Controllerless Networks

Reply
Contributor I
Posts: 34
Registered: ‎07-07-2011

Instant and Airwave: Instant GUI issue

Hi,

 

I'm having a strange issue while configuring an IAP-RAP3 (also tried with a IAP-105) via Airwave and the Instant GUI there.

In my scenario, I create a new wireless guest network, nothing fancy, just a simple one with internal IAP authentication and captive portal. However, I would also like to include a network access rule to this network, and here comes the point:

In the Airwave Instant GUI, I create the rule, then after clicking "Apply all" the setting is saved and prepared to be pushed to my IAP.

The IAP accepts all the network configuration, but it does not accept the network access rule. I always get a mismatch for my VC and finally it states "Retry limit reached" (see image)

AirwaveIAP.jpg

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I tried clicking the "Apply All" button below repeatedly, but the mismatch is still there.

 

I have version 7.7.9 of Airwave and the latest version of IAP (6.3.1.2-4.0.0.3_41784).

 

Thanks any help,

 

best regards

 

Aruba
Posts: 105
Registered: ‎11-03-2011

Re: Instant and Airwave: Instant GUI issue

Are you using the internal Captive Portal on the IAP or an external one?


There are certain configuration elements that are not available when authorizing against the internal DB of the IAP and things like role derivation is one of them. For things like this, you need an external Captive Portal along with an external radius source.

 

Also keep in mind that there is generally a stagger between feature functionality in IAP vs what is supported in Airwave. Both are new releases, I'll check with QA for you to see if this is the case here.

 

Cheers,

Adam



| Adam Kennedy, Systems Engineer - adamk@hpe.com

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy
Contributor I
Posts: 34
Registered: ‎07-07-2011

Re: Instant and Airwave: Instant GUI issue

I'm using the internal Captive Portal of the IAP. 

 

I thought that network access rules wouldn't state a problem to Airwave, actually I configured them from Airwave in the instant GUI. So it may be that this functionality in Airwave is not yet implemented on the IAP firmware?

 

 

 

 

 

 

 

 

Aruba
Posts: 105
Registered: ‎11-03-2011

Re: Instant and Airwave: Instant GUI issue

I checked with a few and this could be a bug. To verify, can you create a new group in Airwave, enable the IGC and then move the devices in question to the group and try to push the config again?

 

If it works, great - but still may want to open a TAC case as it should work as you've descrbed. If it doesn't work, TAC case is of course the way to go to get this replicated and tracked as a bug for resolution.

 

Cheers, Adam



| Adam Kennedy, Systems Engineer - adamk@hpe.com

| Service Providers – Aruba, an HPE Company

| Twitter: @adam8021x | Airheads: akennedy
Occasional Contributor II
Posts: 18
Registered: ‎03-10-2014

Re: Instant and Airwave: Instant GUI issue

I have exact the same issue here - is this a confirmed bug? (using Airwave 7.7.9, IAP-115 with latest Firmware and playing around with internal Captive Portal and Firewall Rules...)

Occasional Contributor II
Posts: 18
Registered: ‎03-10-2014

Re: Instant and Airwave: Instant GUI issue

Mismatches for VC : LAB-ZH-AVC1
Change to VC configuration: 
no rule  
no rule  
rule any any match any any 65535 permit log retry limit reached
rule any any match any any 65535 deny log retry limit reached
rule any any match udp 67 68 permit log  
rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit log  
rule 173.194.0.0 255.255.0.0 match tcp 80 80 permit log  
terms-of-use "Das ist das Guest WLAN für Zuerich" retry limit reached
wlan access-rule ARUBA-TEST-WLAN  
 no rule  
 rule any any match any any 65535 permit log retry limit reached
wlan access-rule ARUBA-TEST-GUEST  
 no rule  
 rule any any match any any 65535 deny log retry limit reached
 rule any any match udp 67 68 permit log  
 rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit log  
 rule 173.194.0.0 255.255.0.0 match tcp 80 80 permit log  
wlan captive-portal  

 terms-of-use "Das ist das Guest WLAN für Zuerich" 

retry limit reached
Search Airheads
Showing results for 
Search instead for 
Did you mean: