Header Only - DO NOT REMOVE - Extreme Networks

Wing ap7522 is not managing with WING RFS4000 controller


Hello,
I have an ap7522 that is adopted by a rfs4000 controller,but when I make
changes to the controller the ap does not take into account the changes.[/code]Best regards

28 replies

Userlevel 5
Are they both on the same firmware version?

Please provide results of command: #show adoptions status
yes , they are in the same firmware version

ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 00:59:53 ago
Userlevel 5
yohan vaisseau wrote:

yes , they are in the same firmware version

ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 00:59:53 ago

Please run command on controller and provide output.

Are you making the changes in the AP profile or overrides on the controller?

Is the country code properly set on both?
The ap is wrong is calle test

rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:56:59 29 days 06:34:52
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 20 days 00:24:58
test 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 01:17:00 0 days 01:18:31
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 19 days 05:10:00
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:02 82 days 21:17:34
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:04 20 days 00:53:41
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:07
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:30
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 95 days 22:46:31
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9
Userlevel 5
yohan vaisseau wrote:

The ap is wrong is calle test

rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:56:59 29 days 06:34:52
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 20 days 00:24:58
test 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 01:17:00 0 days 01:18:31
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 19 days 05:10:00
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:02 82 days 21:17:34
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:04 20 days 00:53:41
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:07
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:30
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 95 days 22:46:31
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9

As you can see there's an error in CFG-STAT. Probably a mismatch in configs between what's on the controller and what's on the AP. Have you tried rebooting said AP first?
yes,
Userlevel 3
the config being sent is causing the ap to loses connection to the controller.

1) confirm you have configured a virtual interface
2) confirm you have configured a DFG (if dhcp make sure request all options has been selected)

Andy
the ap is not on the same site, is behind a router

below the config ap
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
mtu 1300
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 46a001a418ab5129e2d819aea71579abb50a66709139b5832b75507274d5e300 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy default
!
profile ap7522 default-ap7522
bridge vlan 119
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
l2tpv3 tunnel vlan119
peer 1 ip-address 172.26.1.48 hostname rfs4000-F9B7DD
session vlan119 pseudowire-id 119 traffic-source vlan 119
establishment-criteria rf-domain-manager
l2tpv3 inter-tunnel-bridging
!
rf-domain default
country-code g1
use nsight-policy default
!
ap7522 B8-50-01-74-D8-40
use profile default-ap7522
use rf-domain default
hostname ap7522-74D840
location default
adoption-mode controller
ip default-gateway 172.27.1.254
interface vlan1
no description
ip address 172.27.1.250/24
no virtual-controller
rf-domain-manager capable
controller host 172.26.1.48 level 2
!
!
end
Userlevel 5
yohan vaisseau wrote:

the ap is not on the same site, is behind a router

below the config ap
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
mtu 1300
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 46a001a418ab5129e2d819aea71579abb50a66709139b5832b75507274d5e300 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy default
!
profile ap7522 default-ap7522
bridge vlan 119
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
l2tpv3 tunnel vlan119
peer 1 ip-address 172.26.1.48 hostname rfs4000-F9B7DD
session vlan119 pseudowire-id 119 traffic-source vlan 119
establishment-criteria rf-domain-manager
l2tpv3 inter-tunnel-bridging
!
rf-domain default
country-code g1
use nsight-policy default
!
ap7522 B8-50-01-74-D8-40
use profile default-ap7522
use rf-domain default
hostname ap7522-74D840
location default
adoption-mode controller
ip default-gateway 172.27.1.254
interface vlan1
no description
ip address 172.27.1.250/24
no virtual-controller
rf-domain-manager capable
controller host 172.26.1.48 level 2
!
!
end

please configure firewall to best practice:

How To: How to apply the best practices firewall policy to WiNG APs
Userlevel 5
please mint ping RFS4k form the AP & provide output.

mint ping 19.F9.B7.DD size 1300
Userlevel 5
I also noticed that your AP has crashed, ' ap7522-74D840*#' , An asterisk (*) indicates crash files are present. Please run the following command & provide output.

