How to troubleshoot ICX connectivity with different RUCKUS Wireless Controller solutions

Summary

This document provides a comprehensive guide to establish a connection between ICX and SmartZone/Cloud/Unleashed. It includes necessary steps, troubleshooting tips, and resolution methods.

Question

How to troubleshoot ICX connectivity with SZ, R1 or Unleashed Network?

Customer Environment

Virtual SmartZone (vSZ). SmartZone-144 (SZ-144). SmartZone-100 (SZ-100). SmartZone-300 (SZ-300). Ruckus One (R1). Unleashed.

Symptoms

ICX failing to discover the RUCKUS Wireless Controller?
ICX stuck in QUERY state.

Troubleshooting Steps

First, let's understand the expected flow diagram of ICX joining the RUCKUS Wireless Controller.
User-added image
Discovery Options for ICX to Join the Controller:
  1. Use DHCP option 43.
  2. Configure the ICX device manually using FastIron ICX commands.
  3. Use switch registrar discovery.
Now, let's look into troubleshooting for each RUCKUS Controller solution.

SmartZone and Virtual SmartZone

1. Ping Test: Ensure ICX can ping the SZ (control interface or NAT IP) and vice versa.
2. License Check: Verify SZ has available switch licenses for ICX.
3. Firmware Version: Ensure the ICX is in UFI mode. Use the following command to verify
 
ICX#show version | include UFI 
 (33554432 bytes) from Primary SPR08095h.bin (UFI) 

4. Model and Version Support: Check if the ICX model and version are supported by the SZ. Refer to the release notes for each SZ version from the support website.
5. Time Configuration: Configure the time manually or with an NTP server.
Commands to set manually: 

ICX# configure terminal 
ICX(config)# clock timezone us mountain 

Commands to set NTP: 

ICX# configure terminal 
ICX(config)# ntp 
ICX(config-ntp)# server 1.2.3.4 

6. Registrar Configuration: Enable switch discovery by the controller.

ICX#show running-config | include registrar 
ICX# configure terminal 
ICX(config)# manager registrar 

7. DNS Configuration: Ensure DNS is configured and reachable.
8. Firewall Settings: Permit TCP 443 and TCP 22 on all firewalls/ACLs between ICX management network and SZ control interface.
9. Process Check: Ensure nginx, wmsgi, and PySzAgtSrv.py processes are up when running below command.

ICX# hmon client status all-clients 

If processes are down, ensure the image is UFI. If issues persist, perform a reload or factory reset, and contact RUCKUS support if necessary.
Note: Reboot or Factory Reset should be performed cautiously.
10. Device Certification: Verify device certification

ICX# dm verify-device-certs

If certificates are corrupted, regenerate them (for ICX 7250, 7450, and 7750 models):


ICX(config)# crypto device-key-zeroize
ICX(config)# crypto device-cert-zeroize
ICX(config)# crypto key generate
ICX(config)# write memory
ICX(config)# reload

Note: Reload should be performed cautiously.
11. Join SZ: Verify if ICX joins SZ

ICX#show manager status
ICX#conf t
ICX(config)# no manager registrar
ICX(config)# no manager active-list
ICX(config)# manager active-list x.x.x.x
ICX(config)# manager registrar
ICX(config)# exit
ICX# manager connect
12. Collect Logs: If ICX fails to join, collect and share the following logs with RUCKUS Support.

ICX#show tech-support 
ICX#show manager status 
ICX#show manager log 
ICX#show manager session 
ICX#show sz server-log detail 
ICX#show version 
 

RUCKUS One (Formerly known as RUCKUS Cloud) 

1. Ping Test: Ensure ICX can ping the Cloud.
2. License Check: Verify R1 has available device licenses for ICX.
3. Serial Number: Ensure ICX Serial Number is added to the Cloud.
4. Firmware Check: Ensure ICX is in UFI mode. Use the following command to verify
 
ICX#show version | include UFI 
 (33554432 bytes) from Primary SPR08095h.bin (UFI)

5. Model and Version Support: Check if the ICX model and version are supported in the Cloud. Refer to the link here.
6. Time Configuration: Configure the time manually or with an NTP server.
Commands to set manually: 

ICX# configure terminal 
ICX(config)# clock timezone us mountain 

Commands to set NTP: 

ICX# configure terminal 
ICX(config)# ntp 
ICX(config-ntp)# server 1.2.3.4 

7. Registrar Configuration: Enable switch discovery by the cloud.

ICX#show running-config | include registrar 
ICX#configure terminal 
ICX(config)# manager registrar 

8. DNS Configuration: Ensure DNS is configured and reachable.
9. Firewall Settings: Verify all URLs and ports are allowed in a firewall for ICX to contact the Cloud. Refer to the Ruckus One User Guide here.
10. Process Check: Ensure nginx, wmsgi, and PySzAgtSrv.py processes are up when running below command.

ICX# hmon client status all-clients 

If processes are down, ensure the image is UFI. If issues persist, perform a reload or factory reset, and contact RUCKUS support if necessary.
Note: Reboot or Factory Reset should be performed cautiously.
11. Join Cloud: Verify if ICX joins the Cloud.

ICX#show manager status 
ICX# conf t 
ICX(config)# no manager registrar 
ICX(config)# no manager active-list 
ICX(config)# manager registrar-list device.ruckus.cloud 
ICX(config)# manager registrar 
ICX(config)# exit 
ICX#manager connect 

12. Collect Logs: If ICX fails to join, collect and share the following logs with RUCKUS Support.

ICX#show tech-support 
ICX#show manager status 
ICX#show manager log 
ICX#show manager session 
ICX#show sz server-log detail 
ICX#show version 

 

Unleashed

Refer to the following resources for managing ICX using Unleashed:
  1. YouTube Guide.
  2. Unleashed Guide.

General Reference

Refer to the below Troubleshooting links: 

https://community.ruckuswireless.com/t5/RUCKUS-Self-Help/Connecting-an-ICX-to-the-Ruckus-controller-vSZ-or-cloud-Pre/m-p/69873 
https://docs.commscope.com/bundle/fastiron-10010-managementguide/page/GUID-CD3FD835-B641-45A4-8859-062E4AEABE75.html 
https://docs.commscope.com/bundle/fastiron-10010-managementguide/page/GUID-447F3B33-FFD7-4F28-BC26-DC6721D87EC5.html 
https://support.ruckuswireless.com/articles/000010566 

 

Resolution

1. HTTP Error Codes: Known HTTP error codes and recovery options.
 
Error CodeLikely issueRecovery option
400Authentication

Verify the device certificate on ICX 

*Configure 'non-tpm-switch-cert-validate' on SZ.

401Unauthorized switch (switch not recognized by SZ or not preapproved).Move the ICX switch manually from the default group or create a switch registration rule for SmartZone to automatically add the switch to an existing group. 
403Switch registration rejected by SZ/R1 due to license capacity.Add licenses on SZ/R1 or reconfigure the ICX switch to use another SZ device.
500SZ/R1 server encountered an unexpected condition that prevented it from fulfilling the request.Make sure SZ/R1 is up and running without errors.
503The volume of switches is over system capacity or Switch was deleted.

Increase the vSZ resources (CPU,RAM,HDD/overall system capacity) in order to support more ICX switch accordingly. 

Refer the user guide for reference. 

*On some ICX 7250, ICX 7450, or ICX 7750 devices has self-signed certificates are used. Therefore to add the ICX to SmartZone, apply the following command on SmartZone enable mode "Configure 'non-tpm-switch-cert-validate”. 
2. ICX Stack Management: Ensure the management interface is selected on active ICX when connecting to SZ/R1.
?????
 

Article Number:
000014523

Updated:
October 09, 2024 01:22 PM (1 day ago)

Tags:
Configuration, Troubleshooting, Ruckus Cloud Switch, SZ144, SZ300, Unleashed, virtual SmartCell Gateway

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close