cancel
Showing results for 
Search instead for 
Did you mean: 

AP7532 is VC not adopting other AP7532

AP7532 is VC not adopting other AP7532

Phil_storey
Contributor

Hi

 setup AP7532, I want to use the AP as a VC, But its not adopting other AP7532, FW 7.6.2.0-18R

DashBoard shows two AP’s one off line,  The network switch the AP’s connect to are trunks with VLAN’s 1,10,101 allowed , Native VLAN is 1 management Vlan is 101 and in configuration / virtual controller the AP I want the be the controller for now is showing and the other one, neither as set as the virtual controller , as I would like it the be able to auto move if the one acting as the VC fails.

Is sure its something simple , but I have gone text blind now 820feb8f18ec4dcca988b1facd477c3e_1f924.png

If someone could have a scan through and hopefully pick out the error 

 

Thanks in advance 

P

 

This is my config - 

 

!
! Configuration of AP7532 version 7.6.2.0-018R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 dhcp-offer-convert
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan VoipT
 description Phones
 shutdown
 ssid VoipT
 vlan 10
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 Un1fyV0ip
!
wlan wlan1
 shutdown
 ssid LANTest
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 no protected-mgmt-frames
 wpa-wpa2 psk 0 2121Password
 ip dhcp trust
!
smart-rf-policy default-smartrf
 assignable-power 2.4GHz min 10
 channel-list 5GHz 36,40,44,48,149,153,157,161,165
 no select-shutdown
 no smart-sensor
 smart-sensor auto-trigger
 smart-sensor band smart-band-5GHz
 smart-sensor tri-radio-only
!
auto-provisioning-policy VC
 adopt ap7532 precedence 10 profile HQWLAN rf-domain $AUTO-RF-DOMAIN any  
!
!
management-policy default
 no telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 2086fd56f6f84582f821be658388f0b8c9e23511ae3d2b5dfeb8a9b96d4d668e role superuser access all
 user Admin2 password 1 271b548973518da1048f40b478a52331804fca4723c5573905a69e96f47f80df role superuser access web ssh console
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 HQWLAN
 use enterprise-ui
 ip default-gateway 10.10.144.254
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan1 bss 1 primary
  wlan VoipT bss 2 primary
 interface radio2
  wlan wlan1 bss 1 primary
  wlan VoipT bss 2 primary
 interface ge1
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
 interface vlan1
  ip dhcp client request options all
 interface vlan101
  ip address 10.10.144.248/22
 interface pppoe1
 use firewall-policy default
 use auto-provisioning-policy VC
 use client-identity-group default
 virtual-controller management-interface ip address 10.10.144.248/22
 controller vlan 1
 no auto-learn staging-config
 service pm sys-restart
 router ospf
 adoption-mode controller
!
profile ap7532 default-ap7532
 use enterprise-ui
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 location HQ
 country-code gb
 use smart-rf-policy default-smartrf
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
 use nsight-policy default
!
ap7532 84-24-8D-82-BA-F8
 radio-count 2
 use profile HQWLAN
 use rf-domain default
 hostname ap7532-82BAF8
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 model-number AP-7532-67040-EU
 adoption-site 84-24-8D-82-BF-10
 rf-domain-manager priority 5
!
self
! ap7532 84-24-8D-82-BF-10
 radio-count 2
 use profile HQWLAN
 use rf-domain default
 hostname AP-VC-1
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no adoption-site
 ip default-gateway 10.10.144.254
 interface ge1
  no shutdown
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
  switchport trunk native vlan 1
 interface vlan101
  ip address 10.10.144.248/22
 no virtual-controller
 virtual-controller auto
 virtual-controller management-interface ip address 10.10.144.248/22
 virtual-controller management-interface vlan 101
 rf-domain-manager capable
 rf-domain-manager priority 15
 controller vlan 1
 auto-learn staging-config
 no adoption-mode
!
!
end
 

4 REPLIES 4

Phil_storey
Contributor

Hi Douglas

   I have checked the switch no IGMP, 

VLAN101 is the management VLAN to get to the VC , looks like some time things do not work from the GUI

Should I see other AP’s with the show Mint Neighbours ?

 

!
! Configuration of AP7532 version 7.6.2.0-018R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 dhcp-offer-convert
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan VoipT
 description Phones
 shutdown
 ssid VoipTTTTT
 vlan 10
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 Un1fyV0ip
!
wlan wlan1
 ssid LANTest
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 no protected-mgmt-frames
 wpa-wpa2 psk 0 2121Password
 ip dhcp trust
!
smart-rf-policy default-smartrf
 assignable-power 2.4GHz min 10
 channel-list 5GHz 36,40,44,48,149,153,157,161,165
 no select-shutdown
 no smart-sensor
 smart-sensor auto-trigger
 smart-sensor band smart-band-5GHz
 smart-sensor tri-radio-only
!
auto-provisioning-policy VC
 adopt anyap precedence 10 rf-domain $AUTO-RF-DOMAIN any  
!
!
management-policy default
 no telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 2086fd56f6f84582f821be658388f0b8c9e23511ae3d2b5dfeb8a9b96d4d668e role superuser access all
 user Admin2 password 1 271b548973518da1048f40b478a52331804fca4723c5573905a69e96f47f80df role superuser access web ssh console
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 HQWLAN
 use enterprise-ui
 ip default-gateway 10.10.144.254
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan1 bss 1 primary
 interface radio2
  wlan wlan1 bss 1 primary
  wlan VoipT bss 2 primary
 interface ge1
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
 interface vlan1
  ip dhcp client request options all
 interface vlan101
  ip address 10.10.144.248/22
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 virtual-controller auto
 virtual-controller management-interface ip address 10.10.144.248/22
 rf-domain-manager capable
 no auto-learn staging-config
 service pm sys-restart
 router ospf
 adoption-mode controller
!
profile ap7532 default-ap7532
 use enterprise-ui
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 location HQ
 country-code gb
 use smart-rf-policy default-smartrf
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
 use nsight-policy default
!
self
! ap7532 84-24-8D-82-BF-10
 radio-count 2
 use profile HQWLAN
 use rf-domain default
 hostname AP-VC-1
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no adoption-site
 ip default-gateway 10.10.144.254
 interface radio2
  wlan wlan1 bss 1 primary
 interface ge1
  no shutdown
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
  switchport trunk native vlan 1
 interface vlan101
  ip address 10.10.144.248/22
 no virtual-controller
 no virtual-controller auto
 no virtual-controller management-interface ip address
 virtual-controller management-interface vlan 101
 rf-domain-manager capable
 no rf-domain-manager priority
 no controller vlan
 auto-learn staging-config
 no adoption-mode
!
!
end
 

Douglas_Novell
Extreme Employee

Hello,

Thank you for the update.

Is IGMP snooping enabled on the L2 switch? If so, please disable and retest.

Also there is still a discrepancy within the configuration between the AP override and AP profile.

In the AP profile the following is configured:

‘ virtual-controller management-interface vlan 101’

While in the AP override for AP ‘AP-VC-1’ has the following configured:

‘ virtual-controller management-interface vlan 1’

Phil_storey
Contributor

Hi

thanks for the info, I have done as suggested and checked against the guide, but it still not liking it. If i run show mint neighbours its not finding any, The two AP7532 are in the same switch and both ports have VLAN’s 1,101 against them, 

VLAN Display by Port

                        Port:       [ 23 ]
                        PVID:       101
                        Port Name:  Port 23
      VLANs        VLAN Name                  VLANs        VLAN Name
    ---------  ----------------             ---------  ----------------
        1      VLAN #1
        101    VLAN #101

 

Port:                        [ 23 ]
              Filter Untagged Frames:      [ No  ]
              Filter Unregistered Frames:  [ Yes ]
              Port Name:                   [ Port 23 ]
              PVID:                        [  101 ]
              Port Priority:               [ 0 ]
              Tagging:                     [     Tag All     ]

              ConfigControl (global):      [  AutoPVID ]

 


!
! Configuration of AP7532 version 7.6.2.0-018R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 dhcp-offer-convert
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
wlan VoipT
 description Phones
 shutdown
 ssid VoipT
 vlan 10
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 Un1fyV0ip
!
wlan wlan1
 shutdown
 ssid LANTest
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 no protected-mgmt-frames
 wpa-wpa2 psk 0 2121Password
 ip dhcp trust
!
smart-rf-policy default-smartrf
 assignable-power 2.4GHz min 10
 channel-list 5GHz 36,40,44,48,149,153,157,161,165
 no select-shutdown
 no smart-sensor
 smart-sensor auto-trigger
 smart-sensor band smart-band-5GHz
 smart-sensor tri-radio-only
!
auto-provisioning-policy VC
 adopt ap7532 precedence 10 profile HQWLAN rf-domain $AUTO-RF-DOMAIN any  
!
!
management-policy default
 no telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 2086fd56f6f84582f821be658388f0b8c9e23511ae3d2b5dfeb8a9b96d4d668e role superuser access all
 user Admin2 password 1 271b548973518da1048f40b478a52331804fca4723c5573905a69e96f47f80df role superuser access web ssh console
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
nsight-policy default
!
profile ap7532 HQWLAN
 use enterprise-ui
 ip default-gateway 10.10.144.254
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan1 bss 1 primary
  wlan VoipT bss 2 primary
 interface radio2
  wlan wlan1 bss 1 primary
  wlan VoipT bss 2 primary
 interface ge1
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
 interface vlan1
  ip dhcp client request options all
 interface vlan101
  ip address 10.10.144.248/22
 interface pppoe1
 use firewall-policy default
 use auto-provisioning-policy VC
 use client-identity-group default
 virtual-controller auto
 virtual-controller management-interface ip address 10.10.144.248/22
 virtual-controller management-interface vlan 101
 rf-domain-manager capable
 controller vlan 1
 no auto-learn staging-config
 service pm sys-restart
 router ospf
 adoption-mode controller
!
profile ap7532 default-ap7532
 use enterprise-ui
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 location HQ
 country-code gb
 use smart-rf-policy default-smartrf
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
 use nsight-policy default
!
ap7532 84-24-8D-82-BA-F8
 radio-count 2
 use profile HQWLAN
 use rf-domain default
 hostname ap7532-82BAF8
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 model-number AP-7532-67040-EU
 adoption-site 84-24-8D-82-BF-10
 no rf-domain-manager priority
 no controller vlan
!
self
! ap7532 84-24-8D-82-BF-10
 radio-count 2
 use profile HQWLAN
 use rf-domain default
 hostname AP-VC-1
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no adoption-site
 ip default-gateway 10.10.144.254
 interface ge1
  no shutdown
  switchport mode trunk
  switchport trunk allowed vlan 1,10,101
  switchport trunk native vlan 1
 interface vlan101
  ip address 10.10.144.248/22
 no virtual-controller
 no virtual-controller auto
 no virtual-controller management-interface ip address
 virtual-controller management-interface vlan 1
 rf-domain-manager capable
 no rf-domain-manager priority
 no controller vlan
 auto-learn staging-config
 no adoption-mode
!
!
end
 

Douglas_Novell
Extreme Employee

Hello,

Please reference this article that shows the configuration to Virtual Controller redundancy: https://extremeportal.force.com/ExtrArticleDetail?an=000080546

 

Remove the following overrides from AP ’AP-VC-1’ :

-virtual-controller auto
 -virtual-controller management-interface ip address 10.10.144.248/22
-virtual-controller management-interface vlan 101

- rf-domain-manager priority 15

-controller vlan 1

Remove the following overrides from AP ‘ap7532-82BAF8’

-rf-domain-manager priority 5

Remove the following from AP profile ‘HQWLAN

-controller vlan 1

Add the following to AP profile ‘HQWLAN’

-virtual-controller auto
 -virtual-controller management-interface ip address 10.10.144.248/22
-virtual-controller management-interface vlan 101

If further support is required please contact GTAC and collect a TechSupport from the Virtual Controller AP. Thank you

GTM-P2G8KFN