Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Problem connecting IAP205 to 7030 controller

This thread has been viewed 2 times

  • 1.  Problem connecting IAP205 to 7030 controller

    Posted Apr 06, 2016 07:02 AM

    Hi folks,

     

    I'm doing some lab testing at the moment with a 7030 controller and a couple of IAP205s.

    I am sure that I'm missing something really very obvious here, so apologies for that.  I've spent the past day trying to make an IAP205 connect to a 7030 controller.

     

    Should this work out-of-the-box or do I need to do something on the IAP first?

     

    The 7030 has a trunk port with three VLANs (AP, data and voice).  The AP VLAN is the VLAN that the APs have addresses in, and the data and voice VLANs are associated with WLANs.

     

    Giving the AP a static IP address, I have connectivity (can ping the controller from AP and vice versa, would hope so, they are on the same network).  However, I don't see the AP on the controller.

     

    I then turned the IAP back to DHCP, and configured the necessary options (vendor-class-identifier and vendor-specific-options) and can see the IAP getting an address, and the controller's IP address via option 43 when looking at the boot process on the console.  However, the AP never seems to try and communicate with the controller and the controller never sees it.

     

    I've also added a DNS entry; but I never see the IAP try and contact it.

     

    I tried a "convert-aos-ap" on the CLI of one access point, and rebooted, but still see the same thing.

     

    What am I missing?

     

    Thanks

     

    Paul.

     

    As I said, this must be someth

     

     

     

    Things I've tried (in roughly this order):

     

     


    #7030


  • 2.  RE: Problem connecting IAP205 to 7030 controller

    EMPLOYEE
    Posted Apr 06, 2016 07:08 AM

    Out of the box, IAPs do not work with controllers.  They must be converted to Campus APS.  http://community.arubanetworks.com/t5/Controller-less-WLANs/How-do-I-convert-an-Aruba-Instant-AP-to-a-campus-AP/ta-p/178988

     

    What Version of ArubaOS is on the controller?

    What model IAP is it?

    What version of InstantOS do you have on the IAP?

    The regulatory domain of the IAP must match the regulatory domain of the controller to be successful.

     



  • 3.  RE: Problem connecting IAP205 to 7030 controller

    Posted Apr 06, 2016 11:58 AM

    Hi Colin

     

    Thanks for the quick reply.  I hadn't tried the conversion via the web, only the CLI (which didn't seem to work very well).  I have made some progress but still have a problem.

     

    Firstly, the 7030 controller is running ArubaOS 6.4.2.3.

    The IAP was running InstantOS 6.4.2.6-4.1.1.6_50009

    The regulatory domain for everything has been set to GB.

     

    I successfully converted the IAP, however, it still refuses to talk to the controller.  The console log from the AP shows (I've snipped the earlier bits, they all look sensible as it probes PCI devices etc):

     

    Getting an IP address...
[    8.560000] ADDRCONF(NETDEV_UP): bond0: link is not ready
[   11.566000] bond0: link up (1000FD)
[   11.568000] ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
172.16.1.101 255.255.255.0 172.16.1.254
Running ADP...Done. Master is 172.16.1.200
[   15.356000] wifi0: AP type AP-205, radio 0, max_bssids 16
[   15.400000] wifi1: AP type AP-205, radio 1, max_bssids 16
AP rebooted Wed Dec 31 16:04:35 PST 1969; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1192 dest=172.16.1.200 tries=10 seq=0
shutting down watchdog process (nanny will restart it)...



    Now 172.16.1.200 is indeed the IP address of the controller, and the AP can see it (Note: this ping was taken from an IAP that is still in IAP mode, as the converted AP just has a root # prompt that I can't ping from):

     

    f0:5c:19:c6:b6:f6# ping 172.16.1.200
Press 'q' to abort.
PING 172.16.1.200 (172.16.1.200): 56 data bytes
64 bytes from 172.16.1.200: icmp_seq=0 ttl=64 time=3.6 ms
64 bytes from 172.16.1.200: icmp_seq=1 ttl=64 time=0.3 ms
64 bytes from 172.16.1.200: icmp_seq=2 ttl=64 time=0.3 ms
64 bytes from 172.16.1.200: icmp_seq=3 ttl=64 time=0.3 ms

--- 172.16.1.200 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.3/1.1/3.6 ms

     

    I have checked the firewall on the controller, and that is all at its defaults - allowing the required ports on the white list.  I've disabled the control plane filter on the controller as well, but still no joy.

     

    Paul.

     

     

     



  • 4.  RE: Problem connecting IAP205 to 7030 controller
    Best Answer

    EMPLOYEE
    Posted Apr 06, 2016 12:00 PM

    Type "show log system 50" on the controller's commandline to see what could be going on.  It could be that control plane security is enabled, and you don't have that APs mac address in the whitelist.

     

    Also type "show ap database" to see if that AP show up with a flag on the commandline of the controller.



  • 5.  RE: Problem connecting IAP205 to 7030 controller

    Posted Apr 06, 2016 12:40 PM

    Hi Colin

     

    The problem was the control plane security blocking the new APs.  I thought that I'd disabled it, but hadn't saved the config.

     

    I presume that once the APs have associated with the controller, and appear in the white list, it is safe to turn the control plane security back on again?

     

    Thanks very much for your help,

     

    Paul.



  • 6.  RE: Problem connecting IAP205 to 7030 controller

    EMPLOYEE
    Posted Apr 06, 2016 12:44 PM

    The right way to do it, would be do enable control plane security, but enable auto cert provisoning.  The APS will then be able to automatically certify themselves to the controller.