AP-7522-67030-WR access point doesn't connect to the internet

  • 0
  • 1
  • Problem
  • Updated 3 days ago
Our Standalone access point (AP-7522-67030-WR with Wing V.5.9.1.2-006R) doesn't connect to the internet when using RF scanner (MC92N0 WIN CE 7.0) or any Android phone or Tablet. 
But I can search the internet when using an i-phone or desktop WIN 10 pc with this AP 7522 WIFI connection. I am wondering if this is a firmware upgrade issue or some other setup issue?
Has anyone experienced this before or please share your thoughts on how to resolve this issue?

FYI: AP7522 is setup as Standalone with Static IP/ Default Gateway IP/ DNS IP.
        WLAN is setup with WPA2-Personal/AES encryption.
        All devices are configured as DHCP. to connect to AP7522 WIFI.system.
Photo of Manuel Zablan

Manuel Zablan

  • 220 Points 100 badge 2x thumb

Posted 1 week ago

  • 0
  • 1
Photo of Andy Holden

Andy Holden, Employee

  • 1,472 Points 1k badge 2x thumb

Hi

The first thing to check is to confirm that the devises are connected and authenticated

If you log into the cli of the AP and do a show wireless client, It will list all the devices on the AP and their status. A status of "DATA READY" is what you want.

You can also do a "show event-history". You may need to scrol down a bit, but you ca see when the device tries to connect and authenticate 
Photo of Manuel Zablan

Manuel Zablan

  • 220 Points 100 badge 2x thumb
Hi Andy, 

The RF scanner device error message is "The page cannot be displayed" with Cannot find server or DNS Error on Internet explorer, while the tablet error message is the timeout error on Chrome.
AP event history window does show the handshake to AP radio (connection completed/successful) on the iphone and desktop devices but no history of the devices that couldn't connect.
All devices are showing AP radio/WiFi as "connected", but going to google site was only successful on the 2 devices I've mentioned.
Photo of Andy Holden

Andy Holden, Employee

  • 1,472 Points 1k badge 2x thumb

Hi Manual

Once a scanner is connected, confirm it has a valid I/P from the correct subnet. Also confirm the correct GW and DNS server is set
Photo of Manuel Zablan

Manuel Zablan

  • 210 Points 100 badge 2x thumb
Hi Andy,

Yes the scanner connects properly to our WMS server with correct GW and subnet and valid  IP (no issue using our WMS SW) . The scanner just couldn't access the internet with this AP7522 radio ...
FYI The scanner connects to the internet using our older AP 5131 no problem. 
Photo of Andy Holden

Andy Holden, Employee

  • 1,472 Points 1k badge 2x thumb
Hi Manuel

Please go to
https://gtacknowledge.extremenetworks.com/articles/Q_A/Where-can-I-find-best-practices-and-recommend...

and download the Best Practices document.

There is a section for the Firewall configuration. Please implement it
Photo of Manuel Zablan

Manuel Zablan

  • 210 Points 100 badge 2x thumb
Hi Andy,

Thank you for your suggestion. 

The AP firewall is enabled and when I added WLAN ACL rule for any source/destination the Android phone connects to the internet no problem. 
But the RF scanners and industrial tablet still can't, even when I add the ACL rule with their respective IP addresses. 
I agree it is a matter of the firewall settings either with the AP or RF devices. 
I have asked our IT manager to confirm our firewall settings for AP 7522 but with other devices connecting to the internet using the AP radio, it may be an issue with the RF firewall unless there's an AP firewall policy on limited external access from RF devices?
I am also going to consult our RF device manufacturer for advice.
Photo of Yas

Yas

  • 160 Points 100 badge 2x thumb

Hi Manual
make sure you can ping a remote server outside the network, such as 8.8.8.8.
Use the wirelees Options diagnostic tool.
if you connect to WMS Telnet, you may not be able to access outside resources, which can be understood for security reasons.





Photo of Manuel Zablan

Manuel Zablan

  • 180 Points 100 badge 2x thumb
Hi Yas,

Yes I can ping IP 8.8.8.8 np from the RF device. 
I am consulting with our RF device manufacturer regarding the internet options setup as when I added the IP for trusted sites, RF device still doesn't connect to the internet.
Photo of Yas

Yas

  • 160 Points 100 badge 2x thumb

Manual
the AP  firewall default-Policy allow the internet access, if you don't modifit this Policy = no problem.
But , check the router or the firewall device .your firewall rule adapted for the AP 5131 incense, are no longer relevant for your AP7522. ( AP IP address and MAC address different).


Photo of Manuel Zablan

Manuel Zablan

  • 180 Points 100 badge 2x thumb
Hi Yas,

As I've mentioned earlier, other devices such as iPhone and desktop pc connects to the internet using AP 7522 with no issues. And I was able to use the android phone when I added a WLAN ACL rule on the AP 7522 Security/Firewall settings. 
Hence it is not our router or firewall device since we can use other devices to connect. I think it comes down to the RF device firewall or internet options setup.
Photo of Yas

Yas

  • 160 Points 100 badge 2x thumb

Hi Manual
I understood that you were using a WLAN ACL. this is not a problem because it is limited to the radio level. concerning the MC92N0, there are not many parameters, and by default with an IP address in DHCP = I have no problem of WEB connection ( same AP version, MC92N0 OS = 10.57.22).
The only options that could be problematic are Gateway and DNS configuration.
you can test that if you want.
Photo of Manuel Zablan

Manuel Zablan

  • 200 Points 100 badge 2x thumb
Hi Yas,

Thank you for your suggestion about the gateway and DNS configuration. 
You're right about the limited parameters of the RF scanner MC92N0.

Have you tried using Android devices to connect to the Web with AP 7522? 
As per our IT manager, the issue is the wireless connection is not stable with Android devices. 
Maybe there's a better AP model for RF devices running on Android OS, with the same functionality, network capability and security level as AP 7522?
 
In warehousing, our customers don't require much functions on their access points as long their RF devices connects to their WMS system with normal WPA2 encryption setting, and at most about 30 APs in a big warehouse with one or two AP(s) as virtual controllers. Recently new customers want RF devices with Android OS.
Photo of Yas

Yas

  • 160 Points 100 badge 2x thumb

 Hi Manual
no connection problem with recent android devices: 6,7 and 8.

 1) yes, other parameters are important concerning the RF, in the menu "Wireless Options" as the choice of frequency, country-code, roaming parameters etc ...
however, knowing the world of the warehouse the WING solution is the right one.
Concerning the use of Android device, it is necessary to pay attention to the configuration otpions also.
if you use emulators like Telnet, Tekterm, or other ... disconnections during the sessions can be disastrous for the production.
We have customer with android device using Extreme WING infrastruture without problems. It is necessary to be attentive to the configuration of the terminals according to their use and the choice of the constructors. If you keep the MC92n0 for example, other parameters are available.

A configuration tip:
 - configure devices only on a single frequency band 2.4 or 5Ghz, not both.
 - In android you can choose the channels
 - prevent the hibernation of the Wireless card, etc....


See as bellow , screens of configuration android for ZEBRA TC8000
Photo of Manuel Zablan

Manuel Zablan

  • 200 Points 100 badge 2x thumb
Thanks for the tip! 
Currently we're testing TC70 and an industrial tablet on android OS using Telnet/velocity.
No problem with our WMS app with AP7522, just the wireless connectivity seems unstable, hence issue with web connection..
Photo of Pablo Moriconi

Pablo Moriconi

  • 90 Points 75 badge 2x thumb
Follow the Best Practices and disable firewall (using the CLI)

firewall-policy default 

no stateful-packet-inspection-l2

no ip dos smurf 

no ip dos twinge 

no ip dos invalid-protocol


Photo of Pablo Moriconi

Pablo Moriconi

  • 90 Points 75 badge 2x thumb
Recommended Firewall Policy Configuration: 
 firewall-policy default  
 no ip dos  
 no ip-mac conflict 
 no ip-mac routing conflict  
 dhcp-offer-convert 
 no ipv6 strict-ext-hdr-check  
 no ipv6 unknown-options  
 no ipv6 duplicate-options  
 no ipv6 option strict-hao-opt-check 
 no ipv6 option strict-padding 
 no stateful-packet-inspection-l2 
 no ipv6-mac conflict 
 no ipv6-mac routing conflict
(Edited)
Photo of Manuel Zablan

Manuel Zablan

  • 200 Points 100 badge 2x thumb
Hi,

Firewall policy - default with ipv6 disabled, disabled auto PAC settings, disabled FIPS mode, etc. and the only options activated are the OP Mode Filtering and Regulatory where Country is Canada with disabled 802.11d and bandwidth for 2.4GHz only.
So the device setup is mostly by default with the AP 7522 firewall - enabled. >> still no internet access with the device MC92N0..
Photo of Pablo Moriconi

Pablo Moriconi

  • 90 Points 75 badge 2x thumb
Yesterday I have to test one AP-7522 from defaults.
I can only ping the AP but not the rest of network devices and internet
I had to disable this:
no stateful-packet-inspection-l2
no ip-mac conflict 
no ip-mac routing conflict

Photo of Carlos Assunção

Carlos Assunção

  • 294 Points 250 badge 2x thumb
HI,

Please make sure on the device the following:

 go to settings>connections>advanced and ensure that on the two drop down menus you have either my network or my isp and not one of each.

Best Regards
Photo of Manuel Zablan

Manuel Zablan

  • 200 Points 100 badge 2x thumb
Hi, yes there's only one item in my connections tab but still no go on internet with mc92N0
Photo of Pablo Moriconi

Pablo Moriconi

  • 90 Points 75 badge 2x thumb
If you have WinCE7 you Will not see my network and my isp
Photo of Manuel Zablan

Manuel Zablan

  • 220 Points 100 badge 2x thumb
I was able to connect to the internet using the MC92N0 (CE 7.0) by creating another Fusion profile pointing to the other AP that connects to the internet. 
Not ideal but creating 2 fusion profiles, one for internet and one for WMS (AP7522) works for all RF devices with CE OS. For now this satisfy a customer requirement.

As for the Android devices, testing is still in progress but having 2 fusion profiles work as well.

Thank you team for all your suggestions!