Header Only - DO NOT REMOVE - Extreme Networks

Wing ap7522 is not managing with WING RFS4000 controller



Hello,
I have an ap7522 that is adopted by a rfs4000 controller,but when I make
changes to the controller the ap does not take into account the changes.[/code]Best regards

28 replies

Userlevel 6
please mint ping RFS4k form the AP & provide output.

mint ping 19.F9.B7.DD size 1300
Userlevel 6
I also noticed that your AP has crashed, ' ap7522-74D840*#' , An asterisk (*) indicates crash files are present. Please run the following command & provide output.

service show crash-info
Userlevel 6
also can run command ' show clock' on both rfs & ap
Userlevel 6
the ap is not on the same site, is behind a router

below the config ap
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
mtu 1300
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 46a001a418ab5129e2d819aea71579abb50a66709139b5832b75507274d5e300 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy default
!
profile ap7522 default-ap7522
bridge vlan 119
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
l2tpv3 tunnel vlan119
peer 1 ip-address 172.26.1.48 hostname rfs4000-F9B7DD
session vlan119 pseudowire-id 119 traffic-source vlan 119
establishment-criteria rf-domain-manager
l2tpv3 inter-tunnel-bridging
!
rf-domain default
country-code g1
use nsight-policy default
!
ap7522 B8-50-01-74-D8-40
use profile default-ap7522
use rf-domain default
hostname ap7522-74D840
location default
adoption-mode controller
ip default-gateway 172.27.1.254
interface vlan1
no description
ip address 172.27.1.250/24
no virtual-controller
rf-domain-manager capable
controller host 172.26.1.48 level 2
!
!
end

please configure firewall to best practice:

How To: How to apply the best practices firewall policy to WiNG APs
Userlevel 6
ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms

Can you also mint ping AP from the RFS ( to see mint-id use command sh mint-id )

mint ping size 1300

Userlevel 6
Are they both on the same firmware version?

Please provide results of command: #show adoptions status
Userlevel 6
yes , they are in the same firmware version

ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 00:59:53 ago

Please run command on controller and provide output.

Are you making the changes in the AP profile or overrides on the controller?

Is the country code properly set on both?

Userlevel 6
The ap is wrong is calle test

rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:56:59 29 days 06:34:52
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 20 days 00:24:58
test 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 01:17:00 0 days 01:18:31
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 19 days 05:10:00
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:02 82 days 21:17:34
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:04 20 days 00:53:41
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:07
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:30
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 95 days 22:46:31
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9

As you can see there's an error in CFG-STAT. Probably a mismatch in configs between what's on the controller and what's on the AP. Have you tried rebooting said AP first?
Userlevel 3
the config being sent is causing the ap to loses connection to the controller.

1) confirm you have configured a virtual interface
2) confirm you have configured a DFG (if dhcp make sure request all options has been selected)

Andy


Userlevel 3
Please send the config of the controller, it looks like when the new config is pushed to the ap, connection to the controller is lost, this will cause the ap to reboot and revert to the original configuration.

Andy
Userlevel 3
The profile you have defined the GE interface
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 2100
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094

you have now set an override on the AP

ap7522 B8-50-01-74-D8-40
use prof ile default-ap7522
use rf-domain default
hostname ap7522-74D840
ip default-gateway 172.27.1.254
interface vlan1
ip address 172.27.1.250/24
controller host 172.26.1.48 level 2

please set the native VLAN to communicate with the controller

eg

description Trunk
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094

this will then work and the ap will be able to talk to the controller, to test add this as an override

p7522 B8-50-01-74-D8-40
use prof ile default-ap7522
use rf-domain default
hostname ap7522-74D840
ip default-gateway 172.27.1.254
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface vlan1
ip address 172.27.1.250/24
controller host 172.26.1.48 level 2


Andy



Userlevel 3
an auto adoption policy is used to define the rf-domain and profile of a device being adopt to the controller. if a policy is not defined the AP will adopt using the default RF-domain and default policy

which is what is happening to this access point

p7522 B8-50-01-74-D8-40
use profile default-ap7522
use rf-domain default


it is then possible to amend the profile and domain manually.

auto adoption policy is a method to automating which rf-domain and which profile is assigned to an access point, using a unique site identifier
Userlevel 3
this need to added to the configuration on the controller not the AP

p7522 B8-50-01-74-D8-40
use prof ile default-ap7522
use rf-domain default
hostname ap7522-74D840
ip default-gateway 172.27.1.254
interface ge1
description Trunk
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1-4094
interface vlan1
ip address 172.27.1.250/24
controller host 172.26.1.48 level 2

Userlevel 6
Maybe I'm just not seeing it, but I cannot confirm based on the feedback that this AP is actually adopted.
In the running config posted, the AP's hostname is "ap7522-74D840", but in the earlier output of the APs that are adopted to the RFS4K, I don't see this name listed.

Please run the CLI command on the RFS4K:
#show adoption info

On the AP's CLI, run the command:
#show adoption status
Userlevel 6
Andrew, besides the override on the ge1 config on the AP...I see NO auto-provisioning policy on the RFS4K. How are APs even getting adopted???

yes , they are in the same firmware version

ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 00:59:53 ago

The ap is wrong is calle test

rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:56:59 29 days 06:34:52
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 20 days 00:24:58
test 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 01:17:00 0 days 01:18:31
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 19 days 05:10:00
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:02 82 days 21:17:34
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:04 20 days 00:53:41
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:07
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:01 95 days 22:46:30
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 0 days 22:57:03 95 days 22:46:31
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9

yes,
the ap is not on the same site, is behind a router

below the config ap
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
mtu 1300
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 46a001a418ab5129e2d819aea71579abb50a66709139b5832b75507274d5e300 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy default
!
profile ap7522 default-ap7522
bridge vlan 119
bridging-mode tunnel
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
l2tpv3 tunnel vlan119
peer 1 ip-address 172.26.1.48 hostname rfs4000-F9B7DD
session vlan119 pseudowire-id 119 traffic-source vlan 119
establishment-criteria rf-domain-manager
l2tpv3 inter-tunnel-bridging
!
rf-domain default
country-code g1
use nsight-policy default
!
ap7522 B8-50-01-74-D8-40
use profile default-ap7522
use rf-domain default
hostname ap7522-74D840
location default
adoption-mode controller
ip default-gateway 172.27.1.254
interface vlan1
no description
ip address 172.27.1.250/24
no virtual-controller
rf-domain-manager capable
controller host 172.26.1.48 level 2
!
!
end

ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms

ap7522-74D840*#service show crash-info
--------------------------------------------------------------------------------
CRASH FILE SIZE LAST MODIFIED
--------------------------------------------------------------------------------
cfgd.log_AP7522_5.8.4.0-034R.crash.1 26812 Sun Jan 01 01:25:54 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.2 27067 Sun Jan 01 01:32:08 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.3 56398 Sun Apr 23 09:47:18 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.4 52477 Sun Apr 23 09:55:05 2017
cfgd.log_AP7522_5.8.4.0-034R.crash.5 25629 Sun Apr 23 11:03:47 2017
--------------------------------------------------------------------------------

rfs4000-F9B7DD#sh clock
2018-08-28 16:34:00 CEST

ap7522-74D840*#sh clock
2018-08-28 14:34:34 UTC

i configure firewall with the best pratice

ap7522-74D840*#mint ping 19.F9.B7.DD size 1300
MiNT ping 19.F9.B7.DD with 1300 bytes of data.
Response from 19.F9.B7.DD: id=16777216 time=51.964 ms
Response from 19.F9.B7.DD: id=33554432 time=51.695 ms
Response from 19.F9.B7.DD: id=50331648 time=51.545 ms

--- 19.F9.B7.DD ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 51.545/51.735/51.964 ms

rfs4000-F9B7DD#mint ping 1B.74.D8.40 size 1300
MiNT ping 1B.74.D8.40 with 1300 bytes of data.
Response from 1B.74.D8.40: id=1 time=51.811 ms
Response from 1B.74.D8.40: id=2 time=52.356 ms
Response from 1B.74.D8.40: id=3 time=51.636 ms

from the rfs4k
rfs4000-F9B7DD#sh adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
LT2 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:13 30 days 01:14:06
SupervGSI 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:17 20 days 19:04:12
ap7522-74D840 5.8.4.0-034R error Yes rfs4000-F9B7DD 0 days 18:17:43 0 days 18:19:14
CODIS 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 19 days 23:49:14
Techniques 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:16 83 days 15:56:48
FORM-CTA-CODIS-.. 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:18 20 days 19:32:55
Ardoisieres 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 96 days 17:25:21
Etat-major 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:15 96 days 17:25:44
Amphi 5.8.4.0-034R configured No rfs4000-F9B7DD 1 days 17:36:17 96 days 17:25:45
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 9


From the ap
ap7522-74D840*#sh adoption status
Adopted by:
Type : RFS4000
System Name : rfs4000-F9B7DD
MAC address : B4-C7-99-F9-B7-DD
MiNT address : 19.F9.B7.DD
Time : 0 days 18:18:57 ago

Reply