Wireless Access

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Can you post a show log all | i one of the rap apname  ,                  sh log all | i macaddress of ap 

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Here's the logs you requested.  They're taken from the mobility master main unit, MM-01.  Thanks.  I have the full output if needed of show log all.

Can you post a show log all | i one of the rap apname  ,                  sh log all | i macaddress of ap 

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Here's the logs you requested.  They're taken from the mobility master main unit, MM-01.  Thanks.  I have the full output if needed of show log all.

Can you post a show log all | i one of the rap apname  ,                  sh log all | i macaddress of ap 

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Interesting logs..

Group "Aberdeen" is invalid.

I assume this group exist on the controller  as it worked before?

are the ap trying to connect to the MM IP  or the Controller ip?  any chance you can console to ap and check its show env?

Original Message:
Sent: Dec 14, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Here's the logs you requested.  They're taken from the mobility master main unit, MM-01.  Thanks.  I have the full output if needed of show log all.

Original Message:
Sent: Dec 14, 2023 10:14 AM
From: VanD
Subject: AP update at remote site failing, constant rebooting.

Can you post a show log all | i one of the rap apname  ,                  sh log all | i macaddress of ap 

Original Message:
Sent: Dec 14, 2023 10:07 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

Original Message:
Sent: Dec 14, 2023 05:02 AM
From: Herman Robers
Subject: AP update at remote site failing, constant rebooting.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?

Hi Gents.  The AP group definitely exists and when the AP's are powered up they do show up in it.  Check the screenshot for example.  I've tried changing the LMS setting to point to the mobility conductors but it made no difference.  I think I would have to change the DNS option 43 entry which should be providing the controller IP address, currently the VIP of the two 7200 physical controllers.

I have tried SSH to the 5 units and while I can connect I cannot authenticate with them.  I assume they require the same username and password as the controllers?  They do not accept it.  For a test I tried SSH to the working units on my local site and I get no response at all, it just times out, so something is definitely different with these Aberdeen units.

I have discovered that these are the first units that we bought from Aruba, before we switched our entire estate to it and installed the controllers.  They were originally stand alone units which were later converted to controller based units.  I don't know if this affects anything or if they've reverted in some way.  I think we may need some way to factory reset the units that I can get the local IT on site to try.

Original Message:
Sent: Dec 14, 2023 12:14 PM
From: VanD
Subject: AP update at remote site failing, constant rebooting.

Interesting logs..

Group "Aberdeen" is invalid.

I assume this group exist on the controller  as it worked before?

are the ap trying to connect to the MM IP  or the Controller ip?  any chance you can console to ap and check its show env?

Original Message:
Sent: Dec 14, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Here's the logs you requested.  They're taken from the mobility master main unit, MM-01.  Thanks.  I have the full output if needed of show log all.

Original Message:
Sent: Dec 14, 2023 10:14 AM
From: VanD
Subject: AP update at remote site failing, constant rebooting.

Can you post a show log all | i one of the rap apname  ,                  sh log all | i macaddress of ap 

Original Message:
Sent: Dec 14, 2023 10:07 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi there.  I've patched up from 8.10.0.8_87765 to 8.10.0.9_88493.  I have nearly 170 AP's of types 315, 505 and a couple of 515's and they all worked apart from the remote ones.  I have other remote sites and they are fine, so I'm doubting its a firewall issue.  We've checked all our security logs and find nothing being blocked so far.  An update 4 months ago worked without issue.

The DHCP options 43 and 60 are filled in and we have the switches using the AP profile configuration to give them their VLANs and controller VLAN if needed.  The remote sites don't use a controller VLAN because they're over routed links and they work just fine up till now.

I checked the Mobility conductors and found that one was not booted up on the correct version as you pointed out might be an issue.  I have 2 x Virtual mobility conductors and 2 x 7200 wireless controllers in my setup.  I got the conductor to reboot onto the correct version and tried again with no luck.  The units still join, then drop off with different failures.  Hbt timeout is the most common, sometimes the reason is 'none'.  The drop off and then rejoin again for a minute and drop off.

LMS is not a thing I know about.  This system was set up by a contractor a few years ago and I'm learning it on the job.  The LMS for the failing group is not set, in fact no groups have it set.  I have put in the actual IP's of the conductors as main and backup to see if it works.  Not so far.

I've found the logs but I think I'd need to know what to look for.  It's updating at a frightening rate as I have 170 AP's and 900 users at quiet times.  I don't see anything obvious but there was a burst of debug messages for licensing.  I have 178 licenses for 169 units so I don't see it being that.

Original Message:
Sent: Dec 14, 2023 05:02 AM
From: Herman Robers
Subject: AP update at remote site failing, constant rebooting.

I would work with TAC as this sounds urgent.

Edit: I 'read' remote APs, but you write it's APs at remote sites... first of all, connecting Campus APs over a WAN is officially unsupported, the controller should be local to the AP. Secondly, if you do run CAPs over a WAN, the MTU may be an issue when traffic is fragmented or dropped somewhere in the network.

You mention multiple sites, and what may happen here is that the controller that is configured as the 'conductor ip (master ip)' has a different version than the 'LMS' or controller it connects to once booted up. Such a situation will result in an 'upgrade/downgrade loop'. AP will connect to the conductor, sees firmware is different and upgrade to firmware running there, reboots, then is redirected to it's LMS controller, sees different firmware version, upgrades to that version, reboots, connects to the conductor and game starts over.

Are these two sites in a different AP group (with possible different LMS)?? Or are these RAPs provisioned differently from the rest?

Do you have (more detailed) logs from controller or AP when the RAP connects, initiates firmware upgrade, then fails?

Does your AP firmware support the RAP hardware? In 8.6 and 8.10 a few AP hardware platforms were 'parked', so especially if you crossed 8.6 or 8.10 this may be an issue.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2023 11:08 AM
From: Kenny_10_Bellys
Subject: AP update at remote site failing, constant rebooting.

Hi all.  I had a power outage at one of my data centres that caused an unplanned update to half of my servers and controllers.  The other half were safe and sound in the other data centre.  I ended up putting the latest patch on all the servers and rebooting them to get them to resynch.  I now have an issue where 2 of my remote sites are now getting no WIFI because the access points are constantly cycling trying to download the update and failing.  What's blocking them is unknown right now, I can't see anything in the firewall or security logs, but I'm left with about 90 users with no wireless access.  Is there any way to stop them constantly cycling like this?  A simple power off does nothing.  Can i cancel the update or preload on these 6 AP's?