Controllerless Networks

Reply
Frequent Contributor II

RAP provision problems

Hi there

I'm facing problems with a new deployment to terminate RAP Access Point. Unit is stuck on the covertion step.  RAP is not able to download the image from the controller. FTP is enabled on the controller.

Can anyone give me some guidance to isolate and fix the problem?

00:0b:XX:XX:XX:1c# show upgrade info

Image Upgrade Progress
----------------------
Mac IP Address AP Class Status Image Info Error Detail
--- ---------- -------- ------ ---------- ------------
00:0b:XX:XX:XX 172.20.10.3 Aries downloading image file Retrieve image fail
Auto reboot :enable
Use external URL :enable
00:0b:XX:XX:XX# ping 172.24.4.26
Press 'q' to abort.
PING 172.24.4.26 (172.24.4.26): 56 data bytes
64 bytes from 172.24.4.26: icmp_seq=0 ttl=64 time=339.8 ms
64 bytes from 172.24.4.26: icmp_seq=1 ttl=64 time=349.1 ms
64 bytes from 172.24.4.26: icmp_seq=2 ttl=64 time=384.0 ms
64 bytes from 172.24.4.26: icmp_seq=3 ttl=64 time=345.4 ms
64 bytes from 172.24.4.26: icmp_seq=4 ttl=64 time=333.8 ms

 

Image Upgrade Progress
----------------------
Mac IP Address AP Class Status Image Info Error Detail
--- ---------- -------- ------ ---------- ------------
00:0b:XX:XX:XX 172.20.10.3 Aries downloading image file Retrieve image fail
Auto reboot :enable
Use external URL :enable
00:0b:XX:XX:XX# show log upgrade

----------Download log start----------

Executing '/aruba/bin/download_image_swarm ac-ftp://172.24.4.26/armv5te.ari --no-proxy'
fetching ('/usr/sbin/wget -T 120 -t 3 --no-proxy -a /tmp/download_url_log ftp://sap:x@172.24.4.26/armv5te.ari')
--13:47:34-- ftp://sap:*password*@172.24.4.26/armv5te.ari
=> `armv5te.ari'
Connecting to 172.24.4.26:21... failed: Connection timed out.
Retrying.

--13:47:55-- ftp://sap:*password*@172.24.4.26/armv5te.ari
(try: 2) => `armv5te.ari'
Connecting to 172.24.4.26:21... failed: Connection timed out.
Retrying.

--13:48:16-- ftp://sap:*password*@172.24.4.26/armv5te.ari
(try: 3) => `armv5te.ari'
Connecting to 172.24.4.26:21... failed: Connection timed out.
Giving up.

Error: failed to retrieve image
cleaning up
done

Re: RAP provision problems

Is there any firewalls between the controller and the RAP? the latency is also quite high between the two as well, what sort of connection is between them? If you are running Aruba OS 6.5 you can also upgrade via TFTP.

 

Can you confirm which version is on the RAP (#show ap image version ap-name XXXX) and the version you are trying to upgrade to? There is issues when upgrading from Aruba OS v3 to v6 (you have to upgrade to v5 first...)


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Frequent Contributor II

Re: RAP provision problems

Yes, I have a firewall in the middle where I have a rule to allow udp-4500. I'm able able to see the VPN tunnel up for mthe RAP and I can ping the IP address which is attemping to use to download the firmware. Latecy is high 300-400 msec but I tried to use another Internet connection and I have the same issue. 

Re: RAP provision problems

To confirm, you have coverted an IAP to a RAP to terminate on a controller. If this is the case can you let me know the model of the IAP and the controller model/version?

 

An IAP can be converted to a Campus AP and Remote AP only if the controller is running ArubaOS 6.1.4 or later.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Frequent Contributor II

Re: RAP provision problems

Yes,  I use ZTP to convert the RAP155P and also tried the manual conversion from the Web interface.  Controller model is 7210 running ArubaOS 6.4.4.8 and the RAP is using 6.4.2.6-4.1.1.6.

Re: RAP provision problems

Okay thanks, can you confirm you've added the RAP to the whitelist and also enabled the FTP service on the controller?


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Frequent Contributor II

Re: RAP provision problems

I use Activate with the off-loading of white-list from Clearpass but I tried to use the defaul white-list on the controller and I had the same error. About the FTP, yes, it is also enabled and from inside network I can FTP from the command line of my laptop to the controller and is responding, no idea about what internal username/password is configured but is responding

(AP-MASTER01) #show firewall | include FTP
Disable FTP server                           No                                                           

 

Frequent Contributor II

Re: RAP provision problems

From  RAP console and after the retrieval image failure, I tried to convert the RAP via CLI with the command:  convert-aos-ap rap X.X.X.X  using another cluster which is working fine.  In this case the RAP was able to retrieve the firmware and reboot automatically, taking the provisioning IP from Activate and joining to the controller without problems, so somehow the FTP is not able to respond to the remote rap

Frequent Contributor II

Re: RAP provision problems

Problem fixed. Basically I missed a defualt-vpn-role which is assigned to the remore RAP. After adding it to the controller It is working now

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: