This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RFS4000 and AP6532 adopt issue

RFS4000 and AP6532 adopt issue

Go to solution
kamelek
New Contributor

‎01-17-2019 05:16 PM

Hello, guys.
I have a problem with menage AP6532 from RFS4000,

I adopt it but when I change config on configuration profile for it (AP6532) and commit, the configuration is send to AP6532 but for a moment and then came back to old config.

I had AP6532 in standlone config now whe I bought RFS i want to configure it from controller, but the issu is weard.

Could you help me?

Frimware is 5.8.6.5-002R
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ckelly
Extreme Employee

‎01-17-2019 05:52 PM

kamelek, What could be happening here is that the configuration changes that you are making on the controller contain something that causes the 6532 to lose its ability to stay connected to the controller.

In this case, after the AP receives the changes that are pushed out from the controller, it implements them. If one of the changes then breaks the APs ability to stay connected to the controller, the AP will try several times to re-connect, but once it realizes that it can't, it will automatically revert back to the last known configuration that allowed it to connect to the controller (AP will also reboot). This could possibly be why you see the AP receive its changes...and then lose them.

Secondly, regarding the 'overrides' - The AP profile is the master configuration for the AP. The device level configuration is where you make configuration changes that DEVIATE from the master AP Profile. This is where you would make changes for things like static IP addresses or hostnames....values that you don't want to be duplicated to EVERY AP, right?
What might be happening is that you make a change to the AP Profile but then the AP has an override setting on the controller that 'overrides' the Profile setting.
This would NOT explain though if you are seeing the changes briefly on the AP but then they go away. But, this topic *is* extremely important to understand from a controller management perspective.

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
kamelek
New Contributor

‎01-17-2019 06:01 PM



Hello, thanks Robert for replay, there *** no configuration errors.


I clear overides on AP6532 leave only IP, but the issu is the same.

After mommit new profile it is load to AP6532 , AP6532 lost connect to RFS and after while came backe to old connfig

Maybey config on AP6532 is wrong.

DO you think the best way is to reset config to zero?

I do not want this becouse I have another 4 AP6532 to add to conntroller


code:
!
! Configuration of AP6532 version 5.8.6.5-002R
!
!
version 2.5
!
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
aaa-policy internal-aaa
 authentication server 1 host 10.0.2.21 secret 0 *******
!
captive-portal gosc
 access-type no-auth
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan xxxx_Internet
 ssid xxxx_Internet
 vlan 6
 bridging-mode local
 encryption-type none
 authentication-type none
 use captive-portal gosc
!
wlan xxxx_test
 ssid xxxx_test
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 wpa-wpa2 psk 0 **********
!
wips-policy default
!
radius-group upwifi
 policy vlan 1
 policy ssid XXXXXXXXXX
!
radius-server-policy default
 authentication data-source ldap 
 ldap-agent primary domain-name xxxxxxx domain-admin-user ISC domain-admin-password 0 *************
 use radius-group upwifi
!
!
management-policy default
 no telnet
 no http server
 https server
 ssh
 user admin password 1 ********************************************* role superuser access all
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 motorola
 snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola
!
event-system-policy default
!
l2tpv3 policy default
!
profile ap6532 default-ap6532
 ip name-server 10.0.1.50
 ip name-server 10.0.1.51
 ip domain-name unionparts
 ip default-gateway 10.0.2.1
 autoinstall configuration
 autoinstall firmware
 use radius-server-policy default
 no load-balancing neighbor-selection-strategy use-common-clients
 no load-balancing neighbor-selection-strategy use-roam-notification
 no load-balancing neighbor-selection-strategy use-smart-rf
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan xxxx_Internet bss 2 primary
  wlan xxxx_test bss 3 primary
 interface radio2
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-10
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 rf-domain-manager capable
 ip dns-server-forward
 controller host 10.0.1.2 pool 1 level 1
 service pm sys-restart
!
rf-domain default
 location Xxxx_Xxxx
 contact admin@xxxxxx.pl
 timezone Europe/Warsaw
 country-code pl
!
ap6532 B4-C7-99-23-81-8C
 use profile default-ap6532
 use rf-domain default
 hostname ap6532-23818C
 mint mlcp ip
 ip default-gateway 10.0.2.1
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1-10
 interface vlan1
  ip address 10.0.2.23/24
  ip address zeroconf secondary
!
!
end


0 Kudos

Go to solution
ckelly
Extreme Employee

‎01-17-2019 05:52 PM

kamelek, What could be happening here is that the configuration changes that you are making on the controller contain something that causes the 6532 to lose its ability to stay connected to the controller.

In this case, after the AP receives the changes that are pushed out from the controller, it implements them. If one of the changes then breaks the APs ability to stay connected to the controller, the AP will try several times to re-connect, but once it realizes that it can't, it will automatically revert back to the last known configuration that allowed it to connect to the controller (AP will also reboot). This could possibly be why you see the AP receive its changes...and then lose them.

Secondly, regarding the 'overrides' - The AP profile is the master configuration for the AP. The device level configuration is where you make configuration changes that DEVIATE from the master AP Profile. This is where you would make changes for things like static IP addresses or hostnames....values that you don't want to be duplicated to EVERY AP, right?
What might be happening is that you make a change to the AP Profile but then the AP has an override setting on the controller that 'overrides' the Profile setting.
This would NOT explain though if you are seeing the changes briefly on the AP but then they go away. But, this topic *is* extremely important to understand from a controller management perspective.
0 Kudos

Go to solution
Christoph_S
Extreme Employee

‎01-17-2019 05:25 PM

Check to make sure that the same settings are not configured as overrides. If they are, then they will always revert back to the overrides.
Christoph S.
0 Kudos

Go to solution
RobertZ
Extreme Employee

‎01-17-2019 05:22 PM

There is most likely a configuration error: Can you check with CLI command:

sh adoption config-errors on AP6532
0 Kudos
GTM-P2G8KFN