ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Upgrade from 3.4 to 6.0.1

Hi,

last week I've tryed an Upgrade for 4 S3-Controllers from Release 3.4 to 6.0.1.

I've made an upgrade-hop over Version 5.0.4. I've rebootet the Controllers with this image, all things went fine. All Accesspoints (ca. 900) downloaded the update from the controller and worked fine.

The problem was the next update. I've upgraded to Version 6.0.1. After waiting a half hour i still can't connect via SSH or HTTPS. I walked to the Controllers and the CLI was fine, no errors in the systemlog and the system seems to be working correct.

It was also possible to ping the VRRP-Instances and the normal Controller-Adresses (including Loopback-Adresses).

The "show ap database" command tolds me that all APs are down and not upgrading.

Control-Plane-Security was disabled. I don't think that control-plane-security was the problem because SSH and HTTPS has failed too. I think that there is an encryption problem (the conrollers did have an vrrp-instance, but they don't build a tunnel between them). At the end it seems to be, that all things with encryption don't work.

I hope there is someone who has an idea. At this evening we went back to verison 3.4.

Regards,
Marco
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Upgrade from 3.4 to 6.0.1

You need to make sure that the physical interface that connects to your controller is not somehow changed to "untrusted". You might have to use the console cable to connect to your controller to check or change this. If you have a port channel between your controller and your switch, check to make sure that is not untrusted, as well.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Re: Upgrade from 3.4 to 6.0.1

is there a difference between rel. 5.04 and 6.0.1?

i thought that a trusted port only means that the qos (such as dscp) is not beeing removed from the packets. is this wrong and ssh (or https) is also influenced by this?
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Upgrade from 3.4 to 6.0.1

There should be no difference, but if you can ping a controller, but not get into the GUI, I would check to make sure the port is trusted. An untrusted port can have the behavior you mentioned.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Re: Upgrade from 3.4 to 6.0.1

Okay, thanks.

Is there any other possibility? The problem is, that i can only work at night on the controller.

If someone else (or you) has one idea, I would be very pleased.

Thanks,
Marco
Guru Elite
Posts: 20,978
Registered: ‎03-29-2007

Re: Upgrade from 3.4 to 6.0.1

We cannot tell what is the problem until you try to upgrade. The Untrusted port issue is my #1 guess. Please open a proactive TAC case so that they can lead you through your upgrade. If you cannot SSH to the controller that indicates that the port is untrusted. Type "show port status" to see what interface(s) are up and then type show interface to see if it is trusted or not from the console. If you have a port channel, I would do the same thing


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 15
Registered: ‎05-05-2011

Re: Upgrade from 3.4 to 6.0.1

In Rel. 3.4.3.2 the Port's are trusted in the configuration so I don't think that this is the issue.

Of course, next time when I try to update the controllers i would check the ports for their status.
Search Airheads
Showing results for 
Search instead for 
Did you mean: