Wireless Access

Reply
Occasional Contributor II

Misconfiguration master discovery in IAP

Hi, we have a problem when we try to update IP Address master for discovery controller.

In 7220 Mobility Controller menu Configuration , Wireless -> AP Instalation we update Master Controller IP Address/DNS name with new IP Address, and then we apply and reboot about 190 APs, but after reboot we realized we have a mistake when input ip address. 

 

And now 190 APs down in controller but they still  reachable with ping from controller. We confused how to fix configuration in each APs because the AP can't browse or remote by ssh. 

 

Any suggest ? or we have to reset one by one physically?

Thank you

 

Screen Shot 2018-07-14 at 10.16.43.pngScreen Shot 2018-07-14 at 10.28.13.png

Guru Elite

Re: Misconfiguration master discovery in IAP

If you have a spare controller and you can bring it up on the wrong ip address, that is probably the easiest way to deal with it.  Or, if you have a maintenance Window and can temporarily change one of your controllers to the ip address you accidentally put in, you will have control over your access points.

 

Beyond that, you have to console into each access point and fix them.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Misconfiguration master discovery in IAP

Unfortunately we only have one controller.

 

Thanks for your advice

Guru Elite

Re: Misconfiguration master discovery in IAP

Is the ip address you made the mistake with reachable within your environment?  


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Misconfiguration master discovery in IAP

It's unreachable.

 

Is it possible recover with airwave?

Guru Elite

Re: Misconfiguration master discovery in IAP

No, because Airwave configures the controller (if it is in managed mode) which consigures the access points.  If the access points do not contact the controller, Airwave cannot do anything.

 

Method#1

If you have a computer console cable for those access points, you will need to reach each AP, plug in the console, cut the power to the AP and then plug it back in.  You would then need to interrupt the boot at the console, so that you get to the apboot> prompt.  You would then type "setenv master <ip address of controller>" , "save" , "boot"

 

Method#2

Do those access points use dhcp?  If yes and you have a basic discovery method enabled (dhcp options, DNS a-record), you can (1) collect the name and ap-group info for each ap (2) do the physical hardware reset procedure on each access point, which could be faster than the console cable. (3) run the a-rename and ap-regroup commands on the commandline to put the access points in the proper group and give them the correct name.

Method#2 detail

- Go to the master controller and type "no paging", "show ap database long status down".  This will give you a text file all of the down access point names, their group and their mac address.  You will need that later to rename and regroup the access points after you reset them on the commandline using ap-group and ap-rename.

- Go around to all the access points with blinking lights and execute the AP hardware button reset procedure, and allow them to boot up.

- All the access points will appear with their mac address in the default ap-group after booting and upgrading (could take 7 minutes per ap).

- A second administrator who is working with you could find the wired mac address of the AP in the text file and rename and change the ap-group for those access points that have been reset in the GUI.

 

Please try either method with 1 access point to see which method suits you.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Misconfiguration master discovery in IAP

I think we can try Method#1

 

and I found this log, whats this mean

 

  authmgr[3909]: <522275> <ERRS> |authmgr|  User Authentication failed. username=04:bd:88:c5:c4:92 userip=10.66.18.147 usermac=04:bd:88:c5:c4:92 authmethod=VPN servername=Internal serverip=10.64.0.12 apname=N/A bssid=00:00:00:00:00:00 

 

  authmgr[3909]: <522275> <ERRS> |authmgr|  User Authentication failed. username=04:bd:88:c5:bf:48 userip=10.66.18.23 usermac=04:bd:88:c5:bf:48 authmethod=VPN servername=Internal serverip=10.64.0.12 apname=N/A bssid=00:00:00:00:00:00 

detail log attached

Guru Elite

Re: Misconfiguration master discovery in IAP

It almost looks like you have Control Plane Security Enabled and you do not have auto-cert allow-all enabled, so your access points cannot join.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Misconfiguration master discovery in IAP

How to disable it so my access points can join ?

Screen Shot 2018-07-15 at 12.35.21.png

Guru Elite

Re: Misconfiguration master discovery in IAP

Did you reset those access points?  If yes, they probably lost their certificates.  To allow them back on:

 

config t

control-plane-security

auto-cert-allow-all

write mem

 

https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/control-plane-security.htm?Highlight=control%20plane%20security

EDIT:

The settings you have above should allow those access points to be able to get back on and recertifiy.

 

Did you reset those access points, or did you use the console cable to change the environment variable?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: