nortel access point problem

[eksantrik]

Good Day,

I have been trying to make a few nortel access points boot up from a remote nortel wireless security switch. (By remote, I meant there is a couple of routers between the AP and the security switch to implement a WAN environment)
As far as I know, configuring DHCP option 43 with the ip of the security switch, is supposed to help the access points to find their security switch easily. My configuration is like this:

AP>>A baystack 5520 switch>>Contivity 1100..WAN..Contivity 1100<<wireless security switch

I have the DHCP server on the AP side and my APs are able to get an IP address from the server but they cant find the security switch. Has anyone tried to configure such a thing with option 43 for the APs. Maybe I enter the option wrong. The only thing I have been doing is setting the ASCII part of that option to: ip:<IP address of the security switch>

pls let me know of other possible options, too

 

[JeroeNortel]

Hi,

As far as you desribe your setup it should work fine. But how did you check the AP cannot find the WSS?
Did you try the 'show dap unconfigured' commando from the cli? If a DAP request is being attempted towards the WSS you should see it right here.
Does the AP reboot or does it keeps it ip-address and network link or does it reboot.
Another option is to configure the hostname of the WSS instead of the ip-address. You have to configure the ip-address into the DNs server to map with the hostname. Although it is recommended to have an ip-address configured here, it is just for testing the functionality of the boot option 43.
As a last resort you can configure 'wlan-switch' in you DNS server mapping the ip-address of your WSS. If the above methods are not succesfull, the AP will try this as a final option to find a WSS.

Goodluck and let us know how things went.

 

[eksantrik]

I used ethereal to check the traffic on the port where the AP is plugged into. The weird thing is that when I check the lines in the ethereal output I can see that the gets its IP address from the DHCP server. (I am pushing the WSS IP info. in option 43 in my DHCP response to AP) It tries to send a broadcast message to its configured network using UDP port 5000 to find a WSS. Since WSS is in another network, it cant find it then it tries the IP address that it gets from option 43 (I actually thought that this second step was supposed to be the first one if you configure option 43) then I see a few lines indicating the back and forth communication between the WSS's IP and AP's IP. (Some of those lines are called bogus IP by Ethereal)
During all this communication, my AP is always amber. It tries to boot a few times (the led in the middle flashes green for a sec with all other leds dark; then it all turns into amber again) but it cant get into the boot sequence.
ps; By the way, I connected a laptop to the 5520 side and I had IP connectivity to the WSS.

I am going to try what you told me and pls if you have any more ideas let me know??

thanks

 

[JeroeNortel]

Since you noticed a dhcp 5000 (local request) it already passed the boot option 43 procedure since it will only do a dhcp 5000 if option 43 is not (correctly) configured. However you mention that the ap gets an ip-address from the WSS an you do actually see communication between those two. Not mentioning this 'not standard' boot sequence you can try to connect the AP in the same subnet for testing purpose.
Also I'm curious if you are using the 5.0.11.4 release? If so you should downgrade to the 5.0.9.4.0 release since the the latest code has a problem regarding the AP to boot with it's image.
Probably you are facing this issue, I noticed this issue in our test lab some weeks ago :-(

Let us know you progress.

regards

 

[eksantrik]

Hi,

I have a 2350 nortel WSS box here and I am running the code n8050904.rel for the box. This is my network again,

DAP>>5520 baystack | CONTIVITY 1100 | 5520 baystack << WSS

I also connected a DHCP server on 5520 box in the WSS side. DAP gets its IP from that server.
First of all I dont have a newer code for this 2350 box. Second, my DAP gets an IP address from the DHCP server and I can see the DAP in "show dap unconfigured" output in the WSS. However the leds on it are all amber, plus I have already tried this AP and the whole system in the simplest form where I have everything in the same vlan and it worked but this one is making me crazy. I have full connectivity from end to end and the DAP can reach the box bt cant download the image from it. Do you still think this is a software version problem or what?

thanks again

 

[JeroeNortel]

I don't think it is a software issue since you are running a pretty stable release.
Now your DAP is actually presented in the WSS but is this the setup with a dhcp server in the same vlan or in another vlan? If this is the setup with a non local dhcp server, the dhcp option 43 works fine since you noticed the specific DAP as 'unconfigured' through CLI. The only thing needs to be done now is the DAP being allowed the retrieve the image by the WSS. Since you mentioned it works fine with a local dhcp server I assume you have an automatic DAP configuration on your WSS. However I just don't understand why you see 'DAP unconfigured' in the WSS, so could you please verify this configuration?

 

[eksantrik]

since it is a test network, I used quickstart to create a simple clear SSID and configured the DAP through the quickstart. Actually this was worked with the configuration where I have evrything in the same vlan. However what I am trying to do is to put everything but the AP on one side of the contivity and the AP on the other side.
I am wondering if it is a VLAN issue.On AP side the only VLAN I have is, actually I dont have any VLAN on that side. I just gave the 5520 an IP address and left the rest of the system with default settings in terms of VLAN.
On the other side, I have a VLAN 2. My DHCP server is in that VLAN.I set the interface connected to WSS as trunk with VLAN 2.
and you know the rest of the story.
By the way my friend told me that he managed to make such a system work by using the options 44 and 45 I guess. What are those options used for in nortel WLAN solution, any idea?????

thanks

 

[JeroeNortel]

Since you see the AP gets an IP address from this specific dhcp sever in the other VLAN there is nothing wrong with the vlan setup. You mentioned you see the unconfigured DAP in the WSS, therefore IP communication is possible through these VLAN's. Also there is no issue with the dhcp option 43 because the DAP found the WSS as you mentioned before.
The next step is the DAP to recieve it's image. The only thing you need to do is to configure it into the WSS (again) so it is allowed to receive the software for your WSS. Just begin from basic configuration and do a new quick start.
Setup a ping from your wss towards your DAP to see if it's reachable and stays reachable. This is very important to check basic communication from your WSS to your DAP (through the 5520). also dubbelcheck if the DAP mac addresss matches the one in your WSS and that your DAP received it's IP address from the DHCP server you configured dhcp option 43 on.

Let me know your results.

 

[Skyfall]

I had same issue with APs not bootup from a remote WSS. My coonectionis :

(Site B)
APs>>BS425>>Contivity1010.....<<Contivity1100<<BS425<<WSS2360 (Site A)

I did config: option 43 ASCII "IP:192.168.x.y"

but APs at Site B always light amber, but Site A's APs work fine. "show dap unconf" doesn't reply any info.

VPN tunnel is OK. Anyone who knows why APs not working?


Life is keeping learning......

 

[eksantrik]

Hey JeroeNortel for your help..sorry for the late response but it works now. I have another problem though
MichaelCC, man I had the same problem and what I did was I turned off the NAT on the contivities. APs try to communicate with WSS through the UDP port 5000 and the NAT over contivity messes everything up; at least thats what I did to make it work but before that I was actually able to see my AP as an unconfigured AP in WSS; so I guess before doing the NAT maybe you should try to make that part work. Secondly, I dont know what kinda server you are using as your DHCP server but just dont use windows 2003 server as your DHCP maybe it was me who couldnt figure out how it works but I was trying to make the same type of network work just like you and I am using my contivity box as my DHCP server and it works sweet. I can push any options I want to the APs. Use Ethereal to see if your AP gets an IP address an tries to communicate to your WSS through UDP 5000...

Let me know how it goes,

 

[eksantrik]

and my problem is now that I cant get my wireless end users browse internet.
Let me explain it. They gave me an internet connection here in case I need it. I decided to use that ethernet connection as my internet connection for my wireless network and connected it to my 5520 baystack.
The connection is there because when I plug the cable into my laptop directly, I am able to browse the internet.
When my wireless users connect to my ssid, they get an IP address from the companies DHCP and use the options that that DHCP pushes them.
When a wireless user is connected to the wireless network, he can ping outside through the command line. (I mean he can ping the names like

http://www.cnn.com

or

http://www.google.com

etc.; names directly) they can use an FTP client software to connect to an FTP site and download stuff from it.HOWEVER they are not able to browse the internet through internet explorer!!!!! I ahve no firewalls or filtering confgured on the contivity boxes and the internet connection as I said works fine under normal conditions..

thanks

 

[Skyfall]

Thansk eksantrik!
I could not get APs through the tunnel. I wonder how you config option 43 in Contivity? using ASCII code, then:'IP:192.168.x.y' or just choose IP format, then 192.168.x.y?

For now, it is a timing job, I had to get it going. So I used a 2350 at Site B, connecting those APs, this way they work fine.


Life is keeping learning......

 

[eksantrik]

use ASCII format MichaelCC, and also I am telling this just in case, dont forget to push the DNS address and domain name information to the DAPs. They need it.
I am sorry you had a limited time with it. I am struggling with the wireless system for the last few days but I am stuck at the point that I mentioned earlier.
Stupid thing doesnt let me browse..Anything else works fine. I can even use utorrent to download stuff wirelessly.
For some reason, the syn numbers of my TCP session when I try to connect to a WEB site messes up and I am having a lot of retransmissions.

 

[Skyfall]

In the AP configuration Guide says need push DNS and Domain name to APs, but why AP needs I don't understand.

Life is keeping learning......

 

[JeroeNortel]

Hi,

Since you actually can reach the

http://www.cnn.com

site, your internal and external networks are working fine. i think you should look into the box what happens with the port 80 traffic. Since all other traffic do traverse to this box, i assume something goes wrong in here. I'm not familiair with this device, however you should trace your 80 traffic right before and behind the box to see if incoming traffic matches the outcome. Also make sure you don't have a 80 traffic filter active in your WSS.
Also try reach a https (443) to see what happens with this type of traffic.

And yes, DAP's need to have the following network information for proper functioning:

- ip-address
- Domain name
- DNS
- default gateway

 

[eksantrik]

Hi JeroeNortel,

I have another question for you.As you know I have been trying to configure a remote site and make it boot up from the WSS which is located in the central site.
The system look like:

DAP >> 5520 Bystack>>contivity(remote) | contivity(central) <<5520 Bystack << DHCP+DNS+WSS+internet

My DAP can boot up and my wireless clients can get an IP address from the DHCP located in the central site. As you may remember, my wireless clients can ping outside with their names (like

http://www.yahoo.com)

I figured that I have been having n MTU and fragmentation issue because when I generated some traffic from my wireless client to the internet (like icmp packets with adjested payload size) they stopped reaching out when the payload reached 1312 bytes.
I checked the documentation and it says if there is any box that might be able to fragment the packets between the AP and the WSS, then it messes up the whole wireless system. I think there is something wrong with the contivity box..I am trying to turn off the fragmentation but I dont know how...I think the max MTU size for the ethernet interface on contivty is 1500 bytes you cant increase it anymore....Can you help me with this fragmentaton issue. Do you think it is ever possible to make the packets go all the way to WSS without any fragmentation....

thanks in advance

 

[JeroeNortel]

Hi,

If the MTU on the contivity box is set to 1500 than this should not be the problem. Intermediar devices between the WSS and DAP needs to have a MTU of at least 1384. Since you have a MTU of 1500 on the contivity box, this cannot be the problem since it will not fragment the packets any further thus excluding possible mtu problems within your wireless environment. Besides, like mentioned in the manual, as long as a Nortel device does the fragmentation for tunneling it should not be a problem.
However to be sure you should check the incoming traffic on the interface of the WSS by sniffering this port to match the packets which were send by the AP. Try a ping to a internal device to exclude a possible firewall issue. I'm not familair with the contivity box but try changing the mtu size to a higher value and check again your ping result (you cannot disable mtu). Packet fragmentation is a basic tachnique which is needed in order to get the packets across correctly. You could set it to a higher value (like jumbo frames) but since you mentioned it is already set to 1500 it should not make any difference since you noticed the problems around 1312. We use a mtu of 1950 on our intermediair device and we don't have any problem when pinging with different sizes of ping. Maybe there there could be a incompatibility between the contivities, you should check the manuals to find out.