cancel
Showing results for 
Search instead for 
Did you mean: 

AP T610 could not join vSZ-E

tien_phan_anotw
Contributor
Hello,

Firstly, I show my network
vSZ: 172.17.10.69
AP T610: 10.0.8.6
I already routed between both of them.

From AP T610, I can ping to vSZ
rkscli: ping 172.17.10.69
PING 172.17.10.69 (172.17.10.69): 56 data bytes
64 bytes from 172.17.10.69: seq=0 ttl=61 time=1.124 ms
Also port 443/ 22 is allowed to vSZ server. 

BUT, AP T610 could not join to vSZ. Here are what I did
Step 1 - Declare vSZ
rkscli: set scg ip 172.17.10.69
OK

Step 2 - Get vSZ information
rkscli: get scg
------ SCG Information ------
SCG Service is enabled.
AP is not managed by SCG.
State: DISC_REQ_STATE
Server List: 172.17.10.69
No SSH tunnel exists
Failover List: Not found
Failover Max Retry: 2
DHCP Opt43 Code: 6
Server List from DHCP (Opt43/Opt52): Not found
SCG default URL: RuckusController
SCG config|heartbeat intervals: 30|30
SCG gwloss|serverloss timeouts: 1800|7200
Controller Cert Validation : disable
-----------------------------
OK

As you see, AP is not managed bu SCG. Although, it found vSZ's IP.

Step 3 - There are no firewall rule. Also I wanted to make sure that
rkscli: fw show
current primary boot image is Image1
--------------------------------------------------------------
Auto F/W upgrade                          = disabled
Running on image                          = Image1
FW Control Control File                   = t610_9991_cntrl.rcks
Control File Server                       = fwupdate1.ruckuswireless.com
Protocol                                  = FTP
Port                                      = auto
User                                      = "26eb952b4d9e33f0668ec7272770b6a51b8b1f9ac0c01281334770053285fc8a"
Password                                  = "2aa0d714f56370e0b184341a69ab8304cc241f8da7f01306dfc29fff24739e99"
Boot Flags (Main,Backup,Factory,Reset)    = M. ..  [MB FR]
--------------------------------------------------------------
OK


Step 4 - Get syslog
Aug 23 05:52:59 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:01 RuckusAP local1.info sessionMgr[525]: build_and_send_scg_init_req:199  Enter
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: Failed to route the message
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: RCSL_MSG_HDR :  [Total Len = 57] [MsgType=RCSL_PUBLISH_MSG, srcMod=ap_sessmgr, dstMod=scg_sessmgr, dstHost=scg_host, Flags=1, UserKey=0xb6198900000000d4, dstMac=0x0, srcMac=0x0, topic=0x0]
Aug 23 05:53:01 RuckusAP user.err MsgDist[519]: Route_Msg Failed
Aug 23 05:53:01 RuckusAP local1.err sessionMgr[525]: sm_init_notify_cb:185 Error: MD failed to deliver message
Aug 23 05:53:02 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:02 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:02 RuckusAP authpriv.info dropbear[31356]: Child connection from 10.0.8.4:54408
Aug 23 05:53:03 RuckusAP authpriv.notice dropbear[31356]: Deferring to RKS shell to authenticate password.
Aug 23 05:53:03 RuckusAP authpriv.err dropbear[31356]: chown(/dev/ttyp0, 0, 5) failed: Read-only file system
Aug 23 05:53:03 RuckusAP authpriv.err dropbear[31356]: chmod(/dev/ttyp0, 0620) failed: Read-only file system
Aug 23 05:53:04 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:05 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:06 RuckusAP daemon.info hub_registrar: OCSP: 'Good' via ocsp-check - querying registrar @ ap-registrar.ruckuswireless.com
Aug 23 05:53:07 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:07 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:07 RuckusAP user.crit syslog: @@99018, sshInitiation, "apMac"="18:4B:0D:27:F2:10", "reason"="SSH Login successful with IP 10.0.8.4 username super"
Aug 23 05:53:07 RuckusAP user.notice hub_registrar: query result - ''
Aug 23 05:53:07 RuckusAP daemon.info channel-wifi1: channel 165 now UNBLOCKED
Aug 23 05:53:07 RuckusAP daemon.err channel-wifi1: unable to set wlan62 channel to 165
Aug 23 05:53:08 RuckusAP local1.notice rfmd[1062]: mshnger_open: connect failed -1 2
Aug 23 05:53:08 RuckusAP user.err syslog: Failed to get SCG IP
Aug 23 05:53:09 RuckusAP daemon.err gapd: Fail to get pool stats
Aug 23 05:53:09 RuckusAP daemon.info gapd: selecting.....
Aug 23 05:53:09 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:11 RuckusAP local1.info sessionMgr[525]: build_and_send_scg_init_req:199  Enter
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: Failed to route the message
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: RCSL_MSG_HDR :  [Total Len = 57] [MsgType=RCSL_PUBLISH_MSG, srcMod=ap_sessmgr, dstMod=scg_sessmgr, dstHost=scg_host, Flags=1, UserKey=0xb6198900000000d5, dstMac=0x0, srcMac=0x0, topic=0x0]
Aug 23 05:53:11 RuckusAP user.err MsgDist[519]: Route_Msg Failed
Aug 23 05:53:11 RuckusAP local1.err sessionMgr[525]: sm_init_notify_cb:185 Error: MD failed to deliver message
Aug 23 05:53:11 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:11 RuckusAP daemon.notice meshd[705]: Err 1 Failed to start scan
Aug 23 05:53:11 RuckusAP kern.warn kernel: [ 2212.025941] rks_start: Chan 112 aborting scan - blocked by Radar
Aug 23 05:53:12 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:12 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:14 RuckusAP daemon.err collectd[820]: Unable to access rsm for retrieving server address
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNS_RegisterInterface: Error! Tried to register a NetworkInterfaceInfo 169.254.17.13 with invalid mask 0.0.0.0
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNS_RegisterInterface: Error! Tried to register a NetworkInterfaceInfo 169.254.17.12 with invalid mask 0.0.0.0
Aug 23 05:53:15 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:0000:00FB on interface FE80:0000:0000:0000:0000:184B:0D27:F211/br8/35
Aug 23 05:53:16 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:0000:00FB on interface FE80:0000:0000:0000:0000:184B:0D27:F211/br8/35
Aug 23 05:53:17 RuckusAP user.err MsgDist[519]: MD try connection towards SCG-MD
Aug 23 05:53:17 RuckusAP user.err MsgDist[519]: RCSL_Connect to 127.0.0.1 failed
Aug 23 05:53:17 RuckusAP daemon.err cubic[776]: do_curl:1131 curl_easy_perform failed:[35][SSL connect error].
Aug 23 05:53:18 RuckusAP user.err syslog: Failed to get SCG IP
Aug 23 05:53:19 RuckusAP daemon.err mDNSClientPosix: mDNSPlatformSendUDP got error 99 (Cannot assign requested address) sending packet to FF02:0000:0000:0000:0000:0000:00


Conclusion
There are some error in syslog, and I am trying to find why. The network is straightforward as I see. Also AP can reach vSZ. 

Do you have any idea to solve this case? I am appreciated for your help.
Thank you so much!

Regards,
-T
8 REPLIES 8

tien_phan_anotw
Contributor
Let's me provide more information:
vSZ is using version 5.1.1.0.598
AP is using version 5.1.1.0.624

tien_phan_anotw
Contributor
Based on the syslog, it seems like an issue with firewall. I am trying to explore this. 

Anusha_Vemula
Community Manager
Community Manager
Hi Tien,

The above log messages indicate that the AP is unable to form an SSH tunnel with the controller. Since the AP and SZ are on different subnets, please check if there is any firewall in between which is blocking port 22.

AP shows the SZ IP address in the server list as you configured it manually through 'set scg' command.

- Anusha



tien_phan_anotw
Contributor
Thank Anusha! 
I see there are no firewall at all. I already create the routing between vSZ-E and AP. Also AP doesn't include telnet tool for testing remote port? I only can ping from AP to vSZ-E. 

From my computer, port 22 of vSZ-E is allowed. 
MacBook-Pro:~ tien$ telnet 172.17.10.69 22
Trying 172.17.10.69...
Connected to ip-172-17-10-69.ap-southeast-1.compute.internal.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

-T