Extreme Networks

Aviv_Kedem · ‎10-22-2019

Hello guys,

In my lab I can’t make working the upgrading remote site APS through RFDM AP.

My upgrades are successful, but through VX9000 and not through the RFDM AP.

The test is very simple, VX9000 + 2 pieces of AP7532 in the same vlan.

VX running config:

!### show running-config
!
! Configuration of VX9000 version 7.2.1.1-006R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
 no telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 b3c4e90173bd1f030e821f04ee833f17e78b4133788ffb40f12928bfabba10c8 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
 t5 snmp-server community public ro 192.168.0.1
 t5 snmp-server community private rw 192.168.0.1
!
ex3500-management-policy default
 snmp-server community public ro
 snmp-server community private rw
 snmp-server notify-filter 1 remote 127.0.0.1
 snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
database-policy default
!
profile vx9000 default-vx9000
 no autoinstall configuration
 no autoinstall firmware
 no device-upgrade auto
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface xge1
 interface xge2
 interface xge3
 interface xge4
 interface ge1
 interface ge2
 use firewall-policy default
 logging on
 service pm sys-restart
 router bgp
 adoption-mode controller
!
profile ap7532 default-ap7532
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 controller host 172.17.8.3 pool 1 level 2
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain VXtest
 country-code il
!
rf-domain default
 no country-code
 control-vlan 1
!
vx9000 08-00-27-1D-96-AB
 use profile default-vx9000
 use rf-domain VXtest
 hostname vx9000-1D96AB
 license AAP VX-DEMO-16AAP-LICENSE
 license ADSEC DEFAULT-ADV-SEC-LICENSE
 no mint mlcp vlan
 autoinstall firmware
 interface ge1
 interface ge2
 interface vlan1
  ip address dhcp
!
ap7532 B8-50-01-71-C0-D4
 use profile default-ap7532
 use rf-domain default
 hostname ap7532-71C0D4
!
ap7532 B8-50-01-74-3E-6C
 use profile default-ap7532
 use rf-domain default
 hostname ap7532-743E6C
!
!
end

Info from VX:

vx9000-1D96AB#show mint ne
1 mint neighbors of 12.1D.96.AB:
1B.71.C0.D4 (ap7532-71C0D4) at level 2, best adjacency ip-172.17.8.4:24576

vx9000-1D96AB#show global domain managers 
-----------------------------------------------------------------------------------------------------
                      RF-DOMAIN                              MANAGER          HOST-NAME  APS  CLIENTS
-----------------------------------------------------------------------------------------------------
                         VXtest                    08-00-27-1D-96-AB      vx9000-1D96AB    0        0
                        default                    B8-50-01-71-C0-D4      ap7532-71C0D4    2        0
-----------------------------------------------------------------------------------------------------
Total number of RF-domain displayed: 2

vx9000-1D96AB#show device-upgrade history 
-------------------------------------------------------------------------------------------------
            Device      RESULT                 TIME  RETRIES        UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------

     ap7532-743E6C        done  2019-10-22 09:23:31        0      vx9000-1D96AB -

     ap7532-71C0D4        done  2019-10-22 09:24:42        0      vx9000-1D96AB -

Total number of entries displayed: 2

vx9000-1D96AB#show mint neighbors on ap7532-71C0D4
2 mint neighbors of 1B.71.C0.D4:
1B.74.3E.6C (ap7532-743E6C) at level 1, best adjacency vlan-1
12.1D.96.AB (vx9000-1D96AB) at level 2, best adjacency ip-172.17.8.3:24576

vx9000-1D96AB#show mint neighbors on ap7532-743E6C
1 mint neighbors of 1B.74.3E.6C:
1B.71.C0.D4 (ap7532-71C0D4) at level 1, best adjacency vlan-1

vx9000-1D96AB#show mint links 
1 mint links on 12.1D.96.AB:
link ip-172.17.8.4:24576 at level 2, 1 adjacencies, (used)

What is wrong with my configuration?

Why I can’t make the upgrades working through RFDM AP?

Thanks,

Aviv

ckelly · ‎10-23-2019

I can certainly testify that this works perfectly in WiNG-5. (Can’t imagine how it would’ve gotten messed up in WiNG-7 though). This topology is used for a HUGE number of deployments. If something was fundamentally broken in this regard, we’d have heard about it long before now.

From the controller, my output looks like this:

NX(config)#sh device-upgrade history on LAB
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------

LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -

8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -

8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3

On the RFDM AP, the output shows this (the non-RFDM AP output is empty)

(You can see in the first column (Device) the listing of non-RFDM APs that this RFDM AP had upgraded.

8533-Floor-1#sh device-upgrade history
-------------------------------------------------------------------------------------------------
Device RESULT TIME RETRIES UPGRADED-BY LAST-UPDATE-ERROR
-------------------------------------------------------------------------------------------------

8533-Floor-2 done 2019-03-13 13:14:39 0 8533-Floor-1 -

LAB-MCX done 2019-03-13 13:15:37 0 8533-Floor-1 -

8533-Floor-2 done 2018-11-09 12:39:30 0 8533-Floor-1 -
Total number of entries displayed: 3

View solution in original post

Aviv_Kedem · ‎10-23-2019

1a2a931a17a8481fb89bab61b12e3db2_47d77fd5-387f-4ba7-83ef-44505e48dea6.jpg

ckelly · ‎10-23-2019

The command I’m wanting to see the results of are:

show device-upgrade status

Aviv_Kedem · ‎10-23-2019

ap7532-71C0D4#show upgrade?
  upgrade-status  Display last image upgrade status

Upgrade history of the APS is clear on these APS.

Please look into event-histories attached in my previous message.

Thanks,

Aviv

ckelly · ‎10-23-2019

Aviv, please see my previous request.

Aviv_Kedem · ‎10-23-2019

Log from VX when executed device-upgrade rf-domain default all force from-controller

vx9000-1D96AB#device-upgrade rf-domain default all force from-controller 
In progress ....
--------------------------------------------------------------------------------
       CONTROLLER         STATUS                     MESSAGE                    
--------------------------------------------------------------------------------
  08-00-27-1D-96-AB     Success     Number of devices added for upgrade: 2      
--------------------------------------------------------------------------------
vx9000-1D96AB#show device-upgrade status 
Number of devices currently being upgraded : 2
Number of devices waiting in queue to be upgraded : 0
Number of devices currently being rebooted : 0
Number of devices waiting in queue to be rebooted : 0
Number of devices failed upgrade : 0
--------------------------------------------------------------------------------------------------------------
      DEVICE         STATE     UPGRADE TIME REBOOT TIME PROGRESS RETRIES LAST UPDATE ERROR    UPGRADED BY     
--------------------------------------------------------------------------------------------------------------
  ap7532-71C0D4   downloading   immediate    immediate   30       0       -                 vx9000-1D96AB     
  ap7532-743E6C   downloading   immediate    immediate   30       0       -                 vx9000-1D96AB     
--------------------------------------------------------------------------------------------------------------
vx9000-1D96AB#

Its looks like the same procedure, the image is uploaded from VX to the APS simultaneously, without the RFDM AP 😞

Thanks

Aviv

Extreme Networks

Upgrading remote site APS through RFDM AP

Upgrading remote site APS through RFDM AP