Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

failed to access Instant Controller Web GUI after IP Adress change

This thread has been viewed 20 times

  • 1.  failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 12, 2020 07:54 AM

    Hi Experts,

     

    we going to implement an Instant AP solution with Aruba AP-515. The AP's are connected to new Aruba 5400zl2 switches.

    The first time we start, everyhing was fine: The APs were connected to a public VLAN with DHCP and Internet Access. I could Access the Instant Controller WebUI and do the Basic Setup (setMeup…). All APs where identified, I could rename the APs, upgrade the Firmware and create a first Wireless Network...perfect...

     

    The final plan is, to put the APs in a Management VLAN and to assign Static IP's for the APs. The Wireless Networks should be connected to other VLANs like needed. On the 5406 Switches, the Network Ports to connect the APs are static assigned to the Management VLAN (Untagged) and the Wireless VLANs (all tagged). Currently, the Management VLAN does not have any Access to the Internet.

     

    OK...the switch configuration was done and I startet to assign the static IP adresses to the APs. I also provided a dedicated IP Adress for the Instant Virtual Controller.

     

    I disconnected the APs and connected them to the final ports, which I currently configured (as described). The first AP comes up and I could ping its IP Adress as well as the new Instant Mobility Controllers IP Adress. However I can't Access the WebGUI. I could also Access the Wireless Network...but no GUI Access.

    I am also able to SSH to the APs

     

    Does anybody has an idea?

    Is it because of the missing Internet access in the Management VLAN ..? For some reason, this is not wanted and even not simple testable...

    Any help welcome...

     

    Kind Regards

     

     

     



  • 2.  RE: failed to access Instant Controller Web GUI after IP Adress change

    EMPLOYEE
    Posted Mar 12, 2020 08:07 AM

    If the guest WLAN is virtual controller assigned, the traffic is natted out of the VC, which does not have internet access.  That will not work.

     

    Do your client have a route to the management VLAN?



  • 3.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 12, 2020 09:28 AM

    Hi cjoseph,

     

    thanks for your answer...but I think I miss something….

     

    We want to have:

    1. Employee VLAN with Internet Access with VLAN ID 100

    2. Guest VLAN with independend Internet Access with VLAN ID 200

    3. Management VLAN without Internet with VLAN 10

     

    The Management of the Instant AP Cluster should be done from within the Management VLAN. Only Wired Management Clients should manage the Instant AP Cluster from within the Management VLAN.  THat is currently my Problem. The wired Client could ping the AP(s) but could not open/Access the Instant Virtual Controller Web GUI.

     

    The Switchports where the AP(s) are  connected to is assigned to Managemt VLAN (Untagged), Emplyee VLAN (Tagged) and Guest VLAN (Tagged)

     

    The Network address assignments to the Wireless Clients is done on Network Level, not on the APs...also the Internet Access is provided on VLAN Level with external Firewalls and ISPs

     

    When I create a new Wireless Network (SSID) I could provide a VLAN ID. I would expect that the AP would tag all packets coming from Wireless Clients for this SSID to that VLAN, correct?

     

     

     

     



  • 4.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 15, 2020 05:20 AM

    Hi, 

     

    For your web gui issue, following will help you to resolve it

     

    1) Have you tried accessing the GUI via VC IP instead of FQDN? It should open it without any problem

    2) If you are accessing via the IP and its not accessible, what issue its giving? refused to connect, timedout etc?

     



  • 5.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 16, 2020 05:44 AM

    Hi,

     

    currently I use only th IP Adress to Access the Web GUI....

     

    When I try to Access the WebGUI the browser simply times out...Nothing is displayed….



  • 6.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 16, 2020 06:03 AM

    Hi, 

     

