10-22-2019 11:26 AM
Hello guys,
In my lab I can’t make working the upgrading remote site APS through RFDM AP.
My upgrades are successful, but through VX9000 and not through the RFDM AP.
The test is very simple, VX9000 + 2 pieces of AP7532 in the same vlan.
VX running config:
!### show running-config
!
! Configuration of VX9000 version 7.2.1.1-006R
!
!
version 2.7
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
no telnet
no http server
https server
rest-server
ssh
user admin password 1 b3c4e90173bd1f030e821f04ee833f17e78b4133788ffb40f12928bfabba10c8 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
database-policy default
!
profile vx9000 default-vx9000
no autoinstall configuration
no autoinstall firmware
no device-upgrade auto
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface xge1
interface xge2
interface xge3
interface xge4
interface ge1
interface ge2
use firewall-policy default
logging on
service pm sys-restart
router bgp
adoption-mode controller
!
profile ap7532 default-ap7532
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
controller host 172.17.8.3 pool 1 level 2
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain VXtest
country-code il
!
rf-domain default
no country-code
control-vlan 1
!
vx9000 08-00-27-1D-96-AB
use profile default-vx9000
use rf-domain VXtest
hostname vx9000-1D96AB
license AAP VX-DEMO-16AAP-LICENSE
license ADSEC DEFAULT-ADV-SEC-LICENSE
no mint mlcp vlan
autoinstall firmware
interface ge1
interface ge2
interface vlan1
ip address dhcp
!
ap7532 B8-50-01-71-C0-D4
use profile default-ap7532
use rf-domain default
hostname ap7532-71C0D4
!
ap7532 B8-50-01-74-3E-6C
use profile default-ap7532
use rf-domain default
hostname ap7532-743E6C
!
!
end
Info from VX:
vx9000-1D96AB#show mint ne
1 mint neighbors of 12.1D.96.AB:
1B.71.C0.D4 (ap7532-71C0D4) at level 2, best adjacency ip-172.17.8.4:24576
vx9000-1D96AB#show global domain managers
-----------------------------------------------------------------------------------------------------
RF-DOMAIN MANAGER HOST-NAME APS CLIENTS
-----------------------------------------------------------------------------------------------------
VXtest 08-00-27-1D-96-AB vx9000-1D96AB 0 0
default B8-50-01-71-C0-D4 ap7532-71C0D4 2 0
-----------------------------------------------------------------------------------------------------
Total number of RF-domain displayed: 2
vx9000-1D96AB#show device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
ap7532-743E6C done 2019-10-22 09:23:31 0 vx9000-1D96AB -
ap7532-71C0D4 done 2019-10-22 09:24:42 0 vx9000-1D96AB -
Total number of entries displayed: 2
vx9000-1D96AB#show mint neighbors on ap7532-71C0D4
2 mint neighbors of 1B.71.C0.D4:
1B.74.3E.6C (ap7532-743E6C) at level 1, best adjacency vlan-1
12.1D.96.AB (vx9000-1D96AB) at level 2, best adjacency ip-172.17.8.3:24576
vx9000-1D96AB#show mint neighbors on ap7532-743E6C
1 mint neighbors of 1B.74.3E.6C:
1B.71.C0.D4 (ap7532-71C0D4) at level 1, best adjacency vlan-1
vx9000-1D96AB#show mint links
1 mint links on 12.1D.96.AB:
link ip-172.17.8.4:24576 at level 2, 1 adjacencies, (used)
What is wrong with my configuration?
Why I can’t make the upgrades working through RFDM AP?
Thanks,
Aviv
Solved! Go to Solution.
10-23-2019 06:53 PM
I can certainly testify that this works perfectly in WiNG-5. (Can’t imagine how it would’ve gotten messed up in WiNG-7 though). This topology is used for a HUGE number of deployments. If something was fundamentally broken in this regard, we’d have heard about it long before now.
From the controller, my output looks like this:
NX(config)#sh device-upgrade history on LAB
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
On the RFDM AP, the output shows this (the non-RFDM AP output is empty)
(You can see in the first column (Device) the listing of non-RFDM APs that this RFDM AP had upgraded.
8533-Floor-1#sh device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------
8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -
LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -
8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3
10-22-2019 12:52 PM
Hi Avi,
Everything looks good. And how the upgrade process looks like? You can monitor it with "watch 4 sh device-upgrade status". Also the devices can skip the update while already running requested release and without "force" option in upgrade command..
Misha