I'm quite new to configuring Ruckus products and new to configuring a smartzone in general and I'm having a little trouble getting my 7150 ICX switch to register to our SZ100.
The switch I'm using has two lag ports and has multiple vlans. Our sz100 is in a separate vlan from the virtual interface (maybe that has something to do with it), so if anybody can see what's wrong, please let me know.
Here is my config so far: ! ver 08.0.91T213 ! stack unit 1 module 1 icx7150-24p-poe-port-management-module module 2 icx7150-2-copper-port-2g-module module 3 icx7150-4-sfp-plus-port-40g-module stack-port 1/3/1 stack-port 1/3/3 ! ! global-stp ! lag NOC-UPLINK dynamic id 2 ports ethe 1/1/23 to 1/1/24 ! ! ! vlan 1 name DEFAULT-VLAN by port spanning-tree ! vlan 15 name NOC-Servers by port tagged lag 2 untagged ethe 1/1/1 spanning-tree ! vlan 100 name Office-Net-MGMT by port tagged lag 2 router-interface ve 2 spanning-tree ! vlan 200 name Office-Net-DATA by port tagged lag 2 untagged ethe 1/1/2 ethe 1/1/10 to 1/1/12 spanning-tree ! vlan 300 name Office-Net-Voice by port tagged lag 2 untagged ethe 1/1/3 to 1/1/9 spanning-tree ! ! ! ! ! ! ! ! ! ! ! ! ! aaa authentication web-server default local aaa authentication login default local console timeout 5 enable aaa console enable user disable-on-login-failure 10 enable user password-masking hostname NOC-ICX7150-24p ip dhcp-client disable ip route 0.0.0.0/0 10.1.10.1 ! username super password ..... username pngadmin password ..... username netmgmt password ..... username velofiadmin password ..... ! cdp run fdp run ! ! ! ! ntp source-interface ve 2 server 10.1.10.1 ! ! no web-management http ! ! sz registrar sz active-list 10.1.12.11 ! ! ! ! ! ! ! ! ! interface ethernet 1/3/1 speed-duplex 1000-full ! interface ethernet 1/3/2 speed-duplex 1000-full ! interface ethernet 1/3/3 speed-duplex 1000-full ! interface ethernet 1/3/4 speed-duplex 1000-full ! interface ve 2 ip address 10.1.10.3 255.255.254.0 ! ! ! ! ! ! ! ! ! ! ! ! end
Here is an SZ log:
NOC-ICX7150-24p(config)#sh sz logs Start i/max/iter 270/512/2 Oct 24 09:03:05:https_connmgr_send_request>Entered. Oct 24 09:03:05:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, TIMER/2002 RC: 1 Oct 24 09:03:20:sz_execute_state_machine>Entering with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007 Oct 24 09:03:20:sz_parse_sz_query_response -- Status: 600 << Oct 24 09:03:20:sz_execute_state_machine>Exit with state/event: SZ QUERY/5, SZ QUERY RESPONSE/2007 RC: 1 Oct 24 09:03:20:HTTP Request Error:Http remote connection close called. Oct 24 09:08:20:sz_execute_state_machine>Entering with state/event: SZ QUERY/5, TIMER/2002 Oct 24 09:08:20:
And according to the sz status, there is no connection and all attempts have failed.
If you need any other information, please let me know.
I see you have the sz active-list server-ip in config
run this command... from the switch CLI dm verify-device-certs
you should see one of two responses
1 -> Good Commencing sanity check for device certs ... Verifying TPM (or non-TPM) Platform ... Successfully verified The device key pair is valid The Encrypt/Decrypt test is successful Successfully verified device certs
2-> Bad Commencing sanity check for device certs ... Verifying TPM (or non-TPM) Platform ... Successfully verified Error: Failed to rad PEM PrivateKey, key file might be corrupted..!! Error: The device key pair is not valid..!!
If 1) you should be able to join SZ ( may need non-tpm-switch-cert-validate ) executed on the switch.
If 2) the device key is corrupt and will need to be restored. run the following two commands: config terminal (config)# crypto device-key-zeroize (config)# crypto device-cert-zeroize