Hi I have a call with Cambium logged regarding this subject, just checking if someone has seen something similar.
I have a newish site with a EX2052P with some routed SVI’s distributed via OSPF to a on premise firewall.The AP’s are joined to cnMaestro , and we’ve had a problem since the sites inception that the APs will fall off cnMaestro for 7-15 minutes at a time totally randomly. Dataplane still stays forwarding traffic with users unaffected and SSID’s are still being advertised but cannot ping/ssh/https to the AP’s when they fall off cnMaestro even from devices in the same mgmt VLAN .Mac of affected APs stays in ARP table when LED goes from Blue to Green and returns Blue eventually after 7-15 mins.
I have as a test linked up EX1010P into same mgmt network as the AP’s and the device never flaps up/down to cnMaestro.
Have installed pingplotter pointing towards google and cloud.cambiumbetworks.com on a laptop in that mgmt network and hasn’t logged anything on the isp side being the issues.
A bit of a weird one.Not sure if it’s the management plane issue on the APs ie crashed daemons or on the switch.
EX2052P is running 4.6.1-r3 (which was marked as stable when we did site but need to downgrade which might be the root cause) and AP’s are all running 6.5.3-r8.
Have to sit at clients site after hours when I get some time and run a couple of checks for Cambium but checking if anyone has seen something weird like this ?
Hi @djdrastic
Do you know the SSL inspection is enabled on the firewall? This is one probability that enabling SSL inspection may cause AP to fail at the SSL connection, resulting in AP-Cloud disconnection.
Would you be able to remove one of the impacted APs and connect it outside the firewall network and see whether the same issue occurs?
If you have created a Cambium support ticket, could you please share the ticket number here for reference?
No SSL inspection at site. There is a dedicated bypass rule on the firewall for cloud.cambiumbetworks on the firewall.
I can’t move any of the ap’s outside/off of the network as its all production environment. I need to make some time and try and move one of the AP’s onto a separate switch for tshooting purposes.
I’ll have to reopen case by the looks of it as I’ve been offsite at another install but will send you case number . Tech on case has been helpful but it’s a case of moving stuff and/or downgrading to try and find the root cause of this issue.As I said the other cnMatrix switch inside this same mgmt VLAN is totally unaffected by this,it’s just the AP’s for whatever reason.
Hi @djdrastic
Did you get a chance to move the AP to another switch and check the behavior?
Also, did you check with the firewall team, as mentioned in the ticket? Are there any findings from their end?
