Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

I've been battling with this for weeks without a solution, so I'm turning to you :catsad:

 

We have a remote location connected via MPLS where we run two access points in campus mode. Both are connected to a managed HP Procurve PoE layer 3 switch.

 

One of the access points is operating perfectly, with no missed hearbeats or any other issues whatsoever.

The other access point is not recieving any heartbeats at all, and is rebootstraping extremely often (30 hearbeats missed). As a result the users gets connected/disconnected all the time when they're near this AP.

 

I've checked the following:

  • MTU (set to 1400 due to the MPLS, verified with non-fragmented 1400 byte pings)
  • IP address conflict (I've assigned the AP to three different IP's with no change in behaviour)
  • Cables (every cable in the patch chain has been switched at least twice. I even tried to connect the AP directly to the switch)
  • Switch (switch has been replaced, no change.)
  • Switchport (zero errors on the port)
  • Controller reboot: No help
  • Wiped the cert from the AP: No help
  • Grand finale: Changed the access point. Everything worked fine for one hour, and then the AP went back to not getting any heartbeats.

I'm at a loss here.. I've attached logs from the "show ap debug system-status" against the AP.

 

Any ideas?

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

Have you opened a case with TAC?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

Hi,

 

No. We're using Dell branded Aruba gear, and TAC refuses to help us. Going through Dell support with this is pointless, as they don't know what I'm talking about half the time.

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

when you say replace AP did you take a new one, or did you swap them or such?

 

could always be a bug, are you on recent firmware?

MVP
Posts: 562
Registered: ‎11-28-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

Two things.

 

Firstly, can you post up a tech-support dump from a controller log please?

 

Secondly, what global region are you in? I do quite a bit with Dell OEM stuff. I have sensible contacts within the UK region, but if you're outside there, you might get routed to a team who aren't quite as, let's say "au-fait". Recent calls I've logged have been ok, now that I've been through a sensible "learning process" with them.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

First of all, sorry for the late replies. Been sick.

 

@boneyard We replaced the AP with a new one, and a used one (so three AP's tested, all fail at this location)

 

@The.racking.monkey I'm in Norway, so I really have no idea where I end up when I call ProSupport. If you have technical contacts inside Dell who are good with Aruba gear then I'd be really happy if you could share their contact details in a PM.

 

I'm noticing something weird with our firewall. It's a Cisco ASA5510, which is in the middle between the AP's and the Controller. When I try to ping an AP from the VLAN where my workstation resides I can't get a reply from the AP. If I do the same from the vlan where the controller resides I do get a reply. When I check the firewall, the following messages pop up:

 

Denied ICMP type=0, from laddr 10.101.8.15 on interface mgmt-lim to 10.50.10.20: no matching session

 mgmt-lim is the interface where the controller resides, not the AP (10.101.18.15). Why would the ICMP reply come from the controller? We're running these AP's in campus mode with bridged VAP's to local MPLS routers.. is the controller acting as a VPN tunnel for the management IP of the AP's?

 

For some reason the forum doesn't allow me to upload attachments.. I'll try from another browser in a second.

 

 

Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

Trying attachment again..

Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

And now I'm getting these from several AP's that are also struggling with heartbeats:

 

Mar 12 14:01:37	 sapd[2361]: <311020> <ERRS> |AP TRM-JZ-AP01@192.168.40.15 sapd| An internal system error has occurred at file sapd_sysctl.c function sapd_sysctl_write_param line 102 error Error opening /proc/sys/dev/wifi1/tx_ed_threshold : No such file or directory.

 

Occasional Contributor I
Posts: 9
Registered: ‎09-03-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

Sorry for the reply spam. I just thought it would be a good idea to make a visio of the logical network design here.

There are much, much more vlans and firewall interfaces involved, but the design in the attached PDF is enough to get a overview of how I've done things.

MVP
Posts: 1,412
Registered: ‎11-30-2011

Re: One AP-105 on a remote site not recieving heartbeats, other AP on same site is OK

[ Edited ]

pauska wrote:

I'm noticing something weird with our firewall. It's a Cisco ASA5510, which is in the middle between the AP's and the Controller. When I try to ping an AP from the VLAN where my workstation resides I can't get a reply from the AP. If I do the same from the vlan where the controller resides I do get a reply. When I check the firewall, the following messages pop up:

 

Denied ICMP type=0, from laddr 10.101.8.15 on interface mgmt-lim to 10.50.10.20: no matching session

 mgmt-lim is the interface where the controller resides, not the AP (10.101.18.15). Why would the ICMP reply come from the controller? We're running these AP's in campus mode with bridged VAP's to local MPLS routers.. is the controller acting as a VPN tunnel for the management IP of the AP's?

 

that is expected behaviour. Aruba APs create a tunnel to there controller and traffic send to the AP is picked up and send trough this tunnel.

 

you seem to be able to trace this down to one location, i would focus on checking what is different between that location and the others.

 

which ArubaOS version is this, would an upgrade be possible?

Search Airheads
Showing results for 
Search instead for 
Did you mean: