Question

The CAPWAP connection with HiveManager was lost.

  • 26 June 2019
  • 5 replies
  • 1678 views

 

Hello guys

I have a problem here on the network. During peak hours my aps started to lose connection with hive manager, even though everything is ok with the links, and also the clients that are connected in the APs are still connected and browsing normally, I also did a test with you to access the ssh of the APs but they can not connect to the Hive, for the rest of the day it has been connected to the hive normally.


5 replies

A common culprit for this behavior is broadcast traffic. One overlooked source is IPV6 traffic. If you are not running/supporting IPV6 and supplying addresses via DHCP for IPV6 it can take a network down or in a lighter form cause APs to drop out of HiveManager. There is a supplemental CLI command that allows you to filter the IPV6 packets from clients at the wireless radio and drop them. My 300+ AP, 1000+ user network would crash due to the sheer broadcast traffic generated from IPV6 self assigning addresses. Once I filtered the traffic it has been rock solid.

Because the site has been so dynamic lately I often find the links are broken. You can search for supplemental CLI for your flavor of Hive Manager and CLI commands for your version of APs. Since it was not stipulated I am assuming a current version of AP and HiveOS, The command is applied to the user profiles as shown below. There are also commands to limit broadcast amd multicasts on the wired interface as well. Any filtering that reduces the packets that the CPU, of the AP, has to process will help it maintain connectivity during higher loads.

 

 

user-profile NoWhere security deny ipv6

user-profile HowToConnect security deny ipv6

user-profile PersonalUse security deny ipv6

user-profile Guest security deny ipv6

user-profile MediaGeeks security deny ipv6

user-profile MacLab security deny ipv6

user-profile Faculty/Staff security deny ipv6

user-profile acadUsers security deny ipv6

user-profile Students security deny ipv6

user-profile csStudents security deny ipv6

interface eth0 rate-limit multicast 40

interface eth0 rate-limit broad 40

link?

thanks

I'm assuming you've had no issues/side effects with the eth0 rate limits.

The profiles I'm working with are straight BYOD students so ther'es no bonjour or miracast type options needed.

Just a little nervous with the rate limiting causes something unexpected?

Userlevel 1

Most likely the APs are getting overloaded and are missing their echo packets. The HiveManager and the APs have a call and response check-in system that allows them to confirm that each side of the connection is still responsive; these call and response packets are called echos. There is a specific time window within which an AP would need to respond to an echo to be considered still responsive. If the AP misses a certain number of echos back to back, it is considered disconnected until it responds again. If an AP is still connected to the internet and passing traffic while missing echos, it's likely due to latency on the network; the AP is unable to process the echo request quickly enough due to the amount of traffic it has to process before responding. To confirm that we are missing echo packets, we'd want to SSH in to an AP to enable CAPWAP debugs and then collect tech data. 

 

This guide reviews how to enable CAPWAP debugs: https://thehivecommunity.aerohive.com/s/article/CAPWAP-debugs

 

These guides review how to get tech data, depending on which HiveManager platform you are using:

HiveManager Classic-https://thehivecommunity.aerohive.com/s/article/How-to-download-tech-data-in-Classic 

HiveManager NG-https://thehivecommunity.aerohive.com/s/article/How-to-download-tech-data-in-HiveManager 

Device CLI-https://thehivecommunity.aerohive.com/s/article/Collecting-Tech-Data-via-CLI

 

If you'd like to send the tech data to me for review, my direct email is communityhelp@aerohive.com.

 

 

Reply