Wireless Access

Hi there,

Problem:

4 out of 7 APs do not join 7005 any more.

Description:

We have to move the whole company and I took the existing and well working infrastructure (a 7005 controller and 7 AP 315) with me into the new building.

A construction worker mounted them at 6m above the floor at the ceiling.

The first problem startet when I could not reach the 7005 via ethernet, only console. IP and VLAN were still the same as I could see via console but even connected directly into GRE 0/0/x no ICMP answer, no ssh, no :4343.

Finally I made a backup to USB and did

#write erase
#relaod 

reconfigured the 7005 and upgraded from AOS 8.2.x to 8.3.0.1

The controller kept only the quantity of APs - all offline of course - everything else (WLANs, RADIUS, a.s.o) was gone.

When I plugged the APs into the PoE switch only 4 APs showed up - but not as "online" but only under the section configuration => Access Points => Whitelist (and without any name)

I had to approve them again and the controller counted down the number of offline APs.

But still 3 APs are missing:

- 2 APs I can ping with their formerly given fixed IP address - but I have no idea how to access them for any configuration purposes

- 1 APs forgot his IP and does not even pull one from the DHCP

Under normal circumstances I now would simply reset these APs ti IAPs and reconfigure them again -

BUT: I cannot reach them!

Any ideas for me?

Thanx - F.One 

verify AP licenses in controller

Do you also have the necessary Master Discovery options in place (static, DHCP, ADP or DNS). It could be a license issue as previously mentioned, do you see any "flags" next to the APs when running the command #show ap database 

Thank you for you replying, but no:

- 7 licences installed, 3 available

- missing APs do not show any flags in AP database, active APs have a "2I".

Thank you - F.One

If you have a serial cable you can login on the AP to see the boot proces. Is the controller found? and by which methode?

Things to be checked:

- Is CPSEC auto certificate provisioning enabled? or whitelist manual.

- Did the AP get a DCHP offer and is the default gateway given by the DHCP server? see some problems before when the dfgw is missing, even in L2 deployment.

- Are there enough AP licence availbable (and also PEF and RFProtect if used).

Did you discover the controller via static, L2 ADP, DNS or DHCP option?

Update:

I could climb up to one of these 3 missing APs, resettet it to iAP and re-deploeyd it with success.

Unfortunately the other 2 are unreachable at the moment in 6m+ above the ground and there is no scaffold available.

All 7 APs were deployed the same way:

- booted as iAP with DHCP

- switched to static IP an converged into managed AP

And yes, at the moment the configured default gw is not available, but every piece of aruba  hardware is connected to the same switch - and nothing else. 

I can ping these last 2 missing APs still, deleted them from whitelist, re-approved them manually (with MAC adress) - rebooted them a dozen times - nothing helps.

Hi F.One,

If it was an IAP before and change it to CAP you have to enter the static  IP of the controller. Is it possible you mistype the controller IP?.

When the AP boots and reach the controller it have to provision a certificate. Is CPSEC auto certificate provisioning enabled? Did the AP come automatic visible to whitelist or you entered de mac manualy?

But because you say the other AP's are fine, this is probably not the issue. But if the AP not automatic becomes visible to whitelist it looks like that the AP cant find the controller for some reason...

My issue last week was i had an issues with provision an AP by using ADP (layer2) to discover the controller. Reason for that was the gateway is important, even when all AP and controllers was in the same vlan. Little different situation but give it a try..

Else i dont know and should a reset of the IAP looks like the only option.

Maybe some other airhead have a another option?

Before resetting, it may be valuable to console in as previously suggested, reboot it and watch what it does. Understanding why it's not connecting may help get the other two fixed as well.

It may at least tell you if you need physical access (to reset or reconfigure a boot item) or if you can make a network change to fix it.

Hi,

How do I login via console without having physical access to the AP?

I only can ping its static IP - a portscan did not offer anything.

The 315's have the BLE beacons built-in, so you could enable console access via Bluetooth, but unless that was configured previously when the AP was on the controller, it would not have that enabled by default.

May be something to consider doing now though, enable for when the AP loses connectivity to the controller.

Without having that, you need physical access. The other thing you could try is if you have any spare APs, try plugging it directly into the same switch port in the network closet and see if it discovers the controller. If it does, you know it's not the network, but possibly the AP needing to be reset.

**solved**

Finally I went and bought a huge ladder and resetted every AP and reconfigured them the same way as before.

Now all 7 APs are back online.

Question left: How to enable BT Beacon now and how to use it?

Thanks all for your input.

Cheers - F.One

Excellent, glad they're back online.

Here's the BLE Console guide: http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-console-in-to-an-AP-using-a-mobile-devices-with-Bluetooth/ta-p/272247