Extreme Networks

ibrahim_bilmis · ‎12-30-2019

Hello Community,

We do see some strange traffice from the access points to unkown public IP's (according to our firewall on destination port 3000) . anybody else has seen this too?.. Seems to be something suspected? please see below a part of the logging ..

<182>ah_auth: aaa: Send station (947b:e756:f8bb) session sync query count (3) to old ap (c867:5ecc:ac64) (58.2.80.10) time sec(1577696841) usec(94352)

<182>ah_auth: aaa: Send station (947b:e756:f8bb) session sync query count (2) to old ap (c867:5ecc:ac64) (58.2.80.10) time sec(1577696840) usec(592290)

<182>ah_auth: aaa: Send station (947b:e756:f8bb) session sync query count (1) to old ap (c867:5ecc:ac64) (58.2.80.10) time sec(1577696840) usec(90324)

<182>ah_auth: aaa: Send station (947b:e756:f8bb) session sync query count (0) to old ap (c867:5ecc:ac64) (58.2.80.10) time sec(1577696839) usec(588324)

What is this traffic for?

Thanks in advance..

Kind Regards,

Bram

samantha_lynn · ‎01-02-2020

Thank you for letting me know. That is an older version, you might want to try moving up to 8.2r5 or 10.0r7a to see if the issue is still present on later firmware versions.

ibrahim_bilmis · ‎01-02-2020

Hello SAM,

It's an AP130 and the firmware version is HiveOS 8.2r2.196060.

Thanks,

Bram

samantha_lynn · ‎12-31-2019

Those logs look like sync queries between APs which is normal. We did have an issue on some of our older firmware that caused erroneous traffic on port 3000, could you tell me what model AP you're using and what firmware versions are on your APs at this time?

Extreme Networks

We do see traffic from acces points to unkown public IP's on dst port 3000

We do see traffic from acces points to unkown public IP's on dst port 3000