Showing results for 
Search instead for 
Did you mean: 

AP rejected on vSG "because of ACL setting"

I am unable to add multiple R600 APs at a remote site to our vSZ. I'm moving them from a local (to them) ZD to a remote (central location) vSZ, but the procedure I've used many times no longer works. I factory defaulted the AP, then "set director ip" and rebooted, and it does contact the vSZ, but the controller is rejecting it with this error:

ZD-AP [obscured] model [R600] is not being upgraded with Virtual SmartZone AP firmware because of ACL setting."

I then tried upgrading the AP to 100.x standalone firmware, but same results... it gets rejected with that error. Any idea what is wrong? I've added APs from remote sites  with no problem, so this is a first for me.

New Contributor III
Hi Jim,
The ACL setting referred to here is for the lwapp2scg conversion utility that allows ZD-based APs to connect to the SZ. In the SZ CLI, you can change this setting:

vSZ# config

vSZ (config)# lwapp2scg

vSZ (config-lwapp2scg)# policy accept-all 

If the problem persists after this, try (just for confirmation) to change the policy to "accept" and then enter a rule (vSZ (config-lwapp2scg)# acl-ap...) to add an allow rule for that specific AP. 

Also, can you share what build you are working from? 


Thank you! This solved my problem immediately. Appreciate the help,.

Valued Contributor
I have met same problem.

At that time, I did diabling  and re-enabling the command as "policy accept-all".

As a result this solved.

It may a bit bug becaue default setting is "policy accept-all".

New Contributor
Solved our problem as well - thank you!