- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-22-2021 12:45 AM
hi, community.
I have setup a xiq va on-premise, and config the ap with:
#show run | inc capwap
capwap client server name 172.16.220.250
capwap client server backup name 172.16.220.250#show capwap client
AH-491600#show capwap client
CAPWAP client: Enabled
CAPWAP transport mode: UDP
RUN state: Connected securely to the CAPWAP server
CAPWAP client IP: 192.168.9.150
CAPWAP server IP: 172.16.220.250
HiveManager Primary Name:172.16.220.250
HiveManager Backup Name: 172.16.220.250
CAPWAP Default Server Name: redirector.aerohive.com
Virtual HiveManager Name:
Server destination Port: 12222
CAPWAP send event: Enabled
CAPWAP DTLS state: Enabled
CAPWAP DTLS negotiation: Enabled
DTLS next connect status: Enable
DTLS always accept bootstrap passphrase: Enabled
DTLS session status: Connected
DTLS key type: passphrase
DTLS session cut interval: 5 seconds
DTLS handshake wait interval: 60 seconds
DTLS Max retry count: 3
DTLS authorize failed: 0
DTLS reconnect count: 0
Discovery interval: 5 seconds
Heartbeat interval: 30 seconds
Max discovery interval: 10 seconds
Neighbor dead interval:105 seconds
Silent interval: 15 seconds
Wait join interval: 60 seconds
Discovery count: 0
Max discovery count: 3
Retransmit count: 0
Max retransmit count: 2
Primary server tries: 0
Backup server tries: 0
Keepalives lost/sent: 0/969
Event packet drop due to buffer shortage: 0
Event packet drop due to loss connection: 3
here are my question:
- does this ap successfully form a dtls with xiq va?
- why the ap is still offline on the xiq va manage > device page?
- is there any tutorial about how to add ap to xiq va on-premise?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-29-2021 02:48 PM
Hi there, thank you for your patience. I haven’t been able to find anything in those logs and the engineers I’ve asked requested that we open a case for this. Would you be able to open a support case for this question?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-22-2021 04:49 PM
Thank you for sending that to me, and for letting me know, it was in my junk mail folder for some reason (also found your previous email that we had discussed, very sorry about that). I reviewed the tech data, thank you for enabling those debugs. I’m seeing a lot of echo time outs, which would explain why the AP is not connecting to your XIQ instance, even though the CLI says it has connected.
ExtremeCloud IQ (XIQ) and the APs have a call and response check-in system that allows them to confirm that each side of the connection is still responsive; these call and response packets are called echos. There is a specific time window within which an AP would need to respond to an echo to be considered still responsive. If the AP misses a certain number of echos back to back, it is considered disconnected until it responds again. If an AP is still connected to the internet and passing traffic while missing echos, it's likely due to latency on the network; the AP is unable to process the echo request quickly enough due to the amount of traffic it has to process before responding. You can see what I’m seeing if you search your tech data file for “echo” or “timed out”, look for these messages: ah_capwap_echo_timer timed out
Since the AP isn’t passing client traffic yet, the latency would likely be on your backend network between the AP and XIQ. I’d be interested to see a packet capture to take a look at the traffic the AP is seeing currently.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-22-2021 03:58 PM
hi
I have send the tech data to community@extremenetworks.com, please check if you could received it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-22-2021 02:44 PM
Hello, thank you for sharing that data. To answer your questions:
Does this ap successfully form a dtls with xiq va?
- Yes, it looks like the AP thinks it successfully connected to your on premises XIQ instance, based on the run state seen in the data you shared:
- RUN state: Connected securely to the CAPWAP server
Why the ap is still offline on the xiq va manage > device page?
- It could be a few different things, if you could enable some CAPWAP debugs, cycle CAPWAP, wait for the AP to attempt to connect a few times (5-10 minutes), and then pull tech data, I could take a look at the tech data for you to see if we can find any clues in there.
- This guide reviews how to enable CAPWAP debugs: https://extremeportal.force.com/ExtrArticleDetail?an=000057308&q=CAPWAP%20DEBUG
- To cycle CAPWAP, run these two commands in this order:
- no capwap client enable
- capwap client enable
- This guide reviews how to get tech data: https://extremeportal.force.com/ExtrArticleDetail?an=000081084&q=Tech%20dat
- If you can email that to me at community@extremenetworks.com, I can review it for you and let you know what I find.
Is there any tutorial about how to add ap to xiq va on-premise?
- This guide reviews how to add and remove devices, the process is the same for online instances and on premises/virtual appliance instances: https://extremeportal.force.com/ExtrArticleDetail?an=000056853&q=adding%20and%20removing%20devices%2...
