Solved

what about the relationship between the foreign viq and local viq within the same xiq?


Userlevel 2

to learn it, I did some test:

 

  1. apply two xiq account: a trail pilot account and a free connect account
  2.  add and config an ap in xiq connect account;
  3. export xiq connect viq(eg. vhm-connect);
  4. import viq(eg. vhm-connect) to xiq pilot account;Now, the ap is on two xiq account's inventory.
  5. reboot the ap, it will on board the xiq connect account. that was as my expect.
  6. delete it from the xiq connect's inventory, and reboot the ap.

The ap can not on board the xiq pilot's viq. I check the xiq pilot's inventory status. but weired, the ap's light is white, and here is the result of `show capwap client`:


AH-2a1440#show capwap client
CAPWAP client: Enabled
CAPWAP transport mode: UDP
RUN state: Connected securely to the CAPWAP server
CAPWAP client IP: 192.168.9.216
CAPWAP server IP: 34.67.130.71
HiveManager Primary Name:ia-gcp-cws-3.extremecloudiq.com
HiveManager Backup Name: ia-gcp-cwm.extremecloudiq.com
CAPWAP Default Server Name: redirector.aerohive.com
Virtual HiveManager Name:
Server destination Port: 12222
CAPWAP send event: Enabled
CAPWAP DTLS state: Enabled
CAPWAP DTLS negotiation: Enabled
DTLS next connect status: Enable
DTLS always accept bootstrap passphrase: Enabled
DTLS session status: Connected
DTLS key type: passphrase
DTLS session cut interval: 5 seconds
DTLS handshake wait interval: 60 seconds
DTLS Max retry count: 3
DTLS authorize failed: 0
DTLS reconnect count: 0
Discovery interval: 5 seconds
Heartbeat interval: 30 seconds
Max discovery interval: 10 seconds
Neighbor dead interval:105 seconds
Silent interval: 15 seconds
Wait join interval: 60 seconds
Discovery count: 0
Max discovery count: 3
Retransmit count: 0
Max retransmit count: 2
Primary server tries: 0
Backup server tries: 0
Keepalives lost/sent: 0/71
Event packet drop due to buffer shortage: 0
Event packet drop due to loss connection: 4

then there some question:

  • what about the relationship between the foreign viq and local viq within the same xiq account?
  • how to transmit this ap from one account to another, may I keep the old vhm and transmit it a new xiq account?
  • doesn't the white light indicated ap have been connected to the xiq?
icon

Best answer by Sam Pirok 28 April 2021, 17:09

You shouldn’t be able to have one serial number in two inventories at the same time. Attempting to add an AP to a second inventory while it is currently registered to a different inventory (regardless of whether the AP is currently connected to that instance or not) will produce the error stating the device is already in use by another VIQ instance. Even when moving over an export from one instance to the other, if you don’t remove the AP serial numbers from the first inventory before uploading the export, you should get errors about the APs not being added because they are already in use. If you have the AP showing in both inventories right now, I’d recommend opening a support case as that is not intended behavior. 

 

For the serial number you provided, I’m not seeing any redirector records at all for that device currently. Typically when an AP is not connected to a VIQ instance it will:

  1. Send out a layer 2 broadcast looking for any on premises VIQ instances within the same subnet as the AP. If it finds one, it will connect to that instance and end the process there. 
  2. If it doesn’t find an on premises instance in the same subnet, it will reach out to the redirector to see where it is registered to currently. The redirector will tell the AP which VIQ instance to connect to, and the AP will reach out to that address to start the CAPWAP process. There can only ever be one redirector record for each device. When you remove the AP from your inventory, that updates the redirector as well so it knows that the AP is no longer bound to the original instance. 

I’m also assuming both of your instances are hosted online. If you’re moving an AP from a cloud based XIQ instance to an on-premises instance, it’s possible you could have the serial number in both places but the AP should be going to the on premises instance first after it sends that layer 2 broadcast. If it finds an on premises instance to connect to, it won’t contact the redirector at all. 

View original

This topic has been closed for comments

11 replies

Userlevel 2

There is a work around way:

after import viq, the ap appear on the second xiq’s inventory, so just remove the ap from it and readd it back, then after a little while, the ap will come back online again, then upload the complete configuration to the ap.

That is not so convenient, but it works.

Userlevel 2

Thanks for sam’s so detailed explanation. I got a lot info, thanks.

Userlevel 7

Hi there, thanks for sharing that output. Based on the run state saying “Connected securely to the CAPWAP server” and the white LED light you’re seeing on the AP, that indicates the AP does indeed think it’s connected somewhere. Likely there is some old registration/configuration holding the AP to your original Connect account. I’d recommend going through the steps outlined in this guide to manually connect your AP to the new Pilot instance: https://extremeportal.force.com/ExtrArticleDetail?an=000057794&q=capwap%20troubleshooting

 

I’m not sure what you’re asking when you say “what about the relationship between the foreign viq and local viq within the same xiq account?”, could you clarify for me? 

Userlevel 2

Hi, sam

I mean, when export viq from the first xiq instance, and import it to the second xiq instance.

then the first xiq’s viq info will go and mix with the second xiq instance?

Userlevel 7

Thank you for clarifying. The new XIQ instance will have a unique VIQ ID, and the super-admin email won’t be the same as you can only use an email address to register one XIQ instance at a time, so they are at their core still separate instances. The admin settings, configuration, and device inventory may be the same when you upload your export, but the instances will remain separate and uniquely identifiable. Is that what you were asking? 

Userlevel 2

yes, I would like to know further, when an ap onboard a xiq instance, does it mean redirector will create a relationship between a VHM(viq) and an ap? then when the ap visit redirector.aerohive.com, it will be guide to the correct VHM?

if that is the truth, when I import the first viq to the second xiq, does it mean xiq will update the relationship from “first viq ↔ ap sn” to “second viq ↔ ap sn”?

 

Userlevel 2

how do i know if the ap sn(12112101703390) is combined to the new viq( VHM-KOXNXYAV )? would you check it on the redirector’s db?

Userlevel 2

like I said on the original post,

import viq(eg. vhm-connect) to xiq pilot account;Now, the ap is on two xiq account's inventory.

before I remove the ap from the first xiq instance’s inventory, the ap appear on both of the xiq instance’s inventory, then which vhm the redirector will guide the ap onboard?

Userlevel 7

You shouldn’t be able to have one serial number in two inventories at the same time. Attempting to add an AP to a second inventory while it is currently registered to a different inventory (regardless of whether the AP is currently connected to that instance or not) will produce the error stating the device is already in use by another VIQ instance. Even when moving over an export from one instance to the other, if you don’t remove the AP serial numbers from the first inventory before uploading the export, you should get errors about the APs not being added because they are already in use. If you have the AP showing in both inventories right now, I’d recommend opening a support case as that is not intended behavior. 

 

For the serial number you provided, I’m not seeing any redirector records at all for that device currently. Typically when an AP is not connected to a VIQ instance it will:

  1. Send out a layer 2 broadcast looking for any on premises VIQ instances within the same subnet as the AP. If it finds one, it will connect to that instance and end the process there. 
  2. If it doesn’t find an on premises instance in the same subnet, it will reach out to the redirector to see where it is registered to currently. The redirector will tell the AP which VIQ instance to connect to, and the AP will reach out to that address to start the CAPWAP process. There can only ever be one redirector record for each device. When you remove the AP from your inventory, that updates the redirector as well so it knows that the AP is no longer bound to the original instance. 

I’m also assuming both of your instances are hosted online. If you’re moving an AP from a cloud based XIQ instance to an on-premises instance, it’s possible you could have the serial number in both places but the AP should be going to the on premises instance first after it sends that layer 2 broadcast. If it finds an on premises instance to connect to, it won’t contact the redirector at all. 

Userlevel 2

@Sam Pirok ,according to your command on this thread:

you suggest ‘no capwap client enable’, and add this ap to the new xiq.

  1. do I have to transfer the viq from original xiq to the new one first? in order to keep the configuration sync between these two xiq account.
  2. the new xiq’s viq is different with the original. so `no capwap client enable` is not enough, because the ap retain the original vhm, it could not onboard the new xiq. is that right?
Userlevel 7

I would recommend moving your configuration over to the new XIQ instance before moving the device over to minimize your downtime. You are correct that ‘no capwap client’ does not remove the old VIQ information, for that you’d want to remove the AP from the inventory of the original XIQ instance, or you can manually reset the AP, or you can manually set the new CAPWAP information in the CLI of the AP using the steps outlined in this guide: https://extremeportal.force.com/ExtrArticleDetail?an=000057794&q=