Wireless Access

Reply
Occasional Contributor II
Posts: 12
Registered: ‎01-10-2012

Dirty or no config on AP-134?

How to resolve Inactive and dirty or no config on AP-134? Have a coulple APs that are tunneled back  tunneling back to it's Master WLC. Several of the other APs are connecting just fine on the same subnet, but two have the Inactive and Dirty or No Config flag. They have been provisioned but still have these flags.

 

Suggestions?

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dirty or no config on AP-134?

What version of ArubaOS?  Dirty or no config most of the time is when not all of the ports required are allowed between the AP and the controller.  At other times, it represents a connectivity issue.  Can you check the physical switch port to see if there are any errors?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎01-10-2012

Re: Dirty or no config on AP-134?

The WLC code is 6.1.4.7-FIPS. Will check the switch for errors again, but did not see any originally.

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dirty or no config on AP-134?

Is there a firewall between the access points and the controller?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎01-10-2012

Re: Dirty or no config on AP-134?

There is an SSG-20, but there are also a number of other APs in the same bldg all of which are able to tunnel back to the Master and are working fine. There are two APs that do not seem to function as they should.

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dirty or no config on AP-134?

Okay. Traffic needs to be sent and received on port 8211 UDP to send messages in both directions . GRE or protocol 47 needs to be allowed from the AP to the controller. If you are able to, see if that traffic is being sent from the AP through the firewall to verify if the AP is sending it at all. If you told me it was a single AP, I would look at that. Since itis two, I would look at the firewall.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎01-10-2012

Re: Dirty or no config on AP-134?

There are actually three APs that are unable to stay online as they keep rebooting but it seems one continuously reboots whereas the other two stay on a bit longer, and then reboots. The others that are online work fine w/out issue. There are no ACLs applied and for now the path is wide-open.

 

I don't recall ever seeing this before, other than on threads.

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dirty or no config on AP-134?

Bryhooper,

I want to say that I have seen this before as well. You should pick a single access point and ensure that no traffic is being dropped by the firewall from that access point and there is no Nat boundary.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎01-10-2012

Re: Dirty or no config on AP-134?

Yes, we've been focussing on one particular AP just to see what it's doing but so far all indications point to the ip any any. I found this link as we're going to try it as ip any any does not permit GRE prot. 47 to pass. Please forgive as it's a Cisco link;

 

https://supportforums.cisco.com/discussion/10801171/does-permit-ip-any-any-also-include-gre-and-esp-traffic#comment-5098676

Guru Elite
Posts: 20,810
Registered: ‎03-29-2007

Re: Dirty or no config on AP-134?

The controller also sends gratuitous traffic to the access point using UDP 8211. Make sure the controller can send it out bounds to the subnet of the AP.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: