10-22-2019 11:26 AM
Hello guys,
In my lab I can’t make working the upgrading remote site APS through RFDM AP.
My upgrades are successful, but through VX9000 and not through the RFDM AP.
The test is very simple, VX9000 + 2 pieces of AP7532 in the same vlan.
VX running config:
!### show running-config
!
! Configuration of VX9000 version 7.2.1.1-006R
!
!
version 2.7
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
no telnet
no http server
https server
rest-server
ssh
user admin password 1 b3c4e90173bd1f030e821f04ee833f17e78b4133788ffb40f12928bfabba10c8 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
database-policy default
!
profile vx9000 default-vx9000
no autoinstall configuration
no autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface xge1
interface xge2
interface xge3
interface xge4
interface ge1
interface ge2
use firewall-policy default
logging on
service pm sys-restart
router bgp
adoption-mode controller
!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
controller host 172.17.8.3 pool 1 level 2
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain VXtest
country-code il
!
rf-domain default
no country-code
control-vlan 1
!
vx9000 08-00-27-1D-96-AB
use profile default-vx9000
use rf-domain VXtest
hostname vx9000-1D96AB
license AAP VX-DEMO-16AAP-LICENSE
license ADSEC DEFAULT-ADV-SEC-LICENSE
no mint mlcp vlan
autoinstall firmware
interface ge1
interface ge2
interface vlan1
ip address dhcp
!
ap7532 B8-50-01-71-C0-D4
use profile default-ap7532
use rf-domain default
hostname ap7532-71C0D4
!
ap7532 B8-50-01-74-3E-6C
use profile default-ap7532
use rf-domain default
hostname ap7532-743E6C
!
!
end
Info from VX:
vx9000-1D96AB#show mint ne
1 mint neighbors of 12.1D.96.AB:
1B.71.C0.D4 (ap7532-71C0D4) at level 2, best adjacency ip-172.17.8.4:24576
vx9000-1D96AB#show global domain managers
-----------------------------------------------------------------------------------------------------
RF-DOMAIN MANAGER HOST-NAME APS CLIENTS
-----------------------------------------------------------------------------------------------------
VXtest 08-00-27-1D-96-AB vx9000-1D96AB 0 0
default B8-50-01-71-C0-D4 ap7532-71C0D4 2 0
-----------------------------------------------------------------------------------------------------
Total number of RF-domain displayed: 2
vx9000-1D96AB#show device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
ap7532-743E6C done 2019-10-22 09:23:31 0 vx9000-1D96AB -
ap7532-71C0D4 done 2019-10-22 09:24:42 0 vx9000-1D96AB -
Total number of entries displayed: 2
vx9000-1D96AB#show mint neighbors on ap7532-71C0D4
2 mint neighbors of 1B.71.C0.D4:
1B.74.3E.6C (ap7532-743E6C) at level 1, best adjacency vlan-1
12.1D.96.AB (vx9000-1D96AB) at level 2, best adjacency ip-172.17.8.3:24576
vx9000-1D96AB#show mint neighbors on ap7532-743E6C
1 mint neighbors of 1B.74.3E.6C:
1B.71.C0.D4 (ap7532-71C0D4) at level 1, best adjacency vlan-1
vx9000-1D96AB#show mint links
1 mint links on 12.1D.96.AB:
link ip-172.17.8.4:24576 at level 2, 1 adjacencies, (used)
What is wrong with my configuration?
Why I can’t make the upgrades working through RFDM AP?
Thanks,
Aviv
Solved! Go to Solution.
10-23-2019 06:53 PM
I can certainly testify that this works perfectly in WiNG-5. (Can’t imagine how it would’ve gotten messed up in WiNG-7 though). This topology is used for a HUGE number of deployments. If something was fundamentally broken in this regard, we’d have heard about it long before now.
From the controller, my output looks like this:
NX(config)#sh device-upgrade history on LAB
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
On the RFDM AP, the output shows this (the non-RFDM AP output is empty)
(You can see in the first column (Device) the listing of non-RFDM APs that this RFDM AP had upgraded.
8533-Floor-1#sh device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
10-23-2019 09:05 PM
Chris,
I will test also it with 5.9.4.1+ and update you.
RFD without country code and ap profile without rf domain manager capable… I’ll check it...
Thanks,
Aviv
10-23-2019 06:53 PM
I can certainly testify that this works perfectly in WiNG-5. (Can’t imagine how it would’ve gotten messed up in WiNG-7 though). This topology is used for a HUGE number of deployments. If something was fundamentally broken in this regard, we’d have heard about it long before now.
From the controller, my output looks like this:
NX(config)#sh device-upgrade history on LAB
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
On the RFDM AP, the output shows this (the non-RFDM AP output is empty)
(You can see in the first column (Device) the listing of non-RFDM APs that this RFDM AP had upgraded.
8533-Floor-1#sh device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
10-23-2019 06:36 PM
Chris,
Can you please share the correct output from the controller ?
In the near past tried to make this feature to work with ALL the same topology, but with WING 5.9.3.3 and RFS4000, but with no luck.
So, maybe, we are talking about some very old bug ?
I need this feature working, for our customer with VX and have about 400 branches, so this feature is very important, since WAN links are pretty slow.
Thanks,
Aviv
10-23-2019 06:18 PM
My fault on the command - as you correctly replied with, I was looking for the command ‘history’.
But yeah...something’s not right here. Not sure what though.
Wondering if something in WiNG-7 changed with this RFDM-AP distributed firmware upgrade process.
As seen in your earlier MINT link outputs, the RFDM AP has its level-2 MINT link and the non-RFDM AP just has its single level-1 MINT link with the RFDM AP. That’s exactly as it should be.
In my lab on a WiNG-5 distributed setup, I clearly see the RFDM AP and non-RFDM APs both showing device-upgrade history info….. and the non-RFDM AP indicates that it was upgraded by the RFDM AP.
In addition, you can run this command on the controller and it will also (should) tell you the APs that were upgrade and *which* RFDM AP performed it.
show device-upgrade history on <RFD>
10-23-2019 06:14 PM