Wireless Access

Reply
Highlighted
Contributor II

BASIC AP troubleshooting.

I have put a troubleshooting guide together for campus AP's there are a lot of variables which I need to fit in somehow but this is a work in progress and I will update accordingly.

If you notice anything that is missing please let me know and ill happily add it in.

Things like LED status and AP database Flags and their meanings and troubleshooting them I will add later but formatting that nicely is proving difficult.

Please find the document attached. or print out below:

 

The access point is not powering up:
Check the status of the AP power LED and if the AP is not powered on then determine the source of the power.

  • If the AP is using an AC adapter:
    • Verify and reconnect the power cable connections at the adapter and AP
    • Try using a different AC adapter.
    • Try to connect a different AP to the same adapter.
  • If the AP is using PoE:
    • Try connecting AP to a different PoE port
    • Try using a separate Ethernet cable
    • Try connecting a different AP to the same port
    • Try connecting the AP to a different PoE switch.

If the AP still displays no power LED status after these troubleshooting steps, then send an RMA request to Aruba Support

Is the AP able to find the Aruba controller?

Check if the AP is seen on any controller:

  • SSH to the master controller and issue this command:
  • show ap database long | include [ either Location ID, or AP IP address, or AP Ethernet MAC address, or AP serial number]
  • If the AP is found in the output of that command, then SSH to the controller IP address that is listed under the "Switch IP" column.
    • Verify if the AP is seen on the controller by issuing this command: show ap active ap-name [name of the AP]
    • Run the command #show ap bss-table ap-name [name of the AP]
    • Run the command #show ap association bssid [bssid of the AP from the above output]
    • Verify if any wireless clients are associated to the SSID's
    • Run the command #show user-table verbose | include [Aruba AP name]
    • Verify if any wireless clients have authenticated with this AP.
    • If all of the SSID's are listed as expected, and there are clients authenticated to the AP, then this AP is working correctly, and the issue is most likely not with the AP its self and will most likely be a configuration issue.
    • If the AP is not broadcasting, collect the output of
      • show ap tech-support ap-name [name of the ap]
      • show ap database long | include [name of the ap]
      • show ap bss-table ap-name [name of the ap]
    • If the AP is not seen in the "show ap database long" and the controllers are in a cluster, then proceed with the following:
      • Log onto the VRRP master of the cluster which will be hosting the L2 VIP that the AP's will be talking too. You can find the VRRP master by logging onto the mobility master > going down to the controller level > configuration > redundancy > L2 redundancy > select the virtual router and make a note of the priority for this controller. Repeat this on controllers. The one with the highest number will be the VRRP master.
      • SSH to the IP address of the VRRP master
      • Run the command #show datapath session table [AP IP address]
      • If this output shows protocol 17 and port 8211 but no protocol 47, then the AP is trying to connect, but it cannot establish the GRE tunnel. Issue these commands and look for errors in the output:
      • show log system all
      • show log errorlog all
      • show log all | include MAC address of AP
      • #show ap config ap-name [Aruba AP name]
        • Look in the output for the AP VLAN value for its SSID. Issue this command: show IP interface brief
        • Verify that the VLAN value exists on the Aruba controller.

 

  • If the AP is not seen in the "show ap database long" and the controllers are not in a cluster, then proceed with the following:
    • SSH to the IP of the controller which the AP's are being provisioned too.
    • Run the command #show datapath session table [AP IP address]
    • If this output shows protocol 17 and port 8211 but no protocol 47, then the AP is trying to connect, but it cannot establish the GRE tunnel. Issue these commands and look for errors in the output:
    • show log system all
    • show log errorlog all
    • show log all | include MAC address of AP
    • #show ap config ap-name <Aruba AP name>
      • Look in the output for the AP VLAN value for its SSID. Issue this command: show IP interface brief
      • Verify that the VLAN value exists on the Aruba controller.
    • If after all of the above troubleshooting, you have looked at the datapath and there is no information displayed, then proceed with the following:
      • Verify that the following protocols are open between the AP and the controller on every firewall in its datapath:
        • UDP 69 (TFTP)
        • UDP 123 (NTP)
        • UDP 514 (Syslog)
        • UDP 4500 (nat-t)
        • UDP 8211 (Papi)
        • TCP 20 (FTP)
        • TCP 21 (FTP)
        • Protocol 47 (GRE)
      • If the firewall is configured correctly, then proceed with the following
      • Get console connection to the AP.
      • Verify if the AP can find the controller by the console output message "Running ADP...Done. Master is <an IP address should be here>".
      • If the console output does show an IP address for "Master is…", then verify if that is the correct controller IP address.
      • If that IP address is not the correct IP address, or it is the correct IP address, or there is no IP address shown for "Master is…", then get a sniffer trace between the AP and the directly connected Ethernet switch and escalate to the next Tier of Support. Provide all the information that was gathered during troubleshooting.
      • If the AP is not receiving the IP address of the controller, then you will need to discuss how the AP's have been provisioned:
        • Using a DNS record
        • Using DHCP option 43 and 60
        • Statically assigned
      • If you are using DNS or DHCP, then ask them to check and ensure the entries are correct
        • If the entries are correct, plug in a laptop to the port where the AP is mounted and run a Wireshark capture on the computer.
        • In the Wireshark capture, you will be able to see if you are receiving these records
      • If you are using a statically assigned address, then again check the connectivity from the port where the AP is mounted and the controller.
    • If all of the above has been completed and still the AP is not communicating with the controller, escalate this with Aruba support.

 

 

 

Ben Casey
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: