Network Management

last person joined: 23 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave push configuration in monitor only mode ?

This thread has been viewed 1 times

  • 1.  Airwave push configuration in monitor only mode ?

    Posted Sep 08, 2015 06:44 AM

    Hi,
    I just have a very strange error with Airwave. Airwave server push configuration on my controllers while in monitoring mode only!

     

    Here is a little description of my environnement :
    Main site : 2x7220 controllers in Master-Local mode ArubaOS 6.3.1.11
    Branch site : 1x7030 controller in Master mode ArubaOS 6.4.2.12
    Same SSID on all sites
    Two Radius server (MS NPS2008) per site
    One Airwave server version 8.0.4.1
    Two different Airwave Groups:
    1) Main Site : Manage local configuration on controllers Disable and Monitor only + Firm Upgrades
    2) Branch Site : Manage local configuration on controllers Disable and Monitor only + Firm Upgrades

     

    This morning at 06:50 during AP group maintenance windows, Airwave push a part of branch site configuration on Main site controllers!
    The part of configuration includes Radius server so Main site clients were unable to authenticate because of the radius mismatch.
    I manually change mismatched configuration to restore the service.
    I delete AP group maintenance windows in case of …

     

    Here is an extract of the SSH log on Airwave server
    Tue Sep 8 06:50:37 2015:
    >> aaa authentication-server radius "RADIUS BRANCH SITE"
    >> acctport 1813
    >> aaa server-group "SSID_xxx"
    >> auth-server "RADIUS BRANCH SITE" position 1
    >> no auth-server "RADIUS MAIN SITE"
    >> !
    >> aaa server-group "default"
    >> auth-server "Internal" position 1
    >> no auth-server "RADIUS MAIN SITE"
    >> !
    >> aaa authentication mgmt
    >> no enable


    Where are my mistakes ? What have I done wrong ?

     

    Thanks for your help !

     



  • 2.  RE: Airwave push configuration in monitor only mode ?

    EMPLOYEE
    Posted Sep 08, 2015 06:48 AM
    If you run show audit-trail, does it confirm that AirWave made the change?


  • 3.  RE: Airwave push configuration in monitor only mode ?

    Posted Sep 08, 2015 08:36 AM

    Hi Cappalli,

     

    It's Airwave that made the change. Here is an extract of the "show audit-rail" on the master controller of Main site. The difference of 5 minutes between Airwave logs and Controllers logs is now corrected (Airwave Ntp misconfigured).

     

    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" key ****** > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<encrypt disable > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" acctport 1813 > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" mac-delimiter none > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" no service-type-framed-user > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" retransmit 3 > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" timeout 5 > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" host "x.x.x.x" > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" enable > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" no enable-ipv6 > -- command executed successfully
    Sep 8 06:55:52 fpcli: USER:<user airwave>@<IP Airwave Server> COMMAND:<aaa authentication-server radius "RADIUS BRANCH SITE" authport 1812 > -- command executed successfully



  • 4.  RE: Airwave push configuration in monitor only mode ?
    Best Answer

    Posted Sep 08, 2015 10:08 AM
    If you have a maintenance window scheduled in Airwave for your devices, Airwave will push the configuration it has onto your devices regardless of them being in monitor-only mode.
    Planned downtime is what you are looking for if you are not managing devices with Airwave.


  • 5.  RE: Airwave push configuration in monitor only mode ?

    Posted Sep 09, 2015 09:50 AM

    You right !

    I misunderstood this function, I learn every day.