Wireless Access

We have purchased controllers to replace our aging 3000 sieries controllers.  After some research and discussion, I was under the impression I could backup my config on my 3600 controller, restore it on my new 7210, license the new unit, reboot and then have a fully functioning replication of my existing controller, but on the new hardware.  When I attempted this, the controller comes back up, gets the new name from the config (I can see this on the little LCD screen), but is unable to be managed through either the GUI or SSH.  The IP address is the same, but when I try to navigate to it, it strangely attempts to redirect to https://securelogin.arubanetworks.com/auth/cp_disabled.html and gives me an error for why it can't display the page.  I followed the procedure, what am I missing?  Can the 3600 config running 6.4 firmware not be placed onto a 7210 with 6.5 on it?  I am stumped at this point.

I would recommend this:

Ensure both controllers are on the same code version.

Add the new controller as a standby master.

Failover to the new controller.

Remove legacy controller entries from configuration.

Upgrade new controller firmware.

(Caveat: you need to be aware of how your APs find the controller and update this to the new controller address. E.g. DHCP option or DNS entry.)

Or just rebuild the configuration from scratch on the new controller.

Or if you're really set on importing the configuration, you need to license the new controller first and probably ensure that the configuration dosn't reference interfaces that aren't there.

I am starting to lean toward rebuild the controller from scratch using the 3600 as a guide. If I import the flash like I did, shouldn't that just do a 1 to 1 on the interfaces?  for example, we only use int0 on the 3600 and just trunk it.  In theory shouldn't int0 on the 7210 just go over and match what we had on the 3600?

If I did rebuild it from scratch, how would the AP's be discovered by the 7210 once we shut off the 3600?  Would they need a reboot to rediscover the new controller or would I have to manually do something in the new controller to get the AP's to come over to it for provisioning?  I am not positive what method we use for the AP's to discover a controller now.  We use DHCP from our on site dhcp server, not the dhcp in the controller.

The 3600 and 72xx form factor are different. I don't believe this configuration file will seamlessly migrate without having to manually configure ethernet ports on the 72xx. Have you tried to restore flash instead? Instead, I would have the 72xx run 6.4, restore flash then upgrade to 6.5

hdeleon, my apologies if I mistyped.  I actually did use the flash backup to migrate over to the new controller.  But I was under the impression that the 3600 running 6.4 firmware, and the 7210 running 6.5 would seamlessly take the same config.  Perhaps I misunderstood support.  While we are at it, I thought the flash backup was the config itself?  Are the config and the flash somehow different? 

jrwhitehead has the absolute correct process. Also, while you can try to do the import, they MUST be at the same version (6.4 and 6.5 have some code level changes). So if you cannot or are not able to do the master/master-backup method, then at a minimum the two controller MUST be on the same exact version of AOS 6.4. Then you will have to correct interface configs, etc.

btw the CP coming up is because the ports are not trusted. Once you configure them to be trusted (via the console port), that should go away, but there may be other anomalies. 

jhoward, since my port0 is trusted on my 3600, shouldn't that setting come over with the flash backup and make port0 also trusted on my 7210 after the reload?  Or am I not understanding how the actual backup functions?

flash backups are not designed to:

* work between different code revs

* work between different controller hardware models

That's why the master/master-backup solution is far more effective as it replicated the config using the master-redundancy elements, and doesn't mess with the physical interfaces. And that is the officially supported hardware migration process. 

While it seems that it should work, it's not designed that way, and there's no guarantee it will ever work nor is there any support for it.

Chances are the most critical elements are there, just fix the network interfaces, then do a diff between the 3600 and 7200 configs once you're done to see if any other major elements are missing.

I really appreciate all the assistance here with this everyone.  Just so I understand jhoward, when you say "fix the interfaces" are you simply referring to verifying that the individual ports are trusted or do you mean that the associated ports to the vlans might not match up under the interfaces tab?  I guess I was thinking that if my 3600 had a GE1/0, and so does my 7210, and that is the only port I am using, that everything would match completely.  Perhaps a better word than "thinking" was "hoping". 

Not being super comfortable or knowledgeable with the master/master backup solution I am now leaning toward a manual rebuild of this 7210 and then once ready, powering down the 3600, placing the same IP address on the 7210, and going from there.  Only question I would have is would the AP's automatically find the new controller, or would I have to take action to make them viewable in the new controller? 

First issue though is, when you look at the cfg files between the two, they aren't the same (which is why they aren't portable). Specific to interfaces, the 3600 references the Int1 as 'interface gigabitethernet 0/1', whereas a 7x00 controller will reference it as 'interface gigabitethernet 0/0/1' (notice the extra '/X') so the config isn't portable specific to interfaces, and some other elements tied to this. Additionally, AOS 6.5 adds or looks for other things that the 6.4 config doesn't have, and upon a restore, with it not being there, superflous data or incorrect data will be placed in the config (hence the reason to diff the config once you fix the physical interface mismatches from the migration to see if anything else went awry, and you can ignore any 'hash' values that mismatch). 

If you go with the rebuild, that's fine too. Once the IP is changed back to what the 3600 had, it should find the controller and come up (you may have to either enable or disable CPsec and set AutoCert Prov to 'yes' to let the APs come up if you used CPsec before, and or re-whitelist the APs). 

Thank you very much.  I really appreciate all the support and this makes things very clear.  I did go check and also noticed that the interfaces on the 3600 differed slightly from the 7210 (as you mentioned, the GE1/0 vs the GE0/0/0).  I will check on cpsec and I enabled autocertprov on the 7210 when I set it up manually after factory defaulting it.

This has helped greatly, and I thank you and all who contributed to helping me figure this out.  Great community involvement!