Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IAP fails when connecting to Aruba controller

This thread has been viewed 7 times

  • 1.  IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 01:14 AM

    Hi guys,

     

    My customer have one master controller 7205 and some local controllers 7030 with many APs in production. I was told to install and connect some new IAPs 315 to the network. First of all I converted the IAPs to CAPs in my office with the customer's local controller IP address, but using my staging lab controller. In my office it worked well and I saw the APs up in the controller dashboard ready to provision.

    When I have installed these APs in customer site, I don't see the APs in the controller dashboard, and the system LED of the APs keeps green flashing.

    The IAP 315 datasheet says minimum ArubaOS 6.5.0.0 and the controllers are runing 6.5.3.3, so I think the release is not the problem.

    When I issue "show log all | include ap_mac_address" in the local controller I get no output, for example:

    (WLC_PRC_P3) #show log all | include 24:f2:7f:c3:b7:b2

    (WLC_PRC_P3) #show log all | include 24:f2:7f:c3:a8:b2

    (WLC_PRC_P3) #

    The commands "show ap database" and "show ap active" don't show my APs.

    I have also checked control plane security is not enabled so it has nothing to do with including the APs MAC addresses in the whitelist. In addition the customer has no MAC addresses at all in the whitelist and has many APs in production.

     

    I have some experience with Instant mode but I am very new with controllers, what more can I check? What logs can I get to see what's happening? What is the next step I can do?

     

    Please your help and many thanks in advance!

     

    Regards,

    Julián



  • 2.  RE: IAP fails when connecting to Aruba controller

    EMPLOYEE
    Posted Mar 28, 2018 02:37 AM

    When you convert the access point successfully and it is up on your staging controller, Go to Configuration> Wireless> AP Installation.  Select the access point and click on provision.  In the master discovery section, ensure that it looks like the screenshot below:  Make sure there is no ip address in the master controller ip address field, otherwise the access point will always be looking for the controller at that ip address, instead of the new controller.  If there is an ip address is any of the fields, delete it and click on "Apply and Reboot".  When you convert an AP, sometimes the ip address of the controller you use to convert it is hardcoded in the "master controller ip address" field, and it needs to be removed so it looks like the screenshot below:

    Screenshot 2018-03-28 at 01.30.44.png

     

    If you do not remove the ip address, when you boot the AP up, it will always be looking for the old controller.

     



  • 3.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 10:34 AM

    Hi Colin,

     

    Thanks for your interest. Get me some minutes to check what you say in your message in my office lab. On the other hand, I have check the customer's controller, I have selected an AP already in production and click on provision to check the configuration, this is the output:

    ap_prod_prov.JPG

    1. So the customer's Master Controller IP is set to 10.100.10.100 which is the controller IP address I used when converting my IAP to CAP with my staging lab controller (I configured this IP address to my staging lab controller).

    2. In the IP setting I see the AP uses a static IP address, and it doesn't obtain IP address using DHCP, is this correct? Or is it possible the AP obtained this IP address via DHCP and once obtained the controller change this IP setting from "Obtain IP Address Using DHCP" to "Use the following IP Address" and set the fields with the IP and gateway addresses obtained via DHCP?

     

    Many thanks,

    Julián



  • 4.  RE: IAP fails when connecting to Aruba controller

    EMPLOYEE
    Posted Mar 28, 2018 10:43 AM

    Looks like you found your problem.

     

    If the AP is supposed to use DHCP to acquire it's address, it should show that way on your screen shot. The AP does not take a DHCP learned address and convert it to static.



  • 5.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 10:46 AM

    Hi,

     

    have you tried the following?

     

    - show datapath session <AP_IP_address>

    - OR show datapath session | include 4500 (to see the established GRE tunnels)

     

    HTH

    Kevin



  • 6.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 11:00 AM

    Hi guys,

     

    @cclemmer

     

    OK, I will check if customer has a DHCP server in its network for this purpose or not. But in case there is a DHCP server enabled for the new APs, they should obtain an IP address and find the controller, right?

     

    @Kevin

     

    Those commands are not useful in my case since I don't see the APs in the controller and I don't know their IP address. I would have to go to customer site and console to the AP to see their IP address.

     

    Regards,

    Julián



  • 7.  RE: IAP fails when connecting to Aruba controller

    EMPLOYEE
    Posted Mar 28, 2018 11:05 AM

    Since the AP has a static IP currently, is that static IP known to be a good/valid IP for the subnet/vlan where the AP is deployed?

     

    Based on the screen shot previously shared, it looks like it's most likely an IP that was used when staging the IAP to CAP conversion. If the IP is not valid, that would explain why you aren't seeng the CAP attempting to join the customer's controller.

     

    By resetting the IP address to DHCP obtained (after validating that a DHCP server is present), the AP should get a valid IP address, and then will attempt to contact the controller IP shown in your screen shot. 



  • 8.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 07:08 PM
    Hi guys,

    I have just left the customer site, I was doing troubleshooting. In fact the problem was very easy, just customer doesn't have a DHCP server and then the APs didn't obtain an IP address and couldn't join to the controller.
    After setting a static IP address to the AP and doing the conversion from IAP to CAP the AP joined to the controller, and appeared as up ready to provision.
    Just one more thing, when doing the conversion I tried with the master controller IP address and with the local controller IP address. In the first case the AP appeared as up and ready to provision in the master controller dashboard, but in the second case it also appeared in the master controller dashboard and not in the local controller dashboard.
    In this second case, when I used the local controller IP address when converting the IAP, shouldn't the AP appear as up in the local controller dashboard?
    And in any case, is it recommended to use the master controller or the local controller IP address when converting the AP? Because as said previously, in both cases the AP appeared as up in the master controller dashboard, so it seems in both cases the AP joined to the master controller.

    Regards,
    Julián


  • 9.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 28, 2018 08:14 PM

    I would say using the master controller IP for initial conversion is best practice.  If it was using ADP or a DHCP option it would point to the master controller anyway.  Once the AP is converted and you put it in an AP group it will get the appropriate LMS IP pointing to the local controller.



  • 10.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 29, 2018 01:00 AM

    Hi Phillip,

     

    Many thanks, valuable information!

     

    Regards,

    Julián



  • 11.  RE: IAP fails when connecting to Aruba controller

    EMPLOYEE
    Posted Mar 28, 2018 08:45 PM
    @fjulianom wrote:
    Hi guys,

    I have just left the customer site, I was doing troubleshooting. In fact the problem was very easy, just customer doesn't have a DHCP server and then the APs didn't obtain an IP address and couldn't join to the controller.
    After setting a static IP address to the AP and doing the conversion from IAP to CAP the AP joined to the controller, and appeared as up ready to provision.
    Just one more thing, when doing the conversion I tried with the master controller IP address and with the local controller IP address. In the first case the AP appeared as up and ready to provision in the master controller dashboard, but in the second case it also appeared in the master controller dashboard and not in the local controller dashboard.
    In this second case, when I used the local controller IP address when converting the IAP, shouldn't the AP appear as up in the local controller dashboard?
    And in any case, is it recommended to use the master controller or the local controller IP address when converting the AP? Because as said previously, in both cases the AP appeared as up in the master controller dashboard, so it seems in both cases the AP joined to the master controller.

    Regards,
    Julián

    Access Points that connect to the local will appear on the master.  Access points that appear on the master will also show up on the master.  In any event, anything you provision should show up on the master, so you can look there to see any access points that either terminate on the master or the local.

     

    You should ensure that the customer has dhcp and has a discovery method configured (DNS, DHCP option, etc), because doing anything with static ip addressing is error-prone and painful.  Having dhcp also allows your access points to recover if the underlying network changes for whatever reason.

     

    If you deploy the new UAPs in the customer's environment, and the customer has a discovery method configured (DNS, dhcp option), the access points will convert themselves and work, as long as they can find a controller.

     

    If you have Instant APs, you should probably deploy and convert them in the customer's environment, provided that they already have dhcp; you can bring up all the Instant APs you would need at the customer's site in a cluster and convert them all at the same time, onsite at the customer.  (you would need to know the Virtual Controller's ip address so that you can Web into the VC and convert them, using the  The access points will come up and join the controller.  This will save you hours in a lab, just to pack up the access points and ship them to the customer.

     

    Ideally, you would just purchase campus APs, the customer would have DNS (aruba-master) pointed to the master controller and they would just come up, saving you tons of time.

     

    The key here is dhcp and a discovery method, so that things work automatically and access points will recover.  Using static ip addressing involves too much risk due to duplicate ip addressing, wrong subnet masks and default gateways, etc.  Static ip addressing also forces you to keep track of all of your access point to ip address mapping, which is an administrative nightmare...

     

    I hope that helps.



  • 12.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 29, 2018 01:02 AM

    wrote:

     

    Access Points that connect to the local will appear on the master.  Access points that appear on the master will also show up on the master.  In any event, anything you provision should show up on the master, so you can look there to see any access points that either terminate on the master or the local.

    You should ensure that the customer has dhcp and has a discovery method configured (DNS, DHCP option, etc), because doing anything with static ip addressing is error-prone and painful.  Having dhcp also allows your access points to recover if the underlying network changes for whatever reason.

    If you deploy the new UAPs in the customer's environment, and the customer has a discovery method configured (DNS, dhcp option), the access points will convert themselves and work, as long as they can find a controller.

    If you have Instant APs, you should probably deploy and convert them in the customer's environment, provided that they already have dhcp; you can bring up all the Instant APs you would need at the customer's site in a cluster and convert them all at the same time, onsite at the customer.  (you would need to know the Virtual Controller's ip address so that you can Web into the VC and convert them, using the  The access points will come up and join the controller.  This will save you hours in a lab, just to pack up the access points and ship them to the customer.

    Ideally, you would just purchase campus APs, the customer would have DNS (aruba-master) pointed to the master controller and they would just come up, saving you tons of time.

    The key here is dhcp and a discovery method, so that things work automatically and access points will recover.  Using static ip addressing involves too much risk due to duplicate ip addressing, wrong subnet masks and default gateways, etc.  Static ip addressing also forces you to keep track of all of your access point to ip address mapping, which is an administrative nightmare...

    I hope that helps.

    Hi Colin,

     

    I completely agree with all your points you have already explained and the advantages of using DNS or DHCP option 43, and the disadvantages of using static IP addressing. The point is the customer is new and it already has a deployed network and many controllers, and we can't change its network.

     

    I also aggree about is better to deploy and convert the entire cluster of IAPs in the customer's environment, since it will convert all the IAPs at the same time, and this will save many hours in a lab, just to pack up the access points and ship them to the customer. Here the point is we need to do this in our office firstly because customer doesn't use DHCP and secondly because some of sites are hundreds of kilometers away and I can't go to all the sites.

     

    Very well explanation Colin and now I have more clear all this. Thanks again for your help!

     

    Regards,

    Julián



  • 13.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 29, 2018 01:20 AM

    Hi guys,

     

    Last question about this. In the case of setting the IP address of the master controller, there are two fields for this within Configuration> Wireless> AP Installation:

    master_ip.png

    Is there any difference of setting the IP address in the left one, in the right one, or in both at the same time?

     

    Regards,

    Julián



  • 14.  RE: IAP fails when connecting to Aruba controller

    EMPLOYEE
    Posted Mar 29, 2018 05:05 AM

    You should use the field on the left to statically set the ip address of the master.  The same field on the right is a legacy parameter when you want to specifically define what controller an access point uses to get its firmware.  It is very rarely used today.  Again, both fields are rarely used today because most Aruba Networks are defined with discovery in mind, and those parameters are obtained automatically instead of entered manually.



  • 15.  RE: IAP fails when connecting to Aruba controller

    Posted Mar 29, 2018 10:48 AM
    OK, very clear. Thanks again!

    Regards,
    Julián