Extreme Networks

braden_mcgrath · ‎05-04-2018

I have had a rash of brand new AP230s that refuse to accept config out of the box. Additionally, they don't even seem to listen on port 22 (SSH) or 80/443 (web/https) for any sort of admin access, but they do come up enough to check-in via CAPWAP.

I have yet to get one physically in my hands to attach a console cable to it, they have all been direct-shipped to sites for 3rd-party contractors to install, and then after hanging them I discover that usually 1-2 APs per site (out of 10-15 total) pull this stunt and refuse to accept new config.

Oddly, I can push firmware to them without a problem, but no matter what I do config-wise, they won't accept anything.

Just wondering if anybody else in the community has seen this recently with AP230s... It's very frustrating and has greatly impacted the speed / smoothness of this rollout project. Never had issues like this with AP120 & AP121.

AnonymousM · ‎05-08-2018

Braden,

Anything you do via the Hivemanager is a connection that is established from the AP, to the Hivemanager. Which is CAPWAP (UDP 12222 per default) for normal status reports and delta config uploads), and TCP 22 with HM Classic for SSH client, Firmware downloads and full config uploads. With NG this has changed to TCP 443. So in this case you do not need the AP to listen on 22, 80 or 443 - but I agree that it normally should. It's very odd though you say you can push a firmware, but not a full config or establish the ssh client...

Is your Hivemanager Classic or NG?

Ultimately you'd need console access, for sure. Until then you can try the following:

Ask someone onsite to push the reset button for 10-15 seconds (-> factory default reset)
"Reset device to default" via HM GUI
"Set the image to boot" via HM GUI, and choose the backup image. When it's back up and still not accessible, try the default reset again.
Push an older Firmware, try again.

Good luck 😕

View solution in original post

braden_mcgrath · ‎05-07-2018

Carsten - great idea, but as far as I can tell, this requires SSH to actually be listening on the AP itself, which it isn't. I can portscan all of the new APs at a site (it's not a firewall issue), and only the one or two that are "misbehaving" (refusing to take config) will show that SSH and HTTP/HTTPS are closed.

When I try to use Hivemanager (we have an on-prem virtual HM install) to SSH to a "bad" AP, I get the error: "Cannot set up an SSH connection between the device and HiveManager because the connection was refused."

It's like there is just something flat-out wrong with the APs. As I said previously, they will take a firmware update, but they still come back with this strange zombie unconfigurable state after rebooting from the update.

I'm waiting for a couple to be shipped back to me at HQ so I can get a console cable on them and try to see if they can be revived that way... but given that I've seen this with at least 6-8 AP230s now (across ~100-120 ordered in the past month or so), it's kind of a high failure / problem rate. Support has been willing to RMA them for me since they are non-functional from the factory, but that then means I have to schedule more remote hands teams to swap out the "DOA" units for the RMA replacements, since there is seemingly no way to revive these things remotely.

AnonymousM · ‎05-07-2018

As you have a CAPWAP connection with them, can you open an SSH tunnel and run a factory default reset ("reset config") (-> assuming that they are not pre-configured with special IP settings....).

Otherwise this sounds more like a Firewall issue (not fully allowing outgoing traffic on UDP 12222 and TCP 443, and - if Classic - TCP 22).

Extreme Networks

Problems with new AP230s refusing to take config?

Problems with new AP230s refusing to take config?