Why would APs communicate with other APs over Port 1883

Summary

Observing AP to AP communication over port # 1883

Question

Why would APs communicate with other APs over Port 1883
 

Customer Environment

Cloud or SZ managed APs APs connected in same as well as different venues or zones The APs across 2 venues or zones are separated by a firewall, however the 2 venues or zones are in close proximity

Root Cause

Observing extensive 1883 traffic on the firewall

Symptoms

APs connected across 2 zones or venues are in range to each other

Troubleshooting Steps

1. Collect the network diagram, AP support logs, the distance between the mentioned APs

2. Review AP tcp sessions for port # 1883:
tcp        0      1 192.168.2.23:59567      192.168.67.36:1883      SYN_SENT 

3. Review OTA capture

4. Run AP CLI command "get scanresult wifi1" and "get scanresult wifi0" to check if these two APs could see each other:

Following example shows that the AP can see the other AP
rkscli: get scanresults wifi0
SSID                        BSSID              Type  Radio    Encr       Chan  RSSI DL/UL  Ant

guest                  00:00:3a:b8:ce:48  AP    G/N(20)  Open       6     12/26       0
eduroam                     00:00:3a:f8:ce:48  AP    G/N(20)  WPA2       6     14/25       0

The highlighted BSSIDs belongs to AP : 192.168.67.36. Below are the details from the AP support info file.

wlan2     Link encap:Ethernet  HWaddr 00:00::3A:B8:CE:48  
          UP BROADCAST RUNNING MULTICAST  MTU:2290  Metric:1
          RX packets:117614 errors:0 dropped:6569 overruns:0 frame:0
          TX packets:729789 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 

It is design intent that AP will communicate its neighbor to facilitate roaming, load balancing etc.

Workaround

Block port 1883 on firewall

Resolution

The AP neighbor discovery service "nbrd" uses TCP port # 1883 to communicate between APs for scanning, rogue detection, radio management, load balancing and fast roaming

Related Articles

https://community.ruckuswireless.com/t5/SmartZone-and-Virtual-SmartZone/Why-would-Access-Points-try-to-access-other-Access-Points-on-TCP/m-p/48563#M4107

Article Number:
000014632

Updated:
January 17, 2025 03:52 AM (2 months ago)

Tags:
Troubleshooting, SZ144, Ruckus Cloud WiFi, SZ300, virtual SmartCell Gateway, SZ100

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close