service show crash-info
ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms
Userlevel 5
yohan vaisseau wrote:

ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms

Can you also mint ping AP from the RFS ( to see mint-id use command sh mint-id )

mint ping size 1300
yohan vaisseau wrote:

ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms

rfs4000-F9B7DD#mint ping 1B.74.D8.40 size 1300
MiNT ping 1B.74.D8.40 with 1300 bytes of data.
Response from 1B.74.D8.40: id=1 time=51.811 ms
Response from 1B.74.D8.40: id=2 time=52.356 ms
Response from 1B.74.D8.40: id=3 time=51.636 ms
ap7522-74D840*#service show crash-info
--------------------------------------------------------------------------------
CRASH FILE SIZE LAST MODIFIED
--------------------------------------------------------------------------------
cfgd.log_AP7522_5.8.4.0-034R.crash.1 26812 Sun Jan 01 01:25:54 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.2 27067 Sun Jan 01 01:32:08 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.3 56398 Sun Apr 23 09:47:18 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.4 52477 Sun Apr 23 09:55:05 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.5 25629 Sun Apr 23 11:03:47 2017
--------------------------------------------------------------------------------
Userlevel 5
also can run command ' show clock' on both rfs & ap
rfs4000-F9B7DD#sh clock
2018-08-28 16:34:00 CEST

ap7522-74D840*#sh clock
2018-08-28 14:34:34 UTC
i configure firewall with the best pratice
Userlevel 4
Maybe I'm just not seeing it, but I cannot confirm based on the feedback that this AP is actually adopted.
In the running config posted, the AP's hostname is "ap7522-74D840", but in the earlier output of the APs that are adopted to the RFS4K, I don't see this name listed.

Please run the CLI command on the RFS4K:
#show adoption info

On the AP's CLI, run the command:
#show adoption status
from the rfs4k
rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:13 30 days 01:14:06
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:17 20 days 19:04:12
ap7522-74D840 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 18:17:43 0 days 18:19:14
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 19 days 23:49:14
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:16 83 days 15:56:48
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:18 20 days 19:32:55
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 96 days 17:25:21
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 96 days 17:25:44
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:17 96 days 17:25:45
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9


From the ap
ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 18:18:57 ago
Userlevel 3
Please send the config of the controller, it looks like when the new config is pushed to the ap, connection to the controller is lost, this will cause the ap to reboot and revert to the original configuration.

Andy
!
! Configuration of RFS4000 version 5.8.4.0-034R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
alg sip
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
dns-whitelist CP-DNS
permit 172.26.1.102
permit 172.26.1.21
!
captive-portal Prestataires
access-type logging
inactivity-timeout 300
terms-agreement
webpage internal org-name SDIS 49 Portail Captif
webpage internal org-signature SDIS 49. All right reserved
webpage internal login description Merci d'entrer le nom de votre entreprise. Ou votre nom et votre prÉnom.
webpage internal login footer En cas d'incident, contactez le service technique du SDIS 49.
webpage internal login header Bienvenue sur le rÉseau sans fils du SDIS 49
webpage internal login title Page de connexion
webpage internal welcome description Veuillez conserver cette page ouverte pendant toute la durÉe de votre navigation.
webpage internal welcome footer En cas d'incident, contactez le service technique du SDIS 49.
webpage internal welcome header Bienvenue. Vous pouvez maintenant vous connecter sur Internet.
webpage internal welcome title Intervenants Bienvenue
webpage internal fail description Erreur lors de l'authentification ou services indisponnibles. Veuillez contacter le service technique du SDIS 49.
webpage internal fail footer En cas d'incident, contactez le service technique du SDIS 49.
webpage internal fail header ACCES REFUSE
webpage internal fail title Intervenants Failed Page
webpage internal agreement description Charte Informatique SDIS 49
webpage internal agreement footer En cas d'incident, contactez le service technique du SDIS 49.
webpage internal agreement header L'utilisation du rÉseau sans fils du SDIS 49 est soumis aux conditions suivantes :
webpage internal agreement title Intervenants Conditions
use dns-whitelist CP-DNS
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan "SDIS 49"
ssid "SDIS 49"
vlan 151
bridging-mode local
encryption-type tkip-ccmp
authentication-type none
wpa-wpa2 psk 0 xxxxx
!
wlan "SDIS 49 Intervenant"
ssid "SDIS 49 Intervenant"
vlan 151
bridging-mode local
encryption-type tkip-ccmp
authentication-type none
wpa-wpa2 psk 0 xxxxx
use captive-portal Prestataires
captive-portal-enforcement
!
smart-rf-policy SDIS49-RFP
sensitivity low
assignable-power 5GHz max 20
assignable-power 5GHz min 10
assignable-power 2.4GHz max 20
assignable-power 2.4GHz min 10
smart-ocs-monitoring frequency 5GHz 10
smart-ocs-monitoring frequency 2.4GHz 10
smart-ocs-monitoring sample-count 5GHz 7
smart-ocs-monitoring sample-count 2.4GHz 7
smart-ocs-monitoring extended-scan-frequency 5GHz 7
smart-ocs-monitoring extended-scan-frequency 2.4GHz 7
interference-recovery client-threshold 30
interference-recovery channel-switch-delta 5GHz 30
interference-recovery channel-switch-delta 2.4GHz 30
coverage-hole-recovery interval 5GHz 45
coverage-hole-recovery interval 2.4GHz 45
coverage-hole-recovery coverage-interval 5GHz 30
coverage-hole-recovery coverage-interval 2.4GHz 30
coverage-hole-recovery client-threshold 5GHz 5
coverage-hole-recovery client-threshold 2.4GHz 5
interference-recovery channel-hold-time 7200
neighbor-recovery power-hold-time 3600
!
!
management-policy default
no telnet
no http server
https server
ssh
user admin password 1 884967166cd6abdae3a314bf454b418094a4f813766fbae5acaefc23cc001abe role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
event-system-policy CP-Login
event dot11 eap-cached-keys syslog on forward-to-switch on
event dot11 wpa-wpa2-failed syslog on forward-to-switch on
event captive-portal inactivity-timeout syslog on forward-to-switch on email off
event dot11 kerberos-wlan-failed syslog on forward-to-switch on
event dot11 kerberos-wlan-success syslog on forward-to-switch on
event dot11 wlan-time-access-enable syslog on forward-to-switch on
event captive-portal session-timeout forward-to-switch off
event captive-portal data-limit-exceed forward-to-switch off
event captive-portal client-disconnect forward-to-switch off
event dot11 neighbor-denied-assoc syslog on forward-to-switch on
event dot11 voice-call-failed syslog on forward-to-switch on
event dot11 kerberos-wlan-timeout syslog on forward-to-switch on
event captive-portal page-cre-failed forward-to-switch off
event captive-portal client-removed forward-to-switch off
event captive-portal auth-success syslog on forward-to-switch on email on
event dot11 client-disassociated syslog on forward-to-switch on
event dot11 eap-failed syslog on forward-to-switch on
event captive-portal auth-failed syslog on forward-to-switch on email on
event dot11 tkip-mic-fail-report syslog on forward-to-switch on
event dot11 client-associated syslog on forward-to-switch on email off
event captive-portal flex-log-access forward-to-switch off
event dot11 tkip-cntrmeas-start syslog on forward-to-switch on
event dot11 move-operation-success syslog on forward-to-switch on
event dot11 kerberos-client-failed syslog on forward-to-switch on
event dot11 eap-preauth-client-timeout syslog on forward-to-switch on
event dot11 eap-opp-cached-keys syslog on forward-to-switch on
event dot11 eap-server-timeout syslog on forward-to-switch on
event captive-portal allow-access syslog on forward-to-switch on email on
event dot11 eap-preauth-failed syslog on forward-to-switch on
event dot11 eap-client-timeout syslog on forward-to-switch on
event dot11 eap-preauth-success syslog on forward-to-switch on
event dot11 wlan-time-access-disable syslog on forward-to-switch on
event dot11 tkip-cntrmeas-end syslog on forward-to-switch on
event dot11 tkip-mic-failure syslog on forward-to-switch on
event dot11 wpa-wpa2-success syslog on forward-to-switch on
event captive-portal purge-client forward-to-switch off
event dot11 eap-preauth-server-timeout syslog on forward-to-switch on
event dot11 voice-call-completed syslog on forward-to-switch on
event dot11 wpa-wpa2-key-rotn syslog on forward-to-switch on
event dot11 client-denied-assoc syslog on forward-to-switch on
event dot11 country-code syslog on forward-to-switch on
event dot11 voice-call-established syslog on forward-to-switch on
event dot11 kerberos-client-success syslog on forward-to-switch on
event dot11 eap-success syslog on forward-to-switch on
event dot11 country-code-error syslog on forward-to-switch on
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
l2tpv3 policy default
!
profile rfs4000 default-rfs4000
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface up1
interface ge1
interface ge2
interface ge3
interface ge4
interface ge5
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
router bgp
!
profile ap7522 CSP-ap7522
bridge vlan 119
use captive-portal Prestataires
bridging-mode tunnel
no ip dhcp trust
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
ip name-server 172.26.1.21
ip name-server 172.26.1.102
ip domain-name sdis49.local
area DDSIS
ip default-gateway 172.26.151.254
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
power 30
wlan "SDIS 49" bss 1 primary
wlan "SDIS 49 Intervenant" bss 2 primary
antenna-gain 15.0
off-channel-scan
aggregation amsdu rx-only
interface radio2
power 30
wlan "SDIS 49" bss 1 primary
wlan "SDIS 49 Intervenant" bss 2 primary
antenna-gain 15.0
off-channel-scan
aggregation amsdu rx-only
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 2100
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface vlan151
description "VL Stations"
ip address dhcp
ip dhcp client request options all
interface vlan2100
description Management
ip address dhcp
interface pppoe1
use firewall-policy default
use captive-portal server Prestataires
ntp server 172.16.11.50
use client-identity-group default
logging on
preferred-controller-group DDSIS-group
controller host 172.26.1.48 level 1
controller vlan 2100
service pm sys-restart
router ospf
l2tpv3 tunnel vlan119
peer 1 ip-address 172.26.1.48 router-id any
session vlan119 pseudowire-id 119 traffic-source vlan 119
establishment-criteria rf-domain-manager
l2tpv3 inter-tunnel-bridging
!
profile ap7522 default-ap7522
ip name-server 172.26.1.21
ip name-server 172.26.1.102
ip domain-name sdis49.local
area DDSIS
ip default-gateway 172.26.151.254
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
power 30
wlan "SDIS 49" bss 1 primary
wlan "SDIS 49 Intervenant" bss 2 primary
antenna-gain 15.0
off-channel-scan
aggregation amsdu rx-only
interface radio2
power 30
Userlevel 3
The profile you have defined the GE interface
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 2100
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094

you have now set an override on the AP

ap7522 B8-50-01-74-D8-40
use prof ile default-ap7522
use rf-domain default
hostname ap7522-74D840
ip default-gateway 172.27.1.254
interface vlan1
ip address 172.27.1.250/24
controller host 172.26.1.48 level 2

please set the native VLAN to communicate with the controller

eg

description Trunk
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094

this will then work and the ap will be able to talk to the controller, to test add this as an override

p7522 B8-50-01-74-D8-40
use prof ile default-ap7522
use rf-domain default
hostname ap7522-74D840
ip default-gateway 172.27.1.254
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface vlan1
ip address 172.27.1.250/24
controller host 172.26.1.48 level 2


Andy


Userlevel 4
Andrew, besides the override on the ge1 config on the AP...I see NO auto-provisioning policy on the RFS4K. How are APs even getting adopted???
Chris i don't know how APS getting adopted. When i connect the ap in the network, the controller see them, and ap take their config by default.
I modified the config of the ap, but they are no difference

yohan

Reply