Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Upgrade from M1 to M3

This thread has been viewed 1 times

  • 1.  Upgrade from M1 to M3

    Posted Feb 18, 2013 02:22 AM

    Hello,

     

    I'm planning an upgrade from M1 to M3 in a 6000 Controller (which is the master in my network), I'm also using CPsec with a certificate issued from a CA in my master controller.

     

    Are there some considerations to take into account or simply doing a "backup flash" on  M1 and a "restore flash" in M3 is enough??

     

    Thank you



  • 2.  RE: Upgrade from M1 to M3

    Posted Feb 18, 2013 04:09 AM

    Hi

    Yes [I once did it from 2400 to 6000 SC-128 ] it can be done :smileyhappy:

    You need to  be aware and check it very good after deploying the flash: [before moving to production]

    • AOS version [keep it simple from the same aos to the same aos and then upgrade if needed]
    • Some keys\secrets\password might not pass via backup flash. *check it*

     

    • interfaces - you should check very good your config after reloading the flash. vlans and ips
    • Don't forget all the licenses issue.
    • Check all your L2/L3 AAA servers & access profiles very good. *nas ip nas id and more*

     

    Also read the following thread: [it will give u some ideas]

    http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/Adding-a-new-master-controller-what-is-the-best-practice/m-p/34079#M3194

     

     

    have a lovely week.

     

    Me

     



  • 3.  RE: Upgrade from M1 to M3

    Posted Feb 18, 2013 01:40 PM

    all those steps are taken into account

    after upgrading I have had to reaproval all ap under campus white list, they show the message like:

     

    18 02:13:54 :399803:  <ERRS> |AP ap-S02.0.49_sw128.62_p2/0/24@192.168.136.25 sapd|  An internal system error has occurred at file sapd_msg.c function sapd_proc_install_cert_req line 3164 error AP is unable to fix certificate chain. Controller certificate hierarchy may have changed. Re-approval needed..
    Feb 18 02:13:56 :311002:  <WARN> |AP ap-S02.0.49_sw128.62_p2/0/24@192.168.136.25 sapd|  Rebooting: SAPD: Unable to install cert. Need to re-approve AP

     

    Is there some command to do it for all ap?



  • 4.  RE: Upgrade from M1 to M3

    Posted Feb 19, 2013 04:49 AM

    I have a question I don't stop thinking about,

    If a have a certificate from a CA in a controller M1 and I replace that controller with a new M3, doing restore "flash flashbackup.tar.gz", which certificate is used for CPSec, the previous one used in M1 or some new certificate shipped with the new M3?.

     

    I asking that because after upgrading to M3, I have had to reaprove all my AP to install a new certificate and get ready with the new master.