This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Upgrading remote site APS through RFDM AP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Upgrading remote site APS through RFDM AP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-22-2019 11:26 AM
Hello guys,
In my lab I can’t make working the upgrading remote site APS through RFDM AP.
My upgrades are successful, but through VX9000 and not through the RFDM AP.
The test is very simple, VX9000 + 2 pieces of AP7532 in the same vlan.
VX running config:
!### show running-config
!
! Configuration of VX9000 version 7.2.1.1-006R
!
!
version 2.7
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
no telnet
no http server
https server
rest-server
ssh
user admin password 1 b3c4e90173bd1f030e821f04ee833f17e78b4133788ffb40f12928bfabba10c8 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
database-policy default
!
profile vx9000 default-vx9000
no autoinstall configuration
no autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface xge1
interface xge2
interface xge3
interface xge4
interface ge1
interface ge2
use firewall-policy default
logging on
service pm sys-restart
router bgp
adoption-mode controller
!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
controller host 172.17.8.3 pool 1 level 2
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain VXtest
country-code il
!
rf-domain default
no country-code
control-vlan 1
!
vx9000 08-00-27-1D-96-AB
use profile default-vx9000
use rf-domain VXtest
hostname vx9000-1D96AB
license AAP VX-DEMO-16AAP-LICENSE
license ADSEC DEFAULT-ADV-SEC-LICENSE
no mint mlcp vlan
autoinstall firmware
interface ge1
interface ge2
interface vlan1
ip address dhcp
!
ap7532 B8-50-01-71-C0-D4
use profile default-ap7532
use rf-domain default
hostname ap7532-71C0D4
!
ap7532 B8-50-01-74-3E-6C
use profile default-ap7532
use rf-domain default
hostname ap7532-743E6C
!
!
endInfo from VX:
vx9000-1D96AB#show mint ne
1 mint neighbors of 12.1D.96.AB:
1B.71.C0.D4 (ap7532-71C0D4) at level 2, best adjacency ip-172.17.8.4:24576
vx9000-1D96AB#show global domain managers
-----------------------------------------------------------------------------------------------------
RF-DOMAIN MANAGER HOST-NAME APS CLIENTS
-----------------------------------------------------------------------------------------------------
VXtest 08-00-27-1D-96-AB vx9000-1D96AB 0 0
default B8-50-01-71-C0-D4 ap7532-71C0D4 2 0
-----------------------------------------------------------------------------------------------------
Total number of RF-domain displayed: 2
vx9000-1D96AB#show device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
ap7532-743E6C done 2019-10-22 09:23:31 0 vx9000-1D96AB -
ap7532-71C0D4 done 2019-10-22 09:24:42 0 vx9000-1D96AB -
Total number of entries displayed: 2
vx9000-1D96AB#show mint neighbors on ap7532-71C0D4
2 mint neighbors of 1B.71.C0.D4:
1B.74.3E.6C (ap7532-743E6C) at level 1, best adjacency vlan-1
12.1D.96.AB (vx9000-1D96AB) at level 2, best adjacency ip-172.17.8.3:24576
vx9000-1D96AB#show mint neighbors on ap7532-743E6C
1 mint neighbors of 1B.74.3E.6C:
1B.71.C0.D4 (ap7532-71C0D4) at level 1, best adjacency vlan-1
vx9000-1D96AB#show mint links
1 mint links on 12.1D.96.AB:
link ip-172.17.8.4:24576 at level 2, 1 adjacencies, (used)What is wrong with my configuration?
Why I can’t make the upgrades working through RFDM AP?
Thanks,
Aviv
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-23-2019 06:53 PM
I can certainly testify that this works perfectly in WiNG-5. (Can’t imagine how it would’ve gotten messed up in WiNG-7 though). This topology is used for a HUGE number of deployments. If something was fundamentally broken in this regard, we’d have heard about it long before now.
From the controller, my output looks like this:
NX(config)#sh device-upgrade history on LAB
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
On the RFDM AP, the output shows this (the non-RFDM AP output is empty)
(You can see in the first column (Device) the listing of non-RFDM APs that this RFDM AP had upgraded.
8533-Floor-1#sh device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
20 REPLIES 20
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-24-2019 02:27 PM
Thanks a lot 
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-24-2019 02:19 PM
Aviv,
Are you saying that your initial test here with 7.2 involved an initial adoption scenario where all of the APs needed to be upgraded? If that’s the case, then it is *expected/known* that the 1st upgrade for a remote site WILL require that each AP be upgraded individually by the controller (each AP using its initial level-2 MINT link). Like you mentioned, in this *initial deployment* scenario, the APs are not yet adopted….so they don’t yet have their config...and they don’t have their config yet because they first have to have a matching WiNG firmware version. Once the firmware match requirement is met, they get their config, and then the tear-down from level-2 MINT links to level-1 MINT links (for the non-RFDM APs) is performed and the RFDM is elected. Then going forward, the firmware updates are performed by the RFDM AP.
Trying to circumvent this though by relaxing the version matching requirements is not something you should be doing in a production environment...unless you first thoroughly test the specific setup and accept the responsibility of anything going wrong.
In some cases, doing this might not cause any problems. But doing this can have unexpected results. Using the ability to have non-matching WiNG firmware on the APs should only be used in special cases, and is meant to be a *short-term temporary* solution.
What you are suggesting may in fact work. But if you run into any problems while doing this, it won’t be supported and will not be considered a bug.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-24-2019 02:02 PM
Hello Chris,
Just validated with 5.9.4.1 and working well with the same configuration, so I suggest to test it in your LAB and open case about WING 7.2.1.1 bug. I continue tests with WING5.
But It's important to consider that the first adoption of APS with different OS version from controller requires an upgrade from VX because the aps firstly are without control vlan.
But I think, I can workaround it:
- I can set an enforce-version adoption none + device-upgrade auto on VX.
- after 1 AP at remote site adopted and configured manually with high RFDM priority, all other APS at the remote site receive the L3 adoption site from dhcp option and VX add to the APS a control vlan. Than VX should upgrade and configure the other APS through RFDM automatically.
I right?
Thanks,
Aviv
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-24-2019 01:06 PM
The AP profile needs to have the RFDM-capable option enabled for this Distributed setup. Otherwise, none of the APs in the ‘remote’ RFD will be able to be elected...and the test won’t work.
From what I can tell, your configuration looks correct, based on the MINT queries you’ve supplied. So you just would want to re-test this again but with 5.9.x
Also….if it still doesn’t work as expected with 5.9.x, try setting the county-code for the “default” RFD. It shouldn’t be necessary, but it’s also very unusual to have an RFD for APs where it isn’t configured. Just want to make sure that this isn’t some sort of weird bug/restriction.
