Firewalls / NXC Series - Troubleshooting Access Points [via Controller]

This article will show you how to troubleshoot issues with APs not connecting to your NXC or firewall [USG FLEX/ATP Series]. This issues could include APs cannot be firmware upgraded, APs are disappeared from the AP Controller (not managed by the controller anymore), AP are offline and cannot be reached / is not pingable.

 

Introduction

AP controllers play a critical role in managing and maintaining wireless networks. However, like any technology, they can encounter issues that require troubleshooting. This knowledge base article provides troubleshooting steps for common problems encountered with AP controllers, including firmware upgrade problems, loss of management by the firewall/controller, and APs appearing offline.

 

1) Firmware Upgrade Problems

Firmware upgrades are essential for keeping APs up to date with the latest features, bug fixes, and security enhancements. Here are steps to troubleshoot firmware upgrade issues:

a. Verify Connectivity: Ensure that your AP controller can access the necessary resources. Start by checking if you can resolve "zapimg.cloud.zyxel.com" from the controller. If resolution fails, investigate DNS configuration or network connectivity issues.

b. AP Connectivity: Confirm that the APs are reachable from the controller. Ping the APs to verify their availability. If pinging fails, investigate network connectivity or firewall settings that may be blocking communication.

c. Check Firmware Settings: Review the firmware upgrade settings in the controller. Navigate to "Configuration -> Wireless -> AP Management -> Firmware" and confirm that the correct firmware version is selected. If not, update the firmware settings accordingly.

d. Reboot an AP: Try rebooting one AP from the controller's graphical user interface (GUI). Go to "Configuration Wireless -> AP Management -> Mgmt. AP List," select an AP, and initiate a reboot. Monitor if the AP successfully upgrades its firmware after the reboot.

 

2) APs Not Managed by Firewall/Controller Anymore

Sometimes, APs may appear to be disconnected from the controller/firewall. Follow these steps to troubleshoot this issue:

a. Check for Other Controllers: Ensure that no other controller on the network has taken over the APs. During a firmware upgrade or reboot, APs may temporarily connect to a another controller in the network. Investigate if any secondary controllers are managing the APs. This could be your USG FLEX or ATP firewall. Use Advanced IP scanner to check your network.

b. Firewall Configuration: For NXCs, check the configuration of your firewall (e.g. USG FLEX or ATP). Under "Configuration -> Wireless -> Controller," ensure the "Registration Type" is not set to "Always Accept," as this can cause APs to be managed by the firewall instead of the intended controller. Review the firewall's AP management menu to confirm.

 

3) APs are Offline

 

When APs show as offline, use the following troubleshooting steps:

a. Firmware Upgrade in Progress: Check the AP logs under "Monitor -> Logs" to see if a firmware upgrade is in progress. If so, wait for the upgrade process to complete before the AP reconnects to the controller. Rebooting one AP can sometimes expedite this process.

b. Local Connectivity: Verify local connectivity to the AP by pinging its IP address from inside the network. If pinging fails, investigate network connectivity or physical connection issues between the controller and AP. And then try to reboot the AP to see if it can be pingable afterwards (note that it could be not reachable because of a firmware upgrade).

c. Access Web GUI: If you can ping the AP and it appears to be online, attempt to access its web graphical user interface (GUI) using the AP's IP address. If Web GUI access cannot be reached, 

 

4) Issues Downloading AP Firmware from Cloud Server

When encountering issues that you cannot download the firmware from the cloud server on USG. Try below workaround to solve the issue.

First, go to the web console function in the device and log in with admin

Give in the command:

_debug capwap show inter-ap-fw-table

USG will not try to download the AP firmware again since the status is pending.
There are two ways to download the AP firmware from the cloud server again
  • Reboot the USG. (not always so easy to do in environments)
  • Update the AP firmware manually.

Go to CONFIGURATION>Wireless>AP Management>AP Policy>Firmware Updating. Please change the updating mode as "Manual". Then apply the setting.

  Go to MONITOR>Wireless>AP Information>AP List. Choose AP and click the "upgrade FW"

Articles in this section

Was this article helpful?
0 out of 1 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.