Wireless Access

Dear Aruba Team,

I have very strange problem with Ap 70 provisioned on the controller A2400. From some reason the Roaming status have been changed to Wired (remote) and also I can see some Access Points as a "Wired Access Points". Honestly speaking I have no idea what means "Wired Access Point". The Forward mode "bridge" instead Tunnel.

I investigated all configuration on the rotuers and switches and I couldn't find any doubts.

Could you please let me know, what I can do in mentioned case.

Best Regards

Can you please share the following :

show ap ap-group <ap-group name>

show wlan virtual-ap <virtual AP name>

Additionally these Access Points are not broadcasting any SSID. 

We will need to see how are these configured.

You can configure these (AP70  / AP2E) as remote APs in bridge mode and that's probably why you see it getting categorize as a wired access points but these don't broadcast an SSID just functions as a wired bypass

it527wc01) # show wlan virtual-ap devicenet-527-vap

Virtual AP profile "devicenet-527-vap" (Invalid: VLAN 401 does not exist)
-------------------------------------------------------------------------
Parameter Value
--------- -----
QinQ Outer VLAN 0
Virtual AP enable Enabled
Allowed band all
AAA Profile devicenet-527-aaa
802.11K Profile default
SSID Profile devicenet-527
VLAN 401
Forward mode tunnel
Deny time range N/A
Mobile IP Enabled
HA Discovery on-association Disabled
DoS Prevention Disabled
Station Blacklisting Enabled
Blacklist Time 3600 sec
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Authentication Failure Blacklist Time 3600 sec
Multi Association Disabled
Strict Compliance Disabled
VLAN Mobility Disabled
Preserve Client VLAN Disabled
Remote-AP Operation standard
Drop Broadcast and Multicast Disabled
Convert Broadcast ARP requests to unicast Disabled
Band Steering Disabled
Steering Mode prefer-5ghz
VLAN POOL SIZE 0
WMM Traffic Management Profile N/A

ap-group "it527"
virtual-ap "guest-guestnet-vap"
virtual-ap "employee-tenet-mobile-v420-vap"
virtual-ap "devicenet-527-vap"
virtual-ap "employee-tenet-enterprise-v401-vap"
virtual-ap "employee-tenet-mac-v401-vap"
ap-system-profile "it527-apsettings"
regulatory-domain-profile "italy"

The goal what I would like to achieve is take them back to the corrent settings to allow SSID broadcasting.

Thank you for support

Will try to help you with that.

Please run these commands from the local controller these APs are attached :

show ap database long | include <ap mac address>

show  ap  config ap-name <apname>

show ap active | include <ap mac address>

Did you recently started seeing these APs behave that way ? Were these APs broadcasting the SSIDs ?

Has anything changed recently ? 

What AOS do you have installed ?

Also make sure you open a TAC case just in case.

I would like to add that I have the same situation on the second controller - completely the same behaviour. 

For example AP60's can work normally.

Do you have any idea, what can be the reason?

Regards

Patryk

it527wc00) #show ap database long | include 00:0b:86:c6:ba:68
it527wa06 it527 70 10.115.114.16 Up 4m:1s 00:0b:86:c6:ba:68 A50120828 1/0 N/A N/A

