Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎08-29-2012

AP70s do not register to Controller 800! Help!!

Does anyone here use Aruba 800 wireless controllers and AP70 on
their network ?   I am setting up this new wireless network with the
above equipment.  The wireless controllers are up on the network and
I can ping them, HTTPS to them however i can not get the APs to
register to the controller.

1) When i plug the APs to the switch they are getting an IP address
and I can ping them however it seems like they're going up down (
switchports are going from amber to green).   Do I need some kind of
special cable for the APs?  I went to configuration manual and follow
every step for the AP configuration and they are still not showing in
controller.

2) How do i provision the APs to communicate with the controller ?


controller config :

show run

Building Configuration...





version 2.4

enable secret "aa7891c511763a0428a019803059aeef65df5a3d3be23cc1"

enable "8L8E8N0T0Z0F8N5[5[8N"

hostname "aruba-master"

logging level warnings stm

clock summer-time UTC-5 recurring first sunday april 02:00 last sunday
october 02:00


clock timezone UTC -5

ip access-list session validuser

  any any any permit

!

vpn-dialer default-dialer

  ike authentication PRE-SHARE 218d0f532708d2c0a9963544c5733235dd78c9b696abed06

!

user-role ap-role

!

user-role pre-employee

!

user-role trusted-ap

!

user-role guest

--More-- (q) quit (u) pageup (/) search (n) repeat

!

user-role stateful-dot1x

!

user-role logon

!

aaa derivation-rules user

  set role condition essid equals "aruba-master" set-value pre-employee

!

aaa mgmt-authentication mode enable

aaa pubcookie-authentication

!

aaa dot1x enforce-machine-authentication

 mode disable

!

dot1x timeout wpa-key-timeout 1



interface mgmt

        shutdown

!



interface loopback

        ip address X.X.X.X

!



--More-- (q) quit (u) pageup (/) search (n) repeat

vlan 6





interface fastethernet 1/0

        description "fe1/0"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/1

        description "fe1/1"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/2

        description "fe1/2"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/3

        description "fe1/3"

        trusted

--More-- (q) quit (u) pageup (/) search (n) repeat

        switchport access vlan 6

!



interface fastethernet 1/4

        description "fe1/4"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/5

        description "fe1/5"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/6

        description "fe1/6"

        trusted

        switchport access vlan 6

!



interface fastethernet 1/7

        description "fe1/7"

        trusted

--More-- (q) quit (u) pageup (/) search (n) repeat

        switchport access vlan 6

!



interface gigabitethernet  1/8

        description "gig1/8"

        trusted

        switchport mode trunk

!



interface vlan 1

!



interface vlan 6

        ip address X.X.X.X X.X.X.X

!



ip default-gateway X.X.X.X



country US



ap location 0.0.0

ap-logging level informational snmpd



double-encrypt disable

--More-- (q) quit (u) pageup (/) search (n) repeat

ap-logging level informational sapd

ap-logging level warnings am

ap-logging level warnings stm

max-imalive-retries 10

bkplms-ip 0.0.0.0

opmode opensystem

mode ap_mode

authalgo opensystem

rts-threshhold 2333

tx-power 2

max-retries 4

dtim-period 1

max-clients 64

beacon-period 100

power-mgmt enable

ageout 1000

hide-ssid disable

deny-bcast disable

rf-band g

bootstrap-threshold 7

local-probe-response enable

max-tx-fail 0

forward-mode tunnel

native-vlan-id 1

--More-- (q) quit (u) pageup (/) search (n) repeat

arm assignment disable

arm client-aware enable

arm scanning disable

arm scan-time 110

arm scan-interval 10

arm multi-band-scan disable

arm voip-aware-scan enable

arm max-tx-power 4

arm rogue-ap-aware disable

voip call-admission-control disable

voip drop-sip-invite-for-cac disable

voip active-load-balancing disable

voip vocera-call-capacity 10

voip sip-call-capacity 10

voip svp-call-capacity 10

voip sccp-call-capacity 10

voip call-handoff-reservation 20

voip high-capacity-threshold 20

essid "XXX_Wireless"

vlan-id 6

weptxkey 1

ap-enable enable

  phy-type a

    channel 36

--More-- (q) quit (u) pageup (/) search (n) repeat

    rates 6,12,24

    txrates 6,9,12,18,24,36,48,54

    essid "aruba-master"

    vlan-id 6

    opmode opensystem

    deny-bcast enable

    hide-ssid disable

  !

  phy-type g

    short-preamble enable

    channel 1

    rates 1,2

    txrates 1,2,5,11,6,9,12,18,24,36,48,54

    bg-mode mixed

    dtim-period 3

  !

