Wireless Access

Reply
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Hours to join controller

Hi everyone,

One of our customers is having an issue with APs on their network - The devices are taking a number of hours to become available for provisioning on the controller. The device gets an IP address and discovers the master controllers IP address. I know this because a packet capture shows that the device ARP for the controller IP address and receives a reply. We've tried connecting APs to a controller before they are shipped to the customer so the have the firmware installed. In their office the devices are connected on the same subnet ready for provisioning but sometimes have to be left overnight to settle on the controller. I have had TAC involved previously but have yet to get to the bottom of the issue and hoped someone may have experienced a similar issue. The only unusual setting that may be affecting this is that they have control-plane security enabled with "auto-cert-prov". I don't have access to their controller at the moment but will have to attend site soon so any specific debugs that may help would be an advantage.

MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Hours to join controller

What controller module?

What AOS are u using?

 

please look on this,from the release notes: (of 6.1.3.9)

Capturecp.PNG

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Hours to join controller

The controller they are using is a 650 running 6.1.3.8 code. I have read through the documentation for Control-plane security and it seems to be being implemented on the controller correctly - the APs have been whitelisted and they do eventually come up but not until after an extended period of time.

MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Hours to join controller

ok.

Did u checked if without CP enabled - it's taking less time (sec-min like it should) ?

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Hours to join controller

TAC advised me on a remote session not to disable CPSec, however we did try this and some APs (they have a mixture of CAPs and RAPs) lost connectivity to the controller, so it was re-enabled. I am not sure why CPSec was enabled in the original design as all of our other customers run with this disabled. It was possible at the time of testing that some APs were not whitelisted, though since then I have advised that all APs be whitelisted.

MVP
Posts: 1,409
Registered: ‎05-28-2008

Re: Hours to join controller

[ Edited ]

after u disable or enable cpsec - usully ap unit are rebooting..to change their working mode.

 

but you should test it - to understand if the cpsec casuing the longtime provising.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 226
Registered: ‎03-03-2011

Re: Hours to join controller

Is there an 'aruba-master' DNS entry, DHCP options 43 and 60 set or are the APs using ADP to find the controller.

Check for the presence of all 3 as maybe an additional IP address is being put in to the list of controllers the APs could talk to.

David
ACDX #98 | ACMP | ACCP
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Hours to join controller

I know for sure that ADP is disabled as their router are not forwarding on that type of traffic. DHCP option 43 is being used for something else. Their primary method was a DNS entry and I think we added the option 60 on the advice of TAC - I assume this is still running, so I think they should be finding the same master address using those two methods.

dz0
Occasional Contributor I
Posts: 7
Registered: ‎04-01-2013

Re: Hours to join controller

[ Edited ]

FWIW: When I have a problem with APs' not registering with the controller, I'll sh / no sh the LAN interface in order to reboot them. On most implmentations they will begin to show up after at most two rounds of reboots after the initial power up.  ...But I am using ADP for device discovery and registration.

 

It takes about 5 minutes for the AP to show up after a reload.

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Hours to join controller

When you say DHCP option 43 is used for something else does that mean the value of this option is different to the IP address resolved from the DNS entry for aruba-master?

 

ADP will be used if the APs and controller are on the same subnet and is has not been disabled on the controller.

 

Are you able to post the console output from the AP booting up?

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: