Skip to main content

5 Messages

 • 

114 Points

Sun, May 25, 2014 1:13 PM

ZD1100 remote AP's upgrade problem

We have ZD1100 managing 8 AP's, few are connected on the same LAN as the ZD, and the others are on remote site and reach the ZD via IPSec VPN.

I upgraded the ZD from 9.5.1 to 9.7.1, it seemed to work well and the directly connected AP's upgraded fine to 9.7.1. The problem is that all remote AP's got stuck in the state: "Upgrading firmware" and did not pass this stage (they were still reachable but did not connect any clients).

I did a rollback of ZD to 9.5.1 and all AP's were back online.

The remote AP's has full access to the ZD over the VPN and normally act with no problem. Any idea why the firmware upgrade of remote AP's might fail? Anyone with a similar setup?

Thanks

Responses

824 Messages

 • 

13.2K Points

6 years ago

Hello Yuval Ben Ari,

this sounds like a possible MTU issue. Take a look at a different post for something related to MTU.

https://forums.ruckuswireless.com/ruc...

how to do it, see the screenshot -- http://prntscr.com/3mg4jc

ZD GUI - configure - AP - AP policies - Tunnel mode.

I hope this helps.

5 Messages

 • 

114 Points

6 years ago

Thanks
The support person I talked with try to change that to 1200 with no help, but maybe it needs a reboot of AP's to apply?

824 Messages

 • 

13.2K Points

6 years ago

Hello Yuval Ben Ari,

Could you please post here the log messages on ZD GUI for those remote AP's?

I have couple of suggestions to ponder up:

if number of remote AP's impacted are just few and you don't want the trouble of finding out what's causing it then just upgrade those AP's as standalone to same new version as ZD and then connect them to ZD.

check the router/firewall at the remote site at the time of upgrade to see if any fragmentation or error happening which is causing this trouble. this shall give some hint.

few questions:

did you miss any intermediate firmware version between 9.5.1 to 9.7.1?
which router/switch you have between?

I hope this helps.

5 Messages

 • 

114 Points

6 years ago

Hi,
I'm afraid I can't find the logs anymore, it might have been cleared.

All remote AP's were impacted (those not in the same LAN as the ZD). Upgrading as standalone is not a good option for me as those are remote sites.

I planned to check the firewall next time I try it but it should not be causing any problem. It is a Juniper SRX and the VPN is used for various traffic with no problem. Also tcp-mss is configured to lower MSS so I don't see a reason for MTU problem to arise but it's still possible.

I did the upgrade directly from 9.5.1 to 9.7.1 which should have been supported according to the release notes.

The support recommended I go through 9.6 so I will try it.

824 Messages

 • 

13.2K Points

6 years ago

Hello Yuval,

Thanks for your feedback. Keep us posted as it would interesting to see what causes it.

Best of luck

5 Messages

 • 

114 Points

6 years ago

Just an update:
I did the following which resolved the issue:
1. Set "Tunnel MTU" option to 1400
2. Reboot remote AP's
3. Upgrade ZD to 9.6.2.0.13

After the ZD came up, all AP's were upgraded successfully.
I am not sure what solved the problem but I have a feeling that it's the change of firmware to 9.6.2, there might be some issue with 9.7.1

824 Messages

 • 

13.2K Points

6 years ago

Thanks for the update. Yes, i also agree something may have changed. Reading the release notes for 9.7.1 at PDF page 6

https://support.ruckuswireless.com/do...

There is a mention of "5.1.5 - Resolved an issue with APs being unable to join ZoneDirector due to the default MTU size set on Zone Director running on version 9.6 . (ID ER-929)"

this is my guesswork, you may not have seen this issue in 9.6 however there was something related in 9.6 which got fixed in 9.7.1 however now you may be seeing the manifestation of incorrect fix. again this is my guess nothing for sure.

5 Messages

 • 

114 Points

6 years ago

It's very well possible, but I guess I will leave it be with 9.6.2 for now as it is also the recommended release. As the saying "It works, don't touch it" :)