Mantener Ap Wing activo si la controladora falla

  • 16 December 2020
  • 6 replies
  • 72 views

Buenas tardes, me pueden ayudar indicandome si hay alguna forma de configurar los AP 7662 y 7632 de forma que si la controladora falla, estos se mantengan funcionando, ya que tenemos el detalle de que al fallar la controladora los AP se caen tambien

 

Saludoss!!!!


6 replies

Userlevel 5

Hola, gracias por su tiempo. Por favor, disculpe las posibles errores de traducción. Esos modelos de AP continuarán pasando el tráfico de clientes sin un controlador, a menos que esté utilizando un servicio alojado en el controlador específicamente (como Radius o Captive Web Portal). Es eso lo que estabas buscando?

 

Thank you for your prompt response, but in our case the APs completely lose the service, we want to know if there is any parameter to review or any test that we can perform for this problem.
We don't have Radius or something like that that can affect the network if the controller goes down

Cheers!!!

Userlevel 6

Hello Adrian,

These APs should be able to operate independently from the controller, unless, as Sam said they are relying on the controller for some type of service. 

It is not clear what exactly happens to the APs when the controller is down, do the wireless client drop? Are the APs unreachable? Is the SSID not broadcasting? Please elaborate on this point. 

You can start here:

1 - Make sure that the DHCP server is local to the APs and not the controller

2 - Make sure that the wlans bridging is set to local and NOT tunneled. 

3 - Make sure that each AP has an IP address/DGW/DNS (not layer 2 adoption):

#show IP int br

#show IP default-gateway

We may need to see the config from one of the APs to determine why this may be happening. 

What type of controller are you using. 

Rgds,

 

Chris

 

Después de una revisión más a fondo en si, los AP no permiten las conexiones de nuevos usuarios, es decir, los usuarios conectados antes del fallo se mantienen activos, pero los nuevos que requieran conectarse a la red WIFI no tienen servicio.

La controladora es VX9000

 

Esta es la configuración de uno de los equipos,

EUM-1009-AP23-7632-724B96#show  ip default-gateways

Source: DHCP-Client Gateway-address: 172.17.49.254
Monitor-mode: gateway-monitoring Status : reachable
Priority : 1000 Installed: YES
DNS Servers : 8.8.8.8 192.168.4.1 192.168.8.1 192.168.3.1
-------------------------------------------------------------------------------
EUM-1009-AP23-7632-724B96#show running-config
!
! Configuration of AP7632 version 7.4.0.1-002R
!
!
version 2.7
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit D HCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-descriptio n "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP l ocal broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 tra ffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
captive-portal Guest
inactivity-timeout 1800
server host wingsscc.dyndns.org
webpage external login https://consultiva.mx/
webpage external welcome https://consultiva.mx/
webpage external fail https://consultiva.mx/
webpage external agreement https://consultiva.mx/
webpage external acknowledgement https://consultiva.mx/
webpage external registration https://consultiva.mx/
webpage external no-service https://consultiva.mx
webpage internal org-name
webpage internal org-signature EUM All Rights Reserved.
webpage internal login description Por favor, ingrese el usuario y password que le fue proporcionado por el departamento de TI.<br>Recuerde que la red WiFi es una cortesia, por un tiempo determinado y puede ser monitoreada y/o bloqueada en caso de hacer mal uso de la misma.
webpage internal login footer Contacte con el departamento de TI si no se le han proporcionado datos de acceso o si presenta algun problema; puede comunicarse a la ext. 270, 281 o 389.
webpage internal login header Bienvenido a la red de invitados de Envases Universales
webpage internal login main-logo logo.png
webpage internal login small-logo Logo.png
webpage internal login title Guest WiFi
webpage internal login org-background-color #ffffff
webpage internal login org-font-color #990000
webpage internal login body-background-color #ffffff
webpage internal welcome header Bienvenido a la red de Envases ahora esta conectado a internet.
webpage internal welcome main-logo _logo.png
webpage internal welcome small-logo _logo.png
webpage internal welcome title Guest WiFi
webpage internal welcome org-background-color #ffffff
webpage internal welcome org-font-color #990000
webpage internal welcome body-background-color #ffffff
webpage internal fail description Ha ingresado unas credenciales invalidas, por favor verifique que escribio correctamente el usuario y password.
webpage internal fail footer Contacte con el departamento de TI si no se le han proporcionado datos de acceso o si presenta algun problema; puede comunicarse a la ext. 270, 281 o 389.
webpage internal fail header El acceso es incorrecto!
webpage internal fail main-logo _logo.png
webpage internal fail small-logo _logo.png
webpage internal fail title FAIL Guest WiFi
webpage internal fail org-background-color #ffffff
webpage internal fail org-font-color #990000
webpage internal fail body-background-color #ffffff
webpage internal agreement description Recuerde que la red WiFi es una cortesia, por un tiempo determinado y puede ser monitoreada y/o bloqueada en caso de hacer mal uso de la misma.
webpage internal agreement header Terminos y condiciones:
webpage internal agreement main-logo _logo.png
webpage internal agreement small-logo _logo.png
webpage internal agreement title Guest WiFi
webpage internal agreement org-background-color #ffffff
webpage internal agreement org-font-color #990000
webpage internal agreement body-background-color #ffffff
webpage internal acknowledgement header Bienvenido de regreso a la red de invitados de Envases
webpage internal acknowledgement main-logo EUM_logo.png
webpage internal acknowledgement small-logo EUM_logo.png
webpage internal acknowledgement title EUM Guest WiFi
webpage internal acknowledgement org-background-color #ffffff
webpage internal acknowledgement org-font-color #990000
webpage internal acknowledgement body-background-color #ffffff
webpage internal registration description Por favor, tome un momento para realizar su registro:
webpage internal registration header Bienvenido
webpage internal registration main-logo EUM_logo.png
webpage internal registration small-logo EUM_logo.png
webpage internal registration title EUM Guest WiFi Registration
webpage internal registration org-background-color #ffffff
webpage internal registration org-font-color #990000
webpage internal registration body-background-color #ffffff
webpage internal no-service description Actualmente el servicio WiFi no esta disponible. Intente de nuevo mas tarde
webpage internal no-service header El servicio esta temporalmente fuera de servicio
webpage internal no-service main-logo EUM_logo.png
webpage internal no-service small-logo EUM_logo.png
webpage internal no-service title EUM Guest WiFi Fuera de servicio
webpage internal no-service org-background-color #ffffff
webpage internal no-service org-font-color #990000
webpage internal no-service body-background-color #ffffff
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan "EUM Wireless"
description EUM Wireless
ssid "EUM Wireless"
vlan 20
bridging-mode local
encryption-type ccmp
authentication-type none
no multi-band-operation
wpa-wpa2 psk 0 W1r3L3sS!
!
wlan EUM_Portal_Cautivo
description EUM invitados con portal
ssid "EUM Invitados"
vlan 21
bridging-mode local
encryption-type none
authentication-type none
wireless-client hold-time 3600
wireless-client inactivity-timeout 3600
no multi-band-operation
no protected-mgmt-frames
client-load-balancing
client-load-balancing band-discovery-intvl 5
use captive-portal EUM_Guest
captive-portal-enforcement
registration user group-name RADIUS_Portal_EUM expiry-time 4320 agreement-refresh 144000
use ip-access-list out BROADCAST-MULTICAST-CONTROL
use mac-access-list out PERMIT-ARP-AND-IPv4
enforce-dhcp
proxy-arp-mode strict
!
wlan Invitados_apan
description Invitados_apan
ssid Invitados_apan
vlan 15
bridging-mode local
encryption-type ccmp
authentication-type none
no multi-band-operation
wpa-wpa2 psk 0 1Nv1T4d0$4P4n
!
!
management-policy EUM
no telnet
http server
https server
rest-server
no ftp
ssh
user admin password 1 ceccd02b607c208e6285f41ff7b63a0ac93c49cc9e1bf370b805c6c13a1e9cde role superuser access all
user Consultiva password 1 9550f111421054f142a89fd5de47f91bd8bf7f591473aef61a60382d2de08e73 role superuser access all
allowed-location EUM locations EUM
snmp-server manager v1
no snmp-server manager v3
snmp-server community 0 public ro
!
profile ap7632 EUM-1009-7632
autoinstall configuration
autoinstall firmware
device-upgrade auto ap7632
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan "EUM Wireless" bss 1 primary
wlan EUM_Portal_Cautivo bss 2 primary
wlan Invitados_apan bss 3 primary
interface radio2
wlan "EUM Wireless" bss 2 primary
wlan Invitados_apan bss 3 primary
wlan EUM_Portal_Cautivo bss 4 primary
interface bluetooth1
shutdown
mode le-sensor
interface ge1
switchport mode trunk
switchport trunk allowed vlan 10,15,20-21,25,30,40,45,50,100,110,210,783
switchport trunk native vlan 10
interface vlan10
ip address dhcp
ip dhcp client request options all
interface vlan20
ip address zeroconf secondary
interface pppoe1
use management-policy EUM
use firewall-policy default
use client-identity-group default
rf-domain-manager capable
logging on
controller host wingeum.dyndns.org level 2
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain EUM_1009
location APAN
timezone America/Mexico_City
country-code mx
ad-wips-wireless-mitigation disable
ad-wips-wired-mitigation disable
channel-list dynamic
control-vlan 783
!
ap7632 DC-B8-08-72-4B-96
use profile EUM-1009-7632
use rf-domain EUM_1009
hostname EUM-1009-AP23-7632-724B96
!
!

Saludos!!!

Userlevel 6

I believe this is due to the user database which is on the controller. So when the controller is down, so is the user database which will prevent new users from registering via captive portal. 

 

For redundancy options please refer to the this article under Configuration – Database (CLI Only)

 

Rgds

De acuerdo muchas gracias por su valioso apoyo, lo revisamos y les damos retro, aunque en nuestro caso el detalle no es en los usuarios de portal cuativo es en los usuarios en la red wifi “normal” de la vlan 20

 

Saludos!!!

Reply