Introduction

This document lists common device (cnPilot, XV and XE APs) onboarding issues seen with cnMaestro (cloud and On-Premises version) and how to troubleshoot these device onboarding issues.

This document is also available as a PDF:

Troubleshooting Access Points Onboarding issue with cnMaestro.pdf (1.1 MB)

Device discovering cnMaestro controller

Device can discover cnMaestro controller by 4 different methods, in the following priority order:

1. Static configuration of cnMaestro IP address or host name
2. Supplying cnMaestro IP address from DHCP server using DHCP Client Option 43
3. Discovering cnMaestro using DNS option 15 i.e. cnMaestro.<domain-name-supplied-by-dhcp-server>.com and
4. Connect to cloud instance of cnMaestro i.e. cloud.cambiumnetworks.com

Usually option 1 to 3 are used when device needs to be managed from On-Premises version of cnMaestro and option 4 is used when device needs to be managed from Cloud instance of cnMaestro. Device communicates using HTTPS protocol to cnMaestro. Device validates cloud cnMaestro server certificate and same will not be validated in case of On-Premises cnMaestro.

Firewall settings on the network

Please note that if firewall is present between device and cnMaestro, we need take care of below 2 network settings,

1. Allow HTTPS communication with destination port number 443
2. Allow all communication to *.cloud.cambiumnetworks.com

Basic network settings on device

Before trouble shooting device on boarding issue please ensure below basic networking settings working on device,

1. Device has valid

   • IP address
   • Gateway IP address
   • DNS server address (needed if cnMaestro discovery is based on a host name)
   • Domain name

2. Device is able to ping to gateway and DNS servers

3. Device is able to resolve cnMaestro host name from the DNS server

4. Device is able to ping to cnMaestro

Troubleshooting device on boarding using discover method 1

Discovery Method 1: Static configuration of cnMaestro IP address or host name

1. Ensure that Firewall settings on the network is correct
2. Ensure that Basic network settings on device is correct
   Use below CLI to list network parameters
   • show ip interface brief cli - to list device IP address
   • show ip route cli - to list device gateway
   • show ip name-server cli - to list DNS servers learned or configured
   • show ip dhcp-client-info cli - to see information learned from the DHCP server
3. If cnMaestro is configured using host name, DNS server is reachable and able to resolve DNS query from device
4. If the IP address is learned from DHCP server, please ensure that MTU value set on Ethernet interface is set to 1500 bytes, lower MTU can cause HTTPS connection to break
5. Device is claimed in cnMaestro and approved from the onboarding queue

Troubleshooting device on boarding using discover method 2

Discovery Method 2: Supplying cnMaestro IP address from DHCP server using DHCP Client Option 43

1. Ensure that Firewall settings on the network is followed

2. Ensure that Basic network settings on device is followed

3. Ensure that device got cnMaestro IP from option 43, we can make use of below CLI to validate the same

   XV2-21X-E5386FXconfig)# show ip dhcp-client-info
   VLAN-1:
   -------
   ip=10.110.200.40
   subnet=255.255.255.192
   mask=26
   router=10.110.200.1
   dns=10.110.12.110 10.110.12.111
   domain=cambiumnetworks.com
   vendorspecinfo=10.110.200.99   # device learned from DHCP server through option 43
   lease=6777
   serverid=10.110.200.11
   vendorclass=Cambium-WiFi-AP    # Vendor class information (option 60) should also require.
   

   Note: Device learns and uses DHCP server option 43, if it learned from the VLAN interface on which DHCP “Request options all is enabled”. This option is enabled by default on VLAN 1 and same is disabled on all other interfaces by default. It can be enabled only one interface at time.

   Also it is important to have option 60 information in DHCP offer, Server must send option 60 information back to client along with option 43. These 2 fields are must for AP to learn cnMaestro URL via option 43.

   As AP code check both values while selecting option 43 string for cnMaestro discovery.

   If AP don’t find option 60 value in DHCP offer, then AP will look for default URL for connection.

