Onboarding New Devices Troubleshooting Tips

Connecting Extreme APs and Routers to the Network

When wireless devices go online for the first time without a CAPWAP server configured manually or received as a DHCP option, they progress through the following cycle:

1. The device tries to connect to ExtremeCloud IQ or ExtremeCloud IQ using the following default domain name: hivemanager.<local_domain>:12222. "<local_domain>" is the domain name that a server supplies to the devices, 12222 is the UDP port number.
2. If a DNS server has been configured to resolve that domain name to an IP address, the device and ExtremeCloud IQ platform then form a secure CAPWAP connection on port 12222.
3. If the device cannot make a CAPWAP connection to the ExtremeCloud IQ platform on port 12222, it tries to reach it using TCP port 80: hivemanager.<local_domain>:80.
4. If the DNS server cannot resolve the domain name to an IP address, the device broadcasts CAPWAP Discovery Request messages on its local subnet. If ExtremeCloud IQ is on the local network and responds with a Discovery Response message, they perform a DTLS (Datagram Transport Layer Security) handshake to establish a secure CAPWAP connection with each other.
5. If the first two searches for a local ExtremeCloud IQ account produce no results, the device tries to contact redirector.aerohive.com:12222. If the redirection server has a serial number for the device in its ACL (access control list), it responds and they form a CAPWAP connection. The device is then redirected to either a ExtremeCloud IQor ExtremeCloud IQ Online account or to a ExtremeCloud IQ virtual appliance specified in a standalong account. If the device cannot make a CAPWAP connection to the redirector on UDP port 12222, it tries to reach it on TCP port 80. If that is not successful, the device returns to the initial search through a DNS lookup and repeats the cycle.

If you are having trouble getting your new devices to appear in the ExtremeCloud IQ or ExtremeCloud IQ management platform at installation, this guide provides basic best-practices and troubleshooting steps.

Best Practices for Adding New Devices

In the majority of cases, new Extreme Networks devices connect easily and automatically to ExtremeCloud IQ or ExtremeCloud IQ. Here are some things that you can check before installing devices (or after your devices fail to connect) to help ensure that this process is smooth.

Outbound Firewall Ports

The most common issue when onboarding devices is that the proper outbound firewall ports are not open at the remote site, which prevents the AP from connecting. Before you install any devices, it is a good practice to make sure the outbound firewall ports for your network are open, including ports 80, 443, and UDP port 12222.

HTTP Proxy

For virtual devices, or on-premises ExtremeCloud IQ or ExtremeCloud IQ platforms, using an HTTP proxy can sometimes cause a problem. In these cases you will nee to contact Technical Support.

Network Connection Speeds

If your network speed is too slow, or the network times out after a period of inactivity, your devices may not be able to find the ExtremeCloud IQ platform.

LED Light Behavior

On a few AP models, the LED goes dark after a certain period of time as a power-saving device. Your AP may actually be connected, but the light does not indicate that this is the case. Be sure to check the list of unmanaged devices in the ExtremeCloud IQ platform GUI. Your device may actually be there, but the LED may not be active.

Power Constraints

In a few cases, some devices may not have enough power to connect to the ExtremeCloud IQ platform because they are receiving power through PoE (power over Ethernet). Contact your Extreme representative if you suspect that this might be the problem.

Serial Number Upload Errors

When you are uploading a CSV file (comma-separated variables) with multiple serial numbers, there may be punctuation errors in the list, or in some cases the leading zero in a column of numbers may be lost, resulting in a mismatch of serial numbers. Check that your CSV file is correct and complete.