AP T610 could not join vSZ-E

  • 1
  • Question
  • Updated 10 months ago
  • Acknowledged
Hello,

Firstly, I show my network
vSZ: 172.17.10.69
AP T610: 10.0.8.6
I already routed between both of them.

From AP T610, I can ping to vSZ
rkscli: ping 172.17.10.69
PING 172.17.10.69 (172.17.10.69): 56 data bytes
64 bytes from 172.17.10.69: seq=0 ttl=61 time=1.124 ms
Also port 443/ 22 is allowed to vSZ server. 

BUT, AP T610 could not join to vSZ. Here are what I did
Step 1 - Declare vSZ
rkscli: set scg ip 172.17.10.69
OK

Step 2 - Get vSZ information
rkscli: get scg
------ SCG Information ------
SCG Service is enabled.
AP is not managed by SCG.
State: DISC_REQ_STATE
Server List: 172.17.10.69
No SSH tunnel exists
Failover List: Not found
Failover Max Retry: 2
DHCP Opt43 Code: 6
Server List from DHCP (Opt43/Opt52): Not found
SCG default URL: RuckusController
SCG config|heartbeat intervals: 30|30
SCG gwloss|serverloss timeouts: 1800|7200
Controller Cert Validation : disable
-----------------------------
OK

As you see, AP is not managed bu SCG. Although, it found vSZ's IP.

Step 3 - There are no firewall rule. Also I wanted to make sure that
rkscli: fw show
current primary boot image is Image1
--------------------------------------------------------------
Auto F/W upgrade                          = disabled
Running on image                          = Image1
FW Control Control File                   = t610_9991_cntrl.rcks
Control File Server                       = fwupdate1.ruckuswireless.com
Protocol                                  = FTP
Port                                      = auto
User                                      = "26eb952b4d9e33f0668ec7272770b6a51b8b1f9ac0c01281334770053285fc8a"
Password                                  = "2aa0d714f56370e0b184341a69ab8304cc241f8da7f01306dfc29fff24739e99"
Boot Flags (Main,Backup,Factory,Reset)    = M. ..  [MB FR]
--------------------------------------------------------------
OK


Step 4 - Get syslog
Aug 23 05:52:59 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:01 RuckusAP local1.info sessionMgr[525]: build_and_send_scg_init_req:199  Enter
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: Failed to route the message
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: RCSL_MSG_HDR :  [Total Len = 57] [MsgType=RCSL_PUBLISH_MSG, srcMod=ap_sessmgr, dstMod=scg_sessmgr, dstHost=scg_host, Flags=1, UserKey=0xb6198900000000d4, dstMac=0x0, srcMac=0x0, topic=0x0]
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: Route_Msg Failed
Aug 23 05:53:01 RuckusAP local1.err sessionMgr[525]: sm_init_notify_cb:185 Error: MD failed to deliver message
Aug 23 05:53:02 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:02 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:02 RuckusAP authpriv.info dropbear[31356]: Child connection from 10.0.8.4:54408
Aug 23 05:53:03 RuckusAP authpriv.notice dropbear[31356]: Deferring to RKS shell to authenticate password.
Aug 23 05:53:03 RuckusAP authpriv.err dropbear[31356]: chown(/dev/ttyp0, 0, 5) failed: Read-only file system
Aug 23 05:53:03 RuckusAP authpriv.err dropbear[31356]: chmod(/dev/ttyp0, 0620) failed: Read-only file system
Aug 23 05:53:04 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:05 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:06 RuckusAP daemon.info hub_registrar: OCSP: 'Good' via ocsp-check - querying registrar @ ap-registrar.ruckuswireless.com
Aug 23 05:53:07 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:07 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:07 RuckusAP user.crit syslog: @@99018, sshInitiation, "apMac"="18:4B:0D:27:F2:10", "reason"="SSH Login successful with IP 10.0.8.4 username super"
Aug 23 05:53:07 RuckusAP user.notice hub_registrar: query result - ''
Aug 23 05:53:07 RuckusAP daemon.info channel-wifi1: channel 165 now UNBLOCKED
Aug 23 05:53:07 RuckusAP daemon.err channel-wifi1: unable to set wlan62 channel to 165
Aug 23 05:53:08 RuckusAP local1.notice rfmd[1062]: mshnger_open: connect failed -1 2
Aug 23 05:53:08 RuckusAP user.err syslog: Failed to get SCG IP
Aug 23 05:53:09 RuckusAP daemon.err gapd: Fail to get pool stats
Aug 23 05:53:09 RuckusAP daemon.info gapd: selecting.....
Aug 23 05:53:09 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:11 RuckusAP local1.info sessionMgr[525]: build_and_send_scg_init_req:199  Enter
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: Failed to route the message
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: RCSL_MSG_HDR :  [Total Len = 57] [MsgType=RCSL_PUBLISH_MSG, srcMod=ap_sessmgr, dstMod=scg_sessmgr, dstHost=scg_host, Flags=1, UserKey=0xb6198900000000d5, dstMac=0x0, srcMac=0x0, topic=0x0]
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: Route_Msg Failed
Aug 23 05:53:11 RuckusAP local1.err sessionMgr[525]: sm_init_notify_cb:185 Error: MD failed to deliver message
Aug 23 05:53:11 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:11 RuckusAP daemon.notice meshd[705]: Err 1 Failed to start scan
Aug 23 05:53:11 RuckusAP kern.warn kernel: [ 2212.025941] rks_start: Chan 112 aborting scan - blocked by Radar
Aug 23 05:53:12 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:12 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:14 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNS_RegisterInterface: Error! Tried to register a NetworkInterfaceInfo 169.254.17.13 with invalid mask 0.0.0.0
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNS_RegisterInterface: Error! Tried to register a NetworkInterfaceInfo 169.254.17.12 with invalid mask 0.0.0.0
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:0000:00FB on interface FE80:0000:0000:0000:0000:184B:0D27:F211/br8/35
Aug 23 05:53:16 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:0000:00FB on interface FE80:0000:0000:0000:0000:184B:0D27:F211/br8/35
Aug 23 05:53:17 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:17 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:17 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:18 RuckusAP user.err syslog: Failed to get SCG IP
Aug 23 05:53:19 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:00


Conclusion
There are some error in syslog, and I am trying to find why. The network is straightforward as I see. Also AP can reach vSZ. 

Do you have any idea to solve this case? I am appreciated for your help.
Thank you so much!

Regards,
-T
Photo of tien

tien

  • 50 Posts
  • 7 Reply Likes

Posted 10 months ago

  • 1
Photo of tien

tien

  • 50 Posts
  • 7 Reply Likes
Let's me provide more information:
vSZ is using version 5.1.1.0.598
AP is using version 5.1.1.0.624
Photo of tien

tien

  • 50 Posts
  • 7 Reply Likes
Based on the syslog, it seems like an issue with firewall. I am trying to explore this. 
Photo of Anusha Vemula

Anusha Vemula, Employee

  • 118 Posts
  • 60 Reply Likes
Hi Tien,

The above log messages indicate that the AP is unable to form an SSH tunnel with the controller. Since the AP and SZ are on different subnets, please check if there is any firewall in between which is blocking port 22.

AP shows the SZ IP address in the server list as you configured it manually through 'set scg' command.

- Anusha



Photo of tien

tien

  • 50 Posts
  • 7 Reply Likes
Thank Anusha! 
I see there are no firewall at all. I already create the routing between vSZ-E and AP. Also AP doesn't include telnet tool for testing remote port? I only can ping from AP to vSZ-E. 

From my computer, port 22 of vSZ-E is allowed. 
MacBook-Pro:~ tien$ telnet 172.17.10.69 22
Trying 172.17.10.69...
Connected to ip-172-17-10-69.ap-southeast-1.compute.internal.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

-T
Photo of Jeronimo

Jeronimo

  • 380 Posts
  • 48 Reply Likes
Do you have enough ap capacity licenses?

Is it vsz-e right? If vSZ-H, move APs from staging zone to another zone.

Is ntp time on vSZ-E correct? -> It's important.

(Edited)
Photo of tien

tien

  • 50 Posts
  • 7 Reply Likes
Thank Jeronimo!
Ruckus supporter already helped me solve this one. In fact, vSZ and AP could not communicate via port 22. After moving them into the same subnet, AP can join vSZ. The issue solved. 

I am not sure about any firewall between them before. I need to recheck this. 
Photo of Jeronimo

Jeronimo

  • 377 Posts
  • 48 Reply Likes
Ok.

Thanks for feedback.