Network Management

Hello,

I couldn't find a proper way to report possible bugs into AirWave and Aruba products, so I'm opening it here for Aruba tries to reproduce this issue or help anyone that may find the same problem as me and I didn't want to open an Aruba TAC case because it would take so long and there's workaround solutions available for this issue. 

Today I was setting up a IAP cluster managed by AMP (Management mode). When creating a new User Role and associating it to a SSID, the clients wasn't receiving this User Role and consequently the Captive Portal (ClearPass) wasn't splashing for them. Instead, they were receiving the "External CP" User Role.

When I turn off AMP so I could manage the IAP WebUI, I figure out the User Role haven't been created neither assigned. When I tried to create it manually, it reports for me that I couldn't created any more User Roles because I had exceeded the User Role number limit (it's 32 User Roles into AOS 8.7.0.0 and below and 64 User Roles for Aruba InstantOS 8.8.0.0+).

The workaround solution for me was removing an unused User Role locally at the IAP WebUI so the User Role was created as expected.

What I would like the Aruba TAC and engineer team figure out is why the AirWave didn't reported any error when applying the config (not even reported as "mismatched", it seems none config wasn't even applied at all) when the User Role limit was exceed. It would be great if AirWave checks the actual number of User Roles to check if it exceeded accordingly to Aruba InstantOS version instead of assuming it isn't exceeded.

Edit: I found the config sync log and figure out that in fact it shows that the config wasn't applied because the Max roles numbers was exceeded, but could be an error reported at the AirWave UI to state it more clearly instead of letting us trying to figure out what's going on.

The proper way to report bugs is through a TAC case. It's really unlikely that if you post something here that someone will pick it up and try to reproduce and create a TAC case on your behalf.

Now you found the solution, it should be even easier as you can guide TAC to reproduce in house. Please open that TAC case.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 29, 2022 11:53 AM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello,

I couldn't find a proper way to report possible bugs into AirWave and Aruba products, so I'm opening it here for Aruba tries to reproduce this issue or help anyone that may find the same problem as me and I didn't want to open an Aruba TAC case because it would take so long and there's workaround solutions available for this issue.

Today I was setting up a IAP cluster managed by AMP (Management mode). When creating a new User Role and associating it to a SSID, the clients wasn't receiving this User Role and consequently the Captive Portal (ClearPass) wasn't splashing for them. Instead, they were receiving the "External CP" User Role.

When I turn off AMP so I could manage the IAP WebUI, I figure out the User Role haven't been created neither assigned. When I tried to create it manually, it reports for me that I couldn't created any more User Roles because I had exceeded the User Role number limit (it's 32 User Roles into AOS 8.7.0.0 and below and 64 User Roles for Aruba InstantOS 8.8.0.0+).

The workaround solution for me was removing an unused User Role locally at the IAP WebUI so the User Role was created as expected.

What I would like the Aruba TAC and engineer team figure out is why the AirWave didn't reported any error when applying the config (not even reported as "mismatched", it seems none config wasn't even applied at all) when the User Role limit was exceed. It would be great if AirWave checks the actual number of User Roles to check if it exceeded accordingly to Aruba InstantOS version instead of assuming it isn't exceeded.

Edit: I found the config sync log and figure out that in fact it shows that the config wasn't applied because the Max roles numbers was exceeded, but could be an error reported at the AirWave UI to state it more clearly instead of letting us trying to figure out what's going on.

Hello Herman,
Thank you for your response. I know, I've decided to open this post more in hope to help someone that may trying to figure out why AirWave shows "External CP" instead of the Role assigned through AirWave - in my case, it was happening because the Role wasn't being created because the IAP exceeded it's Role limit.
I decided not open a TAC case and try to figure out on my own because it's so bad and we have tickets that are months waiting for a response, which makes me sad because I love HPE products. Vagues and delayed responses are common and escalating it to the responsible team takes so long that it's faster downgrading or recreate the client environment from the start than expecting any response from TAC itself.
Original Message:
Sent: Dec 01, 2022 08:28 AM
From: Herman Robers
Subject: Do not report error or config mismatch when User Role limit exceeded

The proper way to report bugs is through a TAC case. It's really unlikely that if you post something here that someone will pick it up and try to reproduce and create a TAC case on your behalf.

Now you found the solution, it should be even easier as you can guide TAC to reproduce in house. Please open that TAC case.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 29, 2022 11:53 AM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello,

I couldn't find a proper way to report possible bugs into AirWave and Aruba products, so I'm opening it here for Aruba tries to reproduce this issue or help anyone that may find the same problem as me and I didn't want to open an Aruba TAC case because it would take so long and there's workaround solutions available for this issue.

Today I was setting up a IAP cluster managed by AMP (Management mode). When creating a new User Role and associating it to a SSID, the clients wasn't receiving this User Role and consequently the Captive Portal (ClearPass) wasn't splashing for them. Instead, they were receiving the "External CP" User Role.

When I turn off AMP so I could manage the IAP WebUI, I figure out the User Role haven't been created neither assigned. When I tried to create it manually, it reports for me that I couldn't created any more User Roles because I had exceeded the User Role number limit (it's 32 User Roles into AOS 8.7.0.0 and below and 64 User Roles for Aruba InstantOS 8.8.0.0+).

The workaround solution for me was removing an unused User Role locally at the IAP WebUI so the User Role was created as expected.

What I would like the Aruba TAC and engineer team figure out is why the AirWave didn't reported any error when applying the config (not even reported as "mismatched", it seems none config wasn't even applied at all) when the User Role limit was exceed. It would be great if AirWave checks the actual number of User Roles to check if it exceeded accordingly to Aruba InstantOS version instead of assuming it isn't exceeded.

Edit: I found the config sync log and figure out that in fact it shows that the config wasn't applied because the Max roles numbers was exceeded, but could be an error reported at the AirWave UI to state it more clearly instead of letting us trying to figure out what's going on.

Hi Eduardo,

Could you please let us know your the Airwave version? Unfortunately I am not able to find your email address in the your contact details.  Please reply to the below email address:

sreedhar.rajagopal@hpe.com

Based on the shared information, I will test in-house and work with engineering if required.
Original Message:
Sent: Dec 01, 2022 12:00 PM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello Herman,
Thank you for your response. I know, I've decided to open this post more in hope to help someone that may trying to figure out why AirWave shows "External CP" instead of the Role assigned through AirWave - in my case, it was happening because the Role wasn't being created because the IAP exceeded it's Role limit.
I decided not open a TAC case and try to figure out on my own because it's so bad and we have tickets that are months waiting for a response, which makes me sad because I love HPE products. Vagues and delayed responses are common and escalating it to the responsible team takes so long that it's faster downgrading or recreate the client environment from the start than expecting any response from TAC itself.
Original Message:
Sent: Dec 01, 2022 08:28 AM
From: Herman Robers
Subject: Do not report error or config mismatch when User Role limit exceeded

The proper way to report bugs is through a TAC case. It's really unlikely that if you post something here that someone will pick it up and try to reproduce and create a TAC case on your behalf.

Now you found the solution, it should be even easier as you can guide TAC to reproduce in house. Please open that TAC case.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 29, 2022 11:53 AM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello,

I couldn't find a proper way to report possible bugs into AirWave and Aruba products, so I'm opening it here for Aruba tries to reproduce this issue or help anyone that may find the same problem as me and I didn't want to open an Aruba TAC case because it would take so long and there's workaround solutions available for this issue.

Today I was setting up a IAP cluster managed by AMP (Management mode). When creating a new User Role and associating it to a SSID, the clients wasn't receiving this User Role and consequently the Captive Portal (ClearPass) wasn't splashing for them. Instead, they were receiving the "External CP" User Role.

When I turn off AMP so I could manage the IAP WebUI, I figure out the User Role haven't been created neither assigned. When I tried to create it manually, it reports for me that I couldn't created any more User Roles because I had exceeded the User Role number limit (it's 32 User Roles into AOS 8.7.0.0 and below and 64 User Roles for Aruba InstantOS 8.8.0.0+).

The workaround solution for me was removing an unused User Role locally at the IAP WebUI so the User Role was created as expected.

What I would like the Aruba TAC and engineer team figure out is why the AirWave didn't reported any error when applying the config (not even reported as "mismatched", it seems none config wasn't even applied at all) when the User Role limit was exceed. It would be great if AirWave checks the actual number of User Roles to check if it exceeded accordingly to Aruba InstantOS version instead of assuming it isn't exceeded.

Edit: I found the config sync log and figure out that in fact it shows that the config wasn't applied because the Max roles numbers was exceeded, but could be an error reported at the AirWave UI to state it more clearly instead of letting us trying to figure out what's going on.

Hello @srajagopal
Thank you for your response. I'll contact you through mail.
​​I'm using AirWave 8.2.10.1.
Original Message:
Sent: Dec 01, 2022 07:24 PM
From: Sreedhar Rajagopal
Subject: Do not report error or config mismatch when User Role limit exceeded

Hi Eduardo,

Could you please let us know your the Airwave version? Unfortunately I am not able to find your email address in the your contact details.  Please reply to the below email address:

sreedhar.rajagopal@hpe.com

Based on the shared information, I will test in-house and work with engineering if required.
Original Message:
Sent: Dec 01, 2022 12:00 PM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello Herman,
Thank you for your response. I know, I've decided to open this post more in hope to help someone that may trying to figure out why AirWave shows "External CP" instead of the Role assigned through AirWave - in my case, it was happening because the Role wasn't being created because the IAP exceeded it's Role limit.
I decided not open a TAC case and try to figure out on my own because it's so bad and we have tickets that are months waiting for a response, which makes me sad because I love HPE products. Vagues and delayed responses are common and escalating it to the responsible team takes so long that it's faster downgrading or recreate the client environment from the start than expecting any response from TAC itself.
Original Message:
Sent: Dec 01, 2022 08:28 AM
From: Herman Robers
Subject: Do not report error or config mismatch when User Role limit exceeded

The proper way to report bugs is through a TAC case. It's really unlikely that if you post something here that someone will pick it up and try to reproduce and create a TAC case on your behalf.

Now you found the solution, it should be even easier as you can guide TAC to reproduce in house. Please open that TAC case.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 29, 2022 11:53 AM
From: Eduardo Mozart de Oliveira
Subject: Do not report error or config mismatch when User Role limit exceeded

Hello,

I couldn't find a proper way to report possible bugs into AirWave and Aruba products, so I'm opening it here for Aruba tries to reproduce this issue or help anyone that may find the same problem as me and I didn't want to open an Aruba TAC case because it would take so long and there's workaround solutions available for this issue.

Today I was setting up a IAP cluster managed by AMP (Management mode). When creating a new User Role and associating it to a SSID, the clients wasn't receiving this User Role and consequently the Captive Portal (ClearPass) wasn't splashing for them. Instead, they were receiving the "External CP" User Role.

When I turn off AMP so I could manage the IAP WebUI, I figure out the User Role haven't been created neither assigned. When I tried to create it manually, it reports for me that I couldn't created any more User Roles because I had exceeded the User Role number limit (it's 32 User Roles into AOS 8.7.0.0 and below and 64 User Roles for Aruba InstantOS 8.8.0.0+).

The workaround solution for me was removing an unused User Role locally at the IAP WebUI so the User Role was created as expected.

What I would like the Aruba TAC and engineer team figure out is why the AirWave didn't reported any error when applying the config (not even reported as "mismatched", it seems none config wasn't even applied at all) when the User Role limit was exceed. It would be great if AirWave checks the actual number of User Roles to check if it exceeded accordingly to Aruba InstantOS version instead of assuming it isn't exceeded.

Edit: I found the config sync log and figure out that in fact it shows that the config wasn't applied because the Max roles numbers was exceeded, but could be an error reported at the AirWave UI to state it more clearly instead of letting us trying to figure out what's going on.