Header Only - DO NOT REMOVE - Extreme Networks
Solved

WM3600 - AP2600 - Configure Error with seperate WLAN between AP and controller

  • 31 October 2019
  • 15 replies
  • 2320 views

Hello,

we have a VM3600 controller with Motorola AP-650 (4610-EU) in use. One AP must be operated in a different WLAN than the controller. At first, the controller was not found from AP. With the command "controller host" the IP of the controller was entered. Now the AP is displayed in the controller as online. Unfortunately, it does not emit any WLANs and in the "Apopted Devices" the "Config Status" displays error. If I put the AP in the same VLAN as the controller everything works fine. I hope you can help me.Thanks a lot for this!!

Andre

icon

Best answer by Chris Kelly 4 November 2019, 16:42

Okay...so what’s happened is that the AP received the config….but then as part of the new config, it was no longer able to stay adopted to the controller….so it reverted back to the previous config (which is likely just an empty default config).  So the question now is, why can’t the AP remain adopted with the new config?  Looks like a VLAN config issue.

 

Look at the AP’s Profile on the controller - in the VLAN1 section.  There’s nothing.

So when the AP receives this profile after being adopted, it’s NOT being instructed to behave like a DHCP client.  

Even if it DID have an IP address, it can no longer discover the controller using layer-2 because the controller is then on a different subnet, so it then also needs a controller host entry.  The easiest way to do this would be to add the entry to the AP’s Profile...so we’ll take care of both of these issues.

 

Enter these commands and add these three lines *in BOLD* to the AP Profile

login to CLI on controller

enable

config 

profile ap4600 ap4600_Hof
interface vlan 1

ip address dhcp                                  

ip dhcp client request options all

exit

controller host 10.216.0.199

commit write

 

 

 

The Profile will then look like this:

profile ap4600 ap4600_Hof

no autoinstall configuration

no autoinstall firmware

crypto ikev1 policy ikev1-default

   isakmp-proposal default encryption aes-256 group 2 hash sha

crypto ikev2 policy ikev2-default

   isakmp-proposal default encryption aes-256 group 2 hash sha

crypto ipsec transform-set default esp-aes-256 esp-sha-hmac

crypto ikev1 remote-vpn

crypto ikev2 remote-vpn

crypto auto-ipsec-secure

crypto load-management

crypto remote-vpn-client

interface radio1

   wlan hof bss 1 primary

interface radio2

   wlan S-Inet bss 1 primary

interface ge1

   ip dhcp trust

   qos trust dscp

   qos trust 802.1p

interface vlan1

   ip address dhcp                                   ← Will be under ‘interface vlan 1’

   ip dhcp client request options all     ← Will be under ‘interface vlan 1’

interface pppoe1 use firewall-policy default

controller host 10.216.0.199              ← Will appear *somewhere* in this AP profile.  Look for it

service pm sys-restart

!

 

Now again, delete the AP from the system as before and then reboot the AP.

This time, the AP should then get an IP address and will know how to reach the controller using layer 3.

 

View original

15 replies

..sorry AP2600 in the top is wrong - cant change - it must be AP650

Userlevel 6

When the AP is adopted and shows an error message in the Config Status, this is indicating that there was an issue with the configuration that was sent to the AP.  This is most likely why you are not seeing your WLAN operating on the AP.

There’s many things that could be causing this issue.  Instead of playing 20-questions, the fastest way to diagnose this would be to see the running-config from the controller (WM2600).  [Remove any clear-text passwords/passphrases or anything sensitive from the config before posting]

Thank you - here ist the config.

The AP in secound vlan is ap4600 00-04-xx-xx-xx- with profile ap4600_Hof.

 

!
! Configuration of WM3600 version 5.5.5.0-018R
!
!
version 2.3
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D HCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio n "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l ocal broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list MAC-FILTER-INTERN
permit host xxxxxx any rule-precedence 29 rule-description Tablet
deny any any rule-precedence 1060
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
alg sip
!
!
mint-policy global-default
!
wlan-qos-policy bib-voice
voice-prioritization
qos trust dscp
qos trust wmm
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
association-acl-policy Intern_Zugriff
deny 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 3
!
wlan Hof
ssid Hof
vlan 252
bridging-mode tunnel
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 xxxxxx
!
wlan B-Inet
description Freies WLAN fuer Besucher
ssid B-Inet
vlan x
bridging-mode tunnel
encryption-type none
authentication-type none
no client-client-communication
!
wlan B-Voice
description WLAN T
ssid B-Voice
vlan 11
bridging-mode local
encryption-type ccmp
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0
wpa-wpa2 exclude-wpa2-tkip
use wlan-qos-policy bib-voice
!
wlan M-Intern
description Internes WLAN
ssid M-Intern
vlan 1
bridging-mode local
encryption-type ccmp
authentication-type none
no broadcast-ssid
no answer-broadcast-probes
wpa-wpa2 psk 0
wpa-wpa2 exclude-wpa2-tkip
use mac-access-list in MAC-FILTER-INTERN
!
wlan S-Inet
description WLAN fuer freies Internet
ssid S-Inet
vlan 255
bridging-mode tunnel
encryption-type ccmp
authentication-type none
no broadcast-ssid
wpa-wpa2 psk 0
!
wlan S-Hotspot
description Hotspot
ssid S-Hotspot
vlan 301
bridging-mode tunnel
encryption-type none
authentication-type none
!
wlan b-gastnetz
description Netz fuer Veranstaltungen
shutdown
ssid B-Inet
vlan 255
bridging-mode tunnel
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0

smart-rf-policy "S Lau"
group-by area
assignable-power 2.4GHz min 14
!
auto-provisioning-policy "S Lau"
!
!
management-policy default
no http server
https server
ssh
user admin password 1 xxx role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmpoperator v3 encrypted des auth md5 0 operator
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
banner motd Welcome to CLI
!
profile wm3600 default-wm3600
ip name-server xxx
ip name-server xxx
ip domain-name xxx
ip default-gateway xxx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface me1
interface up1
switchport mode trunk
switchport trunk native vlan 2
no switchport trunk native tagged
switchport trunk allowed vlan 2,6,252,255,301
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge2
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge3
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge4
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge5
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge6
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge7
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge8
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan2
description LAN
ip address 10.216.x.x/24
interface vlan6
description b-inet
interface vlan252
description Hof
interface vlan255
description s-inet
interface vlan301
description Hotspot
interface wwan1
interface pppoe1
use firewall-policy default
use auto-provisioning-policy "S Lau"
ntp server 10.216.x.x
no ip routing
service pm sys-restart
router ospf
!
profile ap4700 default-ap4700
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface ge2
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
logging on
service pm sys-restart
router ospf
!
profile ap4532 default-ap4532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
logging on
service pm sys-restart
router ospf
!
profile ap4600 "R"
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan S-Inet bss 1 primary
wlan M-Intern bss 3 primary
wlan Hotspot bss 4 primary
interface radio2
wlan S-Inet bss 1 primary
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
interface pppoe1
use firewall-policy default
service pm sys-restart
!

profile ap4600 ap4600_Hof
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan hof bss 1 primary
interface radio2
wlan S-Inet bss 1 primary
interface ge1
ip dhcp trust
qos trust dscp
qos trust 802.1p
interface vlan1
interface pppoe1
use firewall-policy default
service pm sys-restart
!

rf-domain "S Lau"
location xxx
timezone Europe/Berlin
country-code de
use smart-rf-policy "S Lau"
channel-list dynamic
layout area Bib
layout area Bib floor Erdgeschoss map-location bibErdgeschoss.jpg units feet
layout area Haus
!
rf-domain default
no country-code
!
wm3600 00-xx-xx-xx-xx-xx
use profile default-wm3600
use rf-domain "S Lau"
hostname wm-xx-xx
license AP xxxx
interface up1
switchport mode trunk
switchport trunk native vlan 2
no switchport trunk native tagged
switchport trunk allowed vlan 2,6,252,255,301
!

ap4600 00-xx-xx-xx-xx-xx
use profile "R Lau"
use rf-domain "S Lau"
hostname AP-xx-xx
!

ap4600 00-04-xx-xx-xx-
use profile ap4600_Hof
use rf-domain "S Lau"
hostname HOF
area Rxxx
interface ge1
switchport mode access
switchport access vlan 20
!

!
end

 

Userlevel 6

Which AP in this config file is the one behaving as you described? (There are 2 listed)

  1. hostname: AP-xx-xx
  2. HOF

Looking at the #1 AP’s override value, I see an issue:

ap4600 00-xx-xx-xx-xx-xx

 use profile "R Lau"

 use rf-domain "S Lau"

 hostname AP-xx-xx

 

I don’t see an actual ap4600 profile name “R Lau” anywhere in the config that you posted.   There is one called “R”, but the name must match exactly for the AP to be assigned the profile.

Is this the AP that is having the issue you described?

The AP with the problems is Hostname HOF with Profile AP4600_Hof. He is attached to VLAN TAG 20 and reaches the controller (controller shows online). But says error and no wifi emitting.

The other error probably happened to me when I generalized the config for the forum. But now has nothing to do with the actual problem.

Do you have a solution?

Userlevel 6

So let’s break this down…

At first, the controller was not found from AP. With the command "controller host" the IP of the controller was entered. Once the AP was told the layer-3 location of the controller, it was able to find it. 

Based on this statement, the AP was NOT able to discover the controller using layer-2 discovery (VLAN). 

After you entered the controller host entry address of the controller and it was then able to find it, that indicates that there’s a VLAN configuration issue [somewhere].  Ideally though, for performance and scaling reasons, you do want to configure the APs for layer-3 adoption, so I would suggest using the controller host <controller address> configuration as standard.

Now the AP is displayed in the controller as online. Unfortunately, it does not emit any WLANs and in the "Adopted Devices" the "Config Status" displays error. If I put the AP in the same VLAN as the controller everything works fine.

What’s happening here is that once the AP was able to find the controller after you entered the controller host entry, the controller most likely then attempted to push a configuration to the AP that is not correct.  This is preventing the AP from receiving its profile.

 

So next, let’s find out if the “HOF” AP is still actually adopted right now and go from there.

SSH into the “HOF” AP and log in.  Run the commands:

  • show adoption status  (post the output)
  • show mint links (post the output)
  • show ip interface brief (post the output)
  • show mint mlcp history (post the output)
  • show adoption config-errors HOF (post the output)

Somewhere, there’s an issue in the config that is causing the AP to not receive the profile from the controller.  This is why you are not seeing the SSIDs.  If you look at the running-config on the AP, I’m assuming that the config will look nothing like what you have setup on the controller for the AP.

Thank you for your detailed answer and your help. I will execute the commands on Monday at work and post the result here hoping that you can help me further.

 

Thanks!! André

Hello,

its right if i run “show run” on the ap - i dont see the proile i have set for this ap. It seems to be a problem to retrieve the config. Ok lets do the commands you told me:

ap4600-7E4254>show adoption status
Adopted by:
Type : WM3600
System Name : wm-xxx-xxx-01
MAC address : 00-04-96-59-2B-CE
MiNT address : 46.59.2B.CE
Time : 0 days 00:20:22 ago
ap4600-7E4254>show mint links
1 mint links on 46.7E.42.54:
link ip-10.216.0.199:24576 at level 1, 1 adjacencies
ap4600-7E4254>show ip interface brief
-------------------------------------------------------------------------------
INTERFACE IP-ADDRESS/MASK TYPE STATUS PROTOCOL
-------------------------------------------------------------------------------
vlan1 10.216.1.99/24(DHCP) primary UP up
vlan1 169.254.66.84/16(ZEROCONF) secondary UP up
-------------------------------------------------------------------------------
ap4600-7E4254>show mint mlcp history
2019-11-04 06:00:51:Received OK from cfgd, adoption complete to 46.59.2B.CE
2019-11-04 06:00:51:Waiting for cfgd OK, adopter should be 46.59.2B.CE
2019-11-04 06:00:51:Adoption state change: 'Connecting to adopter' to 'Waiting for Adoption OK'
2019-11-04 06:00:51:Adoption state change: 'No adopters found' to 'Connecting to adopter'
2019-11-04 06:00:51:Try to adopt to 46.59.2B.CE (cluster master 46.59.2B.CE in adopters)
2019-11-04 06:00:51:Got new value for MTU: 1500
2019-11-04 06:00:51:MLCP created level 1 force:0 IP link to 10.216.0.199:24576
2019-11-04 06:00:51:Sending MLCP Request to 10.216.0.199:24576
2019-11-04 06:00:46:Received MLCP Offer from 10.216.0.199:24576 preferred=0 capacity = 237 (force:0, level 1)
2019-11-04 06:00:46:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:46:Start MLCP IP Discover
2019-11-04 06:00:46:Clearing already existing ipsec secure config for MLCP group 0 candidate 10.216.0.199
2019-11-04 06:00:46:DNS resolution completed, starting MLCP
2019-11-04 06:00:46:Received 1 hostnames through option 191
2019-11-04 06:00:43:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:38:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:33:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:28:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:23:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:18:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:13:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:07:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:02:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:57:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:52:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:47:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:47:Start MLCP IP Discover
2019-11-04 05:59:47:Clearing already existing ipsec secure config for MLCP group 0 candidate 10.216.0.199
2019-11-04 05:59:47:DNS resolution completed, starting MLCP
2019-11-04 05:59:47:Received 0 hostnames through option 191
2019-11-04 05:59:47:Adoption state change: 'Disabled' to 'No adopters found'
2019-11-04 05:59:47:DNS resolution completed, starting MLCP
2019-11-04 05:59:47:Adoption enabled due to configuration
ap4600-7E4254>show adoption config-errors HOF
Device HOF does not exist
The hostname does not seem to have been taken over. Currently the AP hostname AP4600-7E4254 seems to have. When I execute this command then comes the following
ap4600-7E4254>show adoption config-errors ap4600-7E4254
*** No configuration errors

Thank you for your help!!

 

Userlevel 6

If you are not seeing the correct config on the AP, that means either

  1. The AP never receives it
  2. The AP received it, but the received config caused the AP to lose its adoption with the controller.  When this happens, the AP reverts back to the last known config that allowed the adoption to work properly (which would have been the default config)

So right now, the AP is adopted.  But I’m assuming that the controller is not pushing the config to the AP because it knows that if it does, it will cause a problem.  Let’s check:

 

Run the command on the controller:

 show adoption status

 

Another issue I see is with the auto-provisioning policy.  It contains no rules.  For a properly setup controller, you want to have rules that define what happens when an AP model tries to adopt.  The rule will indicate which profile the AP is given and what rf-domain it is placed into.  Below is your current policy.  It has a name, but no rules.

!

auto-provisioning-policy "S Lau"

!

To have a correctly setup auto-provisioning rule for this AP: (This is to completed using the CLI - can be completed in GUI also)

Login to CLI

enable

config

auto-provisioning-policy “S Lau”

adopt ap4600 precedence 1 profile ap4600_Hof rf-domain "S Lau" any

commit write

 

This will cause ANY ap4600 AP to be adopted and assigned the profile ap4600_Hof and then be placed into the rf-domain “S Lau”.  

 

Some tips though:

*AVOID* spaces in any naming you using in the system.  I would even suggest going back in and renaming any existing items with spaces.  Instead use something like _ or -

Also, I don’t know if using “ is a problem or not, but I would also avoid those as well.

 

Finish adding that rule to the auto-provisioning policy.  Reboot the AP.

If the AP is still not receiving its config, run the command again ON the controller:

show adoption status

Hello,

thank you

wm-lau-01>show adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION UPTIME
---------------------------------------------------------------------------------------------------------------
AP-1 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 710 days 23:30:32
AP-2 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 705 days 23:44:05
AP-3 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 710 days 23:30:45
AP-4 5.5.5.0-018R configured No wm-la.. 95 days 02:25:26 283 days 03:27:35
AP-5 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 283 days 03:24:29
AP-6 5.5.5.0-018R configured No wm-la.. 6 days 01:30:47 6 days 01:33:37
AP-7 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 710 days 23:43:19
AP-8 5.5.5.0-018R configured No wm-la.. 95 days 02:25:30 710 days 23:30:50
AP-9 5.5.5.0-018R configured No wm-la.. 60 days 02:07:44 710 days 23:30:39
AP-10 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 710 days 23:30:46
AP-11 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 469 days 04:38:25
AP-12 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 256 days 00:34:35
HOF 5.5.5.0-018R error Yes wm-la.. 0 days 07:51:49 0 days 07:55:42
AP-13 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 283 days 03:19:20
AP-14 5.5.5.0-018R configured No wm-la.. 95 days 02:25:28 283 days 03:12:18
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 15

We dont want to put all APs in the profil ap4600_Hof  - so iam unsure to configure the auto-provisioning-policy  - can u help me?

Thanks!

André

Userlevel 6

Are any of those other APs model ap4600?

So you have several other APs that are adopted and have a profile.  How is this 1 AP different from those?  Is the AP Profile on those APs different from the profile that you are wanting to assign to this one?

 

You can configure the rule so that it is specific to a single mac address.  This way, the rule will ONLY apply to the AP with the specified MAC address.

The rule would look like:

adopt ap4600 precedence 1 profile ap4600_Hof rf-domain "S Lau" mac 00-04-xx-xx-xx-   <--Enter correct MAC address

 

Delete the AP from the system and then reboot it.

no ap4600 MAC_address  <--Enter the AP’s MAC address

commit write

 

The reason to delete the AP from the system is that once an AP has been adopted, it won’t go back through the adoption rules again.  Removing the AP from the system will cause the controller to treat it like new...and will treat it based on the auto-provisioning rule(s) you have entered.

 

Those other APs have 2 year uptimes….excellent! :)

 

 

The only difference between the working APs and the AP with errors is that the working APs are in the same VLAN like the controller. The AP with Errors is in a different VLAN. 

I’ve configured the rule like you said, the AP cames up for secounds and emit a wlan - then the ap reboots automaticly and goes into error 😞. In “show adoption status” the state is  *configured - after automatic reboot it says error.

 

HOF       5.5.5.0-018R    *configured      No   wm--la..   0 days 00:00:10     0 days 00:04:04

after automatik reboot

HOF       5.5.5.0-018R    error            Yes  wm--la..   0 days 00:00:03     0 days 00:03:55

 

Thanks a lot for you help!

Userlevel 6

Okay...so what’s happened is that the AP received the config….but then as part of the new config, it was no longer able to stay adopted to the controller….so it reverted back to the previous config (which is likely just an empty default config).  So the question now is, why can’t the AP remain adopted with the new config?  Looks like a VLAN config issue.

 

Look at the AP’s Profile on the controller - in the VLAN1 section.  There’s nothing.

So when the AP receives this profile after being adopted, it’s NOT being instructed to behave like a DHCP client.  

Even if it DID have an IP address, it can no longer discover the controller using layer-2 because the controller is then on a different subnet, so it then also needs a controller host entry.  The easiest way to do this would be to add the entry to the AP’s Profile...so we’ll take care of both of these issues.

 

Enter these commands and add these three lines *in BOLD* to the AP Profile

login to CLI on controller

enable

config 

profile ap4600 ap4600_Hof
interface vlan 1

ip address dhcp                                  

ip dhcp client request options all

exit

controller host 10.216.0.199

commit write

 

 

 

The Profile will then look like this:

profile ap4600 ap4600_Hof

no autoinstall configuration

no autoinstall firmware

crypto ikev1 policy ikev1-default

   isakmp-proposal default encryption aes-256 group 2 hash sha

crypto ikev2 policy ikev2-default

   isakmp-proposal default encryption aes-256 group 2 hash sha

crypto ipsec transform-set default esp-aes-256 esp-sha-hmac

crypto ikev1 remote-vpn

crypto ikev2 remote-vpn

crypto auto-ipsec-secure

crypto load-management

crypto remote-vpn-client

interface radio1

   wlan hof bss 1 primary

interface radio2

   wlan S-Inet bss 1 primary

interface ge1

   ip dhcp trust

   qos trust dscp

   qos trust 802.1p

interface vlan1

   ip address dhcp                                   ← Will be under ‘interface vlan 1’

   ip dhcp client request options all     ← Will be under ‘interface vlan 1’

interface pppoe1 use firewall-policy default

controller host 10.216.0.199              ← Will appear *somewhere* in this AP profile.  Look for it

service pm sys-restart

!

 

Now again, delete the AP from the system as before and then reboot the AP.

This time, the AP should then get an IP address and will know how to reach the controller using layer 3.

 

Hello Chris,

special thanks to you!! Best Support ever!!

 

The AP works fine now!! THANK YOU!!!!!!

Userlevel 6

Good to hear, Andre!

Reply