   Failure case like this,

   No vendor class information (option 60 value) in show ip dhcp-client-info

   XV2-21X-E5386FXconfig)# show ip dhcp-client-info
   VLAN-1:
   -------
   ip=10.110.200.40
   subnet=255.255.255.192
   mask=26
   router=10.110.200.1
   dns=10.110.12.110 10.110.12.111
   domain=cambiumnetworks.com
   vendorspecinfo=10.110.200.99    # device learned from DHCP server through option 43
   lease=6777
   serverid=10.110.200.11
   

   AP debug logs for failure of URL:

   2023-05-22 18:01:45 3487 DISCOVER-CNS-.C: 173: No Static URL Configured
   2023-05-22 18:01:45 3487 DISCOVER-CNS-.C: 190: No dhcp 43 Configured
   

4. If the IP address is learned from DHCP server, please ensure that MTU value set on Ethernet interface is set to 1500 bytes, lower MTU can cause HTTPS connection to break

   E600-0BEEFC(config)# show interface brief
   INTERFACE  MAC               STATUS  SPEED   DUPLEX    MTU
   eth1       58-C1-7A-0B-EE-FC UP      1000M   FULL      1500
   eth2       58-C1-7A-0B-EE-FD DOWN    N/A     N/A       1500
   

5. Device is claimed in cnMaestro and approved onboarding option

Troubleshooting device on boarding using discover method 3

Discovery Method 3: DNS option 15

1. Ensure that Firewall settings on the network is followed
2. Ensure that Basic network settings on device is followed
3. DNS server has entry for cnMaestro host record
   1. Assume that domain name is xyz.com
   2. Device tries to discover cnMaestro using DNS query cnmaestro.xyz.com
   3. DNS server shall have the entry for the host name cnmaestro.xyz.com
4. If the IP address is learned from DHCP server, please ensure that MTU value set on Ethernet interface is set to 1500 bytes, lower MTU can cause HTTPS connection to break
5. Device is claimed in cnMaestro and approved on boarding

Troubleshooting device on boarding using discover method 4

Discovery Method 4: using cloud.cambiumnetworks.com

1. Ensure that Firewall settings on the network is followed
2. Ensure that Basic network settings on device is followed
3. Device is able to resolve cnMaestro host name from the DNS server
4. If the IP address is learned from DHCP server, please ensure that MTU value set on Ethernet interface is set to 1500 bytes, lower MTU can cause HTTPS connection to break

On device how to see connection status with cnMaestro

From the device dash board status, we shall be able to see cnMaestro connection status

image855×735 59.2 KB

image853×150 12.8 KB

The different states of connection

1. Connecting to cloud.cambiumnetworks.com
   OR
   Connecting to <IP Address of On Premises cnMaestro>

2. Device not claimed

   

   image853×156 14.6 KB

   Claim the device in cnMaestro

3. Waiting for device approval

   

   image854×171 17.7 KB

   Approve the device in cnMaestro

How to get / see device on-boarding logs

1. Open UI connection to device IP
2. Go to Troubleshoot → Logs → Debug Logs section and press Start Logs button
3. Logs messages will be seen Logs window

image1319×750 178 KB

Example device log for successful cloud connection

successful-cloud-connection.txt (22.3 KB)

Example device log for successful On-Premises connection

successful-onprem-connection.txt (29.0 KB)

Still not able to connect to cnMaestro

Please take AP Techdump and share to Cambium Support / Engineering team

1. Open AP UI
2. Go to Operations → System → Download Tech Support

image830×750 63.2 KB

Is there a different onboarding process for cambiums xv2-12x with serial numbers that start with W4? We’ve been trying to onboard them, but it won’t come online.

Hi Bianca, welcome to the Cambium Community. The onboarding process is the same for the Cambium XV2-21X APs. Please email me the actual serial numbers (MSNs) and Ethernet MAC addresses (ESNs) to gary.hansen@cambiumnetworks.com .