One additions to above, I checked with the serial cable and noticed that initially the 345 was plugged into port 1 of the AP and was unable to retrieve a DHCP lease.
Logs on port 1
Hit <Enter> to stop autoboot: 0
Booting OS partition 1
Checking image @ 0x2000000
Copying image from 0x0000000008000000
Image is signed; verifying checksum... passed
SHA2 Signature available
Signer Cert OK
Policy Cert OK
RSA signature verified using SHA2.
Loading fdt from 0x09a88fbc to 0x0007c000
Uncompressing Kernel Image ... reserving fdt memory region: addr=0 size=20000
OK
[ 0.000000]
[ 0.000000] Aruba Networks
[ 0.000000] ArubaOS Version 8.10.0.10-8.10.0.10 (build 89128 / label #89128)
[ 0.000000] Built by jenkins@3a84b2c4aede on 2024-02-02 at 07:41:41 UTC (gcc version 5.3.0 (Buildroot 2016.02) )
[ 8.571780] brcmboard registered
[ 8.603392] broadcomThermalDrv brcm-therm: init (CPU count 4 4 4 4)
[ 10.570683] Enabling all watchdogs
[ 11.257063]
Starting Kernel SHA1 KAT ...
[ 11.296778] Completed Kernel SHA1 KAT
[ 11.343732] Starting Kernel HMAC-SHA1 KAT ...
[ 11.393819] Starting Kernel DES KAT ...[ 11.439731] Completed Kernel DES KAT
[ 11.483517] Starting Kernel AES KAT ...
[ 11.527369] Completed Kernel AES KAT
[ 11.527369]
[ 11.590981] Starting Kernel AESGCM KAT ...
[ 11.693229] Completed Kernel HMAC-SHA1 KAT
Thu Jan 1 00:00:00 PST 1970
Populate AP type info
Domain Name: SetMeUp.arubanetworks.com
Current OEM Name : Aruba Networks
Disabling ipv6 for devices by default
AP-type has_ble_support: ONBOARD.
IPv6 capability is supported for devices
No panic info available
Enabling ble_daemon and ble_relay via nanny
masterson: Start hotplug
Backup ENV.
Loading Broadcom[ 16.877437] wlcsm: module license 'Proprietary' taints kernel.
[ 16.954190] Disabling lock debugging due to kernel taint
drivers and kernel modules...
[ 23.007127] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link DOWN
Starting Broadcom Switch daemon (SWMDK)...[ 23.130701] isl28022: loading out-of-tree module taints kernel.
Enabling Broadcom traffic management for eth0 port (TMCTL)...
Enabling Broadcom traffic management for eth1 port (TMCTL)...
Enter non-FIPS mode
Cfg len is 4001
uap controller less detected
Mesh disabled
dual uplink platform just by factory default
Ethernet port 1 mode: active-standby
[ 23.822571] phy_dev_power_set: port_name = eth0, phy_addr = 6
Eth0 has been enslaved in bond0
Eth1 will be enslaved in bond0 for lacp detection.
Starting watchdog process...
Aruba watchdog daemon started [1 thread(s)]
Loading configuration file of length 4001...
wifi uplink not present...
extended ssid config detected...
Terminal access enabled...
Valid SSID detected...
touching file /tmp/ip_mode_0
do ethtool autoneg on for eth0
init usb modem ...
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
error in reading source file
Mesh is DISABLED on this device.
extended[ 55.011217] uol_init_driver:435 HW offload not applicable, AP will use cutting through path!
ssid is activated on the platform ...
copying bootuplog ...
allow PAPI
set device anul0 mtu to 2000
notify asap_mod 3g no present...
apdot1x authentication is not enabled
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
[ 60.120182] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link UP
[ 60.198541] eth1 (Ext switch port: 3) (Logical Port: 11) (phyId: b) Link Up at 1000 mbps full duplex
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
Starting DHCP
Eth1 has been removed from bo[ 75.586315] phy_dev_power_set: port_name = eth1, phy_addr = 11
nd0 after lacp detection
(none)
Compressing all files in the /etc/httpd directory...
Done.
Starting Webserver
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
bind: Transport endpoint is not connected
NTP server north-america.pool.ntp.org from configuration.
Put ntpdate to the nannylist.
AP rebooted Fri Feb 2 07:47:16 UTC 2024; System cmd at uptime 0D 0H 6M 52S: Current uplink down, no useable uplink
shutting down watchdog process (nanny will restart it)...
<<<<< Welcome to the Access Point >>>>>
Completed SW FIPS KAT test
USB Modem is not presenUser:
User:
User: ble_ready NOT present @init ....
User: admin
System uptime is 100 seconds and CLI is not ready yet, please try again later.
User: [ 112.304187] ip_time_handler: Got ip and packets on bond0 Started conductor election 1-0, rand 21
User: admin
System uptime is 122 seconds and CLI is not ready yet, please try again later.
User: [ 133.432246] (12:42:32) !!! Init ---> Conductor
Logs on port0
When I plugged it into Eth0 it was able to obtain a lease.
DDR test done successfully
Loading image 0...
Validating image 0...
Uncompressing image 0...
Booting image 0...
APBoot 2.4.0.1 (build 63683)
Built: 2018-02-13 at 13:40:06
Model: AP-34x
DRAM: 512 MiB
NAND: ECC BCH-8, ONFI, Manuf ID: 0xef, Chip ID: 0xf1 (Winbond W29N01HV), page size: 2048, OOB size: 64, device size: 128 MiB
PCIE1: link up
PCIE2: link up
Power: 802.3af POE
In: serial
Out: serial
Err: serial
Net: eth0, eth1
Radio: bcm43465#0, bcm43465#1
Reset: cold
FIPS: passed
Hit <Enter> to stop autoboot: 0
Booting OS partition 1
Checking image @ 0x2000000
Copying image from 0x0000000008000000
Image is signed; verifying checksum... passed
SHA2 Signature available
Signer Cert OK
Policy Cert OK
RSA signature verified using SHA2.
Loading fdt from 0x09a88fbc to 0x0007c000
Uncompressing Kernel Image ... reserving fdt memory region: addr=0 size=20000
OK
[ 0.000000]
[ 0.000000] Aruba Networks
[ 0.000000] ArubaOS Version 8.10.0.10-8.10.0.10 (build 89128 / label #89128)
[ 0.000000] Built by jenkins@3a84b2c4aede on 2024-02-02 at 07:41:41 UTC (gcc version 5.3.0 (Buildroot 2016.02) )
[ 8.574716] brcmboard registered
[ 8.606313] broadcomThermalDrv brcm-therm: init (CPU count 4 4 4 4)
[ 10.575617] Enabling all watchdogs
[ 11.261617]
Starting Kernel SHA1 KAT ...
[ 11.301394] Completed Kernel SHA1 KAT
[ 11.301476] Starting Kernel HMAC-SHA1 KAT ...
[ 11.301504] Starting Kernel DES KAT ...
[ 11.301504] Completed Kernel DES KAT
[ 11.301533] Starting Kernel AES KAT ...
[ 11.301534] Completed Kernel AES KAT
[ 11.301534]
[ 11.301537] Starting Kernel AESGCM KAT ...
[ 11.301537] Completed Kernel AESGCM KAT
[ 11.303894] Completed Kernel HMAC-SHA1 KAT
Thu Jan 1 00:00:00 PST 1970
Populate AP type info
Domain Name: SetMeUp.arubanetworks.com
Current OEM Name : Aruba Networks
Disabling ipv6 for devices by default
AP-type has_ble_support: ONBOARD.
IPv6 capability is supported for devices
No panic info available
Enabling ble_daemon and ble_relay via nanny
masterson: Start hotplug
Backup ENV.
Loading Broadcom[ 16.982535] wlcsm: module license 'Proprietary' taints kernel.
[ 17.059260] Disabling lock debugging due to kernel taint
drivers and kernel modules...
[ 23.112222] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link DOWN
Starting Broadcom Switch daemon (SWMDK)...[ 23.236274] isl28022: loading out-of-tree module taints kernel.
Enabling Broadcom traffic management for eth0 port (TMCTL)...
Enabling Broadcom traffic management for eth1 port (TMCTL)...
Enter non-FIPS mode
Cfg len is 4001
uap controller less detected
Mesh disabled
dual uplink platform just by factory default
Ethernet port 1 mode: active-standby
[ 23.921627] phy_dev_power_set: port_name = eth0, phy_addr = 6
Eth0 has been enslaved in bond0
Eth1 will be enslaved in bond0 for lacp detection.
Starting watchdog process...
