ZD1100 remote AP's upgrade problem

  • 1
  • Question
  • Updated 3 years ago
We have ZD1100 managing 8 AP's, few are connected on the same LAN as the ZD, and the others are on remote site and reach the ZD via IPSec VPN.

I upgraded the ZD from 9.5.1 to 9.7.1, it seemed to work well and the directly connected AP's upgraded fine to 9.7.1. The problem is that all remote AP's got stuck in the state: "Upgrading firmware" and did not pass this stage (they were still reachable but did not connect any clients).

I did a rollback of ZD to 9.5.1 and all AP's were back online.

The remote AP's has full access to the ZD over the VPN and normally act with no problem. Any idea why the firmware upgrade of remote AP's might fail? Anyone with a similar setup?

Thanks
Photo of Yuval Ben Ari

Yuval Ben Ari

  • 5 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 760 Posts
  • 163 Reply Likes
Hello Yuval Ben Ari,

this sounds like a possible MTU issue. Take a look at a different post for something related to MTU.

https://forums.ruckuswireless.com/ruc...

how to do it, see the screenshot -- http://prntscr.com/3mg4jc

ZD GUI - configure - AP - AP policies - Tunnel mode.

I hope this helps.
Photo of Yuval Ben Ari

Yuval Ben Ari

  • 5 Posts
  • 0 Reply Likes
Thanks
The support person I talked with try to change that to 1200 with no help, but maybe it needs a reboot of AP's to apply?
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 760 Posts
  • 163 Reply Likes
Hello Yuval Ben Ari,

Could you please post here the log messages on ZD GUI for those remote AP's?

I have couple of suggestions to ponder up:

if number of remote AP's impacted are just few and you don't want the trouble of finding out what's causing it then just upgrade those AP's as standalone to same new version as ZD and then connect them to ZD.

check the router/firewall at the remote site at the time of upgrade to see if any fragmentation or error happening which is causing this trouble. this shall give some hint.

few questions:

did you miss any intermediate firmware version between 9.5.1 to 9.7.1?
which router/switch you have between?

I hope this helps.
Photo of Yuval Ben Ari

Yuval Ben Ari

  • 5 Posts
  • 0 Reply Likes
Hi,
I'm afraid I can't find the logs anymore, it might have been cleared.

All remote AP's were impacted (those not in the same LAN as the ZD). Upgrading as standalone is not a good option for me as those are remote sites.

I planned to check the firewall next time I try it but it should not be causing any problem. It is a Juniper SRX and the VPN is used for various traffic with no problem. Also tcp-mss is configured to lower MSS so I don't see a reason for MTU problem to arise but it's still possible.

I did the upgrade directly from 9.5.1 to 9.7.1 which should have been supported according to the release notes.

The support recommended I go through 9.6 so I will try it.
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 760 Posts
  • 163 Reply Likes
Hello Yuval,

Thanks for your feedback. Keep us posted as it would interesting to see what causes it.

Best of luck
Photo of Yuval Ben Ari

Yuval Ben Ari

  • 5 Posts
  • 0 Reply Likes
Just an update:
I did the following which resolved the issue:
1. Set "Tunnel MTU" option to 1400
2. Reboot remote AP's
3. Upgrade ZD to 9.6.2.0.13

After the ZD came up, all AP's were upgraded successfully.
I am not sure what solved the problem but I have a feeling that it's the change of firmware to 9.6.2, there might be some issue with 9.7.1
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 760 Posts
  • 163 Reply Likes
Thanks for the update. Yes, i also agree something may have changed. Reading the release notes for 9.7.1 at PDF page 6

https://support.ruckuswireless.com/do...

There is a mention of "5.1.5 - Resolved an issue with APs being unable to join ZoneDirector due to the default MTU size set on Zone Director running on version 9.6 . (ID ER-929)"

this is my guesswork, you may not have seen this issue in 9.6 however there was something related in 9.6 which got fixed in 9.7.1 however now you may be seeing the manifestation of incorrect fix. again this is my guess nothing for sure.
Photo of Yuval Ben Ari

Yuval Ben Ari

  • 5 Posts
  • 0 Reply Likes
It's very well possible, but I guess I will leave it be with 9.6.2 for now as it is also the recommended release. As the saying "It works, don't touch it" :)