I know I know these are old and ancient and not supported, but I was hoping for some advice beyond throw them away and replace them. :)
I inherited a setup at a mall that we need to get working for a short period of time before we can replace the gear. The controller was reset to factory default by the previous IT. The APs are all mounted on the ceiling around 25' up so it's not like we can press a reset button...
So... is there any possible way to resetup the controller, and have it aquire and reset the 105 aps to be managed by the controller? We have 22 of these, and management doesn't want get a lift, they just wanted to work.
On note: In the Network/All Access Points screen of the Controller I see all 22 APs with the static IPs and the status is down.
Any suggestions besides get a lift and hard reset each AP?
does the controller have the necesary AP and PEFNG licenses?
Good Question. I am sure it did at one point. It looks like when the previous IT company left, they defaulted the controller on the way out the door.
I was able to find what might have been a running config at one point, but don't know about the age.
From what I can tell, I have a key for 16 APs, and a Key for 8 APs installed. Also I have 2 Next Generation Poli.... listings so I assume this is for the PFEng. Expires are set to never.
So yes, I believe we have the licenses.
Type "dir" on the commandline of the controller and see if there is a "flashbackup.tar.gz" file. If it does, type "restore flash" and reboot the controller (DO NOT save the configuration or do a write mem before rebooting). That might restore the controller in the previous state (you will have to use the password recovery method to get back into it, however).
Right now, I have the system up enough to restore the configuration through the gui. I am not at the location, so I wouldn't be able to recover the password since you need to do that via the console port. Also I am pretty sure they wiped the cisco the feeds this controller so any vlan'ing that was configured would probably disable my connection, let alone not knowing the IP. We might send someone on site with a USB to console cable and plug it into the console of the Aruba Controller if we have to. Trying to work remote on this one :(
On another note, I think I might have found a running config at one point.
Please note that the 3200XM has a RJ45 serial console port, not USB. The famous 'blue RJ45 serial cables' will work fine. With today's PCs you probably will need a USB to serial adapter, but that is nothing different than a lot of other network equipment. If that is what you mean with USB cable, it is all fine.
One tip, save your license if they are not hardcoded.
# show license
The keys can be re-used on the same hardware after erase anything. But when not saved and loose the licenses your cant restore them whitout the HPN account of the previous owner.
What may help as well is if you can capture the AP's traffic, to see how it determines the controller IP and which controller IP it tries to connect to (port 8211 or 4500). If you make the controller available on that IP address, there is a good chance that you will see the APs joining the controller again.
Based on the picture attached I think the IP was: 10.245.214.130. This is the IP that is called the Switch IP. I found what i think is a running config from the 3200MX controller. In this case, we just need to configure it enough to gain controller of the APs.
If I know the IP address of what the controller used to be, x.130 what would I need to configure on the Controller to allow the APs to think they are connecting and controllable?
Our goal is to get control again without resetting them by pysically pressing a button. All IPs/SSID/etc can be changed and wil lbe changed at this point. :) This is my first time working with Aurba gear.
If you have your licenses active, make sure you have a vlan with the IP 10.245.214.130/24 IP address and make sure that VLAN is the 'controller VLAN'. The controller VLAN is set on the Network > Controller > System Settings (on 6.5, and think that didn't change from earlier versions). Also, do you have an AP-group configured 'Rouse-ap_group'? It could be that the AP doesn't come up if that AP-group is not present.
Ideally, you should work with Aruba TAC or someone who has experience with this as it is much easier if you understand the discovery process and can read the logs. Also, to plan the changes after you regained control may benefit from such knowledge.
Also, check in Configuration > Wireless > AP Installation > Provisioning if the APs might be visible there. You need to see them there in order to reprovision the APs. I would, when possible, move from static to DHCP addresses and dynamic master/controller discovery where DNS (aruba-master) is a flexible one to get to a new configuration.
Sorry for the delay in my reply. We have been working on this, and have found what we think was an oirignal config and have restore it to the WAP Controller and the Cisco they were plugged into. So we "think" we are running with the correct VLANs now, but we still can't see the access points. One of my techs thinks that the config as showing a secure tunnel between the controller and the AP, and since the config was defaulted the keys might have been lost.
That possible? Either way we are at the point where we need to call in some of the experts as we aren't super familar with these devices. Since we don't have a partner, and the devices are old, would the Aruba TAC take a per incident calls? Basically our ask/goal is to just re-use the APs already mounted in the ceiling, not have to get a lift and press a hard reset button on them and then beable to control the APs to reset the SSIDs and Passwords.
Any suggestions on how we can handle this? We are ok in calling into support if Aruba is willing to work on older equipment on something like a pay per incident/credit card basis.
I think you should get at least one AP down from the ceiling, plug a console cable into it, boot it up, and see what ip address it is trying to contact.
First check a couple of things.
When the controller is made factory reset with "write erase" it delete only configurattion but no licences. When use "write erase all" it will also delete the licences (except of hardware code licences).
Using all the information from the thread, we were able to get access to 17 of the 22 APs. This is a pretty big leap. We think the other 5 are in another Cisco that we haven't found in the building yet, but we can worry about that later.
The issue we are seeing now is our laptop can't seem to get an IP address, however our mobile phones can. We are using the Firewall to give IPs to the wireless devices, and for mobile phones it works great.
For wireless PCs... nothing. Plugging into the network the PCs get an IP.
Anything you can think of that would isolate a PC to not get an IP and allow a mobile device?
I sniffed my PC and I never get a response to the DHCP Discover.
Well we have some good news. When one of my engineers created the DHCP Scope, he shorted the scope a bit. Needless to say we ran out of IPs. This explains what we were seeing. The good news, is that we have most of the AP105s under control and will work the rest of the week to find the remaining ones. We greatly apprecaite everyones help!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.