!

ap location 0.0.0

  phy-type enet1

    mode active-standby

    switchport mode access

    switchport access vlan 1

    switchport trunk native vlan 1

    switchport trunk allowed vlan ALL

--More-- (q) quit (u) pageup (/) search (n) repeat

    trusted disable

  !

!

wms

 general poll-interval 60000

 general poll-retries 2

 general ap-ageout-interval 30

 general sta-ageout-interval 30

 general ap-inactivity-timeout 5

 general sta-inactivity-timeout 60

 general grace-time 2000

 general laser-beam enable

 general laser-beam-debug disable

 general wired-laser-beam disable

 general stat-update enable

 general am-stats-update-interval 0

 ap-policy learn-ap enable

 ap-policy classification disable

 ap-policy protect-unsecure-ap enable

 ap-policy detect-misconfigured-ap disable

 ap-policy protect-misconfigured-ap disable

 ap-policy protect-mt-channel-split disable

 ap-policy protect-mt-ssid disable

 ap-policy detect-ap-impersonation disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 ap-policy protect-ap-impersonation disable

 ap-policy beacon-diff-threshold 50

 ap-policy beacon-inc-wait-time 3

 ap-policy min-pot-ap-beacon-rate 25

 ap-policy min-pot-ap-monitor-time 2

 ap-policy protect-ibss disable

 ap-policy ap-load-balancing disable

 ap-policy ap-lb-max-retries 8

 ap-policy ap-lb-util-high-wm 90

 ap-policy ap-lb-util-low-wm 80

 ap-policy ap-lb-util-wait-time 30

 ap-policy ap-lb-user-high-wm 255

 ap-policy ap-lb-user-low-wm 230

 ap-policy persistent-known-interfering disable

 ap-config short-preamble disable

 ap-config privacy disable

 ap-config wpa disable

 station-policy protect-valid-sta disable

 station-policy handoff-assist disable

 station-policy rssi-falloff-wait-time 4

 station-policy low-rssi-threshold 20

 station-policy rssi-check-frequency 3

 station-policy detect-association-failure disable

 global-policy detect-bad-wep disable

--More-- (q) quit (u) pageup (/) search (n) repeat

 global-policy detect-interference disable

 global-policy interference-inc-threshold 100

 global-policy interference-inc-timeout 30

 global-policy interference-wait-time 30

 event-threshold fer-high-wm 0

 event-threshold fer-low-wm 0

 event-threshold frr-high-wm 16

 event-threshold frr-low-wm 8

 event-threshold flsr-high-wm 16

 event-threshold flsr-low-wm 8

 event-threshold fnur-high-wm 0

 event-threshold fnur-low-wm 0

 event-threshold frer-high-wm 16

 event-threshold frer-low-wm 8

 event-threshold ffr-high-wm 16

 event-threshold ffr-low-wm 8

 event-threshold bwr-high-wm 0

 event-threshold bwr-low-wm 0

 valid-11b-channel 1 mode enable

 valid-11b-channel 6 mode enable

 valid-11b-channel 11 mode enable

 valid-11a-channel 36 mode enable

 valid-11a-channel 40 mode enable

 valid-11a-channel 44 mode enable

--More-- (q) quit (u) pageup (/) search (n) repeat

 valid-11a-channel 48 mode enable

 valid-11a-channel 149 mode enable

 valid-11a-channel 153 mode enable

 valid-11a-channel 157 mode enable

 valid-11a-channel 161 mode enable

 valid-11a-channel 165 mode enable

 ids-policy signature-check disable

 ids-policy rate-check disable

 ids-policy dsta-check disable

 ids-policy sequence-check disable

 ids-policy mac-oui-check disable

 ids-policy eap-check disable

 ids-policy ap-flood-check disable

 ids-policy adhoc-check disable

 ids-policy wbridge-check disable

 ids-policy sequence-diff 300

 ids-policy sequence-time-tolerance 300

 ids-policy sequence-quiet-time 900

 ids-policy eap-rate-threshold 10

 ids-policy eap-rate-time-interval 60

 ids-policy eap-rate-quiet-time 900

 ids-policy ap-flood-threshold 50

 ids-policy ap-flood-inc-time 3

 ids-policy ap-flood-quiet-time 900

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy signature-quiet-time 900

 ids-policy dsta-quiet-time 900

 ids-policy adhoc-quiet-time 900

 ids-policy wbridge-quiet-time 900

 ids-policy mac-oui-quiet-time 900

 ids-policy rate-frame-type-param assoc channel-threshold 30

 ids-policy rate-frame-type-param assoc channel-inc-time 3

 ids-policy rate-frame-type-param assoc channel-quiet-time 900

 ids-policy rate-frame-type-param assoc node-threshold 30

 ids-policy rate-frame-type-param assoc node-time-interval 60

 ids-policy rate-frame-type-param assoc node-quiet-time 900

 ids-policy rate-frame-type-param disassoc channel-threshold 30

 ids-policy rate-frame-type-param disassoc channel-inc-time 3

 ids-policy rate-frame-type-param disassoc channel-quiet-time 900

 ids-policy rate-frame-type-param disassoc node-threshold 30

 ids-policy rate-frame-type-param disassoc node-time-interval 60

 ids-policy rate-frame-type-param disassoc node-quiet-time 900

 ids-policy rate-frame-type-param deauth channel-threshold 30

 ids-policy rate-frame-type-param deauth channel-inc-time 3

 ids-policy rate-frame-type-param deauth channel-quiet-time 900

 ids-policy rate-frame-type-param deauth node-threshold 20

 ids-policy rate-frame-type-param deauth node-time-interval 60

 ids-policy rate-frame-type-param deauth node-quiet-time 900

 ids-policy rate-frame-type-param probe-request channel-threshold 200

--More-- (q) quit (u) pageup (/) search (n) repeat

 ids-policy rate-frame-type-param probe-request channel-inc-time 3

 ids-policy rate-frame-type-param probe-request channel-quiet-time 900

 ids-policy rate-frame-type-param probe-request node-threshold 200

 ids-policy rate-frame-type-param probe-request node-time-interval 15

 ids-policy rate-frame-type-param probe-request node-quiet-time 900

 ids-policy rate-frame-type-param probe-response channel-threshold 200

 ids-policy rate-frame-type-param probe-response channel-inc-time 3

 ids-policy rate-frame-type-param probe-response channel-quiet-time 900

 ids-policy rate-frame-type-param probe-response node-threshold 150

 ids-policy rate-frame-type-param probe-response node-time-interval 15

 ids-policy rate-frame-type-param probe-response node-quiet-time 900

 ids-policy rate-frame-type-param auth channel-threshold 30

 ids-policy rate-frame-type-param auth channel-inc-time 3

 ids-policy rate-frame-type-param auth channel-quiet-time 900

 ids-policy rate-frame-type-param auth node-threshold 30

 ids-policy rate-frame-type-param auth node-time-interval 60

 ids-policy rate-frame-type-param auth node-quiet-time 900

 ids-signature "ASLEAP"

   mode enable

   frame-type beacon ssid asleap

 !

 ids-signature "Null-Probe-Response"

   mode enable

   frame-type probe-response ssid-length 0

--More-- (q) quit (u) pageup (/) search (n) repeat

 !

 ids-signature "AirJack"

   mode enable

   frame-type beacon ssid AirJack

 !

 ids-signature "NetStumbler Generic"

   mode enable

   payload 0x00601d 3

   payload 0x0001 6

 !

 ids-signature "NetStumbler Version 3.3.0x"

   mode enable

   payload 0x00601d 3

   payload 0x000102 12

 !

 ids-signature "Deauth-Broadcast"

   mode enable

   frame-type deauth

   dst-mac ff:ff:ff:ff:ff:ff

 !

!

site-survey calibration-max-packets 256

site-survey calibration-transmit-rate 500

site-survey rra-max-compute-time 600000

--More-- (q) quit (u) pageup (/) search (n) repeat

site-survey max-ha-neighbors 3

site-survey neighbor-tx-power-bump 2

site-survey ha-compute-time 0





arm min-scan-time 8

arm ideal-coverage-index 5

arm acceptable-coverage-index 2

arm wait-time 15

arm free-channel-index 25

arm backoff-time 240

arm error-rate-threshold 0

arm error-rate-wait-time 30

arm noise-threshold 0

arm noise-wait-time 120



ems server-ip 0.0.0.0



crypto isakmp groupname changeme



vpdn group l2tp

  ppp authentication PAP

!



--More-- (q) quit (u) pageup (/) search (n) repeat



masterip 127.0.0.1

location "Building1.floor1"

mobility

  parameters 60 buffer 32

  manager disable

  proxy-dhcp enable

  station-masquerade enable

  on-association disable

  trusted-roam disable

  ignore-l2-broadcast disable

  block-dhcp-release disable

  no new-user-roaming

  max-dhcp-requests 4

  secure 1000 shared-secret 4012c7accbe0f26bbb1703b4bf36dfa0

!

mobility-local

  local-ha disable

!

mobagent

  home-agent parameters 1000 bindings 300

  secure-mobile spi 1000 3abd01a8027810fb5dad94d4bacadec7

  foreign-agent parameters 1100 bindings 300 pending 0 pending-time 300

!

--More-- (q) quit (u) pageup (/) search (n) repeat



syslocation "1501 Wilson BLVD"

syscontact "Christina Antonetti"

snmp-server new traps

vpdn group pptp

  no ppp authentication PAP

  ppp authentication MSCHAPv2

!



stm dos-prevention enable

stm vlan-mobility disable

stm strict-compliance enable

stm fast-roaming disable

stm sta-dos-prevention enable

stm sta-dos-block-time 3600

stm auth-failure-block-time 0

stm coverage-hole-detection disable

stm good-rssi-threshold 20

stm poor-rssi-threshold 10

stm hole-detection-interval 180

stm good-sta-ageout 30

stm idle-sta-ageout 90

stm ap-inactivity-timeout 15



--More-- (q) quit (u) pageup (/) search (n) repeat

mux-address 0.0.0.0



adp discovery enable

adp igmp-join enable

adp igmp-vlan 0



voip prioritization enable





mgmt-role guest-provisioning

        description "This is Default Super User Role"

        permit local-userdb read write

!

mgmt-role root

        description "This is Default Super User Role"

        permit super-user

!

mgmt-user admin root b65b8ff25272bb5f9e17bea3f22d10e8560b34e4d81de262





no database synchronize

database synchronize rf-plan-data





--More-- (q) quit (u) pageup (/) search (n) repeat

ip igmp

!



ip router pim

!



ads netad mode disable



packet-capture-defaults tcp disable udp disable sysmsg disable other disable

end
Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: AP70s do not register to Controller 800! Help!!

ArubaOS version 2.4 is quite old and is not supported anymore. My suggestion would be to upgrade the controller first and then troubleshoot.

Do you know what OS version are the APs running?
--
HT
New Contributor
Posts: 2
Registered: ‎08-29-2012

Re: AP70s do not register to Controller 800! Help!!

Since the controllers and aps are old, they are no longer under a support contract.  Is there somewhere I can look to get an updated OS for the device?  Also, since I cannot get into the APs, I cannot tell what version OS they are running. We are in a bit of a pickle with this so any assistance is welcomed.

Guru Elite
Posts: 21,517
Registered: ‎03-29-2007

Re: AP70s do not register to Controller 800! Help!!

Since you have a 800, I would combine two articles:

 

First, to connect to the console on those APS:

How do I use the SOE feature for the 2400 series controller? https://kb.arubanetworks.com/app/answers/detail/a_id/348

 

Second to purge them:

 

How do I restore an AP to factory default? https://kb.arubanetworks.com/app/answers/detail/a_id/160



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: