extreme wireless Identify v2110 problem with access on port 5825


Hi
I have problem with access on my controller on port 5825.
That problem appeared after netsight migration and upgrading from v6.3.0.184 to 186
wireless controller (WC) is in my managment vlan as the FW interface is and on FW interface a can connect and WC interface on port 5825 is unreachable but I can ping WC.
Also i can "ask" if 5825 port on WC is reachable and i have an answer from that port.
WC is a part of netsight and nacgateway infrastructure

What and where i should check to do the right troubleshooting of that problem

14 replies

Anybody ?
Userlevel 7
Was the controller also upgraded, which version is installed right now.
I don't see how the Netsight migration/upgrade could influence the GUI behavior of the controller.

Run the following command in the shell (= ssh to the controller > login as admin > use the command "shell" > use the admin password) and post a screenshot of the output.

ps -ef | grep -i httpd
Controller was not upgraded, running SW on WC is 10.11.03.0004
Problem is that:
Controller (on VLAN 10) and MyComputer (on VLAN 10) = i can logon via GUI (page show up)
Controller (on VLAN 10) and MYComputer (on VLAN 20) = i can't open web GUI (page dont show up)

No Firewall change was made

root@wlan:~# ps -ef | grep -i httpd
root 1424 1 0 Jun02 ? 00:00:06 /usr/sbin/httpd -k restart
apache 1648 1424 0 Jun02 ? 00:00:00 /usr/sbin/httpd -k restart
apache 1649 1424 0 Jun02 ? 00:00:00 /usr/sbin/httpd -k restart
apache 1650 1424 0 Jun02 ? 00:00:00 /usr/sbin/httpd -k restart
apache 1651 1424 0 Jun02 ? 00:00:00 /usr/sbin/httpd -k restart
apache 1652 1424 0 Jun02 ? 00:00:00 /usr/sbin/httpd -k restart
apache 21943 1424 0 09:05 ? 00:00:00 /usr/sbin/httpd -k restart
apache 27161 1424 0 Jun05 ? 00:00:00 /usr/sbin/httpd -k restart
apache 27233 1424 0 09:13 ? 00:00:00 /usr/sbin/httpd -k restart
root 30156 29950 0 09:18 pts/0 00:00:00 grep -i httpd
Userlevel 7
Thanks, makes more sense now.

1) could you ping the controller if the PC is in VLAN#20
2) how to you access the controller, via the IP of the mgmt/admin port or a ESA port topology
AD1

Pinging from VLAN 20 to VLAN10 on WC Admin interface

C:\Users\Marek\Narzędzia\Tools\PSTools>psping.exe 172.16.0.16

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Pinging 172.16.0.16 with 32 bytes of data:
5 iterations (warmup 1) ping test:
Reply from 172.16.0.16: 11.40ms
Reply from 172.16.0.16: 15.31ms
Reply from 172.16.0.16: 3.90ms
Reply from 172.16.0.16: 2.77ms
Reply from 172.16.0.16: 5.94ms

Ping statistics for 172.16.0.16:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 2.77ms, Maximum = 15.31ms, Average = 6.98ms

Pinging from VLAN 20 to VLAN10 on WC Admin interface port 5825

C:\Users\Marek\Narzędzia\Tools\PSTools>psping.exe 172.16.0.16:5825

PsPing v2.01 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

TCP connect to 172.16.0.16:5825:
5 iterations (warmup 1) connecting test:
Connecting to 172.16.0.16:5825 (warmup): 3.04ms
Connecting to 172.16.0.16:5825: 3.87ms
Connecting to 172.16.0.16:5825: 7.24ms
Connecting to 172.16.0.16:5825: 8.29ms
Connecting to 172.16.0.16:5825: 4.50ms

TCP connect statistics for 172.16.0.16:5825:
Sent = 4, Received = 4, Lost = 0 (0% loss),
Minimum = 3.87ms, Maximum = 8.29ms, Average = 5.98ms

AD2

im accessing to WC GUI via Admin interface
Userlevel 7
You shouldn't use the Admin interface during normal operation as it could result in different data paths.

Could you try to enable mgmt on another topology and test whether you'd access the controller via VLAN#20 on that IP.
every topology is Bridged at AP and i cant add IP address to it.
Userlevel 7
What about the topology that is used to connect the APs ?

Is there a default gw set in the > controller > administration > host attributes > default gw IP ?
APs topology has no default GW ip only controller has its own IP, AP topology is separatet from others

IMHO the problem is with the GUI configuration ... for example SSH (22) port is working fine
This is what ive got with wireshark... WC is sending RESET FLAG

Transmission Control Protocol, Src Port: 56554 (56554), Dst Port: 5825 (5825), Seq: 201, Ack: 1, Len: 0
Source Port: 56554 (56554)
Destination Port: 5825 (5825)


[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 201 (relative sequence number)
Acknowledgment number: 1 (relative ack number)
Header Length: 20 bytes
Flags: 0x014 (RST, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .1.. = Reset: Set
[Expert Info (Warning/Sequence): Connection reset (RST)]
[Connection reset (RST)]

[Severity level: Warning]
[Group: Sequence]
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A·R··]
Window size value: 0
[Calculated window size: 0]
[Window size scaling factor: 256]
Checksum: 0xc5f1 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Any ideas ?
Userlevel 6
Marek

I would recommend you put a call into GTAC and someone can look at this for you.

-Gareth
my english isnt so fluent so i prefer to ask here
Userlevel 7
Marek Konopinski wrote:

my english isnt so fluent so i prefer to ask here

You can submit a case online and respond by email or in the support portal if you prefer.
https://extremeportal.force.com/ExtrArticleDetail?n=000001818

Reply