Security

Hi all, 

i have connection between 2 building with ap outdoor as connector, and it's always intermitten every 30mnts for around 15mnts. any idea what should i do for the configuration ?

Might be some DFS issues (weather radar or similer) - try using other 5GHZ channels , or disable 80mhz and use 40mhz only.

and <> please read bellow comment:

With IAP there is no functionality that prohibits an AP from changing channels when mesh is enabled (not really for AOS either). So if there's no clients on the 5Ghz radio (assuming you have client aware enabled) if the AP scans for 5Ghz and finds a 'better' 5Ghz channel, it will move, even with mesh enabled, and it's obviously very disruptive. In many cases the 5GHz mesh for instant is used when they just need to reach the last leg for client access Aps, but for bridged network backhaul, when you want the 5GHz radio to chose stability over the best channel, a static assignment should be used. It would be good to have some kind of logic where 'is mesh is enabled on the 5Ghz radio, only change channel if absolutely necessary'.

thanks for the response sir, i already disable 80mhz and i have tried change the channel to another one every time, but the connection still intermitten in around 30mnts for 15mnts

any another idea sir for configuration ?

is mesh portal can't send big packet through ?

Please obtain the tech support from the AP to see if there any clues as to why this is happening.  We need more information.

which log you want know ? such as "show ap database" ? may i know every command to show log for troubleshoot this issue ?

"show tech-support" would be the best command to capture everything.

already sent it sir :) , please review the log

Attachment(s)

log.txt   8.08 MB 1 version

How far apart are those access points?  It says that the RSSI is 50.  Also type "show log wireless all" and "show log system all" to see if there are any clues why these access points are disconnecting.  Also, "show ap tech-support ap-name <name of ap>" for each AP, to see if there are any more clues.

show ap mesh topology long


Mesh Cluster Name: aruba-mesh
-----------------------------
Name              Mesh Role  Parent            Path Cost  Node Cost  Link Cost                                                                                          Hop Count  RSSI  Rate Tx/Rx  Last Update  Uplink Age     #Children  Children
----              ---------  ------            ---------  ---------  ---------                                                                                          ---------  ----  ----------  -----------  ----------     ---------  --------
AP277-MeshPoint   Point      AP277-MESHPORTAL  1          0          0                                                                                                  1          50    54/54       4m:45s       5m:4s          0
AP277-MESHPORTAL  Portal     -                 0          1          0                                                                                                  0          0     -           5m:5s        2d:8h:57m:45s  1          "AP277-MeshP                                                                                        oint"

length between APs is 110m and there is no obstacle between them,

i attach the log for "show log wireless all" , "show log system all" , and tech supp for each APs

Attachment(s)

log wireless system.txt   835 KB 1 version

So,

It looks like you have the mesh point (I assume), named "AP277-MeshPoint" configured to fail over to a second controller, and that is what it is doing for some connectivity reason (Missed Heartbeats).  The question is, are controllers .12 and .13 in a master/local topology, because it seems when the the mesh commands are run on the "current" controller, it does not know about that AP.  My general advice, if this data is correct, would be to remove the failover mechanism first ( remove the backup lms-ip) and troubleshoot the mesh on a single controller first.

show ap debug system-status ap-name "AP277-MeshPoint"

Reboot Information
------------------
(none found)
------------

Rebootstrap Information
-----------------------
Date Time Reason (Latest 10)
--------------------------------------
2016-07-25 14:24:42 Switching to LMS 10.8.10.12: Missed heartbeats: Last Sequence Generated=12979 Sent=0 Rcvd=12899. Last Ctrl message: KEEPALIVE len=45 dest=10.8.10.12 tries=1 seq=12
2016-07-25 14:25:24 Mesh point up on 10.8.10.12 (call 5360)
2016-07-25 14:33:25 Mesh point up on 10.8.10.13 (call 5360)
2016-07-25 14:46:35 Mesh point up on 10.8.10.12 (call 5360)
2016-07-25 15:07:20 Switching to LMS 10.8.10.12: Missed heartbeats: Last Sequence Generated=15505 Sent=0 Rcvd=15425. Last Ctrl message: KEEPALIVE len=45 dest=10.8.10.12 tries=1 seq=12
2016-07-25 15:07:34 Mesh point up on 10.8.10.12 (call 5360)
2016-07-25 15:16:02 Mesh point up on 10.8.10.13 (call 5360)
2016-07-25 15:29:40 Mesh point up on 10.8.10.12 (call 5360)
2016-07-25 15:58:40 Mesh point up on 10.8.10.13 (call 5360)
2016-07-25 16:11:31 Mesh point up on 10.8.10.12 (call 5360)

show ap mesh topology

Total APs :0
(R): Recovery AP. (N): 11N Enabled. (AC): 11AC Enabled. For Portals 'Uplink Age' equals uptime.

show ap mesh neighbors ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint

show ap mesh debug current-cluster ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint

show ap mesh debug provisioned-clusters ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint

show ap mesh debug counters ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint

show ap mesh debug forwarding-table ap-name "AP277-MeshPoint"

AP ap-name "AP277-MeshPoint" not found. Please make sure it is valid by issuing 'show ap bss-table'

show ap mesh debug meshd-log ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint

show ap mesh debug hostapd-log ap-name "AP277-MeshPoint"

No AP found with ap_name AP277-MeshPoint
show ap debug crypto history ap-name "AP277-MeshPoint"

AP Mac: 40:e3:d6:ca:16:ee
TIME PEER IP COOKIES SPI EXCH ERR
---- ------- ------- --- ---- ---
1969-12-31 16:01:19 | 10.8.10.12 | {a6d681f33c253461 : 0000000000000000} | {0x00000000 : 0x00000000} | IKE_SA_INIT | RC_ERROR_IKEV2_TIMEOUT
1969-12-31 16:01:30 | 10.8.10.12 | {6e96f93c0202a6be : 2365bb0a51111a4d} | {0x55521900 : 0x9430b600} | IKE_AUTH | SUCCESS
2016-07-25 11:00:18 | 10.8.10.13 | {aa64e1dcf0560812 : 4a9ae7caf15a611c} | {0x35a3be00 : 0xe1663900} | IKE_AUTH | SUCCESS
2016-07-25 11:13:31 | 10.8.10.12 | {c0e2d06097a7ca30 : 86e176a1061a322a} | {0x6d182100 : 0xd10e2100} | IKE_AUTH | SUCCESS
2016-07-25 11:34:33 | 10.8.10.12 | {e8d60da92b6eac62 : 2204b112cbd078d6} | {0xfdc23400 : 0x12509a00} | IKE_AUTH | SUCCESS
2016-07-25 11:42:55 | 10.8.10.13 | {7c91b0cedeabc1a5 : fd437eb9e9d3d2f6} | {0x64b95000 : 0x5ea2d300} | IKE_AUTH | SUCCESS
2016-07-25 11:56:45 | 10.8.10.12 | {807dbaf11a08131d : d890c595e798e570} | {0xd3a9d800 : 0xc7a7c200} | IKE_AUTH | SUCCESS
2016-07-25 12:25:32 | 10.8.10.13 | {2a9fc06996c1539a : 3b1daf690bbce81b} | {0x097b5600 : 0x7b9b7400} | IKE_AUTH | SUCCESS
2016-07-25 12:39:22 | 10.8.10.12 | {b86eec8b91f7e5f5 : 75d3eca08e263161} | {0x62b8a700 : 0x53d04a00} | IKE_AUTH | SUCCESS
2016-07-25 13:08:09 | 10.8.10.13 | {a472254308ac896b : 5f3374f113bdc3c4} | {0x6f391000 : 0xce179a00} | IKE_AUTH | SUCCESS
2016-07-25 13:21:49 | 10.8.10.12 | {9ab1a0e7f879312a : 977259008569bb07} | {0xa6a0b200 : 0xddf8cf00} | IKE_AUTH | SUCCESS
2016-07-25 13:42:32 | 10.8.10.12 | {43496ad2af7cc5b8 : 0000000000000000} | {0x00000000 : 0x00000000} | IKE_SA_INIT | RC_ERROR_IKEV2_TIMEOUT
2016-07-25 13:42:47 | 10.8.10.12 | {6728696504d31a10 : de6d7d6a95df2120} | {0x32f6c700 : 0xefa4d400} | IKE_AUTH | SUCCESS
2016-07-25 13:50:47 | 10.8.10.13 | {9fa8869e3c3f9087 : 0ceb77983037beff} | {0xa9669900 : 0x533b2900} | IKE_AUTH | SUCCESS
2016-07-25 14:04:08 | 10.8.10.12 | {5d29a93e6e5d30f6 : e42699891af11ba1} | {0x9e275000 : 0xf6cc8600} | IKE_AUTH | SUCCESS
2016-07-25 14:25:09 | 10.8.10.12 | {2bbd997b0c6773d4 : 0000000000000000} | {0x00000000 : 0x00000000} | IKE_SA_INIT | RC_ERROR_IKEV2_TIMEOUT
2016-07-25 14:25:24 | 10.8.10.12 | {eb473b9aa1ba1cf1 : f6d5094b019435ed} | {0x09e02e00 : 0x32e69500} | IKE_AUTH | SUCCESS
2016-07-25 14:33:25 | 10.8.10.13 | {2ab08d4d6c0c9326 : 448d165046db9042} | {0x8e651500 : 0xe500d000} | IKE_AUTH | SUCCESS
2016-07-25 14:46:34 | 10.8.10.12 | {ba33fced9144e09f : abc974e78bba628f} | {0x1079f100 : 0xf80d0000} | IKE_AUTH | SUCCESS
2016-07-25 15:07:34 | 10.8.10.12 | {6982b6f590ddf699 : 99c64ba6c75df945} | {0x5ad7bf00 : 0xb63be600} | IKE_AUTH | SUCCESS
2016-07-25 15:16:01 | 10.8.10.13 | {028d5a4e07a3c4b5 : 95e5b154e2cda2eb} | {0xc9a39b00 : 0xc431b200} | IKE_AUTH | SUCCESS
2016-07-25 15:29:40 | 10.8.10.12 | {36b9ed21f846d886 : 2e773f1dc69ad599} | {0xcdcd4b00 : 0xc9783000} | IKE_AUTH | SUCCESS
2016-07-25 15:58:39 | 10.8.10.13 | {6efaf25b0382f57c : 017427f1fb3a4352} | {0xa42de400 : 0x4bf15500} | IKE_AUTH | SUCCESS
2016-07-25 16:11:31 | 10.8.10.12 | {479e2895bb5c81cf : 739590332a29622b} | {0x8d629200 : 0x254f0900} | IKE_AUTH | SUCCESS

so the local controller does not know about the AP outdoor ?

how i should troubleshoot about this, should i reconfigure the command on the local controller,

same configuration as the master controller ?

So it could be that by the time those commands are run on the local controller, it has failed over to the master controller.  I would remove the backup controller from the LMS-IP temporarily so that you can keep your troubleshooting to a single controller, for now.  You would then get the tech support for both APs on that controller when it happens.

you mean this one ? should i remove the lms ip from the local controller, and get log from show tech support from AP outdoor ?