it527wc00) #show ap config ap-name it527wa06

Configuration for AP name "it527wa06" AP group "it527"
------------------------------------------------------
Parameter 802.11g 802.11a Source
--------- ------- ------- ------
LMS IP 10.115.114.4 10.115.114.4 ap system-profile "it527-apsettings"
Backup LMS IP N/A N/A ap system-profile "it527-apsettings"
LMS Preemption Enabled Enabled ap system-profile "it527-apsettings"
LMS Hold-down Period 600 sec 600 sec ap system-profile "it527-apsettings"
Number of IPSEC retries 360 360 ap system-profile "it527-apsettings"
LED operating mode (AP-9x/AP-10x/AP-12x/RAP-5x only) normal normal ap system-profile "it527-apsettings"
RF Band g g ap system-profile "it527-apsettings"
Double Encrypt Disabled Disabled ap system-profile "it527-apsettings"
Native VLAN ID 1 1 ap system-profile "it527-apsettings"
SAP MTU 1500 bytes 1500 bytes ap system-profile "it527-apsettings"
Bootstrap threshold 8 8 ap system-profile "it527-apsettings"
Request Retry Interval 10 sec 10 sec ap system-profile "it527-apsettings"
Maximum Request Retries 10 10 ap system-profile "it527-apsettings"
Keepalive Interval 60 sec 60 sec ap system-profile "it527-apsettings"
Dump Server N/A N/A ap system-profile "it527-apsettings"
Telnet Disabled Disabled ap system-profile "it527-apsettings"
SNMP sysContact N/A N/A ap system-profile "it527-apsettings"
AeroScout RTLS Server N/A N/A ap system-profile "it527-apsettings"
RTLS Server configuration N/A N/A ap system-profile "it527-apsettings"
Remote-AP DHCP Server VLAN N/A N/A ap system-profile "it527-apsettings"
Remote-AP DHCP Server Id 192.168.11.1 192.168.11.1 ap system-profile "it527-apsettings"
Remote-AP DHCP Default Router 192.168.11.1 192.168.11.1 ap system-profile "it527-apsettings"
Remote-AP DHCP Pool Start 192.168.11.2 192.168.11.2 ap system-profile "it527-apsettings"
Remote-AP DHCP Pool End 192.168.11.254 192.168.11.254 ap system-profile "it527-apsettings"
Remote-AP DHCP Pool Netmask 255.255.255.0 255.255.255.0 ap system-profile "it527-apsettings"
Remote-AP DHCP Lease Time 0 days 0 days ap system-profile "it527-apsettings"
Remote-AP Backup Ports Enabled Enabled ap system-profile "it527-apsettings"
Remote-AP uplink total bandwidth 0 kbps 0 kbps ap system-profile "it527-apsettings"
Remote-AP bw reservation 1 N/A N/A ap system-profile "it527-apsettings"
Remote-AP bw reservation 2 N/A N/A ap system-profile "it527-apsettings"
Remote-AP bw reservation 3 N/A N/A ap system-profile "it527-apsettings"
Heartbeat DSCP 0 0 ap system-profile "it527-apsettings"
Session ACL ap-uplink-acl ap-uplink-acl ap system-profile "it527-apsettings"
Maintenance Mode Disabled Disabled ap system-profile "it527-apsettings"
WISPr Location-ID ISO Country Code N/A N/A ap system-profile "it527-apsettings"
WISPr Location-ID E.164 Country Code N/A N/A ap system-profile "it527-apsettings"
WISPr Location-ID E.164 Area Code N/A N/A ap system-profile "it527-apsettings"
WISPr Location-ID SSID/Zone N/A N/A ap system-profile "it527-apsettings"
WISPr Operator Name N/A N/A ap system-profile "it527-apsettings"
WISPr Location Name N/A N/A ap system-profile "it527-apsettings"
Remote-AP Local Network Access Disabled Disabled ap system-profile "it527-apsettings"
Radio enable Enabled Enabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Mode ap-mode ap-mode rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
High throughput enable (radio) Enabled Enabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Channel N/A N/A rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Beacon Period 100 msec 100 msec rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Beacon Regulate Disabled Disabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Transmit EIRP 15 dBm 15 dBm rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Advertise 802.11d and 802.11h Capabilities Disabled Disabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Spectrum load balancing Disabled Disabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Spectrum Load balancing mode channel channel rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Spectrum load balancing update interval (sec) 30 seconds 30 seconds rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Spectrum load balancing threshold (%) 20 percent 20 percent rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Advertized regulatory max EIRP 0 0 rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Spectrum Load Balancing domain N/A N/A rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
RX Sensitivity Tuning Based Channel Reuse disable disable rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
RX Sensitivity Threshold 0 -dBm 0 -dBm rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Non 802.11 Interference Immunity Level-2 Level-2 rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Enable CSA Disabled Disabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
CSA Count 4 4 rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Management Frame Throttle interval 1 sec 1 sec rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Management Frame Throttle Limit 20 20 rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
ARM/WIDS Override Disabled Disabled rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Protection for 802.11b Clients Enabled N/A rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Maximum Distance 0 meters 0 meters rf dot11g-radio-profile "default" / rf dot11a-radio-profile "default"
Assignment single-band single-band rf arm-profile "default"
Allowed bands for 40MHz channels a-only a-only rf arm-profile "default"
Client Aware Enabled Enabled rf arm-profile "default"
Max Tx EIRP 127 dBm 127 dBm rf arm-profile "default"
Min Tx EIRP 9 dBm 9 dBm rf arm-profile "default"
Multi Band Scan Enabled Enabled rf arm-profile "default"
Rogue AP Aware Disabled Disabled rf arm-profile "default"
Scan Interval 10 sec 10 sec rf arm-profile "default"
Active Scan Disabled Disabled rf arm-profile "default"
Scanning Enabled Enabled rf arm-profile "default"
Scan Time 110 msec 110 msec rf arm-profile "default"
VoIP Aware Scan Disabled Disabled rf arm-profile "default"
Power Save Aware Scan Enabled Enabled rf arm-profile "default"
Video Aware Scan Enabled Enabled rf arm-profile "default"
Ideal Coverage Index 10 10 rf arm-profile "default"
Acceptable Coverage Index 4 4 rf arm-profile "default"
Free Channel Index 25 25 rf arm-profile "default"
Backoff Time 240 sec 240 sec rf arm-profile "default"
Error Rate Threshold 50 % 50 % rf arm-profile "default"
