Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎05-21-2013

Problems discovering AP's via DNS

[ Edited ]

Hi

 

Hoping someone may have come across this issue before and can help...

 

We have a DNS record for aruba-master setup for our VRRP IP and have problems with AP's being discovered ready for provisioning (i.e. they dont appear under wireless installation / show ap database) on our master 3400 controller.  They seem to eventually appear after hours of reboots.  They do get an IP address (found via checking the MAC on the DHCP server) but do not appear to be discovered.  However, when querying the traffic of the IP there is some UDP traffic connecting to the controller, so I assume the DNS discovery is working in part, but no PAPI ports or GRE protocol seen.  The AP IP is 172.31.30.66 and the VRRP IP is 172.31.200.82:

 

 

AP_traffic.jpg

 

Console output is in attachment (couldnt embed it for some reason).


I have a TAC case logged but am not getting anywhere fast.  At the moment any new AP bought potentially is unusable (I know it can be configured manually, but they are dispatched to remote sites, so its not easy to configure).


Has anyone seen this before?

 

Appreciate any help.

Steve

 

MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: Problems discovering AP's via DNS

[ Edited ]

Hi,

:smileyhappy:

It's seems AP'S Doesn't getting DHCP address as u think:

 

 

Capture.PNG

 

Take a look ----> DHCP timed out..Valid v6 ....

Does your ap's getting Address from any DHCP server?!

Did you pre configure static address to your new AP'S

Did u configure an assignment or a pool for the new AP'S?

Without IP address , there is no DNS resolving or any GRE tunnel building...

 

Hope it will give u some idea - on where your issue is.

 

Keep us update - if it helped u solved the issue.:smileywink:

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 21
Registered: ‎05-21-2013

Re: Problems discovering AP's via DNS

The thing is - I am not sure if that error reflects the true situation.  When you check the MAC against the DHCP server, you do see a lease.  I initially thought it was a DHCP issue until I saw this.  Also - as above, the fact that you can see traffic coming from the IP of the AP surley prooves that it does get an IP?

 

The console output below is one of a local AP I use to test, which doesnt always exhibit the same problem.  The datapath session table is of a live AP (its brand new - no config) which I am not seeing under AP installation.

 

There are no firewalls in the way which could block any traffic.

 

Also - just to add, the AP seems to randomise the port number each time I refresh.

 

I do see port 69 mentioned which I think is TFTP - so I wonder if it is downloading the OS?

MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: Problems discovering AP's via DNS

Thoese are the used ports (for CAP ap's)

2342342.PNG

 

And yes,port 69 is TFTP and the AP using it in order to upgrade is own OS to the same OS of the controller u are using - without this process or until this process will not be done / the ap will not boot.

BUT!

if the AP does getting an IPv4 address as u wrote - and trying to esatblish an OS upgrade to itself,u should see in the the GUI of the controller under AP instaliision with a mark: upgrading ...and after a few second 20-35 u will see rebooting.

 

BTW:

what AOS are u using?

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 21
Registered: ‎05-21-2013

Re: Problems discovering AP's via DNS

I see nothing under AP installation or show ap database. 


Also - I have run show log all | i 172.31.30.66 and show log all | i MAC Address

 

And I see nothing apart from me adding the MAC's to the RAP whitelist.

 

Why could there be the odd port numbers from the datapath session shown above?

 

I am using 6.1.2.3.

 

Many Thanks

MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: Problems discovering AP's via DNS

So your AP dosent connecting your controller at all. (if u arent seeing your ap in the ap installison page once in a while trying to upgrade themself or rebooting)

 

Start by seeing and checking (be sure) that u AP'S getting and IP (v4) and can establish a connecitivy to your controller- the best way is to take a laptop to the AP location and connecting your laptop to the same port - 1.check that u getting connectivity 2.check that u are able to establish a working traffic to your controller

 

(BTW: if your ap are behind other other Router NAT/WAN  - over the internet ....GRE will not work!)

 

Agian - as it seems from the screenshots u sent - your AP'S arent getting an IP address.

 

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: Problems discovering AP's via DNS

[ Edited ]

check another thing

if you right - and the AP really got a working connectiviy to your controller - when the AP botting (and u connectd with console cable to it) u should see the same AOS version - in your case 6.1.2.3 ... if u see other version in your AP so your AP didnt success to connect at all to your controller.
 TIPS: <connectiviy problem!> <check ip,check trace,check ports>

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 21
Registered: ‎05-21-2013

Re: Problems discovering AP's via DNS

The screenshot of the console is an old screenshot from a test AP I had here (not on our remote sites), so it may be that is a different issue. 

 

Unfortunatly the site is not local so I am not able to easily check the OS / IP on the console.

 

The AP is in our WAN and so has no NAT or firewalling in place.  The switches being used have a very simple VLAN configuration and are all using the same VLAN, so it is not likely it could be a VLAN configuration at fault.

 

Are there any more avenues I can explore as far as remote troubleshooting goes?

 

I cant understand how it gets an IP and is able to communicate with the controller but not complete the communication.  If I am seeing TFTP traffic shoudl the OS download show in the logs?

MVP
Posts: 1,404
Registered: ‎05-28-2008

Re: Problems discovering AP's via DNS

  • Until the ap units will not be able to esabtlish first connectiviy to the controller - u will not be able to see them.
  • Until the ap units on the remote site will not be able to upgrade themself to the same OS - they will not come up.

 

BTW:

 

are u using control-plane-secuirty? if so - u should whitelist thoese new AP'S

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: Problems discovering AP's via DNS

@steveh_2001

 

  • The results of your show datapath session table appear to show that the TFTP response to 172.31.30.66 is not making it back to the AP; shown by the FY flags.
  • Can the controller ping that IP (the one you believe the AP is getting?

 

  • What model APs are these?
  • Can you just confirm that VRRP is working properly?  Can you runs "show vrrp" on both controllers just to make sure they are both not active?
  • Are these APs going to be configured as RAPs or campus APs?   You mention the only instance of the MAC is in the when you added it to the RAP whitelist...just want to clarify
  • When you run "show ap database long"; do you see it listed at all?  Make sure you run it while you can see the TFTP requests in your show datapath session table command you posted.
  • Do you have existing APs working?  Others at this site?
  • Do you have any way of getting to the console of one of those remote APs; just to confirm what the AP is seeing?

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: