AP130 8.1r2 problem, disabled SSID is popping up in broadcast

  • 1
  • Question
  • Updated 9 months ago
  • (Edited)
After upgrading to 8.1r2 in NG my AP130's start broadcasting a (not used) disabled 2nd SSID. The other AP230 upgraded fine and doesn't show the "disabled 2nd SSID". Any thoughts on this one?
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes

Posted 9 months ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Patrick,

Have you looked for any differences in the running config?

Regards,

Nick
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
I renamed the new profiles, set the bandwidth, SSID's and saved them again. Then put the new profiles in the Autoprovisioning, assigned and uploaded them to the AP130's. They still bootup with the default radio profiles.
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
I just compared both running configs: The AP130 is loading the "default radio_ng_ac0 and ng0 radio profiles" and not the programmed adjusted versions, as the AP230 is loading the proper new radio profiles.

So it seams that is the cause..... It made them factory default, but is still loading the default radio profile and not the proper new profiles.
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Patrick,

So, to clarify, you are saying that a radio profile is bound to a radio but is not being used?

What do you see via:

show run | inc "interface wifi"

Anything for: 

interface wifi0 radio profile ...

interface wifi1 radio profile ...

Cheers,

Nick
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
running config AP130:
interface wifi0 radio tx-power-control auto
interface wifi1 radio profile radio_ng_ac0
interface wifi1 mode access
interface wifi1 radio tx-power-control auto
interface mgt0 hive Hive-Profile-1
interface wifi0 ssid "Steve Jobs-ppsk"
interface wifi0 ssid "Steve Jobs"
interface wifi1 ssid "Steve Jobs-ppsk"
interface wifi1 ssid "Steve Jobs"
Programmed config op AP130 and AP230:

radio profile RADIO1_NG_AC0
SSID "Steve Jobs-ppsk" is set to "off" on these AP's

AP230 is correct, AP130 is stuck on default RP.

This doesn't happen on 8.1r1 or lower..... downgrading solves the problem...... so it must be release related.
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Patrick,

I am also a little confused how this relates to enabled/'disabled' SSIDs.

SSIDs are enabled on a radio via the interface. If this is not present, the SSID should not be made available for service via a BSS on that radio.

show run | inc "interface wifi"

... will show what is present in the running configuration.

You should see something like:

interface wifi0 ssid Example

interface wifi1 ssid Example

This is separate to the radio profile configured on an interface.

Regards,

Nick
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
The second SSID is NOT enabled in the Radio profile, but is visible in the interface on the AP. And is also broadcasted.
Photo of Bill Lundgren

Bill Lundgren, Employee

  • 21 Posts
  • 12 Reply Likes
Hi All!

Patrick/Nick,

I'm assuming that you are on NG here.  If so, this is a known bug.  The reason I know, is because I filed it this weekend. :) haha.  It is CFD-2833, and is a P1/Crit within engineering.  They have isolated the issue, know root cause, and will be patching it in production soon.  I don't have an exact date, but I'd expect in the next few days.

The issue is that when an AP is on 8.1r2 and ONLY on 8.1r2, NG does not pick up on AP specific configuration, and in instead, leverages the built-in default templates, which force the default radio profiles.   Anything set by modifying the AP itself will not be correctly sent in config. In your case, disabling an SSID.

The work-around, is to simply downgrade the AP to 8.1r1, or 6.5r8, or anything but 8.1r2.  The issue is NOT with the HiveOS, but with NG, so the fix to the cloud will be seamless.  If you must run 8.1r2 for some reason, as a temporary work-around you can downgrade the AP, then apply the config.  Then upgrade the AP, but DO NOT push a config to the AP.  You will get the benefit of using 8.1r2, and the config will be correct, but you just won't be able to push a correct config until the patch is installed.

Sorry for the bad news, but the good news is that this is known, we have isolated root cause, are actively fixing it, and the fix will be in an agile sprint patch in the next few days.

--Bill

Bill Lundgren, Director of Systems Engineering - West US / Canada
blundgren@aerohive.com
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
Thanks Bill and Nick for the support, i'll be more patient, but with the KRACK issues I wanted to report the issue as release 8.1r2a is coming up and everyone is going to upgrade I think.....

Two thumbs up.
Photo of Bill Lundgren

Bill Lundgren, Employee

  • 21 Posts
  • 12 Reply Likes
Keep in mind that the Krack issue only fixes Aerohive devices running in client mode (aka mesh). If your APs are portal mode, it’s not a problem. The real issue with that exploit is on the client. So upgrading to our patch still won’t “fix” anything for your clients. They are still vulnerable. Make sure for good security management you are making sure every client device you have is patched. IPhones, Androids, cameras, IoT stuff... you get the idea. It’s a daunting task that will take some time.
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
The Autoprov profile:



The running config:

interface wifi0 ssid "Steve Jobs-ppsk"
interface wifi0 ssid "Steve Jobs"
interface wifi1 ssid "Steve Jobs-ppsk"
interface wifi1 ssid "Steve Jobs" The Wifi scan:
Photo of Patrick Spencer

Patrick Spencer

  • 26 Posts
  • 4 Reply Likes
(SOLVED) The problem seems to be already solved with the AP130 8.1r2a update. After updating to AP130 8.1r2a the AP130 is loading the Radio Profiles properly again. So all settings are loaded properly and no broadcasting from "disabled SSID" anymore.

Thanx all!
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
We still need this fix for on-prem NG deployments, please. 
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
We know. There will be a patch for the VA available soon.

Regards,

Nick