Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

Why do AP’s go into ‘Dirty’ flag? How can we troubleshoot this symptom? 

Jul 01, 2014 07:22 PM

This article applies to all the controllers running any AOS versions and AP models.

 

An AP usually goes into “Dirty” flag or “D” flag when it is unable to download the complete configuration from the controller. The main reason behind this could be reachability issues between the AP and the controller. The reachability may be intermittently disturbed due to congestion or other factors causing the APs not to be able to complete the full configuration from the controller.
 
Below are some of the troubleshooting steps to overcome the “D” flag issues:
 

  1. Ensure the reachability is fine between the AP and the controller
  2. Ensure there is no packet loss on the path that may hamper the APs to download config from the controller
  3. In case there is a WAN in the path between AP and the controller, please prefer having a Remote AP (RAP) in place of Campus AP (CAP). Due to the WAN link, there could be heartbeat misses between the AP and the controller causing the AP to get into “D”flag. By default, the heartbeat threshold for CAP is 8. You could increase this value to 30 or 60 under “ap-system-profile” on the controller and see if the AP stabilizes.
  4. Enable “control-plane security” on the controller. Please note, enabling this feature may cause all the APs to reboot causing an outage.
  5. Check the “sapd” logs on the AP. To enable “sapd” logging on AP –

 

  1. Get into apboot mode.
  2. Execute “setenv sapd_debug 1” command

 
This will print sapd degud logs to /tmp/sapd_debug_log on AP 
 
Or
 
Go into the AP Linux shell and do
 
# touch /tmp/sapd_debug
# killall sapd

When sapd restarts, it starts logging into the file /tmp/sapd_debug_log

NOTE: You may need TAC’s assistance to get the sapd logs from the AP.

     6. Enable following logging on the controller:

   (Aruba)(config)logging level debug systemp process stm

   (Aruba)(config)logging level debug ap-debug <ap-name>

  

       Get the output of the following commands:

a.show log system all | include stm

b.show log ap-debug all

c.show log errorlog all

d.   After the AP has been stuck in "D" state -

 

show ap details advanced ap-name <name>

show ap debug system-status ap-name <name>

 

7. Please check MTU on the intermediate hops between the AP and the controller. For non-cpsec CAP, the controller fragments packets at default MTU of 1500. So each fragment becomes 1514 bytes

 

 

Statistics
0 Favorited
32 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.