller vlan 2100
 service pm sys-restart
 router ospf
!
profile ap650 default-ap650
 ip name-server 172.26.1.21
 ip name-server 172.26.1.102
 ip domain-name sdis49.local
 area DDSIS
 ip default-gateway 172.26.151.254
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
  off-channel-scan
 interface radio2
  power 30
  wlan "SDIS 49" bss 1 primary
  wlan "SDIS 49 Intervenant" bss 2 primary
  antenna-gain 15.0
 interface ge1
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 2100
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094
 interface vlan151
  description "VL Stations"
  ip address dhcp
  ip dhcp client request options all
 interface vlan2100
  description Management
  ip address dhcp
 interface pppoe1
 use event-system-policy CP-Login
 use firewall-policy default
 use captive-portal server Prestataires
 ntp server 172.16.11.50
 use client-identity-group default
 email-notification host smnotes.sdis49.local sender wifi-ap@sdis49.fr port 25
 email-notification recipient thibault.rousseau@sdis49.fr
 logging on
 preferred-controller-group DDSIS-Group
 controller host 172.26.1.48 level 1
 controller vlan 2100
 configuration-persistence
 service pm sys-restart
!
rf-domain AP7522
 location LT-4S
 contact transmissions@sdis49.fr
 timezone Europe/Paris
 country-code g1
 use smart-rf-policy SDIS49-RFP
 channel-list dynamic
 control-vlan 2100
!
rf-domain SDIS49
 location LT-4S
 contact transmissions@sdis49.fr
 timezone Europe/Paris
 country-code fr
 use smart-rf-policy SDIS49-RFP
 channel-list dynamic
 control-vlan 2100
!
rf-domain default
 timezone Europe/Paris
 country-code fr
!
rfs4000 B4-C7-99-F9-B7-DD
 use profile default-rfs4000
 use rf-domain default
 hostname rfs4000-F9B7DD
 license AP DEFAULT-6AP-LICENSE
 license AAP 348d2726b0deee829828758730b85973bd70b79a746e2eae9f4a0c5f6e0c8c1b2c8e39d945e16e14
 license ADSEC DEFAULT-ADV-SEC-LICENSE
 ip default-gateway 172.26.1.254
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,119,2100
 interface vlan119
  ip address 172.26.1.48/24
 logging on
 logging console warnings
 logging buffered warnings
 l2tpv3 tunnel vlan119
  peer 1 hostname any router-id any
  no local-ip-address
  mtu 1460
  use l2tpv3-policy default
  session vlan119 pseudowire-id 119 traffic-source vlan 119
  no hostname
  no router-id
  establishment-criteria always
  no use critical-resource
  no fast-failover
!
ap7522 B8-50-01-74-D7-6C
 use profile default-ap7522
 use rf-domain AP7522
 hostname SupervGSI
 country-code g1
!
ap7522 B8-50-01-74-D8-40
 use profile default-ap7522
 use rf-domain default
 hostname ap7522-74D840
 ip default-gateway 172.27.1.254
 interface vlan1
  ip address 172.27.1.250/24
 controller host 172.26.1.48 level 2
!
ap7522 B8-50-01-74-DA-64
 use profile default-ap7522
 use rf-domain AP7522
 hostname CODIS
!
ap650 84-24-8D-81-25-84
 use profile default-ap650
 use rf-domain SDIS49
 hostname LT2
!
ap650 FC-0A-81-4B-F3-F8
 use profile default-ap650
 use rf-domain SDIS49
 hostname Techniques
!
ap650 FC-0A-81-4B-F4-10
 use profile default-ap650
 use rf-domain SDIS49
 hostname FORM-CTA-CODIS-WIFI
!
ap650 FC-0A-81-4B-F4-1C
 use profile default-ap650
 use rf-domain SDIS49
 hostname Ardoisieres
!
ap650 FC-0A-81-4B-F4-28
 use profile default-ap650
 use rf-domain SDIS49
 hostname Etat-major
!
ap650 FC-0A-81-4B-F4-54
 use profile default-ap650
 use rf-domain SDIS49
 hostname Amphi
!
!
end


Photo of Andrew Blomley

Andrew Blomley, Employee

  • 792 Points 500 badge 2x thumb
The profile you have defined the GE interface 
interface ge1
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 2100
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094

you have now set an override on the AP 

ap7522 B8-50-01-74-D8-40
 use prof ile default-ap7522
 use rf-domain default
 hostname ap7522-74D840
 ip default-gateway 172.27.1.254
 interface vlan1
  ip address 172.27.1.250/24
 controller host 172.26.1.48 level 2

please set the native VLAN to communicate with the controller 

eg 

 description Trunk
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094

this will then work and the ap will be able to talk to the controller, to test add this as an override 


p7522 B8-50-01-74-D8-40
 use prof ile default-ap7522
 use rf-domain default
 hostname ap7522-74D840
 ip default-gateway 172.27.1.254
interface ge1 
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094
interface vlan1
  ip address 172.27.1.250/24
 controller host 172.26.1.48 level 2


Andy 



Photo of Chris Kelly

Chris Kelly, Employee

  • 410 Points 250 badge 2x thumb
Andrew, besides the override on the ge1 config on the AP...I see NO auto-provisioning policy on the RFS4K.  How are APs even getting adopted???

Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
Chris i don't know how APS getting adopted. When i connect the ap in the network, the controller see them, and ap take their config by default.
I modified the config of the ap, but they are no difference

yohan
Photo of Andrew Blomley

Andrew Blomley, Employee

  • 792 Points 500 badge 2x thumb
an auto adoption policy is used to define the rf-domain and profile of a device being adopt to the controller. if a policy is not defined the AP will adopt using the default RF-domain and default policy 

which is what is happening to this access point 

p7522 B8-50-01-74-D8-40
 use profile default-ap7522
 use rf-domain default


it is then possible to amend the profile and domain manually.

auto adoption policy is a method to automating which rf-domain and which profile is assigned to an  access point, using a  unique site identifier 
Photo of Andrew Blomley

Andrew Blomley, Employee

  • 792 Points 500 badge 2x thumb
this need to added to the configuration on the controller not the AP 

p7522 B8-50-01-74-D8-40
 use prof ile default-ap7522
 use rf-domain default
 hostname ap7522-74D840
 ip default-gateway 172.27.1.254
interface ge1 
  description Trunk
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-4094
interface vlan1
  ip address 172.27.1.250/24
 controller host 172.26.1.48 level 2

Photo of yohan vaisseau

yohan vaisseau

  • 240 Points 100 badge 2x thumb
oh sorry chris, i modify, know i recover the controller configuration well