Wireless Access

Hi, we have a problem when we try to update IP Address master for discovery controller.

In 7220 Mobility Controller menu Configuration , Wireless -> AP Instalation we update Master Controller IP Address/DNS name with new IP Address, and then we apply and reboot about 190 APs, but after reboot we realized we have a mistake when input ip address. 

And now 190 APs down in controller but they still  reachable with ping from controller. We confused how to fix configuration in each APs because the AP can't browse or remote by ssh. 

Any suggest ? or we have to reset one by one physically?

Thank you

If you have a spare controller and you can bring it up on the wrong ip address, that is probably the easiest way to deal with it.  Or, if you have a maintenance Window and can temporarily change one of your controllers to the ip address you accidentally put in, you will have control over your access points.

Beyond that, you have to console into each access point and fix them.

Unfortunately we only have one controller.

Thanks for your advice

Is the ip address you made the mistake with reachable within your environment?  

It's unreachable.

Is it possible recover with airwave?

No, because Airwave configures the controller (if it is in managed mode) which consigures the access points.  If the access points do not contact the controller, Airwave cannot do anything.

Method#1

If you have a computer console cable for those access points, you will need to reach each AP, plug in the console, cut the power to the AP and then plug it back in.  You would then need to interrupt the boot at the console, so that you get to the apboot> prompt.  You would then type "setenv master <ip address of controller>" , "save" , "boot"

Method#2

Do those access points use dhcp?  If yes and you have a basic discovery method enabled (dhcp options, DNS a-record), you can (1) collect the name and ap-group info for each ap (2) do the physical hardware reset procedure on each access point, which could be faster than the console cable. (3) run the a-rename and ap-regroup commands on the commandline to put the access points in the proper group and give them the correct name.

Method#2 detail

- Go to the master controller and type "no paging", "show ap database long status down".  This will give you a text file all of the down access point names, their group and their mac address.  You will need that later to rename and regroup the access points after you reset them on the commandline using ap-group and ap-rename.

- Go around to all the access points with blinking lights and execute the AP hardware button reset procedure, and allow them to boot up.

- All the access points will appear with their mac address in the default ap-group after booting and upgrading (could take 7 minutes per ap).

- A second administrator who is working with you could find the wired mac address of the AP in the text file and rename and change the ap-group for those access points that have been reset in the GUI.

Please try either method with 1 access point to see which method suits you.

I think we can try Method#1

and I found this log, whats this mean

detail log attached

Attachment(s)

authmgr log.txt   171 KB 1 version

It almost looks like you have Control Plane Security Enabled and you do not have auto-cert allow-all enabled, so your access points cannot join.

How to disable it so my access points can join ?

Did you reset those access points?  If yes, they probably lost their certificates.  To allow them back on:

config t

control-plane-security

auto-cert-allow-all

write mem

https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/control-plane-security.htm?Highlight=control%20plane%20security

EDIT:

The settings you have above should allow those access points to be able to get back on and recertifiy.

Did you reset those access points, or did you use the console cable to change the environment variable?

Some APs we reset manually, about 20 APs and the rest still as before.

Did any of those access points come up, eventually?

unfortunally, no one of them come back.