Extreme Networks

Andre_h_ · ‎10-31-2019

Hello,

we have a VM3600 controller with Motorola AP-650 (4610-EU) in use. One AP must be operated in a different WLAN than the controller. At first, the controller was not found from AP. With the command "controller host" the IP of the controller was entered. Now the AP is displayed in the controller as online. Unfortunately, it does not emit any WLANs and in the "Apopted Devices" the "Config Status" displays error. If I put the AP in the same VLAN as the controller everything works fine. I hope you can help me.Thanks a lot for this!!

Andre

ckelly · ‎11-04-2019

Okay...so what’s happened is that the AP received the config….but then as part of the new config, it was no longer able to stay adopted to the controller….so it reverted back to the previous config (which is likely just an empty default config). So the question now is, why can’t the AP remain adopted with the new config? Looks like a VLAN config issue.

Look at the AP’s Profile on the controller - in the VLAN1 section. There’s nothing.

So when the AP receives this profile after being adopted, it’s NOT being instructed to behave like a DHCP client.

Even if it DID have an IP address, it can no longer discover the controller using layer-2 because the controller is then on a different subnet, so it then also needs a controller host entry. The easiest way to do this would be to add the entry to the AP’s Profile...so we’ll take care of both of these issues.

Enter these commands and add these three lines *in BOLD* to the AP Profile

login to CLI on controller
enable
config
profile ap4600 ap4600_Hof
interface vlan 1
ip address dhcp
ip dhcp client request options all
exit
controller host 10.216.0.199
commit write

The Profile will then look like this:

profile ap4600 ap4600_Hof
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
   isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
   isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
   wlan hof bss 1 primary
interface radio2
   wlan S-Inet bss 1 primary
interface ge1
   ip dhcp trust
   qos trust dscp
   qos trust 802.1p
interface vlan1
   ip address dhcp ← Will be under ‘interface vlan 1’
   ip dhcp client request options all ← Will be under ‘interface vlan 1’
interface pppoe1 use firewall-policy default
controller host 10.216.0.199    ← Will appear *somewhere* in this AP profile. Look for it
service pm sys-restart
!

Now again, delete the AP from the system as before and then reboot the AP.

This time, the AP should then get an IP address and will know how to reach the controller using layer 3.

View solution in original post

ckelly · ‎11-04-2019

Are any of those other APs model ap4600?

So you have several other APs that are adopted and have a profile. How is this 1 AP different from those? Is the AP Profile on those APs different from the profile that you are wanting to assign to this one?

You can configure the rule so that it is specific to a single mac address. This way, the rule will ONLY apply to the AP with the specified MAC address.

The rule would look like:

adopt ap4600 precedence 1 profile ap4600_Hof rf-domain "S Lau" mac 00-04-xx-xx-xx- <--Enter correct MAC address

Delete the AP from the system and then reboot it.

no ap4600 MAC_address <--Enter the AP’s MAC address

commit write

The reason to delete the AP from the system is that once an AP has been adopted, it won’t go back through the adoption rules again. Removing the AP from the system will cause the controller to treat it like new...and will treat it based on the auto-provisioning rule(s) you have entered.

Those other APs have 2 year uptimes….excellent! 🙂

Andre_h_ · ‎11-04-2019

Hello,

thank you

wm-lau-01>show adoption status
not adopted to any wireless controller

Adopted Devices:
---------------------------------------------------------------------------------------------------------------
DEVICE-NAME       VERSION         CFG-STAT         MSGS ADOPTED-BY        LAST-ADOPTION                  UPTIME
---------------------------------------------------------------------------------------------------------------
AP-1       5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   710 days 23:30:32
AP-2          5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   705 days 23:44:05
AP-3     5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   710 days 23:30:45
AP-4  5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:26   283 days 03:27:35
AP-5   5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   283 days 03:24:29
AP-6   5.5.5.0-018R    configured       No   wm-la..   6 days 01:30:47     6 days 01:33:37
AP-7       5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   710 days 23:43:19
AP-8       5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:30   710 days 23:30:50
AP-9      5.5.5.0-018R    configured       No   wm-la..  60 days 02:07:44   710 days 23:30:39
AP-10     5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   710 days 23:30:46
AP-11    5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   469 days 04:38:25
AP-12  5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   256 days 00:34:35
HOF       5.5.5.0-018R    error            Yes  wm-la..   0 days 07:51:49     0 days 07:55:42
AP-13    5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   283 days 03:19:20
AP-14   5.5.5.0-018R    configured       No   wm-la..  95 days 02:25:28   283 days 03:12:18
----------------------------------------------------------------------------------------------------------------
Total number of devices displayed: 15

We dont want to put all APs in the profil ap4600_Hof - so iam unsure to configure the auto-provisioning-policy - can u help me?

Thanks!

André

ckelly · ‎11-04-2019

If you are not seeing the correct config on the AP, that means either

The AP never receives it
The AP received it, but the received config caused the AP to lose its adoption with the controller. When this happens, the AP reverts back to the last known config that allowed the adoption to work properly (which would have been the default config)

So right now, the AP is adopted. But I’m assuming that the controller is not pushing the config to the AP because it knows that if it does, it will cause a problem. Let’s check:

Run the command on the controller:

show adoption status

Another issue I see is with the auto-provisioning policy. It contains no rules. For a properly setup controller, you want to have rules that define what happens when an AP model tries to adopt. The rule will indicate which profile the AP is given and what rf-domain it is placed into. Below is your current policy. It has a name, but no rules.

!

auto-provisioning-policy "S Lau"

!

To have a correctly setup auto-provisioning rule for this AP: (This is to completed using the CLI - can be completed in GUI also)

Login to CLI
enable
config
auto-provisioning-policy “S Lau”
adopt ap4600 precedence 1 profile ap4600_Hof rf-domain "S Lau" any
commit write

This will cause ANY ap4600 AP to be adopted and assigned the profile ap4600_Hof and then be placed into the rf-domain “S Lau”.

Some tips though:

*AVOID* spaces in any naming you using in the system. I would even suggest going back in and renaming any existing items with spaces. Instead use something like _ or -

Also, I don’t know if using “ is a problem or not, but I would also avoid those as well.

Finish adding that rule to the auto-provisioning policy. Reboot the AP.

If the AP is still not receiving its config, run the command again ON the controller:

show adoption status

Andre_h_ · ‎11-04-2019

Hello,

its right if i run “show run” on the ap - i dont see the proile i have set for this ap. It seems to be a problem to retrieve the config. Ok lets do the commands you told me:

ap4600-7E4254>show adoption status
Adopted by:
Type          : WM3600
System Name   : wm-xxx-xxx-01
MAC address   : 00-04-96-59-2B-CE
MiNT address  : 46.59.2B.CE
Time          :   0 days 00:20:22 ago

ap4600-7E4254>show mint links
1 mint links on 46.7E.42.54:
link ip-10.216.0.199:24576 at level 1, 1 adjacencies

ap4600-7E4254>show ip interface brief
-------------------------------------------------------------------------------
 INTERFACE          IP-ADDRESS/MASK            TYPE        STATUS   PROTOCOL
-------------------------------------------------------------------------------
 vlan1              10.216.1.99/24(DHCP)       primary     UP       up
 vlan1              169.254.66.84/16(ZEROCONF) secondary   UP       up
-------------------------------------------------------------------------------

ap4600-7E4254>show mint mlcp history
2019-11-04 06:00:51:Received OK from cfgd, adoption complete to 46.59.2B.CE
2019-11-04 06:00:51:Waiting for cfgd OK, adopter should be 46.59.2B.CE
2019-11-04 06:00:51:Adoption state change: 'Connecting to adopter' to 'Waiting for Adoption OK'
2019-11-04 06:00:51:Adoption state change: 'No adopters found' to 'Connecting to adopter'
2019-11-04 06:00:51:Try to adopt to 46.59.2B.CE (cluster master 46.59.2B.CE in adopters)
2019-11-04 06:00:51:Got new value for MTU: 1500
2019-11-04 06:00:51:MLCP created level 1 force:0 IP link to 10.216.0.199:24576
2019-11-04 06:00:51:Sending MLCP Request to 10.216.0.199:24576
2019-11-04 06:00:46:Received MLCP Offer from 10.216.0.199:24576 preferred=0 capacity = 237 (force:0, level 1)
2019-11-04 06:00:46:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:46:Start MLCP IP Discover
2019-11-04 06:00:46:Clearing already existing ipsec secure config for MLCP group 0 candidate 10.216.0.199
2019-11-04 06:00:46:DNS resolution completed, starting MLCP
2019-11-04 06:00:46:Received 1 hostnames through option 191
2019-11-04 06:00:43:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:38:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:33:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:28:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:23:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:18:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:13:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:07:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 06:00:02:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:57:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:52:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:47:Sending MLCP Discover to IP 10.216.0.199, UDP port 0
2019-11-04 05:59:47:Start MLCP IP Discover
2019-11-04 05:59:47:Clearing already existing ipsec secure config for MLCP group 0 candidate 10.216.0.199
2019-11-04 05:59:47:DNS resolution completed, starting MLCP
2019-11-04 05:59:47:Received 0 hostnames through option 191
2019-11-04 05:59:47:Adoption state change: 'Disabled' to 'No adopters found'
2019-11-04 05:59:47:DNS resolution completed, starting MLCP
2019-11-04 05:59:47:Adoption enabled due to configuration

ap4600-7E4254>show adoption config-errors HOF
Device HOF does not exist

The hostname does not seem to have been taken over. Currently the AP hostname AP4600-7E4254 seems to have. When I execute this command then comes the following

ap4600-7E4254>show adoption config-errors ap4600-7E4254
*** No configuration errors

Thank you for your help!!

Andre_h_ · ‎11-02-2019

Thank you for your detailed answer and your help. I will execute the commands on Monday at work and post the result here hoping that you can help me further.

Thanks!! André

Extreme Networks

WM3600 - AP2600 - Configure Error with seperate WLAN between AP and controller

WM3600 - AP2600 - Configure Error with seperate WLAN between AP and controller