FW 2.3.1 WEB access

Pavel_Barton · December 2, 2014, 7:55am

After AP upgrade ( 2.3 -> 2.3.1 ) is AP accesible only on the same subnet ... tested on GPS and nonGPS AP

Daniel_Sullivan · December 2, 2014, 8:12am

Hi Pavel,

There appears to be an issue with this. We are looking into this.

Dan

Nordkontakt · December 2, 2014, 10:23am

Same problem with the sm's to. Cant access them from antoher subnet, works fine from same subnet.

Daniel_Sullivan · December 3, 2014, 8:21am

Hello,

We have a fix to the problem. It went through initial testing yesterday and will finalize now. Assuming that everything is ok, a new 2.3.3 release will be posted soon to resolve the issue.

Dan

Willi_Gruber · December 9, 2014, 10:12am

I have my AP + 2 SM's behind a router. On the 2.3 release all was fine. Upgrading all units to 2.3.1 and I am not able to even ping my AP nor access the gui. No issues with the STA's, they respond to ping and I can reach the gui.

Running a ping to the AP behind the router and doing cold reboot of the AP:

Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 192.168.101.103: Destination host unreachable.
Reply from 10.0.0.50: bytes=32 time=999ms TTL=63
Reply from 10.0.0.50: bytes=32 time<1ms TTL=63
Reply from 10.0.0.50: bytes=32 time=8ms TTL=63
Reply from 10.0.0.50: bytes=32 time<1ms TTL=63
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

So, the AP respond shortly, then it becomes unreachable. From the same subnet no problem.

Waiting for your fix. Thx.

I am a little bit scared about every new version as it introduces new bugs or the ones which were fixed before.

Sakid_Ahmed · December 9, 2014, 2:13pm

Willi,

We posted an alert in the download section highlighting an open issue with 2.3.1. Unfortunately, the issue is around AP UI access from a different subnet than what the AP is in. If you have run into this issue, please try to put a PC on the same subnet and downgrade the APs if you network configuration does not allow you to operate.

We have a new release coming up in the next 24 ~36 hours that will address this.

We are going to be extra cautious from here on to make sure we are managing open defects and not introducing new ones.

Sakid

Christopher_Wolff · December 10, 2014, 10:54am

I'm able to access the AP via 169.254.1.1 via ssh. Is there any ssh command I can use to flip the inactive bank to the active bank? So I don't have to spend 1500 for a tower climber?

Daniel_Sullivan · December 10, 2014, 7:45pm

Hi Christopher,

I just replied in the other thread that there is not a way to switch to the other bank using ssh via 169.254.1.1.

If you can get ssh access via 169.254.1.1, then you should also be able to update the device via the GUI with a new load of software using 169.254.1.1.

We will be coming out with 2.3.3 later today or you could install 2.3 if you desire.

Dan

jluthman · December 16, 2014, 6:28pm

This isn't always true. I can access the SSH interface from a router (local). In this example, 2.3.1 can't be reached outside of the local network. Can we update from SSH?

Cambium_Sri · December 16, 2014, 9:08pm

Hi Josh,

It is not possible to upgrade through ssh. Currently, upgrade is supported using GUI, SNMP, CNS or CNUT.

Thanks,

Sriram

newkirk · December 16, 2014, 9:14pm

I had one AP that someone else pushed 2.3.1 onto. I was able to reach the webUI by NATting at its gateway router. (access from pub IP, routed to 10.14.12.4 private, MASQUERADE on 10.14.12.1 gateway) Seems simply a matter of default route not being set up correctly in 2.3.1 firmware, but it can reach IPs within its local subnet so inbound sourceNAT does the trick.

j

Giuseppe · December 27, 2014, 8:29am

is there any possibility of access via SM ?

my ap conf is 172.16.12.5/24 gw 172.16.12.1.

i've already tried to connect with an SM and set in bridge mode with ip 172.16.12.1 and pc underlan 172.16.12.1 but i'm not allowed to access in the webgui, i can just ping the ap.

newkirk · December 27, 2014, 4:28pm

Depends on the setting of “AP Management Access Interface” (LAN Only/LAN and WLAN) on the network tab in AP network config settings.

Giuseppe · December 27, 2014, 7:33pm

@newkirk wrote:

Depends on the setting of "AP Management Access Interface" (LAN Only/LAN and WLAN) on the network tab in AP network config settings.

no i haven't set this.

anyway.. i have a router mikrotik with gw 172.16.12.1 and ap 172.16.12.5 and also with port forwarding etc i can't access this AP.

newkirk · December 27, 2014, 7:42pm

Have you set a SNAT rule on the mikrotik? NAT postrouting rule matching dest ip 172.16.12.5 and target MASQUERADE, or target SNAT 172.16.12.1?

Also, I think the LAN vs LAN+WLAN defaults to LAN only.

j

Giuseppe · December 27, 2014, 7:43pm

chain=dstnat action=dst-nat to-addresses=172.16.12.5 to-ports=80 protocol=tcp in-interface=ether2 dst-port=80

i have try with this rule.. u have better then this?

newkirk · December 28, 2014, 6:15pm

try something like this (I usually use UI so syntax could be wrong):

chain=srcnat action=masquerade dst-address=172.16.12.5

the src IP of any packets going to 172.16.12.5 will be NATted to appear to come from the Mikrotik's IP within that same subnet.

j

Giuseppe · December 28, 2014, 7:23pm

this isn't correct