Network Management

Hi All,

I have problem with Airwave. In my setup I use 3 clusters that were once added to Airwave, then removed, groups deleted.

Now, when I want do add these 3 clusters to Airwave I get this behavior:

- only 1 cluster is detected in New Devices

- but ALL 3 clusters IAPs appear in amp logs with "PSK based authentication: swarm is not approved in Airwave."

I suspect, problem is caused by some old entries in amp DBs. How to view and delete them?

I don't use whitelists, allow all option is enabled.

All network communication between amp and clusters is opened.

I don't want to start from scratch (have some WLCs that I want to stay in amp).

Please advice what am I doing wrong?

Attaching VC logs:

# show log ap-debug

01:14:30  awc[2495]: awc_login: awc_init
01:14:30  awc[2495]: awc_init_connection: 2233: connecting to <AMP-ip>:443
01:14:30  awc[2495]: tcp_connect: 168: recv timeout set to 5
01:14:30  awc[2495]: tcp_connect: 175: send timeout set to 5
01:14:30  awc[2495]: awc_init_connection: 2275: connected to <AMP-ip>:443
01:14:30  awc[2495]: awc_init_connection: 2416: Connected
01:14:30  awc[2495]: Sent header(len=311) 'POST /swarm HTTP/1.1^M Host: <AMP-ip>^M Content-Length: 0^M X-Type: login^M X-Guid: 37063276017716a872c7c438ce591959577a90f13d7fc40db9^M X-Name: CLUSTER-vc^M X-Organization: ^M X-Shared-Secret: ************^M X-OEM-Tag: Aruba^M X-Accept-Authentication: PSK,CERT^M X-Ap-Info: <serial>, <iap-mac>, AP-207^M ^M '
01:14:30  awc[2495]: Message over SSL from <AMP-ip>, SSL_read() returned 157, errstr=Success, Message is "HTTP/1.1 401 Unauthorized^M Server: nginx^M Date: Wed, 12 Sep 2018 09:58:50 GMT^M Content-Length: 0^M Connection: keep-alive^M X-XSS-Protection: 1; mode=block^M ^M ", AWC response: (null)
01:14:30  awc[2495]: disconnected from airwave <AMP-ip>

# show log provision

Provisioning Log
----------------
Time                      State    Type         Log Message
----                      -----    ----         -----------
Fri Jan  2 01:08:22 1970  Airwave  Debug        Logging out of AMP server primary
Fri Jan  2 01:09:23 1970  Airwave  In progress  Connecting to primary AMP server at <AMP-ip>...
Fri Jan  2 01:09:23 1970  Airwave  In progress  Connected with primary AMP server <AMP-ip>, logging in...
Fri Jan  2 01:10:25 1970  Airwave  Debug        Logging out of AMP server primary
Fri Jan  2 01:10:25 1970  Airwave  Failed       Login aborted due to incomplete response from primary AMP server
Fri Jan  2 01:11:26 1970  Airwave  In progress  Connecting to primary AMP server at <AMP-ip>...
Fri Jan  2 01:11:26 1970  Airwave  In progress  Connected with primary AMP server <AMP-ip>, logging in...
Fri Jan  2 01:12:28 1970  Airwave  Debug        Logging out of AMP server primary

# show ap debug airwave

Airwave Server List
-------------------
Domain/IP Address  Type     Mode  Config-only  Status
-----------------  ----     ----  -----------  ------

<AMP-ip>     Primary  -     -            Not connected

Hi,

Can you try edit the Virtual controller key of VC and check the status

1) # show running | include virtual

2) copy the virtual-controller key

3) # conf t

4) type in virtual-controller-key and paste the copied kay

5) change th last 2 digit of the key

6) # commit apply.

Yes, comapring log output for other clusters, it appeard that virtual-controller-key is the same on all VCs. I had to modify virtual-controller-key on every cluster. For some reason, Airwave has configured same key value on every cluster's VC, while those IAPs have never worked in same cluster.

Gladly I had only 3 to change, any way to deal with let's say 250 VCs?