ZyXEL Communications NXC2500 Troubleshooting Manual

1/124

www.zyxel.com

NXC series

NXC2500/NXC5500

Wireless LAN controller

Firmware Version 4.20~4.30

Edition 1, 9/2016

Troubleshooting Guide

Default Login Details

LAN Port IP Address

https://192.168.1.1

User Name

admin

Password

1234

2/124

www.zyxel.com

1 Basic Information .................................................................................................................. 4

1.1 Check Firmware Version .................................................................................................... 4

1.2 Issue Definition ...................................................................................................................... 4

1.3 Device Configuration File .................................................................................................. 5

1.3 Collect System Log .............................................................................................................. 6

1.4 Collect dmesg and/or disklog .......................................................................................... 7

2 Capture Packets ................................................................................................................... 8

2.1 Capture Ethernet Packets ................................................................................................. 8

2.1.1 Use WLAN controller/AP .............................................................................................. 8

2.1.2 Use AP CLI (AP cannot save captured packets) ................................................... 9

2.1.3 Use PC ............................................................................................................................. 9

2.1.4 Set Mirror Port on Switch ............................................................................................ 10

2.2 Capture Wireless Packets ................................................................................................ 10

2.2.1 Capture with WLAN Controller and Managed AP .............................................. 10

2.2.2 Use Linux ....................................................................................................................... 11

2.2.3 Use Windows ................................................................................................................ 12

3 Console connection setting .............................................................................................. 12

3.1 The type of Console Cables ............................................................................................ 12

3.2 Serial Console Settings ...................................................................................................... 14

4 Managed AP ....................................................................................................................... 17

4.1 Symptom: Managed AP doesn’t show on the AP management list ...................... 17

4.2 Symptom: Managed AP offline ...................................................................................... 24

4.3 Symptom: Managed AP error with conflict .................................................................. 31

4.4 Symptom: Managed AP keep updating ...................................................................... 39

5 Wireless ................................................................................................................................ 43

5.1 Symptom: Cannot see the SSID name. ......................................................................... 43

5.2 Symptom: Connection Failure ........................................................................................ 48

5.3 Symptom: Wireless low throughput ................................................................................ 51

6 Captive Portal ..................................................................................................................... 52

3/124

www.zyxel.com

6.1 Symptom: Cannot see the Captive Portal on wireless device (cannot find the

webpage) or NXC managed page is redirected instead of Captive Portal .............. 53

6.2 Symptom: Login denied ................................................................................................... 64

7 Roaming .............................................................................................................................. 69

7.1 What is Roaming ................................................................................................................ 69

7.2 What’s the setting conditions of roaming .................................................................... 69

7.3 The Limitation of roaming ................................................................................................ 71

7.4 Symptom: Why station can’t connect to the AP2 ...................................................... 71

7.5 Symptom: Why station disconnect during roaming ................................................... 74

8 802.1X authentication ........................................................................................................ 75

8.1 Symptom: the 802.1X authentication failed with Remote Authentication Dial in

User Service (RADIUS) .............................................................................................................. 76

8.2 Symptom: the 802.1X authentication failed with Active Directory (AD) server .... 93

8.3 Symptom: the 802.1X authentication failed with Lightweight Directory Access

Protocol (LDAP) server ......................................................................................................... 109

8.4 The configuration of windows computer for 802.1X authentication.................... 119

4/124

www.zyxel.com

1 Basic Information

1.1 Check Firmware Version

1 Access NXC via GUI shows FW version.

Figure 1 DASHBOARD > Dashboard > Device Information

2 Access NXC via SSH/Telnet/Console shows FW version.

Figure 2 Tera Term > NXC > Router# show version

3 If the Firmware version is not the latest version, please upgrade the firmware

version to the latest version.

1.2 Issue Definition

Report issue with some conditions:

 Issue symptom:

Describe what you observe, NOT JUST GUESS.

 Issue condition:

Describe how to reproduce this issue.

 Topology:

Show all the effective network devices in the environment.

5/124

www.zyxel.com

Figure 3 Example of Network Topology

Important key points in the topology

 Gateway of each subnet

 DHCP server

 Auth. Server (RADIUS or AD)

 VLAN settings

1.3 Device Configuration File

Download startup-config.conf.

Figure 4 MAINTENANCE > File Manager > Configuration File

Figure 5 Tera Term > NXC > Router# show running-config

6/124

www.zyxel.com

 If there are multiple devices in environment, collect the config files of all

devices as possible.

 If there are multiple tagged VLAN in environment, make sure have the

switch config of VLAN settings are correct.

 Make sure NXC is the only AP controller (replies to CAPWAP Discovery

Request) in the network.

1.3 Collect System Log

Collect System log via controller GUI.

Figure 6 MONITOR > Log > View Log or View AP Log

Check system log via Terminal Software.

Figure 7 Tera Term > NXC > Router# show logging entries

7/124

www.zyxel.com

 Indicate the date/time and IP/MAC address of the device in report.

 Set log to external syslog server or email to monitor device log if system

log flushes frequently.

1.4 Collect dmesg and/or disklog

Collect demesg file via Terminal Software.

Figure 8 Tera Term > NXC > Router# debug system dmesg

Collect disklog file via Terminal Software.

Figure 9 Tera Term > NXC > Router# debug system disklog show

8/124

www.zyxel.com

Note: The dmesg will be cleared after rebooted, but the disklog will be kept

in device.

2 Capture Packets

2.1 Capture Ethernet Packets

2.1.1 Use WLAN controller/AP

Capture packets via controller GUI.

1 Set the parameters and press ‘Capture’

Figure 10 MAINTENANCE > Diagnostics > Packet Capture > Capture

2 Download the packet.

Figure 11 MAINTENANCE > Diagnostics > Packet Capture > Files

9/124

www.zyxel.com

3 Check packets via CLI on controller.

Figure 12 Tera Term > NXC > Router# packet-trace interface <interface>

Press “Ctrl+c” to end of packets capturing.

2.1.2 Use AP CLI (AP cannot save captured packets)

Check packets via CLI on AP.

Figure 13 Tera Term > NXC > Router# packet-trace interface vlan0

Press “Ctrl+c” to end of packets capturing.

Note: ‘vlan0’ is an example of interface you want to capture packets with.

Add port or ip-proto, src-host, dst-host to the command to filter the

captured result.

The saved captured files can be downloaded via GUI or FTP.

2.1.3 Use PC

Capture the packet on PC should install some software. For example:

Windows needs to install Winpcap first: http://www.winpcap.org/

Download Wireshark at: https://www.wireshark.org/

10/124

www.zyxel.com

Winpcap is also bundled with Wireshark.

The new Win10pcap is able to capture packets with 802.1Q VLAN tags:

http://www.win10pcap.org/

Win10pcap supports only Win7 and later windows system.

2.1.4 Set Mirror Port on Switch

Select the source port, destination port, and the flow direction, then

connect the capture device to the destination port and start capture.

2.2 Capture Wireless Packets

2.2.1 Capture with WLAN Controller and Managed AP

1 Set up a MON profile on controller.

Figure 14 CONFIGURATION > Object > MON Profile > MON Profile > Edit

2 Set ‘Scan Channel Mode’ to manual, and select the channel you want to

capture packets.

Figure 15 CONFIGURATION > Object > MON Profile > MON Profile > Edit

11/124

www.zyxel.com

3 Set a managed AP to MON mode, and apply the MON profile.

Select the MON mode AP and press ‘Capture’

Figure 16 MAINTENANCE > Diagnostics > Wireless Frame Capture > Capture

2.2.2 Use Linux

1 Use the following command to set your WLAN card into monitor mode:

$ sudo ifconfig wlan0 down

$ sudo iwconfig wlan0 mode monitor

$ sudo ifconfig wlan0 up

$ sudo iwconfig wlan0 channel 11 (Change 11 to the channel you want to

use for capture)

12/124

www.zyxel.com

2 Then open Wireshark and capture the interface wlan0.

Please refer to the KB for more detailed instructions:

http://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015072

&lang=EN

2.2.3 Use Windows

Windows does not support wireless monitor mode natively, you will need

extra software (e.g. OmniPeek Network Analysis Software) and USB adapter

with specialized driver to capture wireless packets.

OmniPeek Network Analysis:

https://www.savvius.com/products/application_performance/omnipeek_f

amily/omnipeek_network_analysis

3 Console connection setting

3.1 The type of Console Cables

1 For NXC5500/ WAC6500 series AP:

PN: 1-005-05000003

Figure 17 RJ-45-to-DB-9 Console Cable Color Codes

Figure 18 RJ-45-to-DB-9 Console Cable Color Codes

2 For NWA5301-NJ

PN: 1-005-05000002

13/124

www.zyxel.com

Figure 19 RJ-45-to-DB-9 Console Cable Color Codes

3 For NWA5KN/ NWA3KN series:

Provided with the product package

Figure 20 Console Cable for NWA5KN/ NWA3KN series

4 For NWA512X series/ WAC6103D-I:

Please find a cable and connect to the pins according to the description in

this KB:

http://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=015102

&lang=EN

Figure 21 Console Cable for NWA512X series/ WAC6103D-I

14/124

www.zyxel.com

3.2 Serial Console Settings

1 Terminal Software:

Tera Term http://ttssh2.osdn.jp/

PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty

2 Serial port setup:

Baud rate 115200 bps

No parity, 8 data bits, 1 stop bit

No flow control

Figure 22 Tera Term > Setup > Serial port

Figure 23 PuTTY > Session > Serial > Speed

15/124

www.zyxel.com

3 Save log:

Enable Timestamp for log in Tera Term, which will record the time slot with

logs.

