Guys, i need help on this one.
i have about 3 AP’s all doing the same.
The Web Interface works fine for a few hours, then i cannot HTTP into it anymore.
the Telnet works, and the subscribers are working ok, just the HTTP interface is gone.
in order for me to get back into it, i have to telnet and reset the AP.
CNUT even works ok.
Any suggestions?
2 the AP’s are running 7.1.4 and 1 of them is running 6.1.
All are 900Mhz.
Also, i have set the web page Autorefresh to 0. thinking that was an issue. guess not.
This is another bug with the Moto units. Nobody at Motorola has said exactly why this happens, but it seems if you have a non-routable address on the APs, they will not do this.
You have to telnet in and reset the units before the HTTP interface will work again.
This is another reason why the 7.2 version update is needed by all of us, and another reason many of us are now furious with Motorola’s delays in releasing software to fix the issues their products have.
Thanks Shaman.
hey,we have some 5.8 trangos running if you need some info let me know.
If you can prevent the APs from being accessable by the Internet, then the web interface will not lock up.
The two common ways we are doing that are by moving the MoTo eq to private addressing or with Firewall rules and/or ACLs in the Next Hop Router.
There is a solution, we are not stuc k waiting on MoTo to fix it on this one.
ok… it does make sense. the 3 AP’s we are having problems with are all running on Public IP Address.s…
No way around this yet?.. we need to have them on thes epublic IP’s right now.
Why do the Canopy units need to have public addresses? If you have a public layer-3 IP network traversing the layer-2 Canopy network – to provide public addresses to your customers – you can still overlay a separate IP network for management of the Canopy units. Use private addresses for this management network. If your Canopy network is remote from your offices, and therefore must be accessed via the Internet, use a VPN between locations.
With regards to the switching that isn’t the issue.
where these 3 seperate AP’s are basically are remote / remote sites.
so your idea of the VPN would definetly work.
then, i only have a problem with subnetting the public range that we receive and forwarding it down to the SM’s… but that is a routing issue that can be resolved…
thanks!
I think that the issue is that the HTTP server in the Canopy equipment is very vulnerable to all of the usual port scanning etc which goes on continually over the internet.
If you do put the Canopy units on public IP addresses, then you need to firewall off at least the management VLAN to stop these scans reaching the AP/SM. There is another reason that you want to do this, of course, and that is that there is no access control to the management of the Canopy equipment (via telnet or the web) and hence you really want to lock down management to your own internal networks.
We have raised both the vulnerability of the software on the boxes and the lack of management access lists on Canopy kit with Motorola … I hope that somewhere in the depths it is being looked at!
Paul.
thanks for the reply.
our entire network resides on Private IP’s, except for the 3 legs that we are basically in the midst of moving over.
These where those - Rush to get it up and no time to properly engineer…