Controllerless Networks

Reply
Occasional Contributor II

IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

We have 16 IAP-105-US Installed at a co-op 60 and over apartment complex.

8-On east side of building Connected to a Comcast Business Class Modem.. 

8-On west side building.. Connected to a Comcast Business Class Modem.. 

Since updating to firmware : 6.2.1.0-3.4.0.3_40346

We had MANY DHCP TIMEOUTS – Also people are having a hard time connecting ..

– Really NEVER saw this with other Firmware Ver’s – Not Sure What Ver’s Were OK !

AP’s Are setup to hand out DCHP … And I see from the ALERTS – DCHP Timeout

When I login to the IAP web page I see 2-3 people that have a 0.0.0.0 IP

 

Really Could Use Some Help! Suggestions ? Please ?

 

version 6.2.1.0-3.4.0
virtual-controller-country US
virtual-controller-key c1abcf9d01b1e68bf1f8c96187eab3bcf1d26ddc9b33c365e2
name Instant-CD:EF:AE
terminal-access
ntp-server time.nist.gov
clock timezone Central-Time -06 00
clock summer-time CDT recurring second sunday march 02:00 first sunday november 02:00
rf-band all

allow-new-aps
allowed-ap 24:de:c6:cd:ef:ae
allowed-ap 24:de:c6:cd:ef:e8
allowed-ap 24:de:c6:cd:ef:b5
allowed-ap 24:de:c6:cd:f0:04
allowed-ap 24:de:c6:cd:f0:ba
allowed-ap 24:de:c6:cd:f0:0a
allowed-ap 24:de:c6:cd:f0:86

arm
 wide-bands 5ghz
 min-tx-power 127
 max-tx-power 127
 band-steering-mode disable
 air-time-fairness-mode default-access
 client-aware
 scanning
 spectrum-load-balancing
rf dot11g-radio-profile
 spectrum-monitor
 interference-immunity 4

rf dot11a-radio-profile
 spectrum-monitor
 interference-immunity 4


syslog-level warn ap-debug 
syslog-level warn network 
syslog-level warn security 
syslog-level warn system 
syslog-level warn user 
syslog-level warn user-debug 
syslog-level warn wireless 






mgmt-user admin 240403e085c4fb83b72d66d1d1e5b7c536e9717c34d5d36a

wlan access-rule default_wired_port_profile
 index 0
 rule any any match any any any permit

wlan access-rule Green-House-Village
 index 1
 rule any any match any any any permit

wlan access-rule wired-instant
 index 2
 rule 10.1.10.10 255.255.255.255 match tcp 80 80 permit
 rule 10.1.10.10 255.255.255.255 match tcp 4343 4343 permit
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit

wlan ssid-profile Green-House-Village
 enable
 index 0
 type guest
 essid Green-House-Village
 wpa-passphrase 3f05e201865e34794899ce5695172bd1f580305235a85fb4
 opmode wpa-psk-tkip,wpa2-psk-aes
 max-authentication-failures 0
 vlan guest
 rf-band all
 captive-portal disable
 dtim-period 1
 inactivity-timeout 1000
 broadcast-filter none
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

auth-survivability cache-time-out 24



wlan external-captive-portal
 server localhost
 port 80
 url "/"
 auth-text "Authenticated"


blacklist-time 3600
auth-failure-blacklist-time 3600

ids classification

ids
 wireless-containment none


wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 1
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable
 no dot1x

wired-port-profile wired-instant
 switchport-mode access
 allowed-vlan all
 native-vlan guest
 no shutdown
 access-rule-name wired-instant
 speed auto
 duplex auto
 no poe
 type guest
 captive-portal disable
 no dot1x


enet0-port-profile default_wired_port_profile

uplink
 preemption
 enforce none
 failover-internet-pkt-lost-cnt 10
 failover-internet-pkt-send-freq 30
 failover-vpn-timeout 180

airgroup
 disable

airgroupservice airplay
 disable
 description AirPlay

airgroupservice airprint
 disable
 description AirPrint

 

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

Please open a case for this.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

I have opened a ticket :  Case # 1481656 : DHCP TIMEOUT issue: [ ref:_00D3008G4._50040VpEjw:ref ]

 

However .. No One seems to beable to fix this .. nor help.

 

1. Updated and Down Graded to different firmware ver's

2. Set =  broadcast filter all - And ARP

3. Set All IAP's to a static IP's Instead of DHCP

 

Does anyone know how to set the IAP DHCP Lease times  ???

 

Does Anyone Have a Suggestions ??????

 

 

DHCP.png

 

version 6.3.1.0-4.0.0
virtual-controller-country US
virtual-controller-key c1abcf9d01b1e68bf1f8c96187eab3bcf1d26ddc9b33c365e2
name Instant-CD:EF:AE
terminal-access
led-off
ntp-server time.nist.gov
clock timezone Central-Time -06 00
rf-band all

allow-new-aps
allowed-ap 24:de:c6:cd:ef:ae
allowed-ap 24:de:c6:cd:ef:e8
allowed-ap 24:de:c6:cd:ef:b5
allowed-ap 24:de:c6:cd:f0:04
allowed-ap 24:de:c6:cd:f0:ba
allowed-ap 24:de:c6:cd:f0:0a
allowed-ap 24:de:c6:cd:f0:86



arm
 wide-bands 5ghz
 min-tx-power 127
 max-tx-power 127
 band-steering-mode prefer-5ghz
 air-time-fairness-mode default-access
 client-aware
 scanning

rf dot11g-radio-profile
 interference-immunity 4

rf dot11a-radio-profile
 interference-immunity 4

ip dhcp pool
 lease-time 60


syslog-level warn ap-debug 
syslog-level warn network 
syslog-level warn security 
syslog-level warn system 
syslog-level warn user 
syslog-level warn user-debug 
syslog-level warn wireless 






mgmt-user admin 9af989b52feb59a734571041deea557eb3734fff626efa0f

wlan access-rule Green-House-Village
 index 0
 rule any any match any any any permit

wlan access-rule default_dev_rule
 index 1
 rule any any match any any any permit

wlan access-rule default_wired_port_profile
 index 2
 rule any any match any any any permit

wlan access-rule wired-instant
 index 3
 rule 10.1.10.11 255.255.255.255 match tcp 80 80 permit
 rule 10.1.10.11 255.255.255.255 match tcp 4343 4343 permit
 rule any any match udp 67 68 permit
 rule any any match udp 53 53 permit

wlan ssid-profile Green-House-Village
 enable
 index 0
 type guest
 essid Green-House-Village
 wpa-passphrase be85d10c2930763a6a3f9882479a4460b20ae79b28ab9f19
 opmode wpa-psk-tkip,wpa2-psk-aes
 max-authentication-failures 0
 vlan guest
 rf-band all
 captive-portal disable
 dtim-period 1
 inactivity-timeout 1800
 broadcast-filter arp
 blacklist
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

auth-survivability cache-time-out 24



wlan external-captive-portal
 server localhost
 port 80
 url "/"
 auth-text "Authenticated"


blacklist-time 3600
auth-failure-blacklist-time 3600

ids classification

ids
 wireless-containment none


wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 1
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable
 no dot1x

wired-port-profile wired-instant
 switchport-mode access
 allowed-vlan all
 native-vlan 1
 no shutdown
 access-rule-name wired-instant
 speed auto
 duplex auto
 no poe
 type employee
 captive-portal disable
 no dot1x


enet0-port-profile default_wired_port_profile

uplink
 preemption
 enforce none
 failover-internet-pkt-lost-cnt 10
 failover-internet-pkt-send-freq 30
 failover-vpn-timeout 180
 failover-internet-check-timeout 10


airgroup
 disable

airgroupservice airplay
 disable
 description AirPlay

airgroupservice airprint
 disable
 description AirPrint


 

 

Aruba Employee

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

Can you share the output of "show tech-support" from the VC? Are the 16 APs organized into two separate clusters, each with 8 APs?
Occasional Contributor II

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

THANK YOU FOR THE REPLY !

My Customer is getting very un-happy with me and the system :(

 

We have ( 2 ) Total IAP-105-us Systems ..  Both Setup Exactly the Same ... Not ( 8 )  My Bad Typing Sorry.

 

Organized into two separate clusters, each with 7 APs?

 

7 - IAP-105's On east side of building .. Connected to a Comcast Business Class Modem and 8-Port 10/100Mbps PoE Switch - TPE-S80

7 - IAP-105's On west side building .. Connected to a Comcast Business Class Modem and 8-Port 10/100Mbps PoE Switch - TPE-S80

 

What is: APAS provision failed, code: fail-prov-no-rule   ??????

 

Please look at : Console.txt  < Attched as Link - 60 pages

https://www.dropbox.com/s/hcjsbj3ct2tiqgf/Console.txt

 

 

show log system

12/9/13 Console 
51/60 
Dec 9 15:08:04 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:08:08 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:08:40 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:11:41 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 04:54:53:ed:78:e2 connect fail because DHCP request timed out 
Dec 9 15:13:07 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:13:11 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:18:10 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:18:13 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:22:41 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:22:41 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 00:26:5e:07:08:c1 connect fail because DHCP request timed out 
Dec 9 15:23:12 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:23:16 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:26:42 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client d4:9a:20:5c:17:0b connect fail because DHCP request timed out 
Dec 9 15:28:16 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:28:19 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:30:42 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:33:19 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:33:23 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:33:30 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.16: Client 00:22:6b:a3:10:5c connect fail because DHCP request timed out 
Dec 9 15:36:42 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:37:42 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client 28:6a:ba:35:af:65 connect fail because DHCP request timed out 
Dec 9 15:38:21 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:38:25 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:38:42 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client 00:22:69:61:bd:10 connect fail because DHCP request timed out 
Dec 9 15:42:43 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:43:24 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:43:27 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:44:13 cli[1110]: <341102> |AP 1-East@10.1.10.11 cli| Incorrect format for message type 126:220:46:10:10.1.10.15:15200. 
Dec 9 15:45:30 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.16: Client 18:e7:f4:b0:47:3a connect fail because DHCP request timed out 
Dec 9 15:48:26 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:48:30 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:49:34 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.11: Client 7c:c3:a1:b5:7a:37 connect fail because DHCP request timed out 
Dec 9 15:49:43 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client b8:e8:56:69:94:68 connect fail because DHCP request timed out 
Dec 9 15:51:43 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client 88:cb:87:e6:f1:87 connect fail because DHCP request timed out 
Dec 9 15:53:28 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:53:32 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:57:44 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 04:54:53:ed:78:e2 connect fail because DHCP request timed out 
Dec 9 15:57:44 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 15:58:31 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 15:58:35 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 15:58:38 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.15: Client 00:12:17:9b:4a:f8 connect fail because DHCP request timed out 
Dec 9 16:03:33 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:03:37 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:04:36 cli[1110]: <341102> |AP 1-East@10.1.10.11 cli| Incorrect format for message type 126:220:46:10:10.1.10.15:15200. 
Dec 9 16:07:44 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client 00:1b:9e:bd:1d:50 connect fail because DHCP request timed out 
Dec 9 16:08:35 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:08:39 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:11:39 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.15: Client a4:d1:d2:0b:95:8a connect fail because DHCP request timed out 
Dec 9 16:11:45 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 94:44:52:9e:71:70 connect fail because DHCP request timed out 
Dec 9 16:13:38 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:13:38 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.17: Client 70:de:e2:a1:26:7e connect fail because DHCP request timed out 
Dec 9 16:13:38 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:13:41 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:15:45 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.14: Client 00:26:5e:07:08:c1 connect fail because DHCP request timed out 
Dec 9 16:16:32 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.16: Client 00:22:6b:a3:10:5c connect fail because DHCP request timed out 
Dec 9 16:16:45 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client d4:9a:20:5c:17:0b connect fail because DHCP request timed out 
Dec 9 16:18:40 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:18:44 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:23:43 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:23:46 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:26:39 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.15: Client 18:e7:f4:b0:47:3a connect fail because DHCP request timed out 
Dec 9 16:28:45 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| Isc_send_request 
Dec 9 16:28:49 cli[1110]: <341005> |AP 1-East@10.1.10.11 cli| APAS provision failed, code: fail-prov-no-rule 
Dec 9 16:29:46 cli[1110]: <341004> |AP 1-East@10.1.10.11 cli| AP 10.1.10.12: Client 68:a8:6d:4e:bb:de connect fail because DHCP request timed out

 

Aruba Employee

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

Could the wired network be using the subnet 172.31.98.0? Could we try manually configure the DHCP pool to a different subnet (say 192.168.10.0), to see if anything changes?
Occasional Contributor II

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

No ... the Comcast modem uses : 10.1.10.19/250 - 255.255.255.0 - 10.1.10.1  - See Pic

I have set ALL IAP's To a Static IP To get from Comast Modem To See If that Helped Used: 10.1.10.11/17

( It Was Set As DHCP )   DID NOT SEEM TO HELP!   :(

 

What is: APAS provision failed, code: fail-prov-no-rule   ??????

How to set the IAP DHCP Lease times  ??????

 

 

Untitled.gif

 

 

Aruba Employee

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

I understand your frustration and appreciate your patience in bearing with us. I know it may still take a few more tries before we get this working but I am confident that it will be resolved in the end.

For now, could you recall which subnet was the client getting its IP from before the recent upgrade that caused all these problems? Is it 192.168.10.0?

Thanks,

Yan
Occasional Contributor II

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

Hmmm ... I have no Idea any more ..

( Bangs Head On Desk )

 

I think ORG Firmware Gave Out : 192.168.1.-

The Newest Firmware Gives Out : 172.31.98.-

 

But I see a Few People Complaining about DHCP On The IAP-105's Here On This Fourm ..

 

I have a feeling that the newest Firmware has a DHCP bug!

Because I never had problems before with DHCP ... After Updating Firmware .. Is When problems started with DHCP.

( Now No Matter What Ver Firmware I Try It Still Has Problems )

 

I Also think maybe whats happing is .. the IAP-105 is running out of IP's to hand out

Because the DHCP Lease Time is not working or not set  ???

 

Anyway ...

 

Do we know what is : APAS provision failed, code: fail-prov-no-rule   ???

How do we set the IAP DHCP Lease times  ???

 

 

 

 

 

 

Aruba Employee

Re: IAP-105US - DHCP PROBLEMS - CONNECTIONS - Please Help !

The lease time can be set in the UI via 'System > Show Advanced Options > DHCP'. You can also try changing the subnet here back to 192.168.10.0, mask 255.255.255.0, to see if it helps.

The 'APAS provision failed' message is due to the fact that this network is provisioned manually instead of via our cloud-based activation system to provision your IAPs, so there is no cause for concern.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: