Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Instant and Airwave: Instant GUI issue

This thread has been viewed 2 times

  • 1.  Instant and Airwave: Instant GUI issue

    Posted Feb 25, 2014 03:48 AM

    Hi,

     

    I'm having a strange issue while configuring an IAP-RAP3 (also tried with a IAP-105) via Airwave and the Instant GUI there.

    In my scenario, I create a new wireless guest network, nothing fancy, just a simple one with internal IAP authentication and captive portal. However, I would also like to include a network access rule to this network, and here comes the point:

    In the Airwave Instant GUI, I create the rule, then after clicking "Apply all" the setting is saved and prepared to be pushed to my IAP.

    The IAP accepts all the network configuration, but it does not accept the network access rule. I always get a mismatch for my VC and finally it states "Retry limit reached" (see image)

    AirwaveIAP.jpg

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    I tried clicking the "Apply All" button below repeatedly, but the mismatch is still there.

     

    I have version 7.7.9 of Airwave and the latest version of IAP (6.3.1.2-4.0.0.3_41784).

     

    Thanks any help,

     

    best regards

     



  • 2.  RE: Instant and Airwave: Instant GUI issue

    EMPLOYEE
    Posted Feb 25, 2014 08:44 AM

    Are you using the internal Captive Portal on the IAP or an external one?


    There are certain configuration elements that are not available when authorizing against the internal DB of the IAP and things like role derivation is one of them. For things like this, you need an external Captive Portal along with an external radius source.

     

    Also keep in mind that there is generally a stagger between feature functionality in IAP vs what is supported in Airwave. Both are new releases, I'll check with QA for you to see if this is the case here.

     

    Cheers,

    Adam



  • 3.  RE: Instant and Airwave: Instant GUI issue

    Posted Feb 25, 2014 09:44 AM

    I'm using the internal Captive Portal of the IAP. 

     

    I thought that network access rules wouldn't state a problem to Airwave, actually I configured them from Airwave in the instant GUI. So it may be that this functionality in Airwave is not yet implemented on the IAP firmware?

     

     

     

     

     

     

     

     



  • 4.  RE: Instant and Airwave: Instant GUI issue

    EMPLOYEE
    Posted Feb 25, 2014 12:28 PM

    I checked with a few and this could be a bug. To verify, can you create a new group in Airwave, enable the IGC and then move the devices in question to the group and try to push the config again?

     

    If it works, great - but still may want to open a TAC case as it should work as you've descrbed. If it doesn't work, TAC case is of course the way to go to get this replicated and tracked as a bug for resolution.

     

    Cheers, Adam



  • 5.  RE: Instant and Airwave: Instant GUI issue

    Posted Mar 19, 2014 10:35 AM

    I have exact the same issue here - is this a confirmed bug? (using Airwave 7.7.9, IAP-115 with latest Firmware and playing around with internal Captive Portal and Firewall Rules...)



  • 6.  RE: Instant and Airwave: Instant GUI issue

    Posted Mar 19, 2014 10:36 AM
    Mismatches for VC : LAB-ZH-AVC1
    Change to VC configuration: 
    no rule  
    no rule  
    rule any any match any any 65535 permit log retry limit reached
    rule any any match any any 65535 deny log retry limit reached
    rule any any match udp 67 68 permit log  
    rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit log  
    rule 173.194.0.0 255.255.0.0 match tcp 80 80 permit log  
    terms-of-use "Das ist das Guest WLAN für Zuerich" retry limit reached
    wlan access-rule ARUBA-TEST-WLAN  
     no rule  
     rule any any match any any 65535 permit log retry limit reached
    wlan access-rule ARUBA-TEST-GUEST  
     no rule  
     rule any any match any any 65535 deny log retry limit reached
     rule any any match udp 67 68 permit log  
     rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit log  
     rule 173.194.0.0 255.255.0.0 match tcp 80 80 permit log  
    wlan captive-portal  

     terms-of-use "Das ist das Guest WLAN für Zuerich" 

    		retry limit reached