Capwap connection no more, all APs dropped from HMO.

  • 2
  • Question
  • Updated 5 years ago
  • Answered
I recently upgraded from 6.02 to 6.1 because I spotted the flashing bee. After doing this upgrade within HMO all of my APs have dropped their connection with my HMO. I have double checked UDP 12222 and TCP are still open. When I log into HMO I still see version 6.02 displayed and not 6.1. Also I can't capwap ping my new server from any of the APs. Any ideas? Thanks.
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
  • crying on the inside.

Posted 5 years ago

  • 2
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
Hi James,

Do you have any firewall rules in place which might block connectivity from the AP's to the HMOL server?

If you can get CLI access to the AP's, can you post a "show capwap client" so we can see the AP's connection state?

Kind Regards,
Gary Smith
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
I have spoken to the company that remotely manages my firewall and they replied that the required ports are open for all connections:

Policy: 6 all all always UDP_12222 TCP_22 ACCEPT the policy is in place to have UDP 12222 and TCP 22 open for all not just 192.168.201.1 to .14.

Last login: Fri Aug 16 07:18:16 on console
administration:~ jgwatson$ ssh admin@192.168.201.1
admin@192.168.201.1's password:
Permission denied, please try again.
admin@192.168.201.1's password:
Last login: Thu Aug 15 15:43:19 2013 from 192.168.200.6
Aerohive Networks Inc.
Copyright (C) 2006-2013
AH-29e680#show capwap client
CAPWAP client: Enabled
CAPWAP transport mode: UDP
DISCOVERY state: Sending Discovery packets to find the CAPWAP server
CAPWAP client IP: 192.168.201.1
CAPWAP server IP: 198.46.54.150
HiveManager Primary Name:hm-useast60-03.aerohive.com
HiveManager Backup Name:
CAPWAP Default Server Name: redirector.aerohive.com
Virtual HiveManager Name: St.Francis_High_School
Server destination Port: 12222
CAPWAP send event: Enabled
CAPWAP DTLS state: Enabled
CAPWAP DTLS negotiation: Disabled
DTLS next connect status: Enable
DTLS always accept bootstrap passphrase: Enabled
DTLS session status: Disconnect
DTLS key type: passphrase
DTLS session cut interval: 5 seconds
DTLS handshake wait interval: 60 seconds
DTLS Max retry count: 3
DTLS authorize failed: 0
DTLS reconnect count: 0
Discovery interval: 5 seconds
Heartbeat interval: 30 seconds
Max discovery interval: 10 seconds
Neighbor dead interval:105 seconds
Silent interval: 15 seconds
Wait join interval: 60 seconds
Discovery count: 2
Max discovery count: 3
Retransmit count: 0
Max retransmit count: 2
Keepalives lost/sent: 4/9416
Event packet drop due to buffer shortage: 0
Event packet drop due to loss connection: 10113
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
James,

As a test, can you ping and give us the outputs of;

ping 198.46.54.150
ping hm-useast60-03.aerohive.com
capwap ping 198.46.54.150
capwap ping hm-useast60-03.aerohive.com

Aswell as UDP 12222 you should have TCP port 80 open as HTTP is another method which the AP can use for connectivity to HM.

Kind Regards,
Gary Smith
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
ping 198.46.54.150 - worked
ping hm-useast60-03.aerohive.com - worked
capwap ping 198.46.54.150 - request timed out
capwap ping hm-useast60-03.aerohive.com - request timed out

I have sent a request to see the status of port 80 as well, and will let you know asap.
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
Hi James,

When you upgrade you actually move servers. My guess is that the firewall allows CAPWAP traffic to the old server but not the new one.

Kind Regards,
Gary Smith
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
When I log into HMOL I am still only seeing 6.0r2a, shouldn't I be seeing 6.1?
Photo of Gary Smith

Gary Smith, Official Rep

  • 299 Posts
  • 61 Reply Likes
Hi James,

hm-useast60-03.aerohive.com is a 6.0r2a server. To get to 6.1r1 you would need to go via Aerohive Support

Kind Regards,
Gary Smith
Photo of James Watson

James Watson

  • 70 Posts
  • 8 Reply Likes
Thanks guys, I found out that TCP 80 went mental and caused all of the above. Nothing to do with my APs.

Thanks for all your help though.