I'm doing some lab testing at the moment with a 7030 controller and a couple of IAP205s.
I am sure that I'm missing something really very obvious here, so apologies for that. I've spent the past day trying to make an IAP205 connect to a 7030 controller.
Should this work out-of-the-box or do I need to do something on the IAP first?
The 7030 has a trunk port with three VLANs (AP, data and voice). The AP VLAN is the VLAN that the APs have addresses in, and the data and voice VLANs are associated with WLANs.
Giving the AP a static IP address, I have connectivity (can ping the controller from AP and vice versa, would hope so, they are on the same network). However, I don't see the AP on the controller.
I then turned the IAP back to DHCP, and configured the necessary options (vendor-class-identifier and vendor-specific-options) and can see the IAP getting an address, and the controller's IP address via option 43 when looking at the boot process on the console. However, the AP never seems to try and communicate with the controller and the controller never sees it.
I've also added a DNS entry; but I never see the IAP try and contact it.
I tried a "convert-aos-ap" on the CLI of one access point, and rebooted, but still see the same thing.
What am I missing?
As I said, this must be someth
Things I've tried (in roughly this order):
Out of the box, IAPs do not work with controllers. They must be converted to Campus APS. http://community.arubanetworks.com/t5/Controller-less-WLANs/How-do-I-convert-an-Aruba-Instant-AP-to-a-campus-AP/ta-p/178988
What Version of ArubaOS is on the controller?
What model IAP is it?
What version of InstantOS do you have on the IAP?
The regulatory domain of the IAP must match the regulatory domain of the controller to be successful.
Thanks for the quick reply. I hadn't tried the conversion via the web, only the CLI (which didn't seem to work very well). I have made some progress but still have a problem.
Firstly, the 7030 controller is running ArubaOS 220.127.116.11.
The IAP was running InstantOS 18.104.22.168-22.214.171.124_50009
The regulatory domain for everything has been set to GB.
I successfully converted the IAP, however, it still refuses to talk to the controller. The console log from the AP shows (I've snipped the earlier bits, they all look sensible as it probes PCI devices etc):
Getting an IP address...
[ 8.560000] ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 11.566000] bond0: link up (1000FD)
[ 11.568000] ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
172.16.1.101 255.255.255.0 172.16.1.254
Running ADP...Done. Master is 172.16.1.200
[ 15.356000] wifi0: AP type AP-205, radio 0, max_bssids 16
[ 15.400000] wifi1: AP type AP-205, radio 1, max_bssids 16
AP rebooted Wed Dec 31 16:04:35 PST 1969; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1192 dest=172.16.1.200 tries=10 seq=0
shutting down watchdog process (nanny will restart it)...
Now 172.16.1.200 is indeed the IP address of the controller, and the AP can see it (Note: this ping was taken from an IAP that is still in IAP mode, as the converted AP just has a root # prompt that I can't ping from):
f0:5c:19:c6:b6:f6# ping 172.16.1.200
Press 'q' to abort.
PING 172.16.1.200 (172.16.1.200): 56 data bytes
64 bytes from 172.16.1.200: icmp_seq=0 ttl=64 time=3.6 ms
64 bytes from 172.16.1.200: icmp_seq=1 ttl=64 time=0.3 ms
64 bytes from 172.16.1.200: icmp_seq=2 ttl=64 time=0.3 ms
64 bytes from 172.16.1.200: icmp_seq=3 ttl=64 time=0.3 ms
--- 172.16.1.200 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.3/1.1/3.6 ms
I have checked the firewall on the controller, and that is all at its defaults - allowing the required ports on the white list. I've disabled the control plane filter on the controller as well, but still no joy.
Type "show log system 50" on the controller's commandline to see what could be going on. It could be that control plane security is enabled, and you don't have that APs mac address in the whitelist.
Also type "show ap database" to see if that AP show up with a flag on the commandline of the controller.
The problem was the control plane security blocking the new APs. I thought that I'd disabled it, but hadn't saved the config.
I presume that once the APs have associated with the controller, and appear in the white list, it is safe to turn the control plane security back on again?
Thanks very much for your help,
The right way to do it, would be do enable control plane security, but enable auto cert provisoning. The APS will then be able to automatically certify themselves to the controller.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.