extreme wireless Identify v2110 problem with access on port 5825

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi
I have problem with access on my controller on port 5825.
That problem appeared after netsight migration and upgrading from v6.3.0.184 to 186
wireless controller (WC) is in my managment vlan as the FW interface is and on FW interface a can connect and WC interface on port 5825 is unreachable but I can ping WC.
Also i can "ask" if 5825 port on WC is reachable and i have an answer from that port.
WC is a part of netsight and nacgateway infrastructure

What and where i should check to do the right troubleshooting of that problem
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Anybody ?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Was the controller also upgraded, which version is installed right now.
I don't see how the Netsight migration/upgrade could influence the GUI behavior of the controller.

Run the following command in the shell (= ssh to the controller > login as admin > use the command "shell" > use the admin password) and post a screenshot of the output.

ps -ef | grep -i httpd
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Controller was not upgraded, running SW on WC is  10.11.03.0004
Problem is that:
Controller (on VLAN 10)  and MyComputer (on VLAN 10) = i can logon via GUI (page show up)
Controller (on VLAN 10)  and MYComputer (on VLAN 20) = i can't open web GUI (page dont show up)

No Firewall change was made

root@wlan:~# ps -ef | grep -i httpd
root      1424     1  0 Jun02 ?        00:00:06 /usr/sbin/httpd -k restart
apache    1648  1424  0 Jun02 ?        00:00:00 /usr/sbin/httpd -k restart
apache    1649  1424  0 Jun02 ?        00:00:00 /usr/sbin/httpd -k restart
apache    1650  1424  0 Jun02 ?        00:00:00 /usr/sbin/httpd -k restart
apache    1651  1424  0 Jun02 ?        00:00:00 /usr/sbin/httpd -k restart
apache    1652  1424  0 Jun02 ?        00:00:00 /usr/sbin/httpd -k restart
apache   21943  1424  0 09:05 ?        00:00:00 /usr/sbin/httpd -k restart
apache   27161  1424  0 Jun05 ?        00:00:00 /usr/sbin/httpd -k restart
apache   27233  1424  0 09:13 ?        00:00:00 /usr/sbin/httpd -k restart
root     30156 29950  0 09:18 pts/0    00:00:00 grep -i httpd
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Thanks, makes more sense now.

1) could you ping the controller if the PC is in VLAN#20
2) how to you access the controller, via the IP of the mgmt/admin port or a ESA port topology
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
AD1


Pinging from VLAN 20 to VLAN10 on WC Admin interface

C:\Users\Marek\Narzędzia\Tools\PSTools>psping.exe 172.16.0.16

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Pinging 172.16.0.16 with 32 bytes of data:
5 iterations (warmup 1) ping test:
Reply from 172.16.0.16: 11.40ms
Reply from 172.16.0.16: 15.31ms
Reply from 172.16.0.16: 3.90ms
Reply from 172.16.0.16: 2.77ms
Reply from 172.16.0.16: 5.94ms

Ping statistics for 172.16.0.16:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 2.77ms, Maximum = 15.31ms, Average = 6.98ms



Pinging from VLAN 20 to VLAN10 on WC Admin interface port 5825

C:\Users\Marek\Narzędzia\Tools\PSTools>psping.exe 172.16.0.16:5825

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 172.16.0.16:5825:
5 iterations (warmup 1) connecting test:
Connecting to 172.16.0.16:5825 (warmup): 3.04ms
Connecting to 172.16.0.16:5825: 3.87ms
Connecting to 172.16.0.16:5825: 7.24ms
Connecting to 172.16.0.16:5825: 8.29ms
Connecting to 172.16.0.16:5825: 4.50ms

TCP connect statistics for 172.16.0.16:5825:
  Sent = 4, Received = 4, Lost = 0 (0% loss),
  Minimum = 3.87ms, Maximum = 8.29ms, Average = 5.98ms



AD2

im accessing to WC GUI via Admin interface
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
You shouldn't use the Admin interface during normal operation as it could result in different data paths.

Could you try to enable mgmt on another topology and test whether you'd access the controller via VLAN#20 on that IP.
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
every topology is Bridged at AP and i cant add IP address to it.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
What about the topology that is used to connect the APs ?

Is there a default gw set in the > controller > administration > host attributes > default gw IP ?
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
APs topology has no default GW ip  only controller has its own IP, AP topology is separatet from others


IMHO the problem is with the GUI configuration ... for example SSH (22) port is working fine
(Edited)
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
This is what ive got with wireshark... WC is sending RESET FLAG


Transmission Control Protocol, Src Port: 56554 (56554), Dst Port: 5825 (5825), Seq: 201, Ack: 1, Len: 0
    Source Port: 56554 (56554)
    Destination Port: 5825 (5825)
    <Source or Destination Port: 56554 (56554)>
    <Source or Destination Port: 5825 (5825)>
    [Stream index: 5]
    [TCP Segment Len: 0]
    Sequence number: 201    (relative sequence number)
    Acknowledgment number: 1    (relative ack number)
    Header Length: 20 bytes
    Flags: 0x014 (RST, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 0... = Push: Not set
        .... .... .1.. = Reset: Set
            [Expert Info (Warning/Sequence): Connection reset (RST)]
                [Connection reset (RST)]
                <Message: Connection reset (RST)>
                [Severity level: Warning]
                [Group: Sequence]
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: ·······A·R··]
    Window size value: 0
    [Calculated window size: 0]
    [Window size scaling factor: 256]
    Checksum: 0xc5f1 [unverified]
    [Checksum Status: Unverified]
    Urgent pointer: 0
(Edited)
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
Any ideas ?
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Marek

I would recommend you put a call into GTAC and someone can look at this for you.

-Gareth
Photo of Marek Konopinski

Marek Konopinski

  • 468 Points 250 badge 2x thumb
my english isnt so fluent so i prefer to ask here
Photo of Drew C.

Drew C., Community Manager

  • 37,366 Points 20k badge 2x thumb
You can submit a case online and respond by email or in the support portal if you prefer.
https://extremeportal.force.com/ExtrArticleDetail?n=000001818