RUCKUS Forums - Re: AP rejected on vSG "because of ACL setting"

Anonymous · ‎01-18-2018

I am unable to add multiple R600 APs at a remote site to our vSZ. I'm moving them from a local (to them) ZD to a remote (central location) vSZ, but the procedure I've used many times no longer works. I factory defaulted the AP, then "set director ip xxx.xxx.xxx.xxx" and rebooted, and it does contact the vSZ, but the controller is rejecting it with this error:

"
ZD-AP [obscured] model [R600] is not being upgraded with Virtual SmartZone AP firmware because of ACL setting."

I then tried upgrading the AP to 100.x standalone firmware, but same results... it gets rejected with that error. Any idea what is wrong? I've added APs from remote sites with no problem, so this is a first for me.

marcus_burton · ‎01-18-2018

Hi Jim,
The ACL setting referred to here is for the lwapp2scg conversion utility that allows ZD-based APs to connect to the SZ. In the SZ CLI, you can change this setting:

vSZ# config

vSZ (config)# lwapp2scg

vSZ (config-lwapp2scg)# policy accept-all

If the problem persists after this, try (just for confirmation) to change the policy to "accept" and then enter a rule (vSZ (config-lwapp2scg)# acl-ap...) to add an allow rule for that specific AP.

Also, can you share what build you are working from?

thanks,
Marcus

Anonymous · ‎01-18-2018

Thank you! This solved my problem immediately. Appreciate the help,.

Anonymous · ‎01-18-2018

I have met same problem.

At that time, I did diabling and re-enabling the command as "policy accept-all".

As a result this solved.

It may a bit bug becaue default setting is "policy accept-all".

Anonymous · ‎07-19-2018

Solved our problem as well - thank you!