Extreme Networks

braden_mcgrath · ‎05-04-2018

I have had a rash of brand new AP230s that refuse to accept config out of the box. Additionally, they don't even seem to listen on port 22 (SSH) or 80/443 (web/https) for any sort of admin access, but they do come up enough to check-in via CAPWAP.

I have yet to get one physically in my hands to attach a console cable to it, they have all been direct-shipped to sites for 3rd-party contractors to install, and then after hanging them I discover that usually 1-2 APs per site (out of 10-15 total) pull this stunt and refuse to accept new config.

Oddly, I can push firmware to them without a problem, but no matter what I do config-wise, they won't accept anything.

Just wondering if anybody else in the community has seen this recently with AP230s... It's very frustrating and has greatly impacted the speed / smoothness of this rollout project. Never had issues like this with AP120 & AP121.

AnonymousM · ‎05-08-2018

Braden,

Anything you do via the Hivemanager is a connection that is established from the AP, to the Hivemanager. Which is CAPWAP (UDP 12222 per default) for normal status reports and delta config uploads), and TCP 22 with HM Classic for SSH client, Firmware downloads and full config uploads. With NG this has changed to TCP 443. So in this case you do not need the AP to listen on 22, 80 or 443 - but I agree that it normally should. It's very odd though you say you can push a firmware, but not a full config or establish the ssh client...

Is your Hivemanager Classic or NG?

Ultimately you'd need console access, for sure. Until then you can try the following:

Ask someone onsite to push the reset button for 10-15 seconds (-> factory default reset)
"Reset device to default" via HM GUI
"Set the image to boot" via HM GUI, and choose the backup image. When it's back up and still not accessible, try the default reset again.
Push an older Firmware, try again.

Good luck 😕

View solution in original post

braden_mcgrath · ‎05-08-2018

I mis-typed earlier... the problem APs do have HTTP & HTTPS listening, but when you try to access them with a browser, you get "ERR_EMPTY_RESPONSE" via HTTP, and "ERR_CONNECTION_CLOSED" via HTTPS.

The whole situation is really weird.

braden_mcgrath · ‎05-08-2018

As an example, I can't "diagnostics > show running config", because a full config has never been pushed to the unit (and Hivemanager comes back with an error along those lines).

Yeah, "set image to boot" doesn't work for the same reason:

"The requested operation cannot be performed until a complete configuration is uploaded to the device and it is rebooted to activate it."

braden_mcgrath · ‎05-08-2018

Carsten - we are on HM Classic. (I have no idea how we would even move to NG, since Aerohive's documentation on all of this is basically nonexistent.)

It was my understanding that some commands are sent via the CAPWAP connection, while others (like firmware download) were accomplished by the AP connecting back to the Hivemanager via SCP or TFTP (e.g. firmware download).

IME, a fresh out of box and correctly functioning AP will be listening on HTTP (and maybe HTTPS, can't remember) as well as SSH, so you can set one up without a Hivemanager if needed. The "bad" APs I've seen (refusing to accept config) are completely closed, port-wise. They respond to ping, and they talk to the HM via CAPWAP, but that's about it.

"Reset device to default" fails because the device would first need to have a config pushed to it - I get an error message along these lines from Hivemanager.

I've tried having someone do the factory-default with the reset button, and it doesn't seem to help.

Haven't tried "set image to boot" or pushing an older firmware, going to try those. These have generally been arriving with 6.5r7 or 6.5r8, IIRC. Pushing newer firmware will get it to reboot and check back in with new firmware running... but still won't accept config.

AnonymousM · ‎05-08-2018

Braden,

Anything you do via the Hivemanager is a connection that is established from the AP, to the Hivemanager. Which is CAPWAP (UDP 12222 per default) for normal status reports and delta config uploads), and TCP 22 with HM Classic for SSH client, Firmware downloads and full config uploads. With NG this has changed to TCP 443. So in this case you do not need the AP to listen on 22, 80 or 443 - but I agree that it normally should. It's very odd though you say you can push a firmware, but not a full config or establish the ssh client...

Is your Hivemanager Classic or NG?

Ultimately you'd need console access, for sure. Until then you can try the following:

Ask someone onsite to push the reset button for 10-15 seconds (-> factory default reset)
"Reset device to default" via HM GUI
"Set the image to boot" via HM GUI, and choose the backup image. When it's back up and still not accessible, try the default reset again.
Push an older Firmware, try again.

Good luck 😕

braden_mcgrath · ‎05-07-2018

When I try to push config (full upload, not just partial) from Hivemanager, the error message is:

"Upload Configuration: An error occurred when executing the following CLI command: config rollback next-reboot. Unknown error"

Incredibly helpful, no? 

Extreme Networks

Problems with new AP230s refusing to take config?

Problems with new AP230s refusing to take config?