Security

Reply
Highlighted
Contributor II

AirGroup not working after upgrade from 6.5 to 8.5

We have a single controller environment that was running 6.5 code. We used the migration tool to upgrade to 8.3, then did a standard upgrade to 8.5.0.7 to gain support for some new AP-515s. The migration tool took care of most everything - SSIDs, ClearPass integration, PEF policy rules, etc. However, AirGroup is no longer functioning.

 

I see both AirGroup servers and clients in the UI and via CLI. We have forced registration turned on, and AirGroup server devices are registered in CPPM. We are using distributed mode. No domain is defined.

 

show airgroup status

indicates that MDNS, DLNA, etc. are enabled, along with the services that we had set to allow before the upgrade (airplay, airprint, and so on).

 

I notice that both:

show airgroup cppm entries

and

show airgroup policy-entries

 

return 0 results. And, on CPPM Access Tracker, there are no entries for the AirGroup Authorization Service since the upgrade to 8.3.

 

Also looks like all the AirGroup RADIUS calls are timing out:

show airgroup cppm-server radius statistics

AirGroup RADIUS Server Statistics
---------------------------------
Server PAP Rq Mismatch Rsp Bad Auth Acc Rej Ukn Rsp Tmout AvgRspTm Tot Rq Tot Rsp Uptime (d:h:m) SEQ Total/Free
------ ------ ------------ -------- --- --- ------- ----- -------- ------ ------- -------------- --------------
CPPM01 59574 0 0 0 0 0 238270 0 59574 0 0:0:0 765/718
Orphaned requests = 0

 

I'm still digging around, but wanted to ask if anyone has a tip, or has run into this situation after a similar upgrade. Thanks.

 

Highlighted
Guru Elite

Re: AirGroup not working after upgrade from 6.5 to 8.5

I would look at the CPPM event viewer and see if your requests are being rejected.  Also look at the audit viewer in cppm and see if anything was changed recently.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor II

Re: AirGroup not working after upgrade from 6.5 to 8.5

A bunch of auth errors in the CPPM Event Viewer, coming from the controller's VLAN 1 IP address and port 41019. But, Authentication > Advanced > RADIUS Client is set to use the correct IP and source VLAN interface for talking to CPPM and 802.1X and other auths are working.

 

show airgroup cppm-server aaa
AirGroup AAA profile "default" undefined.

 

I noticed this, as well, and am trying to find where it lives. Under Services > AirGroup, I have a profile selected, and that profile has correct CPPM information included.

 

 

Highlighted
Guru Elite

Re: AirGroup not working after upgrade from 6.5 to 8.5

In 8.x, if you are using clustering the radius source ip address becomes the ip address of the cluster VRRP.  Whatever ip address is appearing in the event viewer, just add it as a NAD device in ClearPass to get it working.

 

If this is critical, I would open a Technical Support case in parallel to this.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor II

Re: AirGroup not working after upgrade from 6.5 to 8.5

Standalone controller in this case. We will open a TAC case after we've done a bit more searching.

 

Highlighted
Contributor II

Re: AirGroup not working after upgrade from 6.5 to 8.5

Still working with TAC on this issue. The auth errors in Event Viewer were remedied by setting the controller IP address via CLI. The correct address was already selected in the web UI, but the AirGroup service was not using that one as the source to communicate with CPPM.

 

What we've seen during testing is that if we share devices using individual user names, AirGroup works as expected. If we share by AP group, it does not or discovery is intermittent, even for a group with a small number of APs. Multiple services exhibit this problem - AirPlay, Chromecast, etc.

 

TAC has asked us to go ahead and upgrade from 8.5.0.7 to 8.5.0.8 and test again, so we will do that next.

 

Highlighted
Contributor II

Re: AirGroup not working after upgrade from 6.5 to 8.5

This issue persists, still working with TAC. What we see is that if we flip a device in ClearPass from shared via AP group to shared with specific user names, it shows up immediately for those users as an available AirPlay device. If we flip it back to sharing by AP group, it is no longer discovered.

 

The device and client are in same location, and can be on same or different APs within the same AP group.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: