vSZ - command "set scg ip" not allowed in AP script

  • 1
  • Question
  • Updated 2 months ago
  • Answered
  • (Edited)
Hi all,
we need to change IP address of our vSZ-H, which is hosted on our own public cloud infrastructure.

Though we are pretty confident that we did it well in the past, declaring FQDN instead of IP address in "set scg ip" command, we want to make sure that all of our APs are correctly configured before going live with new IP address.

APs are distributed over many customers, thus DHCP 43 is not an option.

We would like to push an AP script command, as suggested in the following KB article: https://support.ruckuswireless.com/articles/000004979

Also, as per this article, "any AP CLI command will be accepted" into the AP script.

However, when we upload the script, we get the following error: "command[set scg ip] is not allowed in AP CLI Script file."

Script is very simple, as following:
#define AP FW version
fw_version=5.1.0.0.595 #define Model class model=all # Command set scg ip FQDN
Any clue on how to upgrade scg ip remotely (with no easy SSH access)?
Photo of Marco

Marco

  • 4 Posts
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Martin

Martin, Official Rep

  • 307 Posts
  • 78 Reply Likes
Hi Marco,

As far as I know that has not been changed.
Please raise a case via the support portal to have a support engineer look at it.

Regards
Martin

Photo of Tony Heung

Tony Heung, Official Rep

  • 11 Posts
  • 3 Reply Likes
Starting from SZ OS 5.1.0.0.268, the following commands are excluded in the AP CLI Script feature in order to protect the integrity and stability of the system.

AP CLI Command Blacklist
  • reboot
  • set factory
  • set scg reset
  • set scg init
  • set scg ip
  • set scg disable/enable
  • set hub disable/enable
  • set interface
  • set password
  • set login
As Martin suggested above, please contact support desk who can advise you the best way moving forward.

--tony
Photo of Brian Powers

Brian Powers

  • 4 Posts
  • 1 Reply Like
Marco,

While not pretty, you could in theory do this from the CLI of the SZ.  Something like the following should work.

remote ap-cli <MAC> "set scg ip IP/FQDN"
remote ap-cli <MAC> "set scg ip IP/FQDN"

There's a bit of a delay between inputting one command and a return of "OK", so using something like AutoHotkey to add your own delay in automating this could help you accomplish what you're trying to do.

Likewise you could change the set to get and verify they are all configured as you desire.  The delay between the response(s) will be the pain point I imagine.

Photo of Marco

Marco

  • 4 Posts
  • 0 Reply Likes
Hi Brian,
unfortunately the remote "set scg ip" option won't work in my scenario.
AP gets the new vsz address, but always shows "SSH tunnel connected to ..." the old address. 

I have tested with a local AP and the only way to force it joining the "new" vsz ip is to provide a scg init command, and after that provide the set scg ip command. 
Unfortunately I see no way to do that remotely, as after "scg init" command the SSH tunnel gets lost, and I can't reach AP anymore through remote ap-cli to provide next command.

Am I missing something?
Photo of Brian Powers

Brian Powers

  • 12 Posts
  • 7 Reply Likes
Bummer.  You could try a few different commands to see the end result.  I'll try a few routes as time permits myself as we may run into your pickle at some point down the road ourselves.

set scg reset says that it changes the state to unmanaged.  Might can try that after setting the new IP/FQDN
set scg resetfull says "similar to init but AP doesn't go for reboot" 

Not sure if any would do what you're trying to do, but I use set scg reset more than I've used set scg init in the past when I wanted to restart an APs SSH tunnel process.




Photo of Marco

Marco

  • 4 Posts
  • 0 Reply Likes
I probably tried all possible combination to no avail.
I managed to SSH to one AP and what I found out looks somewhat strange:
set scg disable
set scg ip del
set scg reset
At this point, SSH tunnel went down.
set scg resetfull
set scg ip new.vsz.fqdn
set scg enable
At this point, AP immediately brings up SSH tunnel WITH OLD IP ADDRESS, despite there's no trace left of it on the get scg config output. :-(
It probably goes away after reboot, but I didn't want to give any service outage so I haven't tried that.

So the trick was to block SSH and HTTPS access to old controller IP address before entering previous commands. This way it looks good, joining new controller address.


I will look into this further, since in a few days I have to perform vSZ final migration to the new IP address, and don't want to make more mistakes.
Photo of Marco

Marco

  • 4 Posts
  • 0 Reply Likes
Thank you guys for your hints. Since we're talking about only 10 to 20 APs with scg configured as IP address instead of FQDN, I think we'll proceed manually with remote-ap-cli (if it works).

To avoid having the same problem in the future, we would like to put FQDN also in ICX switches configurarion. However, it seems to accept IP addresses only. Do you know if this is going to change on future fw releases?