Error Rate Wait Time 30 sec 30 sec rf arm-profile "default"
Noise Threshold 75 -dBm 75 -dBm rf arm-profile "default"
Noise Wait Time 120 sec 120 sec rf arm-profile "default"
Minimum Scan Time 8 8 rf arm-profile "default"
Load aware Scan Threshold 1250000 Bps 1250000 Bps rf arm-profile "default"
Mode Aware Arm Disabled Disabled rf arm-profile "default"
40 MHz intolerance Disabled Disabled rf ht-radio-profile "default-g" / "default-a"
Honor 40 MHz intolerance Enabled Enabled rf ht-radio-profile "default-g" / "default-a"
Legacy station workaround Disabled Disabled rf ht-radio-profile "default-g" / "default-a"
SSID enable Enabled Enabled wlan ssid-profile "guest-guestnet"
ESSID guestnet guestnet wlan ssid-profile "guest-guestnet"
Encryption opensystem opensystem wlan ssid-profile "guest-guestnet"
DTIM Interval 1 beacon periods 1 beacon periods wlan ssid-profile "guest-guestnet"
Basic Rates 1 2 6 12 24 wlan ssid-profile "guest-guestnet"
Transmit Rates 1 2 5 6 9 11 12 18 24 36 48 54 6 9 12 18 24 36 48 54 wlan ssid-profile "guest-guestnet"
Station Ageout Time 1000 sec 1000 sec wlan ssid-profile "guest-guestnet"
Max Transmit Attempts 8 8 wlan ssid-profile "guest-guestnet"
RTS Threshold 2333 bytes 2333 bytes wlan ssid-profile "guest-guestnet"
Short Preamble Enabled N/A wlan ssid-profile "guest-guestnet"
Max Associations 64 64 wlan ssid-profile "guest-guestnet"
Wireless Multimedia (WMM) Disabled Disabled wlan ssid-profile "guest-guestnet"
Wireless Multimedia U-APSD (WMM-UAPSD) Powersave Enabled Enabled wlan ssid-profile "guest-guestnet"
WMM TSPEC Min Inactivity Interval 0 msec 0 msec wlan ssid-profile "guest-guestnet"
Override DSCP mappings for WMM clients Disabled Disabled wlan ssid-profile "guest-guestnet"
DSCP mapping for WMM voice AC 56 56 wlan ssid-profile "guest-guestnet"
DSCP mapping for WMM video AC 40 40 wlan ssid-profile "guest-guestnet"
DSCP mapping for WMM best-effort AC 24 24 wlan ssid-profile "guest-guestnet"
DSCP mapping for WMM background AC 8 8 wlan ssid-profile "guest-guestnet"
902il Compatibility Mode Disabled Disabled wlan ssid-profile "guest-guestnet"
Hide SSID Disabled Disabled wlan ssid-profile "guest-guestnet"
Deny_Broadcast Probes Disabled Disabled wlan ssid-profile "guest-guestnet"
Local Probe Request Threshold (dB) 0 0 wlan ssid-profile "guest-guestnet"
Disable Probe Retry Enabled Enabled wlan ssid-profile "guest-guestnet"
Battery Boost Disabled N/A wlan ssid-profile "guest-guestnet"
WEP Key 1 N/A N/A wlan ssid-profile "guest-guestnet"
WEP Key 2 N/A N/A wlan ssid-profile "guest-guestnet"
WEP Key 3 N/A N/A wlan ssid-profile "guest-guestnet"
WEP Key 4 N/A N/A wlan ssid-profile "guest-guestnet"
WEP Transmit Key Index 1 1 wlan ssid-profile "guest-guestnet"
WPA Hexkey N/A N/A wlan ssid-profile "guest-guestnet"
WPA Passphrase N/A N/A wlan ssid-profile "guest-guestnet"
Maximum Transmit Failures 0 0 wlan ssid-profile "guest-guestnet"
BC/MC Rate Optimization Disabled Disabled wlan ssid-profile "guest-guestnet"
Strict Spectralink Voice Protocol (SVP) Disabled Disabled wlan ssid-profile "guest-guestnet"
802.11g Beacon Rate default N/A wlan ssid-profile "guest-guestnet"
802.11a Beacon Rate N/A default wlan ssid-profile "guest-guestnet"
Advertise QBSS Load IE Disabled Disabled wlan ssid-profile "guest-guestnet"
High throughput enable (SSID) Enabled Enabled wlan ht-ssid-profile "default"
40 MHz channel usage Enabled Enabled wlan ht-ssid-profile "default"
MPDU Aggregation Enabled Enabled wlan ht-ssid-profile "default"
Max transmitted A-MPDU size 65535 bytes 65535 bytes wlan ht-ssid-profile "default"
Max received A-MPDU size 65535 bytes 65535 bytes wlan ht-ssid-profile "default"
Min MPDU start spacing 8 usec 8 usec wlan ht-ssid-profile "default"
Supported MCS set 0-15 0-15 wlan ht-ssid-profile "default"
Short guard interval in 40 MHz mode Enabled Enabled wlan ht-ssid-profile "default"
Legacy stations Allowed Allowed wlan ht-ssid-profile "default"
Allow weak encryption Disabled Disabled wlan ht-ssid-profile "default"
QinQ Outer VLAN 0 0 wlan virtual-ap "guest-guestnet-vap"
Virtual AP enable Enabled Enabled wlan virtual-ap "guest-guestnet-vap"
Allowed band all all wlan virtual-ap "guest-guestnet-vap"
VLAN 421 421 wlan virtual-ap "guest-guestnet-vap"
Forward mode tunnel tunnel wlan virtual-ap "guest-guestnet-vap"
Deny time range N/A N/A wlan virtual-ap "guest-guestnet-vap"
Mobile IP Enabled Enabled wlan virtual-ap "guest-guestnet-vap"
HA Discovery on-association Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
DoS Prevention Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Station Blacklisting Enabled Enabled wlan virtual-ap "guest-guestnet-vap"
Blacklist Time 3600 sec 3600 sec wlan virtual-ap "guest-guestnet-vap"
Dynamic Multicast Optimization (DMO) Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Dynamic Multicast Optimization (DMO) Threshold 6 6 wlan virtual-ap "guest-guestnet-vap"
Authentication Failure Blacklist Time 3600 sec 3600 sec wlan virtual-ap "guest-guestnet-vap"
Multi Association Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Strict Compliance Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
VLAN Mobility Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Preserve Client VLAN Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Remote-AP Operation standard standard wlan virtual-ap "guest-guestnet-vap"
Drop Broadcast and Multicast Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Convert Broadcast ARP requests to unicast Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Band Steering Disabled Disabled wlan virtual-ap "guest-guestnet-vap"
Steering Mode prefer-5ghz prefer-5ghz wlan virtual-ap "guest-guestnet-vap"
VLAN POOL SIZE 0 0 wlan virtual-ap "guest-guestnet-vap"
VoIP Call Admission Control Disabled Disabled wlan voip-cac-profile "default"
VoIP Bandwidth based CAC Disabled Disabled wlan voip-cac-profile "default"
VoIP Call Capacity 10 10 wlan voip-cac-profile "default"
VoIP Bandwidth Capacity (kbps) 2000 2000 wlan voip-cac-profile "default"
VoIP Call Handoff Reservation 20 % 20 % wlan voip-cac-profile "default"
VoIP Send SIP 100 Trying Disabled Disabled wlan voip-cac-profile "default"
VoIP Disconnect Extra Call Disabled Disabled wlan voip-cac-profile "default"
VOIP TSPEC Enforcement Disabled Disabled wlan voip-cac-profile "default"
VOIP TSPEC Enforcement Period 1 sec 1 sec wlan voip-cac-profile "default"
VoIP Drop SIP Invite and send status code (client) 486 486 wlan voip-cac-profile "default"
VoIP Drop SIP Invite and send status code (server) 486 486 wlan voip-cac-profile "default"

I tried to perform sh ap active, but I can see it that mentioned AP is rebooting few times - very unstable ( the same for all AP70s)

That IOS which we are running is: 5.0.4.2

It started when we moved some AP to the another cisco switch. For your information we also moved to the previous configuration afterwards. I confirmed that configuration and vlans are available on the all required switches.

Let's confirm the following :

- One thing that I noticed was that the VLAN 401 associated with your Virtual AP looks like it doesn't exist on your controller , you need to make sure that the VLAN is there .

- Also run the show ap essid command

- Do you have all your APs behaving that way or just the APs in that AP-Group.

- Run the show vlan and show ip interface brief to make sure that VLAN 401 / interface vlan 401 has been created.

- If you moved those APs to another switch and you see the APs rebooting a lot , then you may have a layer 1 issue . 

Good morning Fabian

I saw it as well. I fixed this problem, thank you.

Below you can find result of sh ap essid.

It looks that there are some clients connected, but from Gui interface I can see that clients can not obtain correct IP.

In User Role these information "logon" and Roaming Status -> Wired(Remote)

ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ----------
xnet-Mobile 21 2 420 WPA2 8021X AES
guestnet 22 2 421 Open
xnet-Mac 21 0 401 WPA2 8021X AES
xnet-Enterprise 21 3 401 WPA2 8021X AES
x-527 21 7 401 Static WEP
Num ESSID:5

There is only a problem with AP70's. For example AP60's works fine. For your information all access points are associated with only one vlan.

Best regards

Patryk Zatorski