On our Airwave server, I made a number of changes to the configuration of a group of 3 mobility controllers (model 7210 running firmware 6.3.1.2), and applied the changes to the group. The changes included creation of a new campus WLAN and associated settings such as AAA and SSID profiles, as well as a user role, and a firewall policy.
All the settings got pushed out correctly, except that the firewall policy has not been applied to the user role. Both the role and the policy were applied to the controllers, though. Airwave reports that the 3 controllers have mismatched configurations, and show the following when clicking on the "mismatched" link:
Current Device Configuration Desired Configuration
| |
| | User Role 'FC-RESIDENTIAL-GUEST_role' Policy '1' Aruba AP Group | (not set) | default |
| | User Role 'FC-RESIDENTIAL-GUEST_role' Policy '1' Policy | (not set) | FC-RESIDENTIAL-GUEST_ACL_POLICY |
| | User Role 'FC-RESIDENTIAL-GUEST_role' Policy '1' Position | (not set) | 1 |
| | User Role 'FC-RESIDENTIAL-GUEST_role' Policy '1' Status | (not set) | Create |
Repairing the configuration does not change the result. I cannot see any errors logged in relation to applying the configuration.
I have not tried changing this directly in the controller GUI and would prefer not to as our policy is to use Airwave. Please advise steps I need to take to get the Airwave to apply the firewall policy.
I have one other (hopefully) simple question: under the virtual AP for the WLAN in question, I have set a VLAN ID. In the AAA profile under the virtual AP profile, the role is the "FC-RESIDENTIAL-GUEST_role" from the table above. However the role itself does not have a VLAN ID assigned. The WLAN is working fine (except that the firewall policy is not applied) and the traffic is on the right VLAN once it hits the wired network, so I'm assuming that the VLAN ID doen't need to be applied at the role level too? Or could this be related to the issue above, or be likely to cause any other complications?
Thanks in advance!
