failed to connect ICX 7150 to SZ

  • 1
  • Question
  • Updated 3 months ago
  • Answered
Hi,
i have installed an ICX7150-C12-2X1G POE 12-port - Version:10.1.15T225
and i am trying to connect it to my Smartzone vSZ-H - 5.1.1.0.598

i have followed the guide and configure the switch with the "sz Active-list command
and i have verified there is connectivity between both devices on all ports, but this doesnt seem to work for me


[email protected]#show sz status

============    SZ Agent State Info     ===================
Config Status: None     Operation Status: Enabled
State: SZ QUERY             Prev State: INIT                 Event: SZ QUERY RESPONSE

SWR List            : None
Active List         : 10.31.3.8
DHCP Option 43      : No
DHCP Opt 43 List    : None
Passive List        : None
Merged List         : 10.31.3.8
Merged Idx: 0    IP : 10.31.3.8
Switch registrar host: sw-registrar.ruckuswireless.com
Switch registrar discovery retry count: 7
Switch registrar host resolve failure count: 7

SZ IP Used          : 10.31.3.8
SZ Query Status     :
        In Progress. Response Not Received.

sz logs
-------------------------
Jan  1 19:48:35:https_connmgr_send_request>Entered.
Jan  1 19:48:35:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, TIMER/2002 RC: 1
Jan  1 19:48:35:sz_execute_state_machine>Entering with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007
Jan  1 19:48:35:sz_parse_sz_query_response -- Status: 600 <<
Jan  1 19:48:35:sz_fsm_sz_query_state>Moving to IP:10.31.3.8 because of retry count: 36
Jan  1 19:48:35:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007 RC: 1
Jan  1 19:48:35:HTTP Request Error:Http remote connection close called.


any ideas? thanks.


Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Nik Kul

Nik Kul

  • 13 Posts
  • 1 Reply Like
Did you create new SwitchGroup in SmartZone?
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
no,
but i have just did, is there something else i should do?
thanks for the reply.
Photo of Nik Kul

Nik Kul

  • 13 Posts
  • 1 Reply Like
I created new SwitchGroup and added my switch in it. That's all.
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
i see, in my case it fails to be added to SZ so i am before the stage of moving between groups
Photo of Jijo Panangat

Jijo Panangat, Employee

  • 27 Posts
  • 9 Reply Likes
You may create a switch registration rule  and move the switch to non default group first and try joining. Also have clock or ntp set on ICX.
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
configured switch registration rule  and time  , still fail to connect.
thanks.
Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
Check the SZ, the switch is probably in the Default switch group, it will fully connect once you have moved it to the group you created.
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
it is not added to the SZ,
the state stuck on SZ Query and it appears to fail to get a response,
so its not added :\
thanks.
Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
Your switch should be running the latest version 8.0.90 software and it should have been upgraded using the UFI image (see the 8.0.90 release notes for details). 
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
this is my SW version - SW: Version 08.0.90bT211
appears to be updated

Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
When you do show version does it look like this: 

  Copyright (c) Ruckus Networks, Inc. All rights reserved.
    UNIT 1: compiled on May 23 2019 at 23:27:11 labeled as SPS08090b
      (28596544 bytes) from Primary SPS08090b.bin (UFI)
        SW: Version 08.0.90bT211

If the (UFI) is missing then you will need to redo the upgrade with the UFI image.
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
I've got the UFI

[email protected]#show version
  Copyright (c) Ruckus Networks, Inc. All rights reserved.
    UNIT 1: compiled on May 23 2019 at 23:27:11 labeled as SPS08090b
      (28596544 bytes) from Primary SPS08090b.bin (UFI)
        SW: Version 08.0.90bT211
      Compressed Primary Boot Code size = 786944, Version:10.1.15T225 (mnz10115)
       Compiled on Thu Jan 31 09:08:55 2019

  HW: Stackable ICX7150-C12-POE

Photo of eric brement

eric brement

  • 2 Posts
  • 1 Reply Like
Hi ,
have ICX valid licence on SZ ? In 5.0 version ICX licence it is not mandatory
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
my license is still valid

CAPACITY-SWITCH-BUNDLED
Ruckus-Cluster-1
 
Permanent
1
Default Switch Capacity License for vSZ



Photo of Simon

Simon, Employee

  • 44 Posts
  • 17 Reply Likes
Try removing the switch registrar configuration, it's not needed and may be causing an issue. command is; no sz registrar 

And I assume that you can ping the SZ from the switch. 
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
removed it still no response,
the SZ is reachable

when i run the "show sz logs"

{"serial_number":"XXXXXXXX", "ipaddress":"10.31.3.210", "macaddress":"XXXXXXXXX", "switch/stack/spx":"stack", "numOfUnits":2, "firmware_version":"SPS08090b.bin", "switch_model":"ICX7150-C12P"}
==============

Jul 11 18:06:29:https_connmgr_send_request>Entered.
Jul 11 18:06:29:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, TIMER/2002 RC: 1
Jul 11 18:06:29:sz_execute_state_machine>Entering with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007
Jul 11 18:06:29:sz_parse_sz_query_response -- Status: 600 <<
Jul 11 18:06:29:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007 RC: 1
Jul 11 18:06:29:HTTP Request Error:Http remote connection close called.
End i/max/iter 436/436/0


Photo of Simon

Simon, Employee

  • 44 Posts
  • 17 Reply Likes
Looking at this it appears that your compact switch is stacked;

{"serial_number":"XXXXXXXX", "ipaddress":"10.31.3.210", "macaddress":"XXXXXXXXX", "switch/stack/spx":"stack", "numOfUnits":2, "firmware_version":"SPS08090b.bin", "switch_model":"ICX7150-C12P"}


As your SZ only has a license for one switch then this is a problem, for your config you will need two switch licenses on the SZ.
Photo of Hashim Bharoocha

Hashim Bharoocha, Employee

  • 50 Posts
  • 30 Reply Likes
Hey Tomer,

Please get outputs of:
"show tech"
"show ntp status."
"dm verify-device-certs"
"show License"

Thanks
Hashim
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
Hi,
[email protected]#show license
Unit  License Name    L3 Premium Port Speed Upgrade   Speed    Ports    MACsec
1     2X10GR          Yes        Yes                  10G      2        NA


[email protected]#dm verify-device-certs
Commencing sanity check for device certs ...
Verifying TPM files ...
Successfully verified
The device key pair is valid
The Encrypt/Decrypt test is successful
Successfully verified device certs

[email protected]#show ntp status
 Clock is unsynchronized, no reference clock
 NTP server mode is disabled, NTP client mode is disabled
 NTP master mode is disabled, NTP master stratum is 8
 NTP is not in panic mode


and the tech support is has very long output but this seems relevant - 
Jan  1 20:38:20:I:System: SSL server 10.31.3.8:443 is disconnected
Jan  1 20:38:05:I:SZAgent: Failed to connect to management device at 10.31.3.8 Error: HTTPS Connection Error

thanks.
Photo of Jijo Panangat

Jijo Panangat, Employee

  • 27 Posts
  • 9 Reply Likes
Please configure ntp, you may use public servers if you dont have one in-house.
Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
With reference to my last comment; what does the show stack output look like?
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes

[email protected]#show stack
T=4d18h28m19.4: alone: standalone, D: dynamic cfg, S: static
ID   Type          Role    Mac Address    Pri State   Comment
1  S ICX7150-C12P  alone   c0c5.2091.5df1   0 local   None:0
2  S ICX7150-48P   member  0000.0000.0000   0 reserve


     +---+
  3/1| 1 |3/2
     +---+
Current stack management MAC is d4c1.9e9a.f0f4

Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
You need to remove the stack configuration from the 7150-C12P with the stack unconfigure command 

Your SZ only has a single switch license and your 7150 is identifying itself as a two switch stack so the SZ will not let it join as there is not sufficient license capacity.  Alternatively add switch management licenses to the SZ. 

Your show stack output needs to look like this;

***** Warning! stack is not enabled. *****

T=50m46.8: alone: standalone, D: dynamic cfg, S: static
ID   Type          Role    Mac Address    Pri State   Comment
1  S ICX7150-C12P alone   d4c1.9e29.0d09   0 local   None:0


     +---+
  3/1| 1 |3/2
     +---+
Current stack management MAC is d4c1.9e29.0d09


Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes
done,

[email protected]#show stack

***** Warning! stack is not enabled. *****

T=4d19h25m58.2: alone: standalone, D: dynamic cfg, S: static
ID   Type          Role    Mac Address    Pri State   Comment
1  S ICX7150-C12P  alone   c0c5.2091.5df1   0 local   None:0
2  S ICX7150-48P   member  0000.0000.0000   0 reserve


     +---+
  3/1| 1 |3/2
     +---+
Current stack management MAC is d4c1.9e9a.f0f4


still not connecting 
Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
What does the show sz logs look like now?
Photo of tomer iyar

tomer iyar

  • 15 Posts
  • 0 Reply Likes

Build String: size 205
============
{"serial_number":"FEK3210Q06M", "ipaddress":"10.31.3.210", "macaddress":"d4:c1:9e:9a:f0:f4", "switch/stack/spx":"switch", "numOfUnits":2, "firmware_version":"SPS08090b.bin", "switch_model":"ICX7150-C12P"}
==============

Jul 15 15:31:27:https_connmgr_send_request>Entered.
Jul 15 15:31:27:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, TIMER/2002 RC: 1
Jul 15 15:31:27:sz_execute_state_machine>Entering with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007
Jul 15 15:31:27:sz_parse_sz_query_response -- Status: 600 <<
Jul 15 15:31:27:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007 RC: 1
Jul 15 15:31:27:HTTP Request Error:Http remote connection close called.
End i/max/iter 438/438/0

Photo of Simon

Simon, Employee

  • 53 Posts
  • 17 Reply Likes
The switch is still declaring itself as two units;

{"serial_number":"FEK3210Q06M", "ipaddress":"10.31.3.210", "macaddress":"d4:c1:9e:9a:f0:f4", "switch/stack/spx":"switch", "numOfUnits":2, "firmware_version":"SPS08090b.bin", "switch_model":"ICX7150-C12P"}

The second switch needs to be removed from the config.

It might be worth resetting the C12P to factory default and starting again, whichever is easiest for you.



Photo of Hashim Bharoocha

Hashim Bharoocha, Employee

  • 50 Posts
  • 30 Reply Likes
hey Tomer,
So one thing is issue with NTP,  We need NTP for the certificates not work.

What about:
"dm verify-device-certs"
"show License"

Thanks
Hashim