Extreme Networks

Hi Greg,

Your “Service show nsight client-log” output looks good and the AP should be sending stats to the XIQ instance. That error message could be due to an initial communication/handshake.

Could you confirm that you were able to add the AP to the XIQ using the VC APs MC address (without hyphens) and now the data is shown? 

Regards,

Ovais

Hi Ovais. Thank you for helping me. I did as you wrote. I do not understand why AP displays an error communicating with the extremecloudiq server when starting up. After logging in, this server responds to the ping. Below is a screenshot and the current startup-config.

!
! Configuration of AP7131 version 5.8.6.13-002R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
 no telnet
 no http server
 https server
 ssh
 user admin password 1 31bea27a0267a71db0bd84325a0122274bbebd88437152623cb6e7a5f93e5001 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy cloudiq
 server host nl-gcp-wing.extremecloudiq.com https enforce-verification
!
profile ap71xx default-ap71xx
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface radio3
 interface ge1
 interface ge2
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface wwan1
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
!
rf-domain default
 country-code pl
 use nsight-policy cloudiq
!
self
! ap71xx B4-C7-99-47-01-04
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap7131-470104
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no adoption-site
 interface vlan1
 virtual-controller
 rf-domain-manager capable
!
ap71xx B4-C7-99-47-1B-40
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap71xx-471B40
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no staging-config-learnt
 model-number AP7131
 adoption-site B4-C7-99-47-01-04
!
ap71xx B4-C7-99-47-1B-54
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap71xx-471B54
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 model-number AP7131
 adoption-site B4-C7-99-47-01-04
 interface vlan1
  ip address 192.168.0.251/24
!
!
end
 

Regards

Greg

I see that you have the nsight policy applied in rf domain as well as in self context of the VC AP. Please remove the nsight policy from VC AP self context and only apply it in rf domain config. When done commit write to save settings.

Afterward, unmap the nsight policy from rf domain, delete current nsight policy and create a new one with a different name and map it to rf domain. This time use “server host <rdc-url> https enforce-verification poll-work-queue”, depending on the firmware, you may not have the option of poll-work-queue.

Finally, use “service show nsight client-log” to check if it’s sending stats.   

Regards,

Ovais

Thanks Ovais for the answer. I have this AP configured as VC. Below is a screenshot and my startup configuration. Tried nsight policy with and without "... force verification". Unfortunately, my VC does not connect to the XIQ account.

 !
! Configuration of AP7131 version 5.8.6.13-002R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
!
management-policy default
 no telnet
 no http server
 https server
 ssh
 user admin password 1 31bea27a0267a71db0bd84325a0122274bbebd88437152623cb6e7a5f93e5001 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
l2tpv3 policy default
!
nsight-policy XIQ
 server host nl-gcp-wing.extremecloudiq.com https
!
profile ap71xx default-ap71xx
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface radio1
 interface radio2
 interface radio3
 interface ge1
 interface ge2
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface wwan1
 interface pppoe1
 use firewall-policy default
 use client-identity-group default
 logging on
 service pm sys-restart
!
rf-domain default
 country-code pl
 use nsight-policy XIQ
!
self
! ap71xx B4-C7-99-47-01-04
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap7131-470104
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no adoption-site
 use nsight-policy XIQ
 interface vlan1
 virtual-controller
 rf-domain-manager capable
!
ap71xx B4-C7-99-47-1B-40
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap71xx-471B40
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 no staging-config-learnt
 model-number AP7131
 adoption-site B4-C7-99-47-01-04
!
ap71xx B4-C7-99-47-1B-54
 radio-count 2
 use profile default-ap71xx
 use rf-domain default
 hostname ap71xx-471B54
 license AP VIRTUAL_CONTROLLER_DEFAULT_AP_LICENSE
 model-number AP7131
 adoption-site B4-C7-99-47-01-04
 interface vlan1
  ip address 192.168.0.251/24
!
!
end