Sometimes, you might be unsure if your Nebula Access Point has indeed reached out to the Nebula Control Center. This tutorial will help you checking the Connectivity of your Nebula Access Point.
1. Check the LED status of the device.
Upon the first installation, NAPs should right away perform a firmware upgrade, you will be able to notice the LED blinking rapidly in either Red or Amber color. You can refer to the user guide in online documents in NCC to see the LED behavior of different models in which you can determine the next items to check.
2. Check connectivity status in local GUI
Access the local GUI by typing the IP of your NAP or by default IP 192.168.1.2 if no DHCP server is in the network.
Here you can find 4 status indicating the following information.
Ethernet: The LAN connection to the gateway
Internet: The connection to 18.104.22.168 will determine connected or not
Nebula Connectivity Status: Indicates the connection to the Nebula connectivity server.
Activation Status: Whether or not the device has been registered.
3. Check firewall settings
On NCC, in Help> Security policy information, enlists the ports required for nebula devices to be online and work properly.
TCP 6667 / 4335 Port used for device netconf connection and management to Nebula Control Center.
TCP 443: Port for users to access HTTPS websites in this case Nebula control center webpage, with PCs or laptops.
UDP 123: Port for NTP time sync, Nebula devices requires to synchronize a universal time, the feedback from Nebula devices to the server and also statistical information greatly requires the correct time kept on the devices.
4. Check the Routing to Nebula Servers
In the case of access points to have internet connection but not connecting to Nebula servers, you can traceroute to the domain of Nebula connectivity server to know which part of the traffic stopped or if it's possible to reach. Our servers are hosted by Amazon Web Services (AWS), so if the traceroute is possible to reach any Amazon domains or routers, then the connection should be good.
The domain for our servers is
Connectivity Server: d.nebula.zyxel.com
a. Open cmd, type "nslookup d.nebula.zyxel.com" for the DNS to resolve the IPs of the domain
b. Traceroute any of the IP, ex: tracert 22.214.171.124
c. After the routes have been shown, find the available IP of the last few hops for example. 126.96.36.199, and query them online to see which company/org. own the router. If you see Amazon IPs, then you’ll know the routine to the server should be good to reach AWS.
Note: Ping is not able to get the response from the server as they will be discarded.
If all the requirements for Nebula devices are met, should you be able to see the access points online and configurable in Nebula Control Center?
Do you want to have a look directly on one of our test devices? Have a look here in our virtual Lab: