Controllerless Networks

Hi All,

It seems since upgrading to the latest Firmware 6.3.1.1- 4.0.0.1 i am seeing a lot of DHCP Timeouts, at least 35-40 alerts?

 

Also some access points are rebooting?

 

Is there a resolve for this?

 

Thanks

Nisha

Hi,

Did you find the reboot reason for the APs? They are in the 'show tech-support' or the 'show version' output.

Regarding the DHCP time out, are there clients that are not able to get an IP address? In your config, is the DHCP server external or internal to the VC?

Thanks,

Yan

Hi Yan,

 

Thanks for your reply, There are quite a number of clients who cannot get an IP Address at least 15-20, the DHCP Server is Internal to the VC, i have it set so the Virtual Controller assigns the IP Address.

 

It seems only a couple of the AP's are rebooting not all in a cluster of 12, the Radio lights are solid red and then keep rebooting.

 

Is there anything i can check? at the moment i have temporaily reverted back to using firmware version 6.2.1.0-3.4.0.1_39461 which seems to resolve the DHCP problem?

 

 

Thanks

 

Nisha

Hi Nisha,

Could you send us the output of 'show tech-support' from your VC running 3.4.0.1? We would first like to understand your network topology and configuration. Are all the APs connected together using a single switch?

Thanks,

Yan

Yes all AP's are connected to a single Netgear POE. Below is the output.

 

 

 

timer slow      : 0
master high cpu : 0
ap cpu usage    : 100
Slave->Pot-Master : 0 time
Pot-master->Master: 0 time
Pot-master->Slave : 0 time

spoof arp rcvd: 0
last spoof mac: 00:00:00:00:00:00


AP01-Room11-6c:f3:7f:c9:01:70# show election statistics

State        : Master

master_beacon   : sent=9711 rcvd=0
hierarchy_beacon: sent=0 rcvd=0
hierarchy_ack   : sent=0 rcvd=0
beacon_req      : sent=0 rcvd=0
beacon_resp     : sent=0 rcvd=0

election wait   : 0
timer slow      : 0
master high cpu : 0
ap cpu usage    : 100
Slave->Pot-Master : 0 time
Pot-master->Master: 0 time
Pot-master->Slave : 0 time

spoof arp rcvd: 0
last spoof mac: 00:00:00:00:00:00


AP01-Room11-6c:f3:7f:c9:01:70# show log apifmgr


AP01-Room11-6c:f3:7f:c9:01:70# show log vpn-tunnel


2013-12-09 08:54:56 tunnel_profile_init(3203): init tunnel profile <default>.
2013-12-09 08:54:57 tunnel_uplink_change(2855): uplink changed, the new uplink device br0
2013-12-09 08:55:12 [primary tunnel] tunnel_config_remove(2456): configure remove, tunnel primary tunnel, type ipsec tunnel
2013-12-09 08:55:12 tunnel_stop_status_monitor_timer(905): current using tunnel=unselected tunnel
2013-12-09 08:55:12 tunnel_stop_status_monitor_timer(911): stop tunnel status monitor timer.
2013-12-09 08:55:12 [primary tunnel] SM Handler not needed for state TUNNEL_STATE_INIT event TUNNEL_EVENT_TUNNEL_DISCONNECT
2013-12-09 08:55:12 [primary tunnel] tunnel_unregister_action(2035): unregister ipsec action.
2013-12-09 08:55:12 [primary tunnel] tunnel_unregister_action(2051): ipsec client space already free.
2013-12-09 08:55:12 [backup tunnel] tunnel_config_remove(2456): configure remove, tunnel backup tunnel, type ipsec tunnel
2013-12-09 08:55:12 tunnel_stop_status_monitor_timer(905): current using tunnel=unselected tunnel
2013-12-09 08:55:12 tunnel_stop_status_monitor_timer(911): stop tunnel status monitor timer.
2013-12-09 08:55:12 [backup tunnel] SM Handler not needed for state TUNNEL_STATE_INIT event TUNNEL_EVENT_TUNNEL_DISCONNECT
2013-12-09 08:55:12 [backup tunnel] tunnel_unregister_action(2035): unregister ipsec action.
2013-12-09 08:55:12 [backup tunnel] tunnel_unregister_action(2051): ipsec client space already free.
2013-12-09 08:55:12 tunnel_preempt_config(2541): send message to config preemption option to none-preempt
2013-12-09 08:55:12 tunnel_preempt_config(2560): config preemption option to none-preempt
2013-12-09 08:55:12 tunnel_preempt_config(2577): Warning!!! preempt have same configure, return.
2013-12-09 08:55:12 tunnel_failover_type_config(2519): failover type have same configure, return.
2013-12-09 08:55:12 cli_vpn_factory(1478): holdon time configure here.
2013-12-09 08:55:12 tunnel_holdon_time_config(2702): config holdon time 600
2013-12-09 08:55:12 cli_vpn_factory(1491): monitor frequency configure here.
2013-12-09 08:55:12 tunnel_send_pkt_freq_config(2764): config send icmp packet freq 5 for monitor tunnel device.
2013-12-09 08:55:12 tunnel_send_pkt_freq_config(2782): Warning!!! monitor frequency configuration is same, no action, and return.
2013-12-09 08:55:12 cli_vpn_factory(1504): monitor lost cnt configure here.
2013-12-09 08:55:12 tunnel_lost_packet_cnt_config(2816): config lose icmp packet cnt 2 for monitor tunnel device.
2013-12-09 08:55:12 tunnel_lost_packet_cnt_config(2834): Warning!!! lose packet timeout configuration is same, no action, and return.
2013-12-09 08:55:12 tunnel_psk_config(2646): config cert
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup debug statistics


Airgroup slave status       :FALSE
Airgroup master status      :FALSE
Airgroup multi swarm status :FALSE
status value                :0xe
My master's address         :127.0.0.1
My ip address               :10.144.90.11

AirGroup Debug Statistics
--------------------------
Key                         Value
---                         -----
network cache init counter  1(1)
mdns apdb init counter      1(1)
airgroup restore count      1(1)
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup cache entries


Cache Entries:

My Cluster

ap id = 6c:f3:7f:c9:01:70       ap ip = 10.144.90.11    update no = 0

--------------------------------------------------------------------------
Name  Type  Class  TTL  Origin  server mac  State
----  ----  -----  ---  ------  ----------  -----
Num Cache Entries on this AP:0
Num Cache Entries Total:0
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup servers


AirGroup Servers
----------------
MAC  IP  Host Name  Service  VLAN  Wired/Wireless  AP-Mac  Update no/Hash
---  --  ---------  -------  ----  --------------  ------  --------------
Num Servers:0
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup status


AirGroup Feature
----------------
Status
------
Disabled

AirGroup Multi Swarm
--------------------
Status
------
Disabled

AirGroup Guest Multicast
------------------------
Status
------
Disabled

CPPM Parameters
---------------
Parameter                   Value
---------                   -----
CPPM Enforce Registration   Disabled
CPPM Server query interval  0 Seconds
CPPM Server dead time       100 Seconds

AirGroup Service Information
----------------------------
Service   Status
-------   ------
airplay   Disabled
airprint  Disabled
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup users


AirGroup Users
--------------
MAC  IP  Host Name  VLAN  Wired/Wireless  Role  Username  AP-Mac  Query/Resp
---  --  ---------  ----  --------------  ----  --------  ------  ----------
Num Users:0
AP01-Room11-6c:f3:7f:c9:01:70# show airgroupservice


AirGroupService Details
-----------------------
Service   Description  Disallowed-Role  Disallowed-VLAN  ID
-------   -----------  ---------------  ---------------  --
airplay   AirPlay                                        _airplay._tcp
                                                         _raop._tcp
airprint  AirPrint                                       _ipp._tcp
                                                         _pdl-datastream._tcp
                                                         _printer._tcp
                                                         _scanner._tcp
                                                         _universal._sub._ipp._tcp
                                                         _printer._sub._http._tcp
                                                         _http._tcp
                                                         _http-alt._tcp
                                                         _ipp-tls._tcp
                                                         _fax-ipp._tcp
                                                         _riousbprint._tcp
                                                         _cups._sub._ipp._tcp
                                                         _cups._sub._fax-ipp._tcp
                                                         _ica-networking._tcp
                                                         _ptp._tcp
                                                         _canon-bjnp1._tcp
Num Services:2
Num Service-ID:18
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup cppm entries




swarm id = 3ec10c4e01f630218e7468ee4fb4fa7014b0ed543f04ae61ff
ap id = 6c:f3:7f:c9:01:70       ap ip = 10.144.90.11    update no = 0

-----------------------------------------------------------------------------------------------------------------------------
Device  device-owner  shared location-id AP-name  shared location-id AP-FQLN  shared location-id AP-group  shared user-list  shared role-list
------  ------------  --------------------------  --------------------------  ---------------------------  ----------------  ----------------
Num CPPM Entries:0
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup cppm server


CPPM Servers
------------
Server  IP-Address  Port  timeout  rfc3576  rfc3576-only  rfc3576-port
------  ----------  ----  -------  -------  ------------  ------------
AP01-Room11-6c:f3:7f:c9:01:70# show airgroup cppm auth


All Auth Servers known to MDNS
------------------------------
Server  IP-Address  Port  timeout  rfc3576  rfc3576-only  rfc3576-port
------  ----------  ----  -------  -------  ------------  ------------
AP01-Room11-6c:f3:7f:c9:01:70# show auth-survivability cached-info

UserName                                                         Remaining Cache-Time(minutes)
--------                                                         -----------------------------

Total no of cached username : 0
AP01-Room11-6c:f3:7f:c9:01:70# show auth-survivability time-out


Auth Survivability time out :24
AP01-Room11-6c:f3:7f:c9:01:70# show ap-env


Antenna Type:Internal
name:AP01-Room11-6c:f3:7f:c9:01:70
ipaddr:10.144.90.11
netmask:255.255.255.0
gatewayip:10.144.90.1
dnsip:217.196.224.136
domainname:kaplan.co.uk
AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 config


L2TPV3 Tunnel configuration
---------------------------
Tunnel Profile  Primary Peer   Backup Peer   Peer UDP Port  Local UDP Port  Hello Interval  Host Name  MTU  Message Digest Type  secret Key  Failover Mode  Failover Retry Count  Retry Interval  Checksum
--------------  -------------  ------------  -------------  --------------  --------------  ---------  ---  -------------------  ----------  -------------  --------------------  --------------  --------
L2TPV3 Session configuration
----------------------------
Session Name  Tunnel Name  Local tunnel IP  Tunnel Mask  Tunnel Vlan  Session Cookie Length  Session Cookie  Session Remote End ID
------------  -----------  ---------------  -----------  -----------  ---------------------  --------------  ---------------------
AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 global parameter


L2TPV3 Global configuration
---------------------------
Host Name
----------
Kaplan - Manchester
AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 session status

AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 tunnel status

AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 tunnel config

AP01-Room11-6c:f3:7f:c9:01:70# show l2tpv3 system statistics

Hi,

This does not appear to be a complete output? If it is difficult to grab the whole output, which I know is very large, you could also try just grabbing the 'show run' output.

Thanks,

Yan

AP01-Room11-6c:f3:7f:c9:01:70# show run
version 6.2.1.0-3.4.0
virtual-controller-country GB
virtual-controller-key 3ec10c4e01f630218e7468ee4fb4fa7014b0ed543f04ae61ff
name "Kaplan - Manchester"
organization Manchester
virtual-controller-ip 10.144.90.10
terminal-access
clock timezone London 00 00
rf-band all
ams-ip 192.168.102.254
ams-key dfd4c4ee7424dbf23a17e8b00e4ef2de6c910683d4faaff4

allow-new-aps
allowed-ap 24:de:c6:c3:c8:30
allowed-ap 24:de:c6:c3:c8:35
allowed-ap 6c:f3:7f:c8:ff:fd
allowed-ap 6c:f3:7f:c9:00:8f
allowed-ap 6c:f3:7f:c9:00:c8
allowed-ap 6c:f3:7f:c9:01:43
allowed-ap 6c:f3:7f:c9:01:70
allowed-ap 6c:f3:7f:c9:01:72
allowed-ap 6c:f3:7f:c9:01:74



arm
 wide-bands 5ghz
 g-channels 1,7,13
 min-tx-power 15
 max-tx-power 127
 band-steering-mode prefer-5ghz
 air-time-fairness-mode default-access
 client-aware
 scanning
rf dot11g-radio-profile
 legacy-mode
 dot11h

rf dot11a-radio-profile
 legacy-mode
 dot11h

ip dhcp pool
 dns-server 8.8.8.8,8.8.4.4
 domain-name kaplan.co.uk
 lease-time 15


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless






mgmt-user admin bd4400a51b0005ac130e3ce0bc2428c19d8169d779147397

wlan access-rule default_wired_port_profile
 index 0
 rule any any match any any any permit

wlan access-rule kic
 index 1
 rule any any match udp 67 68 permit log
 rule 10.54.5.0 255.255.255.0 match any any any deny log
 rule 10.53.60.0 255.255.255.0 match any any any deny log
 rule 10.44.0.0 255.255.255.0 match any any any deny log
 rule 10.144.90.10 255.255.255.0 match any any any deny log
 rule any any match any any any permit

wlan access-rule kic-a
 index 2
 rule any any match any any any permit
 rule any any match udp 67 68 permit log

wlan access-rule default_dev_rule
 index 3
 rule any any match any any any permit

wlan access-rule instant
 index 4
 rule 10.144.90.11 255.255.255.255 match tcp 80 80 permit
 rule 10.144.90.11 255.255.255.255 match tcp 4343 4343 permit
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit

wlan access-rule wired-instant
 index 5
 rule 10.144.90.11 255.255.255.255 match tcp 80 80 permit
 rule 10.144.90.11 255.255.255.255 match tcp 4343 4343 permit
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit

wlan ssid-profile kic
 enable
 index 0
 type employee
 essid kic
 wpa-passphrase efa0de5d70e34bd4764c055e5d75a037654e57bd5ac20ef6
 opmode wpa2-psk-aes
 max-authentication-failures 0
 vlan guest
 auth-server InternalServer
 rf-band all
 captive-portal disable
 dtim-period 1
 inactivity-timeout 1000
 broadcast-filter none
 blacklist
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

wlan ssid-profile kic-a
 enable
 index 1
 type employee
 essid kic-a
 wpa-passphrase c3354d8e6b8d3e2027bedefc622a41fd41d8ddc73cc27ea2
 opmode wpa2-psk-aes
 max-authentication-failures 0
 vlan guest
 auth-server InternalServer
 rf-band all
 captive-portal disable
 dtim-period 1
 inactivity-timeout 1000
 broadcast-filter none
 blacklist
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

auth-survivability cache-time-out 24



wlan external-captive-portal
 server localhost
 port 80
 url "/"
 auth-text "Authenticated"


blacklist-time 3600
auth-failure-blacklist-time 3600

ids
 wireless-containment none


wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 1
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable
 no dot1x

wired-port-profile wired-instant
 switchport-mode access
 allowed-vlan all
 native-vlan guest
 no shutdown
 access-rule-name wired-instant
 speed auto
 duplex auto
 no poe
 type guest
 captive-portal disable
 no dot1x


enet0-port-profile default_wired_port_profile

uplink
 preemption
 enforce none
 failover-internet-pkt-lost-cnt 10
 failover-internet-pkt-send-freq 30
 failover-vpn-timeout 180


airgroup
 disable

airgroupservice airplay
 disable
 description AirPlay

airgroupservice airprint
 disable
 description AirPrint

Are the clients currently getting addresses in the 172.31.98.0 subnet? Could this subnet be in use by the wired network somehow?

Before you upgraded, do you remember which subnet the clients were getting their IPs from?

They are getting an ip in the 172.31.98.0 range, but this is seperate from the admin network and is not in use anywhere else.

before i ugraded the firmware the clients were still getting the same IP address in that range.

Thank you for the update.

Given that information, I think it is best for us to focus on the AP rebooting issue first, and then look at the DHCP time out issue.

Do the rebooting APs reboot in a loop, and thus preventing any chance of opening a SSH CLI session to those APs?

Yan