Controllerless Networks

last person joined: 20 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

IAP Airwave Certificate issue

This thread has been viewed 4 times

  • 1.  IAP Airwave Certificate issue

    Posted Sep 21, 2018 06:17 AM

    Hi all,

     

    I have found an annoying issue with the deployment of Instant IAP Clusters 305s and 315s (version 6.5--->8.3) managed by Airwave (version 8.2.7).

    The Aps are patched to aruba 2930f's and using device profiles to configure the relevant taggged and untagged vlans, the DHCP has option 43 & 60 configured to allow management of the APs via Airwave.

    New APs are plugged in with the shipped version of 6.5.

    The VC is then seen on Airwave in the New Devices folder and a group is created automatically from the dhcp options - all good so far!

    The issue comes when the APs are migrated to a group, the AP upgrades to 8.3 and all the devices reboot as expected, but then they will not reconnect to Airwave - they get the correct options ip etc and the AP Cluster Virtual Controller, command show summary shows it knows about Airwave and that the Cluster is formed (All devices upgraded successfully).

    The AP debug shows attempting to communicate with Airwave but failing, the only fix we have found is to delete the server and awc certificates on the VC, where upon the AP join Airwave and everything works as expected.

    Airwave communication settings is configured to use psk not certificates. We understand it is using 443 and therefore ssl, so is the certificate upgraded with the firmware and is that the issue?

     

    Does anyone know how this is happening and how to fix it?

     

    Thanks

     

    Dave



  • 2.  RE: IAP Airwave Certificate issue

    EMPLOYEE
    Posted Sep 21, 2018 07:38 AM

    You mentioned "the problem happens when the IAPs are migrated to a group".  The big question is, what is different between that group and the previous group besides the firmware enforcement of InstantOS 8.3.0.0?  You should open a case so that can be looked at.  You might have a legitimate issue that needs to be fixed, OR it is a configuration issue.

     

    We cannot tell from this forum what is wrong, but we would be very interested to understand this problem.

    Please open a TAC case using the page here:  http://www.arubanetworks.com/support-services/support-program/contact-support



  • 3.  RE: IAP Airwave Certificate issue

    Posted Oct 09, 2018 04:34 AM

    Hi,

     

    I raised a TAC case and we have a solution to the IAP migration. I beleive the main issue was ntp, once this had been applied to the AP group the IAPs no longer stayed down and would connect to AMP.

    We also managed to rectify the mismatches in the config. It seems when an IAP initials joins a group is uses a type of "golden template" which can introduce mismatches and config that cannot be resolved in instant gui mode.

    The technique for rectifying this to migrate the AP goup  --> to template mode which is automatically monitor only mode ( then delete any existing templates in the group vc and ap) then migrate to managed mode, then back to instant gui mode. Be careful at each stage of the process to wait for the APs to settle back to a good config state.

     

    hope this helps

     

    Dave