Controllerless Networks

Reply
Regular Contributor I

pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrading

Hi

 

did i miss something ? i browsed today thru my config of iap-cluster (105/135) and saw that webui management say "airwave" management instead of "local" as it was for more than 2-3 years. 

it was never managed by airwave/ams, so i wonder why config lines like this suddenly are added after plain upgrading. 

 

as i kept config file histories, it seems this already happenend after upgrading to 4.2.4.3 in october , today i upgraded directly from webui to 4.2.4.4 as it was finally once offered again . normally upgrading happens with local file upgrades e.g. with weblinks/dropbox whatever. (pointing to iap105 and iap135 file, the usual way many ppl use).

 

so, what's up with this magic config additions, BB is watchin' on verizon ? ;-) :

Name: pool-98-118-82-145.bstnma.fios.verizon.net
Address: 98.118.82.145

 

ams-ip 98.118.82.145
ams-key 63877e96exxxxxxxxxxxxxxxxx2655133c69b617d6
ams-identity 260dc4xxxxxxxxxx6ec442e011

organization My-Org

name Instant-Cluster

 

someone can clearify this, as i dont see hints in release-notes, perhaps it's the usual cloud management, but i would expect that german customers are freaking out if magically AMS IP adds itself thru upgrading the instant OS ;-)

 

regards

ben

 

 

Guru Elite

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

I think you should open a TAC case.  That is not normal.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

If you have control of your config (if you can see the edit button next to SSIDs), then the Instant AP has no contact with that server.  I would remove the lines:

 

ams-ip 98.118.82.145
ams-key 63877e96exxxxxxxxxxxxxxxxx2655133c69b617d6
ams-identity 260dc4xxxxxxxxxx6ec442e011

 

..in the short term to make sure you have no contact with whatever server that might be...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

unfortunately cant open case cause no maintenance on the instant-cluster serial numbers.

 

cjoseph : is/was there any instant OS with automatic call-home feature like Aruba_Central/Activate which could explain this behaviour? perhaps cause of some instantOS interim upgrade "bug" (or whatever) this just added magically without any intervention? i just wonder why and "how" those config lines added to my config.

 

i would expect, if this is aruba-central/activate that a hostname would be used instead of a plain IP adress.

 

Do you know if there's some CLI command showing OS upgrade history , then i try to reproduce by downgrading to the OS where the config lines werent added, restoring october 2016 config and then upgrading the same way again to see if the AWMS config lines add themselves again. 

 

i cant imagine someone would have hacked my internal network by passing the external firewall, then executing a virus/trojan on one of my clients and just brute-forcing the webui/ssh instant-cluster and adds AWMS config lines just to observe. i just expect this was cause by some software bug during upgrading the OS - which is done regularly. 

 

do you have guys in engineering where you can ask about the strange verizon.net IP adress?

 

thanks!

ben

Aruba Employee

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

Could you please share a show tech from your cluster?

 

show image version can let you see the one previous image on the IAP.

Regular Contributor I

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

show tech wont help here as the config lines were already removed after i experienced the existence.
feeling little bit unconciousness how those were added.

what i know from the past is that the iap135 in cluster was once a plain real ap135 which was aruba-lab-converted somehow to iap by reflashing , it was from an old SE who gave that to us few years ago. as iap135 is phased out i decided to use at home.

so i expect this IP of awms is perhaps from somehow base OS included by lab to call home to aruba and this config line just added during upgrading OS in october.

i wonder why no one can tell me if that ip/hostname is somehow aruba activate/central related?

as the image on iapcluster was 4.2.4.3 last week and now upgraded to 4.2.4.4 and afterwards 4.2.4.5 i cant tell what was in place in october/november.

so overall said, how this config lines magically added without intention of myself? noone else has access to that cluster. cluster is not reachable from external-> internal, network is secured from my POV ;))
Aruba Employee

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

The reason i am requesting show tech, is for other investigative purposes. Mainly for now the serial number and mac address, any other info that might be needed.

 

Thanks & regards.

Regular Contributor I

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

see PM regarding tech-support

 

@cjoseph : i revised the tech-support and saw the aruba-activate says "enabled" and "successful" , perhaps the iap-cluster just fetched thru aruba-cloud/central/activate a kind of AWMS config as some admin centralized added the S/N  of the mentioned IAP135 to some central AWMS db ? could this be the reason?

 

perhaps this was done "accidentally" by some AWMS admin on aruba-networks.

 

regards

ben

Regular Contributor I

Re: pool-98-118-82-145.bstnma.fios.verizon.net / ams config appearing in instant-config after upgrad

so, any further ideas regarding tech-support file ? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: