So here is what we have for a setup:
Internet - Cisco Router - AP - SMs
I can upgrade the AP no problem remotely (forwarded 21, 23, 80, 161, and 1080 to the APs internal IP)
The AP is on an internal IP set, the SMs will also be on that same subnet. When accessing the Cisco’s Internet IP, because the ports are forwarded they go to the AP. Is there any way I can upgrade the SMs through the AP or any other way remotely using cnut? Any other ports that I can forward? Will I have to manually forward ports to each SM’s IP (Plus setting their IP to public)?
Thanks for any info!
are you upgrading via CNUT?
If so, then no ports need to be forwarded, assuming you are NAT’ed?
If in fact you are NAT’ed CNUT2.2 has a patch to deal with being behind a router, load the patch and you put the update application address on the ap as the public IP on the public interface of the router. Use auto-update after updating ap to automatically upgrade the SM’s but you do have to leave CNUT up and running. Make sure to follow the upgrade scheme in the manual or you will brick your sm’s
How many public IP do you have?
If more than one, you can use a port forward using other IP.
If not, you could configure Cisco router to allow VPN incoming. This way you will access any private IP.
BigTrumpet wrote:
If not, you could configure Cisco router to allow VPN incoming. This way you will access any private IP.
I wouyld definitely setup a VPN to do upgrades remotely I use L2TP personally, but be vary careful because if your connection breaks mid-programming it could possible cause problems or even brick the ap.
Just one IP at this location.
This is the full setup:
My Computer - Cisco Router - Internet - Cisco Router - AP - SMs
I’m first trying to do this without a vpn, as I don’t have access to change the cisco router on our end so want to make this as painless as possible. If I can’t get it this way then I’ll look into a vpn to that location.
When I try to do an update I get this:
07/08/08 13:10:18 INFO CANOPY736_DES.pkg2 loaded.
07/08/08 13:10:18 INFO Starting Update Process …
07/08/08 13:10:18 INFO Using Active FTP for File Transfer
07/08/08 13:10:18 INFO Queue NE:AP:[111.111.111.111].LUID:[004] for updating
07/08/08 13:10:18 WARN SNMPIOException:, error code: -1, varbind index: -1
request varbinds: null
response varbinds: null
other message:sendSync failed.
07/08/08 13:10:19 INFO Host: AP:[111.111.111.111].LUID:[004];ESN: 0A003E90D0BA;Message: Checking Network Element Status ( SITE= Site Name )
07/08/08 13:10:19 WARN Host: AP:[111.111.111.111].LUID:[004];ESN: 0A003E90D0BA;Message: Unable to communicate with Network Element (Possibly Connect/Login Failure), status/version unknown ( SITE= Site Name )
I’ve got the correct telnet and snmp information in cnut 2.2, I’m assuming cnut would try to connect to the sm’s through the AP? For some reason it can’t? Do I need to have ports opened on our cisco router as well as the further end for cnut to work? I was able to upgrade the AP with no problem and no changes to our cisco router.
Thanks.
To be honest, I’ve never tried it with that particular setup. Do you have a computer on the AP side of the cisco router that you could VNC into or remote desktop into and run CNUT off that machine?
That way no VPN is needed and your using a computer that is hardwired on the network.Just need to forward port for VNC or remote desktop whichever you use. Or even use a program called Cross Loop which needs no port forwarding to be done, although it is a Windows program and does require you to have the authentication code from the remote side. Pretty easy to use.
nucoles wrote: To be honest, I've never tried it with that particular setup. Do you have a computer on the AP side of the cisco router that you could VNC into or remote desktop into and run CNUT off that machine?
That way no VPN is needed and your using a computer that is hardwired on the network.Just need to forward port for VNC or remote desktop whichever you use. Or even use a program called Cross Loop which needs no port forwarding to be done, although it is a Windows program and does require you to have the authentication code from the remote side. Pretty easy to use.
Yeah this company has another setup with a server on the inside of their network. The upgrades are really easy with that but now I need to figure out a way to get this working with this setup as I don't have the ability to put a computer into this network...
Why not remote desktop to server inside network to upgrade via CNUT?
just curious…
nucoles wrote: Why not remote desktop to server inside network to upgrade via CNUT?
just curious...
This network doesn't have a server/computer inside this specific network or that would have been the first thing I would have done ;-)
Well time to revisit this issue now that I have some time. Still no computer within their new network to be able to connect to and install CNut on. Only way to do this is from outside the firewall. CNut can see APs that I programed (the Cisco 871 forwards External IPs to the APs IP (192.168.x.x). I’m guessing that’s where my problem lays but not sure how I can trick the APs or the Cisco. I’ve thought of a VPN in, but that’s a last resort.
Any other ideas?
extract boot.image (P10) and SMboot.bin (P9 ap or sm image) and FTP it from your server on the other side of the router to your SM/APs.
or stop using NAT and use either ipsec tunnels or just plain vanilla routing (if you are directly connected to the router, just turn off NAT and do it somewhere else) from your CNUT machine to the affected network
I can’t turn off NAT, all of the clients go through this router and their IPs are all NATd (192.168.x.x scheme).
I can update the AP no problem using CNut, but the SMs give me:
10/31/08 09:59:35 INFO CANOPY824BUILD_DES.pkg2 loaded.
10/31/08 09:59:35 INFO Starting Update Process …
10/31/08 09:59:35 INFO Using Active FTP for File Transfer
10/31/08 09:59:35 INFO Queue NE:AP:[IPWASHERE].LUID:[004] for updating
10/31/08 09:59:35 WARN SNMPIOException:, error code: -1, varbind index: -1
request varbinds: null
response varbinds: null
other message:sendSync failed.
10/31/08 09:59:36 INFO Host: AP:[IPWASHERE].LUID:[004];ESN: MACWASHERE;Message: Checking Network Element Status ( SITE= SiteName )
10/31/08 09:59:36 WARN Host: AP:[IPWASHERE].LUID:[004];ESN: MACWASHERE;Message: Unable to communicate with Network Element (Possibly Connect/Login Failure), status/version unknown ( SITE= SiteName )
10/31/08 09:59:36 INFO Node: AP:[IPWASHERE].LUID:[004] Update Completed.
10/31/08 09:59:36 INFO Update process has completed
Also, when I’m going through Session Status -> LUID:MAC it tries to go to the APs address (eg:http://192.168.x.11:1080/?mac_esn=MACWASHERE) instead of http://PublicIP:1080/?mac_esn=MACWASHERE .
Oh, if you can update the AP no problem, then the SMs are no problem. Just put the SM IP address in the “root” of CNUT instead of using the stupid broken auto-find-whatever-crap. CNUT is junk.
Can’t you just set the AP to act as a file server/update server? Once you get the AP updated it should auto-update the connected SMs. CNUT wouldn’t be needed at that point.
When everything is updated and happy then you can safely disable the update server on the AP.
wifiguy wrote: Can't you just set the AP to act as a file server/update server? Once you get the AP updated it should auto-update the connected SMs. CNUT wouldn't be needed at that point.
When everything is updated and happy then you can safely disable the update server on the AP.
I've never done that, I'll try it out and see if it works.
wifiguy wrote: Can't you just set the AP to act as a file server/update server? Once you get the AP updated it should auto-update the connected SMs. CNUT wouldn't be needed at that point.
When everything is updated and happy then you can safely disable the update server on the AP.
Well I tried to enable Auto Update through CNut and this is what I get:
11/05/08 15:10:37 INFO CANOPY824BUILD_DES.pkg2 loaded.
11/05/08 15:10:37 INFO Starting Update Process ..
11/05/08 15:10:37 INFO Using Active FTP for File Transfer
11/05/08 15:10:37 INFO Queue AP:IPWASHERE enable SM autoupdate.
11/05/08 15:10:38 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Checking Network Element Status ( SITE= SiteName )
11/05/08 15:10:38 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Current = CANOPY 8.2.4 AP-DES, CANOPYBOOT 1.0, 092707 ( SITE= SiteName )
11/05/08 15:10:38 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Using Package C:\'Documents and Settings\'Desktop\'New Downloads\'Canopy\'CANOPY824BUILD_DES.pkg2 ( SITE= SiteName )
11/05/08 15:10:45 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Transferring Files SMboot.bin;block.bin;DES_080123_S40.jbi to AP ( SITE= SiteName )
11/05/08 15:11:09 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Enabling AutoUpdate ( SITE= SiteName )
11/05/08 15:11:19 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Enabling AutoUpdate ( Retry ) ( SITE= SiteName )
11/05/08 15:11:29 INFO Host: IPWASHERE;ESN: MACWASHERE;Message: Enabling AutoUpdate ( Retry ) ( SITE= SiteName )
11/05/08 15:11:39 WARN Host: IPWASHERE;ESN: MACWASHERE;Message: TimeOut Error. No response from Host ( SITE= SiteName )
11/05/08 15:11:39 INFO Node: IPWASHERE Update Completed.
11/05/08 15:11:39 INFO Update process has completed
Any ideas?
If the AP IP address works in the cnut root then the SM IPs should work too
MoreDakka wrote: Any ideas?
Update > Configure > Check Use Passive FTP for Transferring Files to Network Elements
ajb wrote: [quote="MoreDakka":g4kxtya3]Any ideas?
Update > Configure > Check Use Passive FTP for Transferring Files to Network Elements[/quote:g4kxtya3]
Urgh, I forgot to mention that when I posted this :-/ I did try to use both Passive and Active FTP transfers with no change.
twinkletoes wrote:
If the AP IP address works in the cnut root then the SM IPs should work too
The problem is that the actual IP of the AP is 192.168.100.2 but to access it from outside the NAT Firewall I forward all the traffic from 222.222.222.222 -> 192.168.100.2 so I can upgrade the AP as it looks like it's from the outside world. But all of the SMs have Internal IPs (192.168.100.x). The only way I can think of doing this is forward a port from the outside world to each individual SM (222.222.222.222:4321 -> 192.168.100.10).