Wireless Access

 View Only

  • 1.  Editing MD config from command line

    Posted Feb 24, 2020 11:19 AM

    When running show config effective on an MD node  I see the config 

     

    interface port-channel 0

        switchport mode trunk

        switchport trunk allowed vlan 1-4094

        switchport trunk native vlan 1

        trusted

        ip access-group in block_mdns

        trusted vlan 1-4094

     

    where block_mdns is defined elsewhere. This is. present on both MD boxes in our cluster.

     

    Looking at the MD configurations at via the GUI, although an inbound / outbound policy has been defined, it doesn't say what the inbound inbound one is  just that there isn't an outbound one. You can remove the policy via the GUI  by selecting no policy and you end up with

    interface port-channel 0

        switchport mode trunk

        switchport trunk allowed vlan 1-4094

        switchport trunk native vlan 1

        trusted

        trusted vlan 1-4094

    .... so how do you revert it back ?
    From the GUI you can enable inbound/outbound but theres not an block_mdns option.
    From the CLI,  when MDconnected to the MD controller you wish to revert, you're told that you need to do this from the MM 
    On the MM, even if you cd to the MD box, i suspect you're still editing the MM config ...

    So how do you add the block_mdns entry back into the controller?

     

    A

     



  • 2.  RE: Editing MD config from command line

    Posted Feb 24, 2020 11:20 AM

    Screenshot 2020-02-24 at 16.12.42.png



  • 3.  RE: Editing MD config from command line
    Best Answer

    Posted Feb 25, 2020 05:27 AM

    (ArubaMM-VA) *[00:0b:86:73:b5:f8] (config) #interface gigabitethernet 0/0/0

    (ArubaMM-VA) *[00:0b:86:73:b5:f8] (config-submode)#no ip access-group
    in Apply access-list to interface's inbound traffic
    out Apply access-list to interface's outbound traffic
    session Apply session access-list to interface
    vlan Apply session access-list to Vlan



  • 4.  RE: Editing MD config from command line

    Posted Feb 25, 2020 06:50 AM

    Pity you can't accept 2 posts as the solution. Certainly the show configuration effective detail was really useful and just typing in (in my case) cd /md/uoy/dev/<controller name> then cont t was the other bit

     

    Thx both

    A



  • 5.  RE: Editing MD config from command line

    Posted Feb 24, 2020 09:12 PM

    At each level in the MD hierarchy, take a look at the effective configuration with the "show configuration effective detail" command. This will show you where it was configured at, and at which level it was inherited at. For example, this portion of the config in my lab shows where it got its config from:

     

    user-role REMOTE-FAC_STAFF-ROLE # inherited from [/md/Home-Lab/Virtual-Cluster]
    !
    user-role switch-logon # inherited from [/]
    !
    user-role Burns-Guest-guest-logon # inherited from [/md/Home-Lab]
    access-list session logon-control # inherited from [/md/Home-Lab]
    access-list session captiveportal # inherited from [/md/Home-Lab]
    access-list session v6-logon-control # inherited from [/md/Home-Lab]
    access-list session captiveportal6 # inherited from [/md/Home-Lab]
    captive-portal Burns-Guest_cppm_prof # inherited from [/md/Home-Lab]

     

     

    If any of the changes were made on the MD in disaster recovery mode, make sure your MM configuration mirrors what was added. If you still cant get it to where you want, I would start form scratch on the MM end, and get rid of any lingering config on the MD side via disaster recovery.

     

     



Related Content