FW 2.3.1 WEB access

After AP upgrade ( 2.3 -> 2.3.1 ) is AP accesible only on the same subnet ... tested on GPS and nonGPS AP

Hi Pavel,

There appears to be an issue with this.  We are looking into this.

Dan

Same problem with the sm's to. Cant access them from antoher subnet, works fine from same subnet.

Hello,

We have a fix to the problem.  It went through initial testing yesterday and will finalize now.  Assuming that everything is ok, a new 2.3.3 release will be posted soon to resolve the issue.


Dan

I have my AP + 2 SM's behind a router. On the 2.3 release all was fine. Upgrading all units to 2.3.1 and I am not able to even ping my AP nor access the gui. No issues with the STA's, they respond to ping and I can reach the gui.

Running a ping to the AP behind the router and doing cold reboot of the AP:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 10.0.0.50: bytes=32 time=999ms TTL=63
Reply from 10.0.0.50: bytes=32 time<1ms TTL=63
Reply from 10.0.0.50: bytes=32 time=8ms TTL=63
Reply from 10.0.0.50: bytes=32 time<1ms TTL=63
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

So, the AP respond shortly, then it becomes unreachable. From the same subnet no problem.

Waiting for your fix. Thx.

I am a little bit scared about every new version as it introduces new bugs or the ones which were fixed before.

Willi,

We posted an alert in the download section highlighting an open issue with 2.3.1. Unfortunately, the issue is around AP UI access from a different subnet than what the AP is in. If you have run into this issue, please try to put a PC on the same subnet and downgrade the APs if you network configuration does not allow you to operate.

We have a new release coming up in the next 24 ~36 hours that will address this.

We are going to be extra cautious from here on to make sure we are managing open defects and not introducing new ones.

Sakid

1 Like

I'm able to access the AP via 169.254.1.1 via ssh.  Is there any ssh command I can use to flip the inactive bank to the active bank?  So I don't have to spend 1500 for a tower climber?

Hi Christopher,

I just replied in the other thread that there is not a way to switch to the other bank using ssh via 169.254.1.1.

If you can get ssh access via 169.254.1.1, then you should also be able to update the device via the GUI with a new load of software using 169.254.1.1.

We will be coming out with 2.3.3 later today or you could install 2.3 if you desire.

Dan

This isn't always true.  I can access the SSH interface from a router (local).  In this example, 2.3.1 can't be reached outside of the local network.  Can we update from SSH?

Hi Josh, 

It is not possible to upgrade through ssh. Currently, upgrade is supported using GUI, SNMP, CNS or CNUT. 

Thanks,

Sriram

I had one AP that someone else pushed 2.3.1 onto.  I was able to reach the webUI by NATting at its gateway router.  (access from pub IP, routed to 10.14.12.4 private, MASQUERADE on 10.14.12.1 gateway)  Seems simply a matter of default route not being set up correctly in 2.3.1 firmware, but it can reach IPs within its local subnet so inbound sourceNAT does the trick.

j

1 Like

is there any possibility of access via SM ?

my ap conf is 172.16.12.5/24 gw 172.16.12.1.

i've already tried to connect with an SM and set in bridge mode with ip 172.16.12.1 and pc underlan 172.16.12.1 but i'm not allowed to access in the webgui, i can just ping the ap.


Depends on the setting of ‚ÄúAP Management Access Interface‚ÄĚ (LAN Only/LAN and WLAN) on the network tab in AP network config settings.


@newkirk wrote:

Depends on the setting of "AP Management Access Interface" (LAN Only/LAN and WLAN) on the network tab in AP network config settings.

no i haven't set this.

anyway.. i have a router mikrotik with gw 172.16.12.1 and ap 172.16.12.5 and also with port forwarding etc i can't access this AP.

Have you set a SNAT rule on the mikrotik? NAT postrouting rule matching dest ip 172.16.12.5 and target MASQUERADE, or target SNAT 172.16.12.1?

Also, I think the LAN vs LAN+WLAN defaults to LAN only.

j

chain=dstnat action=dst-nat to-addresses=172.16.12.5 to-ports=80 protocol=tcp in-interface=ether2 dst-port=80

i have try with this rule.. u have better then this?

try something like this (I usually use UI so syntax could be wrong):

chain=srcnat action=masquerade dst-address=172.16.12.5

the src IP of any packets going to 172.16.12.5 will be NATted to appear to come from the Mikrotik's IP within that same subnet.

j

this isn't correct