This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: I created a guest SSID on a separate VLAN and ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
I created a guest SSID on a separate VLAN and all works as expected. Im now trying to deploy a captive portal, so far using default values, but keep getting the below error when trying to deploy;
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-28-2018 06:53 AM
I created a guest SSID on a separate VLAN and all works as expected. Im now trying to deploy a captive portal, so far using default values, but keep getting the below error when trying to deploy;
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-04-2018 12:49 PM
Thanks for those logs Michael, I've emailed you a more detailed explanation of what we saw, but just in case anyone else has the same problems I wanted to post a brief overview of what we found and what we need to look at next.
In the data we were seeing failed .lpr files (you can see this by looking in the buffered log and CTRL+F searching for ".lpr", if you see the word "failed" on the same line, you know they aren't getting through). This indicates we aren't getting traffic through a firewall or content filter, or that there is a delay on the backend network.
We also saw that we were failing to reach the VHM server via http, which also indicates a firewall issue.
Finally we were seeing echo time outs. The HiveManager and AP (or any other aerohive device) have a call and response system to make sure that the APs are still responding to the HiveManager and therefore can be considered connected to the HiveManager. If the AP does not response to enough call and response echo packets, the HiveManager considers that device to be disconnected until it starts responding to echos again. This also indicates either a slow down on your network traffic, or a firewall issue.
If we are sure that the firewall is allowing outbound traffic on UDP 12222, TCP 22, TCP 443, and HTTP 80, then we'll want to run iPerf tests to see if we can find where the traffic is slowing down on the backend network. I sent you a guide that covers how to set up and run iPerf tests for reference.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-04-2018 12:49 PM
Thanks for those logs Michael, I've emailed you a more detailed explanation of what we saw, but just in case anyone else has the same problems I wanted to post a brief overview of what we found and what we need to look at next.
In the data we were seeing failed .lpr files (you can see this by looking in the buffered log and CTRL+F searching for ".lpr", if you see the word "failed" on the same line, you know they aren't getting through). This indicates we aren't getting traffic through a firewall or content filter, or that there is a delay on the backend network.
We also saw that we were failing to reach the VHM server via http, which also indicates a firewall issue.
Finally we were seeing echo time outs. The HiveManager and AP (or any other aerohive device) have a call and response system to make sure that the APs are still responding to the HiveManager and therefore can be considered connected to the HiveManager. If the AP does not response to enough call and response echo packets, the HiveManager considers that device to be disconnected until it starts responding to echos again. This also indicates either a slow down on your network traffic, or a firewall issue.
If we are sure that the firewall is allowing outbound traffic on UDP 12222, TCP 22, TCP 443, and HTTP 80, then we'll want to run iPerf tests to see if we can find where the traffic is slowing down on the backend network. I sent you a guide that covers how to set up and run iPerf tests for reference.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-04-2018 07:12 AM
Hi Sam,
Logs and info sent.
Tx,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-29-2018 08:50 PM
We were unable to pass traffic on port TCP 22 during one of those tests, which could cause an update to fail. We can be sure that is the cause if we run the following debugs on the AP, replicate the issue, and then pull techdata.
Debugs:
_debug capwap info
_debug capwap basic
_debug capwap stat
If you want to send the tech data to me directly at communityhelp@aerohive.com I can review it for you to let you know what we find.
If you think it might be a rule on the AP firewall, could you also provide a screen shot of the rules you have in your IP firewall configuration?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-29-2018 01:58 PM
That's odd, its all on a local network and theres no firewalls in place internally. Perhaps a rule on the AP itself?
AH-MikesOffice#exec _test tcp-service host 192.168.4.7 port 443
Testing TCP connection for host=192.168.4.7, port=443, timeout=10 seconds
Test successfully.
AH-MikesOffice#exec _test tcp-service host 192.168.4.7 port 22
Testing TCP connection for host=192.168.4.7, port=22, timeout=10 seconds
Test failed:Connection refused, maybe the TCP service on the port doesn't provide.
AH-MikesOffice#
