Cloud Managed Networks

Reply
Occasional Contributor II

denied user service when AP getting back online after a disconnection

hi everyone:

 

I am new at aruba and i am making some PoCs for a new customer using VC and Aruba Central.

 

Now I am able to configure VC from scratch with or without Aruba Central, but using aruba central i am facing the follwing situation.

 

When a AP or the VC comes outline, wherever a disconnection for aruba central ocurs for all reasons - Power Down aps, disconnect switch uplink to router, etc - AP does come UP but denies any service as all.

 

the aps still advertise configured SSID´s, permits client associatons but denies any internet services.

 

in the clients web browser appers a page displayed  an error "403 forbidden client´s ip:X.X.X.X server´s ip:Y.Y.Y.Y aplication: apple"

 

Also aruba central does not display any down status, it appers that Still management traffic is seen in the net graphics usage (about 32k for AP VC master and 6 bps for a Cluster member).

 

i pulled off and on the internet and Currently i have 3 hours and counting without service and the only thing i found to recover the services is a hard reset to factory defaults. the aps takes about 2-3 minutes to full recover.

 

My aps are a 305 and 315, i configured Two ssid, employee and guest access, and content filtering policies in both SSID as well guest cloud captive portal.

 

Instant version 6.5.4.4_62887

 

some interesting fact there is an audit trial entry almost any event like this: "swarm configuration sync not succesfull"

 

if anyone has suggestions please let me know, i am out of ideas at this point.

 

Best regards.

 

 

 

Contributor II

Re: denied user service when AP getting back online after a disconnection

Hello !

How is the configuration "Can be used without Uplink" and "Out of service" in the SSID settings?


|ATP FLEXNETWORK V3|ACSA
Occasional Contributor II

Re: denied user service when AP getting back online after a disconnection

hey there is that you asked.

 

employee SSID

Can Be Used Without Uplink - unchecked

 

Out of service(OOS):VPN down

enabled.

i believe it is the default setting. Nothing have been configured here before

 

Guest SSID

Can Be Used Without Uplink - unchecked

 

Out of service(OOS):VPN down

enabled.

---------

 

something happen yesterday afternoon. After adding a switch to the group it appears that suddenly the APS start working properly without any action performed on these. I didnt want to perform any troubleshotting until i get some answers in order to get fresh ideas from this community, but i left pass about 4 hours with out doing anithing than monitoring in my aruba central account, but as son as i added a switch in this group of devices seems the aps start working again.

 

for me it is not normal and it is not an expected behaviour for a customer. During these lapses, i werent able to perform any management in the VC, the device status in central portal were inconsistent, some times is up, and some times down but clients has no services besides these can be associated and authenticated wirelessly

 

IMHO, the expected default-normal behaviour is as soon as the managed device back on line and reach aruba central-activate, resync and takes the configs in about 3-5 min with out user intervention, but this is not happen on this PoC.

 

thank you so much for sharing your knowledge, perhaps i am missunderstanding aruba´s way to do things but your comments will be very appreciated.

Occasional Contributor II

Re: denied user service when AP getting back online after a disconnection

i already replied the scenario.

 

disconnect internet plug ... check status on the clients no internet.... reconect internet plug.... back to normal.

 

restart all aps and switches.

 

had the 403 forbidden status, no internet is provided but i am able to reach hosts on the wired side.

 

 

 

Highlighted
Moderator

Re: denied user service when AP getting back online after a disconnection

What you're seeing is the expected behavior:

If the "Can Be Used Without Uplink" box is unchecked the IAP will bring the SSID down if it stops being able to reach Internet. This is very helpful to avoid guest users to connect to a guest WiFi when there's no Internet access, but can become an issue for if your Internet access is flaky (or you're in a lab environment).

 

My recommendation would be:

Leave this unchecked for guest WLANs

Check it for corporate WLANs

 

Hope this helps!

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Occasional Contributor II

Re: denied user service when AP getting back online after a disconnection

thanks Mr Perez for your kind answer.

 

that you write makes sense to me, but it does not happen on my lab enviroment.

 

aps does not stop broadcasting ssids when the internet is not reachable.

 

even worse and it is my concern, if the ap´s goes down for any reason, (electric back off, PoE switch restart etc) when the access point restart, it denies any service in any SSID configured on it (see the attached pictures in earlier post), apears as an offline device in central portal and the only way to recover is doing a hard reset.

 

imagine this in a production enviroment. the customters need to have physical access to manuver the reset push button. this is not acceptable for me or for my customer. Not all access points could be deployed in a any one reachable physical location.  With some large stores or factories, will be necesary the use of cranes and certified trained personnel only to do a hard reset, and even stop process. not acceptable.

 

i belive it is something missconfigured in my lab. this is not normall for any brand of aps.

 

 

 

 

Moderator

Re: denied user service when AP getting back online after a disconnection

Ok, now I understand. I agree, that behavior is absolutely unacceptable.

 

Please open a TAC case to have this looked at more closely.

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Occasional Contributor II

Re: denied user service when AP getting back online after a disconnection

could you guide me to the process to reach TAC?

Moderator

Re: denied user service when AP getting back online after a disconnection

From Aruba Central, simply click on the icon in the bottom left corner and click "view/update case" (see attached).

 

That will take you to the support portal, where you can register and open a case by simply providing the serial number of one of your APs.

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: