Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Changes on inherited configuration

Jump to Best Answer
  • 1.  Changes on inherited configuration

    Posted Jun 01, 2019 03:46 AM

    I have a question regarding inherited configuration and changes to

    a controllers config when it is has lost access to Mobility Master

     

    In our enviroment we have 2 7205 controllers in a cluster-each

    with port channels to our switch

     

    During some switch maintenance one of the controllers lost contact

    to Mobility Master because the port-channel went down.

     

    In trying to do some troubleshooting, we attempted to remove one of the Aruba Controller interfaces form the port channel..but couldnt due to the error which said said the configuration was pushed from another hierarchy...

     

    Is there a work around to this?

    How would I make configuration changes if I needed to for troubleshooting issues in the future, if a controller has lost contact

    with mobility master...which is managing the server?



  • 2.  RE: Changes on inherited configuration

    Posted Jun 01, 2019 09:18 AM

    Have you considered using the Disaster Recovery mode? This will allow you to make changes if a MD is disconnected from a MM

     

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/Disaster-Recovery-feature-on-AOS-8-x/ta-p/290922



  • 3.  RE: Changes on inherited configuration

    Posted Jun 01, 2019 10:03 AM

    A word about disaster recovery:

     

    It should only be used for connectivity issues between an MD and an MM.  The unfortunate part about disaster recovery mode is if your change on the MD in disaster recovery mode allows you to regain connectivity, the MD will re-download the configuration from the MM and break it again.  How to fix?

     

    - Fix the configuration on the MM for that MD, first

    - enable disaster recovery on the MD

    - make your configuration changes on the MD to re-establish connectivity (type show crypto ipsec sa on the MM and MD to see if they are connected)

    - disable disaster recovery (configuration will be downloaded from the MM).

     

     



  • 4.  RE: Changes on inherited configuration

    Posted Jun 02, 2019 12:08 AM

    cjoseph's suggestion is the ideal way of doing it, however I do want to just make a note here. With ArubaOS 8, the MC obtains its entire configuration from the MM. It may seem extreme, but if you know/believe the configuration on the MM is correct, and the MC is still having problems, you can do a 'write erase all' on the MC and have it download the complete configuration again.

     

    I have one of my lab cluster MCs configured for zero touch provisioning (ZTP) with activate, and to demonstrate this point to classes, I will console into the MC, and do a 'write erase all' on it. Within about 10 minutes, it has rebooted, communicated with the MM, downloaded its entire configuration, rebooted again, and rejoined the network and the cluster. This of course works because the configuration on the MM for that MC is valid.



  • 5.  RE: Changes on inherited configuration
    Best Answer

    Posted Jun 02, 2019 09:42 AM

    Just to add to what wescott said, ahead of doing a "write erase all", you can attempt to do a "ccm-debug full-config-sync" on the MD to attempt to fully download the entire config if you observe any inconsistency.  https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/content/arubaos-solutions/1cli-commands/ccm-debug.htm

    That should take less time than a write erase all.



  • 6.  RE: Changes on inherited configuration

    Posted Jun 03, 2019 04:12 PM

    thanks for the help