Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

RAPS flapping after migration 6.5.x -> 8.5.x

Jump to Best Answer
  • 1.  RAPS flapping after migration 6.5.x -> 8.5.x

    Posted Mar 19, 2020 09:33 AM

    Hi,

     

    I'm expecting strange issue with RAPs fllaping after migration - below log:

    I have 7205 + VMM in soft 8.5.0.

     

    Mar 19 06:02:07 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:15 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:15 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:23 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:23 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:31 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:31 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:38 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:38 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:46 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:46 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:02:54 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:02:54 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:02 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:02 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:09 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:09 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:17 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:17 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:25 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:25 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:33 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:33 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:41 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:41 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:48 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:48 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:03:56 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.
    Mar 19 06:03:56 stm[3735]: <305027> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: No valid instances of required profile "ids signature-matching-profile"
    Mar 19 06:04:04 stm[3735]: <305004> <3735> <ERRS> |stm| AP 9c:1c:12:c9:5e:95: ids signature-matching-profile "default" is invalid.

     

    I was using mig tool to mirate I did not change any default IDS, roles, policy etc...

     

    Does anybody have the same issue?



  • 2.  RE: RAPS flapping after migration 6.5.x -> 8.5.x

    Posted Mar 20, 2020 10:43 AM

    Those message seem related to Wireless IDS, I can't see from it that APs would be flapping.

     

    Please contact Aruba Support for interactive troubleshooting if you can't figure out what is wrong by inspecting the configuration yourself.



  • 3.  RE: RAPS flapping after migration 6.5.x -> 8.5.x

    Posted Mar 20, 2020 11:43 AM

    Can you run the command 'show ids signature-matching-profile default' and reply with the output?



  • 4.  RE: RAPS flapping after migration 6.5.x -> 8.5.x
    Best Answer

    Posted Mar 21, 2020 08:14 AM

    Hi,


    I solved the issue - upgarde 7205 to software 8.6.0 and default IDS profile comes up. RAP connect properly and working fine

     

    (7205-WARSC006) [MDC] *#show ap database

     

    AP Database

    -----------

    Name               Group    AP Type  IP Address  Status     Flags  Switch IP      Standby IP

    ----               -----    -------  ----------  ------     -----  ---------      ----------

    9c:1c:12:c9:5e:95  default  105      10.1.1.2    Up 3m:10s  Rc2    213.241.33.26  0.0.0.0

     

    Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2

           B = Built-in AP; C = Cellular RAP; D = Dirty or no config

           E = Regulatory Domain Mismatch; F = AP failed 802.1x authentication

           G = No such group; I = Inactive; J = USB cert at AP; L = Unlicensed

           M = Mesh node

           N = Duplicate name; P = PPPoe AP; R = Remote AP; R- = Remote AP requires Auth;

           S = Standby-mode AP; U = Unprovisioned; X = Maintenance Mode

           Y = Mesh Recovery

           c = CERT-based RAP; e = Custom EST cert; f = No Spectrum FFT support

           i = Indoor; o = Outdoor; s = LACP striping; u = Custom-Cert RAP; z = Datazone AP

           p = In deep-sleep status

           4 = WiFi Uplink

           r = Power Restricted; T = Thermal ShutDown

     

    Thank YOU