    Can you access the IAP VC and share the config



  • 7.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 16, 2020 10:54 AM

    Hi Ronin,

    here is the config:

    show running-config
    version 8.6.0.0-8.6.0
    syslocation Monheim
    virtual-controller-country DE
    virtual-controller-key 111324aa01c9398f730...cut...
    name "TM Aruba Instant"
    virtual-controller-ip 192.168.180.10
    terminal-access
    ntp-server 172.16.16.110
    clock timezone Berlin 01 00
    rf-band all
    allow-new-aps
    allowed-ap d0:15:a6:ca:9b:fe
    allowed-ap d0:15:a6:c9:f7:c8
    allowed-ap d0:15:a6:ca:0e:08
    allowed-ap d0:15:a6:ca:97:b2
    allowed-ap d0:15:a6:c9:e2:cc
    allowed-ap d0:15:a6:ca:9b:6c
    allowed-ap d0:15:a6:c9:e3:7a
    allowed-ap d0:15:a6:c9:ec:6c
     
    arm
     wide-bands 5ghz
     80mhz-support
     min-tx-power 9
     max-tx-power 127
     band-steering-mode prefer-5ghz
     air-time-fairness-mode default-access
     channel-quality-aware-arm-disable
     client-aware
     scanning
    rf dot11g-radio-profile
     max-distance 0
     max-tx-power 9
     min-tx-power 6
     disable-arm-wids-functions off
     free-channel-index 40
    rf dot11a-radio-profile
     max-distance 0
     max-tx-power 18
     min-tx-power 12
     disable-arm-wids-functions off

    syslog-level warn ap-debug
    syslog-level warn network
    syslog-level warn security
    syslog-level warn system
    syslog-level warn user
    syslog-level warn user-debug
    syslog-level warn wireless
     
    extended-ssid
     
     
     
     
     
     
     
     
     
    hash-mgmt-password
    hash-mgmt-user admin password hash c4fa864402a22...cut...8d4f18db8c573164
     
    wlan access-rule default_wired_port_profile
     index 0
     rule any any match any any any permit
    wlan access-rule wired-SetMeUp
     index 1
     rule masterip 0.0.0.0 match tcp 80 80 permit
     rule masterip 0.0.0.0 match tcp 4343 4343 permit
     rule any any match udp 67 68 permit
     rule any any match udp 53 53 permit
    wlan access-rule TM-TEST
     index 2
     rule any any match any any any permit
    wlan ssid-profile TM-TEST
     enable
     index 0
     type employee
     essid TM-TEST
     wpa-passphrase 200caae66...cut...4dbe045
     opmode wpa3-sae-aes
     max-authentication-failures 0
     vlan 1
     rf-band all
     captive-portal disable
     dtim-period 1
     broadcast-filter arp
     dmo-channel-utilization-threshold 90
     local-probe-req-thresh 0
     max-clients-threshold 64
     dot11k
     dot11v
    auth-survivability cache-time-out 24
     
    dpi app
    url-visibility
    wlan external-captive-portal
     server localhost
     port 80
     url "/"
     auth-text "Authenticated"
     auto-whitelist-disable
     https

    blacklist-time 3600
    auth-failure-blacklist-time 3600

    ids
     wireless-containment none

    wired-port-profile wired-SetMeUp
     switchport-mode access
     allowed-vlan all
     native-vlan guest
     no shutdown
     access-rule-name wired-SetMeUp
     speed auto
     duplex auto
     no poe
     type guest
     captive-portal disable
     no dot1x
    wired-port-profile default_wired_port_profile
     switchport-mode trunk
     allowed-vlan all
     native-vlan 1
     shutdown
     access-rule-name default_wired_port_profile
     speed auto
     duplex full
     no poe
     type employee
     captive-portal disable
     no dot1x

    enet0-port-profile default_wired_port_profile
    uplink
     preemption
     enforce none
     failover-internet-pkt-lost-cnt 10
     failover-internet-pkt-send-freq 30
     failover-vpn-timeout 180
     
    airgroup
     disable
    airgroupservice airplay
     disable
     description AirPlay
    airgroupservice airprint
     disable
     description AirPrint
     
     
    cluster-security
     allow-low-assurance-devices
     
     
     
     
     


  • 8.  RE: failed to access Instant Controller Web GUI after IP Adress change

    Posted Mar 16, 2020 11:00 AM
    and these are the console message during bootup
    HELO
    5.0202-1.0.38-161.122
    CPU0
    L1CD
    MMUI
    MMU8
    CODE
    ZBBS
    MAIN
    NVRAM memcfg 0x41527
    MCB chksum 0xa2becbd7, config 0x41527
    DDR3-1600 CL11 total 1024MB 2 16bits part[s] %1 SSC
    DDR test done successfully
    Loading image 0...
    Validating image 0...
    Uncompressing image 0...
    Booting image 0...

    APBoot 2.4.1.18 (build 67717)
    Built: 2018-11-09 at 14:43:46
    Model: AP-51x
    DRAM:  1 GiB
    NAND:  ECC BCH-8, ONFI, Manuf ID: 0xef, Chip ID: 0xf1 (Winbond W29N01HV), page size: 2048, OOB size: 64, device size: 128 MiB
    PCIE1: link up
    PCIE2: link up
    Power: 802.3af POE
    In:    serial
    Out:   serial
    Err:   serial
    Net:   eth0
    Radio: bcm43694#0, bcm43694#1
    Reset: cold
    FIPS:  passed
    Hit <Enter> to stop autoboot:  0
    Booting OS partition 1
    Checking image @ 0x2000000
    Copying image from 0x0000000008000000
    Image is signed; verifying checksum... passed
    SHA2 Signature available
    Signer Cert OK
    Policy Cert OK
    RSA signature verified using SHA2.
       Loading fdt from 0x0989a114 to 0x0007c000
    Uncompressing Kernel Image ...    reserving fdt memory region: addr=0 size=20000
    OK
    [    0.000000]
    [    0.000000] Aruba Networks
    [    0.000000] ArubaOS Version 8.6.0.2-8.6.0.2 (build 73853 / label #73853)
    [    0.000000] Built by p4build@pr-hpn-build09 on 2020-01-09 at 08:50:23 UTC (gcc version 5.3.0 (Buildroot 2016.02) )
    [    8.142002] tpm tpm0: TPM2_RC_INITIALIZE (256) continue selftest
    [    8.906749] tpm tpm0: TPM2 self test passed
    [    9.014645] brcmboard registered
    [    9.046313] broadcomThermalDrv brcm-therm: init (CPU count 4 4 4 4)
    [   11.035835] Enabling all watchdogs
    [   11.737501]
    Starting Kernel SHA1 KAT ...
    [   11.777283] Completed Kernel SHA1 KAT
    [   11.777367] Starting Kernel HMAC-SHA1 KAT ...
    [   11.777395] Starting Kernel DES KAT ...
    [   11.777396] Completed Kernel DES KAT
    [   11.777425] Starting Kernel AES KAT ...
    [   11.777426] Completed Kernel AES KAT
    [   11.777426]
    [   11.777428] Starting Kernel AESGCM KAT ...
    [   11.777428] Completed Kernel AESGCM KAT
    [   11.779732] Completed Kernel HMAC-SHA1 KAT
    Thu Jan  1 00:00:00 PST 1970
    Populate AP type info
    Domain Name: SetMeUp.arubanetworks.com
    Current OEM Name : Aruba Networks
    Disabling ipv6 for devices by default
    AP-type has_ble_support: NORDIC_ONBOARD.
    IPv6 capability is supported for devices
    No panic info available
    Writing /dev/ttyH0 into /tmp/ble_port
    Enabling ble_daemon and ble_relay via nanny
    masterson: Start hotplug
    Backup ENV.
    Loading Broadcom[   15.370689] wlcsm: module license 'Proprietary' taints kernel.
    [   15.447467] Disabling lock debugging due to kernel taint
     drivers and kernel modules...
    [   19.145394] bcmswlpbk0 (Ext switch port: (Logical Port: Virtual link DOWN
    Configuring eth1 in LAN mode...
    Success.
    Enabling Broa[   19.295057] isl28022: loading out-of-tree module taints kernel.
    dcom traffic management for eth0 port (TMCTL)...
    Enabling Broadcom traffic management for eth1 port (TMCTL)...
    Configure Laphroaig ethernet phy to improve EMC RS/CS
    [   19.572456] isl28022: Found i2c-gpio0
    Enter non-FIPS mode
    Cfg len is 3204
    uap controller less detected
    Mesh disabled
    Ethernet port 1 [   19.859382] Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
    [   19.937516] MII link monitoring set to 400 ms
    mode: active-standby
    [   20.079253] phy_dev_power_set: port_name = eth0,  phy_addr = 6
    [   20.146906] bond0: Enslaving eth0 as a backup interface with a down link
    Info: use bonding and enslave eth1
    Starting watchdog process...
    Aruba watchdog daemon started [1 thread(s)]
    dual_uplink_default is 0
    Loading configuration file of length 3204...
    wifi uplink not[   20.421073] phy_dev_power_set: port_name = eth1,  phy_addr = 12
     present...
    extended ssid config detected...
    Terminal access enabled...
    Val[   20.575963] PPP generic driver version 2.4.2
    id SSID detected...
    touching file /tmp/ip_mode_0
    d[   20.676844] usbcore: registered new interface driver usbserial
    [   20.756459] usbcore: registered new interface driver usbserial_generic
    [   20.834734] usbserial: USB Serial support registered for generic
    o ethtool autoneg on for eth0
    eth1 admin down
    init[   20.952557] usbcore: registered new interface driver usb-storage
     usb modem ...
    [   32.350498] eth0 (Ext switch port: 7) (Logical Port: 15) (phyId: 1e) Link Up at 2500 mbps full duplex
    [   32.453988] <=== Deactivate Deep Green Mode
    [   32.459956] Slave eth0 with speed 2500 Mbps full duplex
    [   32.566588] bond0: link status definitely up for interface eth0, 2500 Mbps full duplex
    [   32.566602] bcmswlpbk0 (Ext switch port: (Logical Port: Virtual link UP
    [   32.747044] bond0: making interface eth0 the new active one
    [   32.814060] bond0: first active interface up!
    No USB Plugged i[   41.090460] usbcore: deregistering interface driver usb-storage
    n
    [   41.190730] cdrom: Uniform CD-ROM driver unloaded
    [   41.258720] usbserial: USB Serial deregistering driver generic
    [   41.321477] usbcore: deregistering interface driver usbserial_generic
    [   41.398671] usbcore: deregistering interface driver usbserial
    skip backup uplink detect, as preferred uplink is UP
    set eth0 as select uplink
    Mesh is DISABLED on this dev[   44.812529] bond0: Enslaving eth1 as a backup interface with a down link
    ice.
    extende[   44.915555] UOL ctf init done
    [   44.950101] uol_init_driver:392 HW offload not applicable, AP will use cutting through path!
    [   45.051281] init_uol_mod: offload cap: 0xc0, mesh mode none, strapless_enabled 0, uplink_vlan 0
    d ssid is activated on the[   45.180419] AP xml model 120, num_radios 2 (jiffies 22465)
    [   45.248445] apType 120 hw_opmode 0
    [   45.289118] radio 0: band 1 ant 0 max_ssid 16
    [   45.341291] radio 1: band 0 ant 0 max_ssid 16
    [   45.393447] init_asap_mod: installation:0
    [   45.441441] election init: rand=1d HZ=500
    [   45.489423] IAP client match init
    [   45.529172] ethernet_device_event: dev eth1 is up
    [   45.585390] ethernet_device_event: dev eth0 is up
     platform ...
    copying bootuplog ...
    allow PAPI
    set device anul0 mtu to 2000
    notify asap_mod 3g no present...
    apdot1x authenticati[   45.889021] device eth0 entered promiscuous mode
    on is not enabled
    Starting DHCP
    Got all network params from APboot env. Skipping DHCP
    Static IP detected. Checking if LACP needs to be configured
    LACP setting not required. AP can ping default gateway
    De-slave eth0
    [   46.992804] ethernet_device_event: dev eth0 others: 21
    [   47.061789] bond0: Releasing active interface eth0
    [   47.119102] bond0: the permanent HWaddr of eth0 - d0:15:a6:ca:9b:fe - is still in use by bond0 - set the HWaddr of eth0 to a different address to avoid conflicts
    [   47.292283] device eth0 left promiscuous mode
    [   47.353225] ethernet_device_event: dev eth0 others: 9
    [   47.406512] phy_dev_power_set: port_name = eth0,  phy_addr = 30
    [   47.477527] ethernet_device_event: dev eth0 is down
    [   47.535893] ethernet_device_event: dev eth0 others: 8
    [   47.596382] ethernet_device_event: dev eth0 others: 25
    De-slave et[   47.660527] ethernet_device_event: dev eth1 others: 21
    [   47.731840] bond0: Releasing backup interface eth1
    h1
    [   47.798072] ethernet_device_event: dev eth1 others: 9
    [   47.853007] phy_dev_power_set: port_name = eth1,  phy_addr = 12
    [   47.924029] ethernet_device_event: dev eth1 is down
    [   47.982406] ethernet_device_event: dev eth1 others: 8
    [   48.046053] bond0: Setting xmit hash policy to layer2+3 (2)
    [   48.114102] ethernet_device_event: dev eth0 others: 13
    [   48.171340] ethernet_device_event: dev eth0 is up
    [   48.229764] ethernet_device_event: dev eth1 others: 13
    [   48.289186] ethernet_device_event: dev eth1 is up
    [   48.347664] ethernet_device_event: dev eth0 others: 9
    [   48.405904] phy_dev_power_set: port_name = eth0,  phy_addr = 30
    [   48.476958] ethernet_device_event: dev eth0 is down
    [   48.535260] ethernet_device_event: dev eth0 others: 20
    [   48.596926] ethernet_device_event: dev eth0 others: 8
    [   48.657311] ethernet_device_event: dev eth0 others: 13
    [   48.718966] ethernet_device_event: dev eth0 is up
    [   48.775565] Slave eth0 with speed 2500 Mbps full duplex
    [   48.837873] ethernet_device_event: dev eth0 others: 21
    [   48.899384] device eth0 entered promiscuous mode
    [   48.954756] bond0: Enslaving eth0 as a backup interface with an up link
    [   49.034277] ethernet_device_event: dev eth1 others: 9
    [   49.094413] phy_dev_power_set: port_name = eth1,  phy_addr = 12
    [   49.165431] ethernet_device_event: dev eth1 is down
    [   49.223762] ethernet_device_event: dev eth0 others: 25
    [   49.285334] ethernet_device_event: dev eth1 others: 20
    [   49.346905] ethernet_device_event: dev eth1 others: 8
    [   49.407367] ethernet_device_event: dev eth1 others: 13
    [   49.468985] ethernet_device_event: dev eth1 is up
    [   49.525540] ethernet_device_event: dev eth1 others: 21
    [   49.586846] device eth1 entered promiscuous mode
    [   49.642254] bond0: Enslaving eth1 as a backup interface with a down link
    [   49.722407] ethernet_device_event: dev eth0 others: 25
    [   49.785118] ethernet_device_event: dev eth0 others: 25
    [   49.845521] ethernet_device_event: dev eth1 others: 25
    [   49.907890] ethernet_device_event: dev eth1 others: 25
    [   49.968610] ethernet_device_event: dev eth1 others: 25
    [   50.505098] ip_time_handler: Got ip and packets on bond0 Started master election 2-0, rand 32
    192.168.180.15 255.255.255.0 192.168.180.1
    Compressing all files in the /etc/httpd directory...
    Done.
    Starting Webserver
    bind: Transport endpoint is not connected
    bind: Transport endpoint is not connected
    bind: Transport endpoint is not connected
    NTP server 172.16.16.110 from configuration.
    Put ntpdate to the nannylist.
    [   59.044781] wl 0000:01:00.0: enabling device (0000 -> 0002)
    [   59.161318] wifi0: AP type AP-515, radio 0, max_bssids 16
    [   59.324822] wl 0001:01:00.0: enabling device (0000 -> 0002)
    [   59.442893] wifi1: AP type AP-515, radio 1, max_bssids 16
    03.00
    [   59.852840] usbcore: registered new interface driver usbserial
    [   59.915599] usbcore: registered new interface driver usbserial_generic
    [   59.993835] usbserial: USB Serial support registered for generic
    [   60.067936] usbcore: registered new interface driver cp210x
    [   60.132586] usbserial: USB Serial support registered for cp210x
    [   60.211740] usbcore: registered new interface driver cdc_eem
    AP Reboot reason:  Power-reset
    shutting down watchdog process (nanny will restart it)...
            <<<<<       Welcome to the Access Point     >>>>>
    Completed SW FIPS KAT test
    USB Modem User: [   63.047950] Disabling USB power
    [   63.078339] Shut down eth1 due to insufficient POE voltage [power profile 1]
    ble_ready NOT present @init ....
    [   69.097765] Enabling USB power
    [   69.127131] Enabled eth1 due to power change [power profile 2]
    [   69.199260] POE power conditions have improved: the new condition is 'POE-AT: No restrictions'
    [   74.809340] random: nonblocking pool is initialized
    [   82.681189] i am master now
    [   82.707353] (07:50:43) !!! Init ---> Master
    [   82.757444] asap_send_elected_master: sent successfully
    ble_ready is  present @41 .... start processing msgs from APB
    User: