Header Only - DO NOT REMOVE - Extreme Networks

AP not adopted to Virtual Controller


Userlevel 2
Hi, i have two AP7522E. This firmware is AP7522E-5.9.1.3-007R. virtual controller IP is 192.168.20.12 & another AP ip is 192.168.20.10. Those are communicating one to one. but ap not adopted to vc. I checked following commands on AP & VC
1. ping 192.168.20.10 from vc
2. ping 192.168.20.10 source 192.168.20.12
3. ping google.com

Above all are working fine. but ap not adopted to VC. Kindly advice me where is the problem like AP configuration or Switching side.

13 replies

Userlevel 6
SSH into the VC and run the command: >show mint neighbors
Does it see the other AP/s?
If not, then they are not seeing each other at Mint level (Mint protocol) and are not in the same broadcast domain. They should be in the same broadcast domain for layer 2 adoption.
If the APs are connected to a routed switch, you will have to adopt via layer 3. on the client AP (non-vc AP) under Basic >> Controller adoption >> add the VC's IP address in there >> Apply.
Important note: With layer 3 adoption through a routed switch, you will not have seamless roaming. Meaning that when roaming from AP to AP, the wireless client will disconnect from one and reconnect to the other. If seamless roaming (no disconnects) is critical to your operation, all APs must be in the same broadcast domain.

Thank you,

Chris
Userlevel 6
with CLI command 'show min neighbors' do each AP see each other?
Also, can you run the command 'sh adoption status'?
Userlevel 2
i check show mint neighbors. but its show
0 mint neighbors of 75.A1.B1.80
Userlevel 6
are you certain that both APs are a AP7522E. Can you verify with command ' sh version' .
Userlevel 2
i did this in non-vc , under basic i give ip address of controller. like 192.168.20.12/24 & apply.

both are same AP & same version.

but it showing 0 mint neighbors.
Userlevel 6
On the VC, go to Access points, do you see both APs listed there?
Userlevel 6
TRy this Not able to adopt WiNG Express APs to a virtual controller on a routed network
Userlevel 5
I recommend getting a support case generated and collect the tech-support files from the VC AP and non-VC AP for review:

Please reference the following to export the tech-supports:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Collect-a-Tech-Support-file-from-Wi...
Userlevel 1
Try force the connection between AP -> VC
1. Make sure both AP and VC are on same VLAN
2. If NOT, configure "controller host [i]" on AP's profile/Device context

At this point they should form mint neighbor-ship. And "show mint known adopters" on AP should show VC's mint-id.
You may also try "mint ping " from AP.

If all leads to void, as Christopher Frazee suggested open a support case.
Userlevel 2
Dear Team

I tired above all way. but i can't adopt the AP.
Now i am sharing VC & AP Config file. pls check and update me.

VC Configuration

ap7522-A1AA18#sh running-config
!
! Configuration of AP7522 version 5.9.1.3-007R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip access-list default-7467F7A1AA18-nat
permit ip any any rule-precedence 1
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
!
!
mint-policy global-default
mtu 1500
!
meshpoint-qos-policy default
!
wlan-qos-policy Golil_Guest
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
wlan-qos-policy Golil_Prof
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
wlan-qos-policy Golil_Users
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan Golil_Guest
ssid Golil_Guest
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
wep64 key 1 hex 0 6368403235
use wlan-qos-policy Golil_Guest
!
wlan Golil_Prof
ssid Golil_Professional
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
wep64 key 1 hex 0 6368403234
use wlan-qos-policy Golil_Prof
!
wlan Golil_Users
ssid Golil_Users
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
wep64 key 1 hex 0 6368403236
use wlan-qos-policy Golil_Users
!
smart-rf-policy default
!
dhcp-server-policy WiNGExpressDhcpSvrPolicy
!
!
management-policy default
no telnet
http server
https server
ssh
user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373bbc2b33 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
profile ap7522 default-ap7522
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan Golil_Users bss 1 primary
wlan Golil_Guest bss 2 primary
wlan Golil_Prof bss 3 primary
interface radio2
wlan Golil_Users bss 1 primary
wlan Golil_Guest bss 2 primary
wlan Golil_Prof bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vlan1 overload
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
timezone Asia/Calcutta
country-code in
use smart-rf-policy default
!
ap7522 74-67-F7-A1-AA-18
use profile default-ap7522
use rf-domain default
hostname ap7522-A1AA18
ip name-server 192.168.2.22
ip name-server 4.2.2.2
ip default-gateway 192.168.20.1
interface vlan1
description "WAN Interface"
ip address 192.168.20.5/24
no ip dhcp client request options all
ip nat inside
no shutdown
virtual-controller
rf-domain-manager capable
ip dns-server-forward
logging on
logging console warnings
logging buffered warnings
ip nat inside source list default-7467F7A1AA18-nat precedence 1 interface vlan1 overload
!
!
end

AP Configuration

ap7522-A1B508#sh running-config
!
! Configuration of AP7522 version 5.9.1.3-007R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D HCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio n "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l ocal broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip access-list default-7467F7A1B508-nat
permit ip any any rule-precedence 1
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
!
!
mint-policy global-default
mtu 1500
!
wlan-qos-policy Golil_Guest
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
wlan-qos-policy Golil_Prof
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
wlan-qos-policy Golil_Users
rate-limit client to-air rate 5000
rate-limit client from-air rate 5000
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan Golil_Guest
ssid Golil_Guest
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
use wlan-qos-policy Golil_Guest
!
wlan Golil_Prof
ssid Golil_Professional
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
use wlan-qos-policy Golil_Prof
!
wlan Golil_Users
ssid Golil_Users
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no fast-bss-transition over-ds
wpa-wpa2 psk 0 ch@2405$
use wlan-qos-policy Golil_Users
!
smart-rf-policy default
!
!
management-policy default
no telnet
http server
https server
no ftp
ssh
user admin password 1 c565e72634d4ba3d2d219241ebfee08d2ea1181c5945e5f453c891373 bbc2b33 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
profile ap7522 default-ap7522
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan Golil_Users bss 1 primary
wlan Golil_Guest bss 2 primary
wlan Golil_Prof bss 3 primary
interface radio2
wlan Golil_Users bss 1 primary
wlan Golil_Guest bss 2 primary
wlan Golil_Prof bss 3 primary
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vl an1 overload
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
timezone Asia/Calcutta
country-code in
use smart-rf-policy default
!
ap7522 74-67-F7-A1-B5-08
use profile default-ap7522
use rf-domain default
hostname ap7522-A1B508
location default
ip name-server 192.168.2.22
ip name-server 4.2.2.2
ip default-gateway 192.168.20.1
interface vlan1
description "WAN Interface"
ip address 192.168.20.7/24
no ip dhcp client request options all
no ip nat
no shutdown
no virtual-controller
rf-domain-manager capable
ip dns-server-forward
controller host 192.168.20.5/24 level 1
ip nat inside source list default-7467F7A1B508-nat precedence 1 interface vlan1 overload
!
!
end
Either you open up a support case, for a speedy resolution

or do the following;

1. On both APs enable "logging console debugging" (Assume you do SSH to the devices) and commit
2. On both SSH consoles execute the following action commands
logging monitor debugging
debug cfgd join
3. On VC:
debug adoption server level debug4
4. On non-VC AP
debug adoption client level debug4

Attach the resultant logs here.
Badge
Saravanamurthy K was you able to fix this issue, were you able to identify the root cause.

I had a faced similar issue where 8 of my 10 AP7632i were not getting adopted in spite of being in the same broadcast domain, the problem was different firmware level, I ran a command "show adoption status" and there it was giving firmware error.
hence i was able to troubleshoot and fix the issue.

Reply