Wireless Access

 View Only
last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VMC sending TCP RST for FTP from APs during initial upgrade?

This thread has been viewed 28 times

  • 1.  VMC sending TCP RST for FTP from APs during initial upgrade?

    Posted Jan 12, 2022 08:15 PM
    Hi Airheads,

    Looking to understand why this may be happening and how I can debug further...

    I'm moving an AP from one VMC cluster to another by re-provisioning the AP. When the AP discovers the image mismatch with the new VMC, it attempts to download the new image using FTP.

    Looking at the datapath session table, the FTP connection is never stood up, and it falls back to TFTP and eventually the image upgrade succeeds.


    

    Source IP or MAC  Destination IP  Prot SPort DPort Cntr     Prio ToS Age Destination TAge Packets    Bytes      Flags           CPU ID
    

    ----------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- ---------- ---------- --------------- -------
    

    <VMC IP>      <AP IP>     17   69    58302  0/0     0    0   1   0/0/0       11   0          0          FY              3
    

    <AP IP>       <VMC IP>    17   58302 1038   1/4098  0    6   0   local       11   3425       109600     FI              3

    

    <AP IP>       <VMC IP>    6    57991 21     1/4098  0    0   1   0/0/0       11   0          0          YCUI            3
    

    <VMC IP>      <AP IP>     6    21    57991  0/0     0    0   1   0/0/0       11   1          40         FI              3

    

    <VMC IP>      <AP IP>     17   1038  58302  0/0     0    6   0   local       12   3570       1942080    FC              3
    
<AP IP>       <VMC IP>    17   58302 69     1/4098  0    6   1   0/0/0       12   1          46         FHCI            3

    A controlpath PCAP from the VMC shows that it is sending TCP RST for the connection from the AP on port 21:


    I've verified that the FTP server is still enabled with 'show firewall'.

    ------------------------------
    Chris Denham
    ------------------------------


  • 2.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    EMPLOYEE
    Posted Jan 13, 2022 05:32 PM
    See if you can telnet to port 21 from the subnet that the AP is on.....

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 3.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    Posted Jan 13, 2022 05:42 PM
    Strangely I can - are there any debugging commands for the ftp process itself?

    ------------------------------
    Chris Denham
    ------------------------------

    Original Message


  • 4.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    EMPLOYEE
    Posted Jan 13, 2022 06:18 PM
    Does it ask you for a username/password?  Can you do a PCAP of an actual AP trying to download ftp?  The traffic before the RST packets might be useful.

    I am not aware of an FTP debug command, unfortunately.  You can type "show log system 50" to see if there was an error sent by the AP, however.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 5.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    Posted Jan 14, 2022 02:21 PM
    Can you ftp over the command line? I grew up running ftp in a terminal session, and so prefer to use it that way. Many times in many contexts I've been able to use the terminal to give me an error message that makes whatever failure obvious and easy to fix, when all of the fancy GUIs just fail with no clue as to why.

    ------------------------------
    Cathy Fasano
    ------------------------------

    Original Message


  • 6.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    EMPLOYEE
    Posted Jan 14, 2022 03:37 PM
    You should be able to see this:

    220 (vsFTPd 3.0.3)

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 7.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    Posted Jan 16, 2022 03:31 PM
    This is what I see:


    Here is the output of a controlpath PCAP for all TCP and UDP ports at the same time:

    09:19:50.035873 IP <CLIENT>.51135 > <VMC>.21: Flags [SEW], seq 807225372, win 8192, options [mss 1460,nop,wscale 0,nop,nop,sackOK], length 0
    09:19:50.035892 IP <VMC>.21 > <CLIENT>.51135: Flags [R.], seq 0, ack 807225373, win 0, length 0


    ------------------------------
    Chris Denham
    ------------------------------

    Original Message


  • 8.  RE: VMC sending TCP RST for FTP from APs during initial upgrade?

    Posted Jan 16, 2022 04:18 PM
    Looks like the controlpath PCAP isn't capturing the entire thing - Wireshark capture from the client PC shows the following:



    ------------------------------
    Chris Denham
    ------------------------------

    Original Message