Figure 24 Tera Term > File > Log

Figure 25 PuTTY > Logging > All session output

16/124

www.zyxel.com

4 Enable console log level 8 (show console debug messages)

Hot key for enable console log level 8: ‘Send break + 8’ to serial console.

Figure 26 TeraTerm > Control > Send break and press ‘8’

Figure 27 PuTTY > move cursor to the top bar (right click) > Special

Command > Break > press ‘8’

17/124

www.zyxel.com

4 Managed AP

Figure 28 The following table describes the icons in this screen.

4.1 Symptom: Managed AP doesn’t show on the AP

management list

If the AP mode was changed to the managed and it doesn’t show on the

AP list after wait a long times, please follow the steps to troubleshooting.

Figure 29 MONITOR > AP Information > AP List

Note: If AP had managed by other controller before, please reset AP first.

The procedure of the troubleshooting:

1. Check the configuration of the controller (USG/ ZyWALL/ NXC).

2. Does AP get the IP?

3. Check the mode of unified AP.

4. Check the CAPWAP status of AP.

5. Can managed AP and NXC communicate with each other?

6. Information collection and report the issue to the HQ.

1 Check the configuration of controller (USG/ ZyWALL/ NXC)

If the topology has USG or ZyWALL devices, please make sure “Registration

Type” is “Manual” to avoid the managed APs are controlled by them.

USG/ ZyWALL:

18/124

www.zyxel.com

Select “Manual” for registration type.

Figure 30 CONFIGURATION > Wireless > Controller > configuration

NXC:

Select “Always Accept” or “Manual” for registration type.

Always Accept: Controller trusts the managed AP automatically.

Manual: User trusts the managed AP.

Figure 31 CONFIGURATION > Wireless > Controller > configuration

If the option is “Manual”, don’t forget to trust the managed AP.

Figure 32 MONITOR > Wireless > AP Information > AP List > Add to Mgnt. AP

List

The icon of AP become gray after the controller managed the AP

successfully.

Figure 33 MONITOR > Wireless > AP Information > AP List > Add to Mgnt. AP

List

2 Does AP get the IP?

Check IP address via DHCP table or access AP by console cable.

19/124

www.zyxel.com

DHCP table:

If the DHCP server is one of the ZyXEL devices - UAG, ZyWALL and NXC, you

can check the IP by GUI.

Figure 34 DASHBOARD > Dashboard > System Status

Figure 35 DASHBOARD > Dashboard > System Status > DHCP Table

Console:

Get the IP by connecting console cable to access AP via terminal software.

Figure 36 Tera Term > AP > Router > show interface all

If the IP address doesn’t get the IP, it will show 0.0.0.0. Please check Ethernet

traffic between the DHCP server and AP.

 Check the DHCP server if send the IP address to managed AP.

 Check the DHCP server pool is full?

 Check the switch configuration, like port blocked, VLAN setting…etc.

 Capture the Ethernet packets by Wireshark.

Figure 37 The process of AP asks the IP from DHCP server.

Figure 38 AP gets the IP.

20/124

www.zyxel.com

Figure 39 AP broadcast the CAPWAP packet to controller

When AP gets the IP, you will see the IP shows on the console.

Figure 40 Tera Term > AP > Router > show interface all

3 Check the mode of unified AP

If the AP is unified access point, please access the AP via SSH or console

cable to check the mode.

Figure 41 The table of the Module of Unified Access Point

The Module of Unified Access Point

NWA5121-N

NWA5121-NI

NWA5123-NI

NWA5301-NJ

NWA3160-N

NWA3560-N

NWA3550-N

Check the mode of the unified AP via console cable or SSH.

Console:

Figure 42 Tera Term > AP > Router > show hybrid-mode

If the mode is “controller” or “standalone”, please change the

configuration to the “managed”. The configuration can be changed by

console or GUI.

Figure 43 Tera Term > AP > Router > configure terminal > hybrid-mode

managed

AP GUI:

Auto: AP broadcast the CAPWAP packet let controller know.

If the DHCP server set Option 138 with controller IP, the APs get the IP from

DHCP server will get the AC-IP and find the controller directly.

Figure 44 CONFIGURATION > MGNT Mode > Managed AP > Auto

Page is loading ...

ZyXEL Communications NXC2500 Troubleshooting Manual

Related papers

Other documents