Clearing up template mismatches

Aruba Employee
Aruba Employee

Once you've enabled a template for your group, you'll probably find APs in your group to be in a mismatched state (except for the AP from which you fetched the template, which will be in good configuration). When you enabled templates for your group you should have placed your APs into monitor-only mode. You should keep them in monitor-only mode and put them into manage mode one at a time, only after you address the mismatches for each AP.

If all the APs in your group arent on the same firmware version, a good first step would be to get them all to the same place. Firmware differences can cause some mismatches, so that would probably be helpful.

Remember also that you can have different templates for different types of APs. This can be configured on the Groups --> Template edit page.

When we see mismatches in AMP, it means that there are settings on the device that dont match settings in AMP, or that there are settings on either the device or in AMP that dont exist in the other place. There are a few different strategies we can use to clear them up, but its very important to note that there is no one-size-fits-all approach. You need to evaluate each mismatch separately to determine how it relates to your ideal network settings. Optimizing templates is a process that our customers find very helpful, but it tends to take a bit of time.

If you look at the audit page for a device, mismatches are apparent in the left-hand column when you see the words actual and desired. If you see the word actual with no desired it usually means that the setting is present on the device but not in the template youve defined in AMP. This might be because of different versions of firmware. 

If firmware versions are the same, you can clear up a mismatch like this by simply adding it to the template (you can copy and paste the line into the template and save it). However, its up to you to decide whether this should apply to the group as a whole. I should mention at this point that templates can be very fussy about indentation and spacing. You should take care not to insert extra lines or whitespace when you add or remove lines from a template. 

Lines that are indented, such as:

interface BVI1
<>ip address XXX.YYY.33.13 AAA.BBB..255.0

(note the extra space before ip - the <> are placed there to emphasize the space; they are not part of the template)

are part of the last setting above thats not indented. So in the example I just showed, the indenting shows us that the ip address of the interface BVI1 is XXX.YYY&.

Moving on, you can also clear up mismatches by adding HTML-like tags to the template. If you go to the templates page of a group and click on the pencil icon of the template you are interested in, youll be able to edit the text of the template. On the right-hand side of the template are a list of tags and variables you can use to customize your template. As in HTML, you need to use opening and closing tags. For example:

Adding % before and after the hostname - %hostname% - turns the hostname into a variable. AMP will pull the hostname for each individual device from values on the AP's manage page and apply that, rather than applying one hostname setting across the board.

Adding <ignore_and_do_not_push> </ignore_and_do_not_push> tags around a line will do just that AMP will ignore them, so they no longer count as a mismatch, and will not push any changes out to the group. It can be tempting to use this tag as a very quick way to clear up mismatches, but you should be careful about applying it. If you use it for any security-related setting AMP will NOT alert you if the setting changes on the device, which could be an indication that someone is trying to compromise your network. 

You can also use conditional variables to do things like supporting multiple radio types with a single template. The syntax looks like this:

%IF radio_type=g%
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 11.0 12.0 18.0 24.0
36.0 48.0 54.0
%IF radio_type=b%
speed basic-1.0 2.0 5.5 11.0

There are certain mismatches that you might feel comfortable pushing. For example, hashed passwords will appear as mismatches because the same password will have a different hash from being encrypted on each device. As long as the passwords are the same for *all* devices in the group, youd be OK pushing out the same hashed value to each one. 

We also have some detailed descriptions of template variables in the user guide, which you might find helpful as you address your mismatches.

Once youve addressed the mismatches for an AP, you can put the AP into manage mode, which will apply the group template to it. At that point it should come back in a good configuration. If it does not, you can repeat the process by viewing the mismatches on the devices audit page and adjusting the template as necessary.

If you get down to one or two mismatches that you cant figure out how to clear up, feel free to give us a call back and we can take a look.

Version history
Revision #:
1 of 1
Last update:
‎06-09-2014 09:51 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: