03-28-2014 03:16 AM - edited 03-28-2014 03:21 AM
anyone see this before? after upgrading from 22.214.171.124 to 126.96.36.199 several roles seem to have lost their policies, for certain: guest, guest-logon and logon.
188.8.131.52 seems to introduce new roles with the name based on the captive portal profiles, it also adds one big firewall policy with the earlier logon-control and captive-portal firewall policies combined. cant find anything about this in the release notes which is big NO NO in my opinion.
my own customer created name-guest-logon role didnt function after the upgrade, when i deleted and recreated it things worked again, might be related.
03-28-2014 05:51 AM
I just did an upgrade this morning from 184.108.40.206 to 220.127.116.11 and did not see this behavior (was a 3200XM install; single controller). The guest-logon and guest roles had custom policies applied to them; and remained so after the upgrade. I also did not see any additional policies added as you suggest or any policies with logon-control and captive-portal policies combined.
If it is still an issue/concern for your or the customer I'd open a TAC case to see if they have any comments or explanation for your experience.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
03-28-2014 06:39 AM
Just upgraded to 18.104.22.168 no issues either .
Do you have a recent flashbackup ?
Like clembo said you should probably open a TAC case.
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
03-28-2014 08:40 AM
quite weird, dont have a flash backup, but had a log-download.tar from before the upgrade which clearly shows the guest / guest-logon roles like they should be. it is a 72xx platform btw.
doubting if it is worth the TAC case, was able to get everything working, just wondering where this comes from.
04-02-2014 12:30 AM
good question, it shouldnt be expired for sure, but using central licensing so perhaps something odd happened during the upgrade making the system think there was no pefng license.
04-02-2014 01:47 AM - edited 04-02-2014 01:48 AM
If I read your initial post correctly, I think you are comparing the last back up, which might not have been the last thing changed by the customer, to the upgrade version. Unless we can validate that no changes were made by the customer before the upgrade, we may not be able to get anywhere. If it cannot be replicated, it cannot be fixed. If you have the last backup, restore it and upgrade it. If nothing happens, there is nothing we can do.... Name-based roles and captive portals seem to be the result of running the WLAN wizard. Unless you can be sure that this did not happen, we probably have to move on...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
04-02-2014 03:41 AM
i understand cjoseph, im not expecting THE exact reason to be provided here without further action on my side, my last reply was just to indicate that i liked the suggestion of the pef ng license. i started this to check if anyone had seen something and the reply before you pointed me in a possible direction.
btw: this was a fresh installation without a customer doing anything yet. the config file i had before the upgrade was the config right before the upgrade, not anything else. so something must have happened during the upgrade proces, but as you mention the only way to check that is to do it again and that isnt possible now.
04-14-2014 08:45 AM
We're experiencing intermittent loss of ACLs and roles on our local controllers. It definitely seems related to centralized licensing and PEF. When this occurs all authenticated ( .1X WPA2) users are being assigned the "guest" role and all nonauthenticated (open) users are being assigned the "logon" role.
From the user perspective they can authenticate to wireless but have no network connectivity.
Our TAC case for this is 1528307.