Aruba watchdog daemon started [1 thread(s)]
Loading configuration file of length 4001...
wifi uplink not present...
extended ssid config detected...
Terminal access enabled...
Valid SSID detected...
touching file /tmp/ip_mode_0
do ethtool autoneg on for eth0
init usb modem ...
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
[ 29.001883] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link UP
[ 29.080344] eth0 (Ext switch port: 7) (Logical Port: 15) (phyId: 1e) Link Up at 2500 mbps full duplex
error in reading source file
Mesh is DISABLED on this device.
extended[ 29.818018] uol_init_driver:435 HW offload not applicable, AP will use cutting through path!
ssid is activated on the platform ...
copying bootuplog ...
allow PAPI
set device anul0 mtu to 2000
notify asap_mod 3g no present...
apdot1x authentication is not enabled
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
Starting DHCP
Getting an IP address...
Jan 1 00:00:25 udhcpc[5478]: udhcpc (v0.9.9-pre) started
Jan 1 00:00:25 udhcpc[5478]: send_discover: pkt num 0, secs 0
Jan 1 00:00:25 udhcpc[5478]: Sending discover...
Jan 1 00:00:26 udhcpc[5478]: send_selecting: pkt num 0, secs 512
Jan 1 00:00:26 udhcpc[5478]: Sending select for 10.254.254.6...
Jan 1 00:00:26 udhcpc[5478]: Lease of 10.254.254.6 obtained, lease time 604800
Jan 1 00:00:26 udhcpc[5478]: DHCP OPT 60 is ArubaAP
Jan 1 00:00:26 udhcpc[5478]: DHCP OPT 42, len: 4, ip: 10.254.254.1
[ 38.979103] ip_time_handler: Got ip and packets on bond0 Started conductor election 25-0, rand 18
[ 39.653857] (08:00:27) !!! Init ---> Member
Eth1 has been removed from bo[ 59.555240] phy_dev_power_set: port_name = eth1, phy_addr = 11
nd0 after lacp detection
10.254.254.6 255.255.255.0 10.254.254.1
Compressing all files in the /etc/httpd directory...
DDR test done successfully
Loading image 0...
Validating image 0...
Uncompressing image 0...
Booting image 0...
APBoot 2.4.0.1 (build 63683)
Built: 2018-02-13 at 13:40:06
Model: AP-34x
DRAM: 512 MiB
NAND: ECC BCH-8, ONFI, Manuf ID: 0xef, Chip ID: 0xf1 (Winbond W29N01HV), page size: 2048, OOB size: 64, device size: 128 MiB
PCIE1: link up
PCIE2: link up
Power: 802.3af POE
In: serial
Out: serial
Err: serial
Net: eth0, eth1
Radio: bcm43465#0, bcm43465#1
Reset: cold
FIPS: passed
Hit <Enter> to stop autoboot: 0
Booting OS partition 1
Checking image @ 0x2000000
Copying image from 0x0000000008000000
Image is signed; verifying checksum... passed
SHA2 Signature available
Signer Cert OK
Policy Cert OK
RSA signature verified using SHA2.
Loading fdt from 0x09a88fbc to 0x0007c000
Uncompressing Kernel Image ... reserving fdt memory region: addr=0 size=20000
OK
[ 0.000000]
[ 0.000000] Aruba Networks
[ 0.000000] ArubaOS Version 8.10.0.10-8.10.0.10 (build 89128 / label #89128)
[ 0.000000] Built by jenkins@3a84b2c4aede on 2024-02-02 at 07:41:41 UTC (gcc version 5.3.0 (Buildroot 2016.02) )
[ 8.574716] brcmboard registered
[ 8.606313] broadcomThermalDrv brcm-therm: init (CPU count 4 4 4 4)
[ 10.575617] Enabling all watchdogs
[ 11.261617]
Starting Kernel SHA1 KAT ...
[ 11.301394] Completed Kernel SHA1 KAT
[ 11.301476] Starting Kernel HMAC-SHA1 KAT ...
[ 11.301504] Starting Kernel DES KAT ...
[ 11.301504] Completed Kernel DES KAT
[ 11.301533] Starting Kernel AES KAT ...
[ 11.301534] Completed Kernel AES KAT
[ 11.301534]
[ 11.301537] Starting Kernel AESGCM KAT ...
[ 11.301537] Completed Kernel AESGCM KAT
[ 11.303894] Completed Kernel HMAC-SHA1 KAT
Thu Jan 1 00:00:00 PST 1970
Populate AP type info
Domain Name: SetMeUp.arubanetworks.com
Current OEM Name : Aruba Networks
Disabling ipv6 for devices by default
AP-type has_ble_support: ONBOARD.
IPv6 capability is supported for devices
No panic info available
Enabling ble_daemon and ble_relay via nanny
masterson: Start hotplug
Backup ENV.
Loading Broadcom[ 16.982535] wlcsm: module license 'Proprietary' taints kernel.
[ 17.059260] Disabling lock debugging due to kernel taint
drivers and kernel modules...
[ 23.112222] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link DOWN
Starting Broadcom Switch daemon (SWMDK)...[ 23.236274] isl28022: loading out-of-tree module taints kernel.
Enabling Broadcom traffic management for eth0 port (TMCTL)...
Enabling Broadcom traffic management for eth1 port (TMCTL)...
Enter non-FIPS mode
Cfg len is 4001
uap controller less detected
Mesh disabled
dual uplink platform just by factory default
Ethernet port 1 mode: active-standby
[ 23.921627] phy_dev_power_set: port_name = eth0, phy_addr = 6
Eth0 has been enslaved in bond0
Eth1 will be enslaved in bond0 for lacp detection.
Starting watchdog process...
Aruba watchdog daemon started [1 thread(s)]
Loading configuration file of length 4001...
wifi uplink not present...
extended ssid config detected...
Terminal access enabled...
Valid SSID detected...
touching file /tmp/ip_mode_0
do ethtool autoneg on for eth0
init usb modem ...
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
Ethernet uplink bond0 not active yet
[ 29.001883] bcmswlpbk0 (Ext switch port: 8) (Logical Port: 8) Virtual link UP
[ 29.080344] eth0 (Ext switch port: 7) (Logical Port: 15) (phyId: 1e) Link Up at 2500 mbps full duplex
error in reading source file
Mesh is DISABLED on this device.
extended[ 29.818018] uol_init_driver:435 HW offload not applicable, AP will use cutting through path!
ssid is activated on the platform ...
copying bootuplog ...
allow PAPI
set device anul0 mtu to 2000
notify asap_mod 3g no present...
apdot1x authentication is not enabled
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
LLDP not sent yet, DHCP is waiting
Starting DHCP
Getting an IP address...
Jan 1 00:00:25 udhcpc[5478]: udhcpc (v0.9.9-pre) started
Jan 1 00:00:25 udhcpc[5478]: send_discover: pkt num 0, secs 0
Jan 1 00:00:25 udhcpc[5478]: Sending discover...
Jan 1 00:00:26 udhcpc[5478]: send_selecting: pkt num 0, secs 512
Jan 1 00:00:26 udhcpc[5478]: Sending select for 10.254.254.6...
Jan 1 00:00:26 udhcpc[5478]: Lease of 10.254.254.6 obtained, lease time 604800
Jan 1 00:00:26 udhcpc[5478]: DHCP OPT 60 is ArubaAP
Jan 1 00:00:26 udhcpc[5478]: DHCP OPT 42, len: 4, ip: 10.254.254.1
[ 38.979103] ip_time_handler: Got ip and packets on bond0 Started conductor election 25-0, rand 18
[ 39.653857] (08:00:27) !!! Init ---> Member
Eth1 has been removed from bo[ 59.555240] phy_dev_power_set: port_name = eth1, phy_addr = 11
nd0 after lacp detection
10.254.254.6 255.255.255.0 10.254.254.1
Compressing all files in the /etc/httpd directory...
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------
Original Message:
Sent: Mar 19, 2024 01:39 PM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
Not sure what is going on but the procedure I tested yesterday does not work as flawlessly as today.
I created a dummy-AOS 8 group, set the firmware compliance but when I migrated two access-points (a 515 and a 345) to this group both did not come back online anymore.
I tested the 515 at my desk with console and there it got back online however TFTP which worked fine to upgrade the device yesterday refused to work today. The TFTP server provided logs stating connection dropped because peer didn't respond.
Office515# show upgrade
swarm upgrade status
--------------------
Mac IP Address Seed AP AP Class Status Image Info Error Detail
--- ---------- ------- -------- ------ ---------- ------------
d0:15:a6:cb:25:a8 10.254.254.7 Yes Draco image-ok tftp://10.254.254.2/ArubaInstant_Draco_8.10.0.10_89128 Retrieve image fail
Auto reboot :disable
Use external URL :enable
Conductor wait Time :2781 secs 0 count
Switch Partition :enable
Upgrade in process :Yes
UAP convert process :No
Office515# upgrade-image2-no-reboot tftp://10.254.254.2/ArubaInstant_Draco_8.10.0.10_89128
Eventually I was able to execute the step using ftp. I just find it strange that TFTP worked fine yesterday but not today.
Office515# show upgrade
swarm upgrade status
--------------------
Mac IP Address Seed AP AP Class Status Image Info Error Detail
--- ---------- ------- -------- ------ ---------- ------------
d0:15:a6:cb:25:a8 10.254.254.7 Yes Draco image-ok tftp://10.254.254.2/ArubaInstant_Draco_8.10.0.10_89128 Retrieve image fail
Auto reboot :disable
Use external URL :enable
Conductor wait Time :2781 secs 0 count
Switch Partition :enable
Upgrade in process :Yes
UAP convert process :No
Office515# upgrade-image2-no-reboot tftp://10.254.254.2/ArubaInstant_Draco_8.10.0.10_89128
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 02:48 PM
From: chulcher
Subject: Migration and Backout processes of Campus APs (half working)
I like that method/result, and you should get consistent results as long as the DHCP scope is configured to instruct UAP/IAP APs to automatically convert to controller based.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 18, 2024 02:07 PM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
Actually, not quite. When I used this method in Aruba Central and issued the command "show image version" the secondary Flash still had AOS10 running (see below)
Kitchen# show image version
Primary Partition :1
Primary Partition Build Time :2024-02-2 07:45:51 UTC
Primary Partition Build Version :8.10.0.10_89128 LSR (Digitally Signed - Production Build)
Backup Partition :0
Backup Partition Build Time :2023-12-9 03:59:26 UTC
Backup Partition Build Version :10.4.1.0_88715 LSR (Digitally Signed - Production Build)
AP Images Classes
-----------------
Class
I had to set up a tftp server with the correct image and issue:
upgrade-image2-no-reboot tftp://10.254.254.2/ArubaInstant_Gemini_8.10.0.10_89128
This eventually resulted in both images to be back at the correct AOS level
Kitchen# show image version
Primary Partition :1
Primary Partition Build Time :2024-02-2 07:45:51 UTC
Primary Partition Build Version :8.10.0.10_89128 LSR (Digitally Signed - Production Build)
Backup Partition :0
Backup Partition Build Time :2024-02-2 07:45:51 UTC
Backup Partition Build Version :8.10.0.10_89128 LSR (Digitally Signed - Production Build)
AP Images Classes
My problem this time however was that at AOS8 logged in through console (in aruba central):
convert-aos-ap cap x.x.x.x did not do anything anymore.
What I did instead now is in Aruba Central Global remove it completely, this resulted in a reboot and the Access-Point showed up again in my controller-based network.
To summarize the steps for backout:
Prerequisites: Have an scp/ftp/tftp server ready with correct images, have DHCP enabled in your network with option 43 and 60
Step 1: Move to AOS8 group
Step 2: TFTP AOS8 image to backup flash-drive (upgrade-image2-no-reboot tftp://x.y.z.a/ArubaInstant_Gemini_8.10.0.10_89128
Step 3: Validate image versions with show image version
Step 4: Move AP to default group (is this step necessary?)
Step 5: In global mode, delete AP and reboot
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 01:24 PM
From: chulcher
Subject: Migration and Backout processes of Campus APs (half working)
If that method works for you, then sure.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 18, 2024 01:18 PM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
Just a thought about the revert process. Would it be an idea to create a temporary AOS8 group on Aruba Central and before reverting AOS10 back to the local controller based version, downgrade to AOS8 from Aruba Central and then issue the conversion from Aruba Central? That way at least I would don't have this descrepancy:
So full backout process would be:
Step 1: Move AOS 10 AP to AOS8 group
Step 2: (When AP is reachable and booted from AOS8): aos-convert-ap cap <a.b.c.d>
Step 3: Reboot if required
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 12:42 PM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
thanks insightful
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 12:13 PM
From: chulcher
Subject: Migration and Backout processes of Campus APs (half working)
That particular command only works for those specific models, which is why I don't bother mentioning that as an option.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 18, 2024 12:09 PM
From: VanD
Subject: Migration and Backout processes of Campus APs (half working)
Hi,
unsure of your model AP you are using, but I have had success flashing the backup partition on 300 series ap using the ap31x-ap32x backup partition.
With AOS 8.10.0.10 I was able to also flash 315 AP backup partitions.
regards,
Original Message:
Sent: 3/18/2024 11:54:00 AM
From: mvanoverbeek
Subject: RE: Migration and Backout processes of Campus APs (half working)
Thanks Carson
This is currently all simulation of course but I want to be sure when performing this in the production network I am not overlooking anything.
I can see indeed that the backup is still set to AOS10 by issuing the show ap image version output below.
So in the hypothetical situation that I need to backup a migration to Aruba Central, should I synchronize these two flash drives to prevent unforeseen issues? I don't dare to ask but, how would I do that? I couldn't find a command to do that from the controller.
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 10:26 AM
From: Carson Hulcher
Subject: Migration and Backout processes of Campus APs (half working)
The command is used for converting any AP running IAP or AOS 10 to a campus AP.
Note, only one of the two images on the AP is converted to the campus AP image, you can end up in a situation where the AP will boot to the non-campus image and the AP doesn't behave as expected.
Downgrade from AOS 10 to AOS 8 should only be done when absolutely necessary.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 18, 2024 10:18 AM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
Thank you, I can add as well that I noticed that this method worked for any Access-points I had running in Aruba Central, regardless of the fact that they were previously associated with the controller.
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 18, 2024 09:45 AM
From: chulcher
Subject: Migration and Backout processes of Campus APs (half working)
New link for posterity: https://www.arubanetworks.com/techdocs/aos/aos10/migrate/aps/cap/#revert-to-aos-8-firmware-version
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Mar 16, 2024 09:41 AM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
That was the missing piece, it worked!
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
Original Message:
Sent: Mar 15, 2024 04:52 PM
From: 802.zak
Subject: Migration and Backout processes of Campus APs (half working)
You will also have to convert the AP back to a CAP WAP.
convert-aos-ap cap <controller-address>
Covered here - in Section "Revert to AOS 8 Firmware Version"
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Mar 15, 2024 04:43 PM
From: mvanoverbeek
Subject: Migration and Backout processes of Campus APs (half working)
I am trying to test the migration of a Campus environment to Aruba Central and potential backout in case I run into errors.
The process to Aruba Central is straightforward with the documentation I could find. The backout process unfortunately does not go as smoothly.
Unless I use brute force aka a paperclip and the reset button I cannot get my APs to connect to my controller again.
My setup:
VMC with 8.10.0.10_89128
345 AP running 8.10.0.10_89128
DHCP server options 6,42,43,60 (all to local IP addresses)
Converting the access-points to Aruba Central was straight forward and consisted of:
Step 1: Provision Access-Point in Greenlake (assign service manager and subscription tier)
Step 2: Open Firewall ports for NTP/DNS/HTTPS or define DHCP options 6 (DNS), 42 (NTP) and just open HTTPS
Step 3: Issue the command for group or ap conversion (ap convert add ap-group|ap-name <something>)
Step 4: Issue the command to test Aruba Central readiness (ap convert pre-validate specific-aps) << NTP DNS error or NTP Unreachable when either are blocked by firewall or AP have no provision rule(Activate) when Aruba Central isn't ready.
Step 5: Issue the AP convert command:"ap convert active all-aps server ftp username ftp-user 10.254.254.3 ArubaOS_Draco_10.4.1.0_88715"
Step 6: Keep validating with "show ap convert-status"
Step 7: Validate in Aruba Central, so far so good, al seems to be ok, I can see and reach the device in central
Now the opposite route, what if I want to revert back to the controller-based solution.
These steps I defined:
Step 1: Downgrade OS to from Aruba Central back to 8.10.0.10_89128
Step 2: Remove service manager and subscription tier from AP
Step 3: ????
Out of itself this AP will not connect back to my Virtual Controller, I logged through the console but nothing seems to work. Oddly enough the username and password appeared to have reset with this downgrade to admin/admin. Eventually I issued a factory reset using the paperclip method. This got the AP back online, but isn't really a solution I can issue remote. What step have I overlooked?
I hope someone can help point me in the right direction.
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------