Wireless Access

How to resolve Inactive and dirty or no config on AP-134? Have a coulple APs that are tunneled back  tunneling back to it's Master WLC. Several of the other APs are connecting just fine on the same subnet, but two have the Inactive and Dirty or No Config flag. They have been provisioned but still have these flags.

 

Suggestions?

What version of ArubaOS?  Dirty or no config most of the time is when not all of the ports required are allowed between the AP and the controller.  At other times, it represents a connectivity issue.  Can you check the physical switch port to see if there are any errors?

The WLC code is 6.1.4.7-FIPS. Will check the switch for errors again, but did not see any originally.

Is there a firewall between the access points and the controller?

There is an SSG-20, but there are also a number of other APs in the same bldg all of which are able to tunnel back to the Master and are working fine. There are two APs that do not seem to function as they should.

Okay. Traffic needs to be sent and received on port 8211 UDP to send messages in both directions . GRE or protocol 47 needs to be allowed from the AP to the controller. If you are able to, see if that traffic is being sent from the AP through the firewall to verify if the AP is sending it at all. If you told me it was a single AP, I would look at that. Since itis two, I would look at the firewall.

There are actually three APs that are unable to stay online as they keep rebooting but it seems one continuously reboots whereas the other two stay on a bit longer, and then reboots. The others that are online work fine w/out issue. There are no ACLs applied and for now the path is wide-open.

 

I don't recall ever seeing this before, other than on threads.

Bryhooper,

I want to say that I have seen this before as well. You should pick a single access point and ensure that no traffic is being dropped by the firewall from that access point and there is no Nat boundary.

Yes, we've been focussing on one particular AP just to see what it's doing but so far all indications point to the ip any any. I found this link as we're going to try it as ip any any does not permit GRE prot. 47 to pass. Please forgive as it's a Cisco link;

 

https://supportforums.cisco.com/discussion/10801171/does-permit-ip-any-any-also-include-gre-and-esp-traffic#comment-5098676

The controller also sends gratuitous traffic to the access point using UDP 8211. Make sure the controller can send it out bounds to the subnet of the AP.

We discovered the solution as it was within the DHCP settings. Scrubbed the scopes, re-inserted and restarted. Problem solved. 

 

Thanks for the assist.

Could you provide more detail on the DHCP setting that resolved this?  I have a pair of local controllers in Mexico where 10 AP-134's are working just fine, but 1 AP-134 & 2 AP-135's have the dirty config and report (via AirWave) that they are on my master controller here in the US rather than on the Mexico controllers.  We are running AOS 6.3.1.5.

The first issue was the DHCP server had exhausted it's IP addresses for the given subnet. The 2nd problem is with running a management subnet for remote access and a private subnet for internal management, the IP default gateway was set incorrectly as well as the subnet mask on both of the locals. The Master was setup correctly, whereas the locals' did not match the same subnet(s) they should have for the management subnet for remote access.

 

Once that was corrected, all came up without issue as the APs had both a send and receive path appropriate for the WLAN network.