Wireless Access

 

 

Recently I have noticed that some APs that already been preconfigure to get attached to a particular master controller will pick another master because ADP is enabled on that controller (That other controller doesn't have a config)

 

Will ADP take priority in the booting process even after the AP knows to what controller to talk to ?

 

Thanks

 

Vic

Unless you set the master when you provision the AP (or use the console and the "setenv masterip x.x.x.x" command), the AP will not remember it's master.  If it uses DHCP or ADP, the master value is not stored in NVRAM.

 

If the AP finds a master controller that doesnt have the correct AP group name (which IS stored in NVRAM), it won't boot properly.  If the newly discovered master DOES have the right AP group, the AP will do whatever that AP group tells it to do.

 

That's what strange that the new controller that the AP discovered is doesn't have any AP groups defined .

 

When we provisioned the AP on the right AP-Group we defined in the ap system profile what controller is supposed to connect to.

 

Also the aruba-master belongs to another controller .

 

My confusion is if the AP already it's been configured with all these values why it would attached to another controller that doesn't even have any config

 

We just started seeing these issues.

 

 

Thanks for your response

The LMS-IP in the AP system profile is not stored in NVRAM.  Once the AP reboots, it "forgets" that info and has to rediscover a master, then relearn the AP sytem profile info.  When you provision an AP, it only "remembers" information that you input on the provisioning screen, not what it learns from the config on the master.

 

ADP is run before DNS (aruba-master), so if the new controller is on the same L2 segment as the AP, it will be discovered before DNS is attempted.

 

You can turn off ADP on the unwanted master using the command "adp discovery disable".

 

Thanks Olino that's what I had to do, I thought there was something that I was missing.

 

Quick question : Can I upgrade an AP from 3.3.x.x directly to 5.0.x.x or 6.1..x.x ?

From 3.3.x, you should first go to 3.4.5.x, then to the 5.x or 6.x image you want.  This is per the 6.1.3.5 release notes.

THanks a bunch

 

One last question , is there a way to disable ADP on the APs ?

 

Thanks

 

Vic

Not that I know of.

Hi Onio, Am new to this group , am just going through previous discussions and have doubt regarding your comments in this thread Comment #1 given by you in this thread : ------------------------------------------------------- If the AP finds a master controller that doesnt have the correct AP group name (which IS stored in NVRAM) Comment#2 given by you in this thread: ------------------------------------------------------ When you provision an AP, it only "remembers" information that you input on the provisioning screen, not what it learns from the config on the master. As per comment#2 , AP does not store any information got from master but u r first comment saying "AP group name" stored in NVRAM. It is confusing , can you help me.

---

@rajshekar wrote:
Hi Onio, Am new to this group , am just going through previous discussions and have doubt regarding your comments in this thread Comment #1 given by you in this thread : ------------------------------------------------------- If the AP finds a master controller that doesnt have the correct AP group name (which IS stored in NVRAM) Comment#2 given by you in this thread: ------------------------------------------------------ When you provision an AP, it only "remembers" information that you input on the provisioning screen, not what it learns from the config on the master. As per comment#2 , AP does not store any information got from master but u r first comment saying "AP group name" stored in NVRAM. It is confusing , can you help me.

---

1.  If an AP does not have the correct group name, it will be labelled as "inactive" and it will not broadcast any WLAN.  If you provision an access point with a certain group name and delete that group from the controller, that is how you could end up in that inactive situation.

2.  The access point will at minimum have the AP Name and the AP-Group.  Optionally static parameters for ip address, subnet mask, default gateway and DNS can be saved on the AP, in addition to the ip address or fqdn of the master controller.  Besides that, it has to contact the controller for its WLAN information.

 

All of this reminds me of a question that came up on something I was working on the other day.  Can I assign APs to multiple AP groups? i.e. I have one area that I was to broadcast 2 SSIDs.  I have one AP group that includes all of the APs in the building and a second that has the APs that exist in this one area.  Is this possible?  When I was looking at the controller it looked like an AP could only exist in one AP group at a time.  Is that right?

---

@aedwards wrote:

All of this reminds me of a question that came up on something I was working on the other day.  Can I assign APs to multiple AP groups? i.e. I have one area that I was to broadcast 2 SSIDs.  I have one AP group that includes all of the APs in the building and a second that has the APs that exist in this one area.  Is this possible?  When I was looking at the controller it looked like an AP could only exist in one AP group at a time.  Is that right?

---

You cannot have APs in multiple groups.

 

If you have and AP that needs to broadcast WLAN A and B, create a group that has both and add that AP to it.  If you have an AP that needs to broadcast only one, create a group with only that WLAN (Virtual AP) and add the AP to it.  If you have an AP you need to broadcast all three, create an ap-group that has all three WLANS (Virtual APS) and add the AP to it.

 

Remember that even if a client is in an area with an AP that is only broadcasting one WLAN, he can still be able to see an attach to an access point that is broadcasting more than one, so it is not much of a security mechanism to only broadcast certain APs.

 

Thanks cjoseph.  I thought that was going to be the answer, but I didn't want to assume.

 

One last question....the last statemnt surprises me..."Remember that even if a client is in an area with an AP that is only broadcasting one WLAN, he can still be able to see an attach to an access point that is broadcasting more than one, so it is not much of a security mechanism to only broadcast certain APs."

 

Are you saying that if I configure AP1 to have WLAN 1 and 2 and I then configure AP2 to only have WLAN 2 I can still associate to WLAN 1 on AP2?  Even though WLAN1 was never configured to exist on AP2?  To further clarify, we are not talking about hidden (non-broadcasting) SSIDs correct?

Yes.

 

As long as a client is within RF earshot of an access point, removing the WLAN from an access point closer means he can still attach to that WLAN on an AP further away if it is strong enough for that client to see it.

 

Then I'm definately confused.  If I can still connect to an AP that doesn't have a WLAN configured on it, what is the point of having multiple AP groups that you can assign different APs and WLANs to?  Is it just an orginational node? Or does it server some other purpose I'm missing?

---

@aedwards wrote:

Then I'm definately confused.  If I can still connect to an AP that doesn't have a WLAN configured on it, what is the point of having multiple AP groups that you can assign different APs and WLANs to?  Is it just an orginational node? Or does it server some other purpose I'm missing?

---

Sorry for the confusion.

 

If a client can "see" a WLAN he can still connect to it.  Keep that in mind when you are limiting coverage to areas.

 

I'm tracking now.  Thanks cjoseph for the clarification.