Controllerless Networks

last person joined: 20 hours ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

IAPs don't join the cluster

  • 1.  IAPs don't join the cluster

    Posted Jul 16, 2015 11:49 PM

    Hi there I faced some strange issues. Once I set up one IAP and connect two more, they don't join cluster properly. Here's most common scenario: sometimes one IAP appear in AP list, but operating as a monitor, even when configured as access point and then in 1-2 minutes goes down from AP list, but all LEDs glow green. At the same time 3rd IAP can be full down. IAPs obtain all the settings from master VC and every IAP works fine when it's standalone master, but others two don't join.

    In the logs we could see "APAS provision timed out" "Activate failed enabling factory SSID" "Failed to connect to activate: unknown error number"

    Before I was getting "APAS provision failed: connection-..."

    Thank you in advance!

    Attachment(s)

    pdf
    Tech supplement.pdf   137 KB 1 version
    pdf
    aruba support dump.pdf   987 KB 1 version
    pdf
    AP Log System.pdf   1013 KB 1 version


  • 2.  RE: IAPs don't join the cluster

    Posted Jul 16, 2015 11:52 PM

    What hardware model are your three access points?

    what version of IAP code are they running?

    What regulatory domain are you using?

     



  • 3.  RE: IAPs don't join the cluster

    Posted Jul 16, 2015 11:57 PM

    IAPs 103, 6.4.2.6. - 4.1.1.7 (but tried firmware out of the box before), regulatory domain - TR. Our native domain isn't broadcasting.



  • 4.  RE: IAPs don't join the cluster

    Posted Jul 17, 2015 12:10 AM

    Try GB to make sure it is not the hardware that has malfunctioned.  TR (Turkey) should work, though.



  • 5.  RE: IAPs don't join the cluster

    Posted Jul 17, 2015 05:21 AM

    Tried it, no impact.

    Today I also tried to deploy 93 IAPs. Result is the same. In the logs still see "APAS Provision Failed : connection-failed"

    By the way I am using HP Procurve 2920-24g switch. 

    Does there exist any kind of network requirements or restrictions for successful provisioning of IAPs?



  • 6.  RE: IAPs don't join the cluster

    Posted Jul 17, 2015 09:32 AM

    Make sure you have configured "allow-new-aps" to allow APs joining the cluster.

     

    Are they getting their DHCP address from a central location and does the scope contain any options?

     

    Do you have any ACL on the switchports you connect your APs to?



  • 7.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 01:16 AM

    "Allow-new-aps" was turned on. I also tried turning it off and adding APs manually by MAC addresses.

    IAPs were successfully getting IPs from firewall Cisco ASA and scope didn't contain any special options, all pretty much default, excepting internal dns options.  

    When I was trying to get access to the slave IAP via web ui, it was redirecting me to the master IAP.

    No ACL on ports. Untagged access ports.



  • 8.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 03:12 AM

    This sounds real strange. You were using all the same model of IAPs, right? For example IAP-103-RW?

     

    I would pin-reset one of the APs and either console it or use SSH to log in to it (that shouldn´t redirect you to the current master) and theck the system log. Also check the system log on the current master to see if there´s any failures there.

     

     



  • 9.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 03:24 AM

    That's right, all the same model, same firmware.

    Okay, i'll try it. And what about getting "APAS provision failed: connection failed" and "APAS provision timed out" in the logs?

    Does it mean no L2 visibility?



  • 10.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 03:30 AM

    I see those messages all the time, I think it means that it could not get any provision parameters from activate.arubanetworks.com. Are you using activate and have any active configuration in there maybe?



  • 11.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 03:35 AM

    No, I don't . Should I try Aruba Activate? 



  • 12.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 03:40 AM

    No, you should definately get your cluster working at the level you´re trying now before you do anything with activate.

     

    Since I´ve joined IAPs together like this hundreds of times without an issue as long as they are on the same L2 and get IP addresses I must suspect something on your wired side. Are there any other configuration that could cause this on your switchports? Mac-limiting, broadcast blocks etc? Are the APs connected to the same switch?



  • 13.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 04:00 AM

    Yeah, in spite of the fact that there are 2 stacked switches, all the APs connected to 1 physical switch.

    No other configuration on switch, all by default. I didn't have direct access to the switch, bank IT network engineer was preparing infrastructure for me and that's what he told me: "no special config, default".

    I'll ask him to re-check the config once more, any recommendations  except broadcast blocks, mac-limiting? May it be concerned with STP somehow?



  • 14.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 04:03 AM


  • 15.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 05:10 AM

    I´m guessing you can ping each AP individually? Did you try SSH to them and check the system logg?

     

    I´d ask him to check for any configuration that somehow limit functionality on those ports.



  • 16.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 06:33 AM

    Yes, I was able to ping each ap and even get access via SSH.

    But didn't check system logs.

    Please remind me what CLI commands I can use to check syslogs on AP.



  • 17.  RE: IAPs don't join the cluster

    Posted Jul 20, 2015 06:35 AM

    I think it´s "show log system"

     

    Use "show log ?" to also view other relevant logs.



  • 18.  RE: IAPs don't join the cluster

    Posted Jul 27, 2015 10:16 AM

    I would recommend rechecking the configuration of the switch.

    If possible please advise if the port for the AP's are trunked and if so what is the native vlan on them.

     

    IF the uplinks are trunked make sure that native vlan in the trunk is 503.