We recently moved our cnMaestro to a new server. We have our SMs in bridge mode and are trying to connect them to cnMaestro. With our previous server, we were able to connect everything with just our Cambium ID and onboarding ID. I didn't set up the firewall or anything having to do with connecting to that server though. All the documentation I have read says that I need to open up port 443, but since the SMs don't have their own IP addresses, I don't know what the source address would be. Can anyone help?
With on-premises you only need to use the IP of the server. If you went between on-premises, maybe you used to have Cambium ID based auth set before. If nothing except the server has changed, I can't think of anything else.
Both of them were on-premises. So that is what is confusing to me. We were used to putting in the IP on the other one already. Our APs all connected fine and our routers can connect just fine, but not the SMs.
The APs connect, but no SMs. I'll have to think about that.
Again, no changes other than one server for another? Same IP? If the IP changed, Ithink the SM has to be rebooted in order to get the new info from the AP.
"We were used to putting in the IP on the other one already."
Where were you putting the IP - not sure I understand.
Not one the AP/SM side. The cnMaestro was a fresh install and a newer version. These are the device error logs I get. Is there an IP that the SMs are using that I don't know about? Maybe something to do with the LUID?
Wait, you are putting the IP on the SM? Clear the IP from the SM and Reboot. The SM will go to the AP and get the IP. If the AP is already connected, the SM should likewise connect.
We recently moved our cnMaestro to a new server. We have our SMs in bridge mode and are trying to connect them to cnMaestro. With our previous server, we were able to connect everything with just our Cambium ID and onboarding ID. I didn't set up the firewall or anything having to do with connecting to that server though. All the documentation I have read says that I need to open up port 443, but since the SMs don't have their own IP addresses, I don't know what the source address would be. Can anyone help?
Back to the beggining!
Go back to the post about onboardind auth on the server.
You really should just call tech support - I'm drawing a blank and probably leading you astray.
Yeah, I was on the phone with them for 2 hours. They were just looking around the SM, but never really could get anything done. They said I needed to open port 443, but could never tell me which IPs I was supposed to open it to. I'm using a Mikrotik as my network router, but I'm not sure what entry to make. I'm wondering if it may have to do with the LAN2 on the AP is done. It looks like for one of the APs I am trying to configure the LAN2 IP is 10.101.6.1 and the first IP of the SM (which you can't actually find anywhere on the SM) is 10.101.6.2.....so maybe I have to open port 443 for 10.101.6.0/24. I don't know though.
You said the APs were connected, is that still the case? Did you try pinging the 10. IP from the SM? What was the result? If the AP is connected, don't worry about ports. Also did you clear all cnMaestro info from the SM and reboot?
Are your customers passing traffic and cnMaestro management the only problem?
I'm willing to help, but I need to know all the changes you made. first thing I really need to know is wheter or not you have a cnMaestro connected AP. PM me if you want.
The server was at another site in Chicago somewhere and we cancelled that one so we could have it on a local server. The version of cnMaestro we have now is a VM and is a fresh out of the box install. Nothing special was done to it.
All the APs are connected to the cnMaestro. I’ve pinged the cnMaestro from the SMs and that works. When I clear the cnMaestro info from them and reboot, they pull the cnMaestro IP from the AP but still give the same errors from the picture I already posted.
All of our customers are passing traffic just fine. I can access all of the SMs through the AP just fine too. Connecting to cnMaestro is the only problem.
We aren’t using IP filtering either. I feel like we have a pretty basic setup. One thing is that we have NAT disabled and so it looks like the SMs IP addresses are derivatives of the LAN2 address in the APs. Thanks for your help and contributing brain power to this.
The server was at another site in Chicago somewhere and we cancelled that one so we could have it on a local server. The version of cnMaestro we have now is a VM and is a fresh out of the box install. Nothing special was done to it.
All the APs are connected to the cnMaestro. I’ve pinged the cnMaestro from the SMs and that works. When I clear the cnMaestro info from them and reboot, they pull the cnMaestro IP from the AP but still give the same errors from the picture I already posted.
All of our customers are passing traffic just fine. I can access all of the SMs through the AP just fine too. Connecting to cnMaestro is the only problem.
We aren’t using IP filtering either. I feel like we have a pretty basic setup. One thing is that we have NAT disabled and so it looks like the SMs IP addresses are derivatives of the LAN2 address in the APs. Thanks for your help and contributing brain power to this.
Don't understand. If they are all private IPs, post the AP & SM IP pages.
Yeah, the IP scheme hasn't changed at all. I believe with the NAT off, it would be creating a management IP off of the LAN2 address set in the AP and I'm pretty sure because I can access the SM through the LAN2 + the LUID as the last octet (ex. 10.101.3.32). I just figured out the LAN2 part yesterday.
