Wired Intelligent Edge

Hi,

a customer has Aruba 2920-24G-PoE+ switches and IAP-205s and we have configured a device-profile on the switches for automatic VLAN configuration of the ports where these IAPs are connected.

Unfortunately when a switch or AP is rebooted, it was sometimes noticed that the profile is not applied correctly and thus the AP gets an IP in the untagged VLAN that is configured on the switchport instead of the untagged VLAN in the device profile.

I've opened a case with support for this, but they say it's not a known issue, so was wondering if anyone else has seen this behaviour as well?

KR,

Mark

Even though a failover is not happening, TAC suspects we are hitting this bug and we are advised to upgrade to WB.16.03.0004:

Device Profile
CR_0000213606
Symptom: Device profile removed and re-applied after a redundancy switchover event.
Scenario: After failing over to standby in an HA (high availability) configuration, the Device Profile is removed and reapplied to the port. This may result in service interruption on that port.

Mark, Were you able to resolve this issue with the code upgrade?

Hi Jerald,

latest update from Aruba support was that this is a bug with the AP (Bug 159607) and not the switch. It was found in 6.5.3.0 and 4.3.1.4.

We have not yet had a chance to test if it is resolved in the most recent release, because we would also need to plan an upgrade of Airwave to support the new AP software version.

KR,

Mark

Hi - slightly off topic, but is there a way to get the device profile to automatically add the AP vlan to the switch uplink?  Meaning, when an Aruba AP is detected, it creates the VLAN and add the AP port as untagged, but it does not add the new AP vlan to the uplink port.

I know I could just define the AP vlan and add to the tagged uplink port, but I want to know if this is possible.

Thx!

Hi Thomas,

to my knowledge this is currently not possible on Aruba switches.

Technically it is possible though as I have set this up on Nortel/Avaya switches (called Fabric Connect) and it's a very handy feature, so I hope other vendors such as Aruba will provide a similar solution in the near future.

KR,

Mark

Thx Mark - seems like it is half baked so far then. Is it possible to do feature requests to HPe?

Funny about Avaya - in a past life I was an Avaya engineer and did a ton of beta testing with fabric connect.  Great feature & functionality, esp wth IDE.   :-)

Hi,

in the past you could access the Ideas Portal via support.arubanetworks.com (need a support/partner login), but it currently doesn't seem to be accessible (maybe because of it being moved to the HPE site?).

Indeed a coincidence you worked at Avaya before :)

I like IDE's simplicity and it being light on resources, but for feature richness, I personally prefer Clearpass. You can update the Nortel dictionnary in Clearpass to include all the Fabric Connect VSAs making it a great solution in a Nortel/Avaya network as well.

KR,

Mark

Thx Mark, I appreciate the input.   Could you please expand on this?  How do you update the dictionary & where do you get the VSA's?

You can update the Nortel dictionnary in Clearpass to include all the Fabric Connect VSAs making it a great solution in a Nortel/Avaya network as well.

Hi,

you can import it here:

I've attached the XML file with the necessary VSAs.

KR,

Mar

Attachment(s)

RadiusDictionaryNortel_withFabricAttach.txt   1 KB 1 version

This is great, thanks so much!  Will test

Any updates on this?

I have a fleet of IAP 335s running 6.5.4.12 with the same issue. To fix it, we reboot the AP but sometimes it doesn't fix the problem.

I observed a similar issue.

We had a cluster of 8 IAP-315.

After a while 3 of these access point dropped out and grouped themselfs within the VLAN that is normally untagged on the port.

A reboot got them back into the correct cluster.