Controllerless Networks

last person joined: 17 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

RAP provision problems

This thread has been viewed 4 times

  • 1.  RAP provision problems

    Posted Jul 28, 2016 09:02 AM

    Hi there

    I'm facing problems with a new deployment to terminate RAP Access Point. Unit is stuck on the covertion step.  RAP is not able to download the image from the controller. FTP is enabled on the controller.

    Can anyone give me some guidance to isolate and fix the problem?

    00:0b:XX:XX:XX:1c# show upgrade info

    Image Upgrade Progress
    ----------------------
    Mac IP Address AP Class Status Image Info Error Detail
    --- ---------- -------- ------ ---------- ------------
    00:0b:XX:XX:XX 172.20.10.3 Aries downloading image file Retrieve image fail
    Auto reboot :enable
    Use external URL :enable
    00:0b:XX:XX:XX# ping 172.24.4.26
    Press 'q' to abort.
    PING 172.24.4.26 (172.24.4.26): 56 data bytes
    64 bytes from 172.24.4.26: icmp_seq=0 ttl=64 time=339.8 ms
    64 bytes from 172.24.4.26: icmp_seq=1 ttl=64 time=349.1 ms
    64 bytes from 172.24.4.26: icmp_seq=2 ttl=64 time=384.0 ms
    64 bytes from 172.24.4.26: icmp_seq=3 ttl=64 time=345.4 ms
    64 bytes from 172.24.4.26: icmp_seq=4 ttl=64 time=333.8 ms

     

    Image Upgrade Progress
    ----------------------
    Mac IP Address AP Class Status Image Info Error Detail
    --- ---------- -------- ------ ---------- ------------
    00:0b:XX:XX:XX 172.20.10.3 Aries downloading image file Retrieve image fail
    Auto reboot :enable
    Use external URL :enable
    00:0b:XX:XX:XX# show log upgrade

    ----------Download log start----------

    Executing '/aruba/bin/download_image_swarm ac-ftp://172.24.4.26/armv5te.ari --no-proxy'
    fetching ('/usr/sbin/wget -T 120 -t 3 --no-proxy -a /tmp/download_url_log ftp://sap:x@172.24.4.26/armv5te.ari')
    --13:47:34-- ftp://sap:*password*@172.24.4.26/armv5te.ari
    => `armv5te.ari'
    Connecting to 172.24.4.26:21... failed: Connection timed out.
    Retrying.

    --13:47:55-- ftp://sap:*password*@172.24.4.26/armv5te.ari
    (try: 2) => `armv5te.ari'
    Connecting to 172.24.4.26:21... failed: Connection timed out.
    Retrying.

    --13:48:16-- ftp://sap:*password*@172.24.4.26/armv5te.ari
    (try: 3) => `armv5te.ari'
    Connecting to 172.24.4.26:21... failed: Connection timed out.
    Giving up.

    Error: failed to retrieve image
    cleaning up
    done



  • 2.  RE: RAP provision problems

    MVP EXPERT
    Posted Jul 28, 2016 09:23 AM

    Is there any firewalls between the controller and the RAP? the latency is also quite high between the two as well, what sort of connection is between them? If you are running Aruba OS 6.5 you can also upgrade via TFTP.

     

    Can you confirm which version is on the RAP (#show ap image version ap-name XXXX) and the version you are trying to upgrade to? There is issues when upgrading from Aruba OS v3 to v6 (you have to upgrade to v5 first...)



  • 3.  RE: RAP provision problems

    Posted Jul 28, 2016 09:54 AM

    Yes, I have a firewall in the middle where I have a rule to allow udp-4500. I'm able able to see the VPN tunnel up for mthe RAP and I can ping the IP address which is attemping to use to download the firmware. Latecy is high 300-400 msec but I tried to use another Internet connection and I have the same issue. 



  • 4.  RE: RAP provision problems

    MVP EXPERT
    Posted Jul 28, 2016 10:01 AM

    To confirm, you have coverted an IAP to a RAP to terminate on a controller. If this is the case can you let me know the model of the IAP and the controller model/version?

     

    An IAP can be converted to a Campus AP and Remote AP only if the controller is running ArubaOS 6.1.4 or later.



  • 5.  RE: RAP provision problems

    Posted Jul 28, 2016 10:04 AM

    Yes,  I use ZTP to convert the RAP155P and also tried the manual conversion from the Web interface.  Controller model is 7210 running ArubaOS 6.4.4.8 and the RAP is using 6.4.2.6-4.1.1.6.



  • 6.  RE: RAP provision problems

    MVP EXPERT
    Posted Jul 28, 2016 10:11 AM

    Okay thanks, can you confirm you've added the RAP to the whitelist and also enabled the FTP service on the controller?



  • 7.  RE: RAP provision problems

    Posted Jul 28, 2016 10:21 AM

    I use Activate with the off-loading of white-list from Clearpass but I tried to use the defaul white-list on the controller and I had the same error. About the FTP, yes, it is also enabled and from inside network I can FTP from the command line of my laptop to the controller and is responding, no idea about what internal username/password is configured but is responding

    (AP-MASTER01) #show firewall | include FTP
    Disable FTP server                           No                                                           

     



  • 8.  RE: RAP provision problems

    Posted Jul 28, 2016 11:25 AM

    From  RAP console and after the retrieval image failure, I tried to convert the RAP via CLI with the command:  convert-aos-ap rap X.X.X.X  using another cluster which is working fine.  In this case the RAP was able to retrieve the firmware and reboot automatically, taking the provisioning IP from Activate and joining to the controller without problems, so somehow the FTP is not able to respond to the remote rap



  • 9.  RE: RAP provision problems
    Best Answer

    Posted Jul 29, 2016 09:37 AM

    Problem fixed. Basically I missed a defualt-vpn-role which is assigned to the remore RAP. After adding it to the controller It is working now