Omada Hardware controller oc300 fails to upgrade device connected in different sites
Omada Hardware controller oc300 fails to upgrade device connected in different sites
HI
i have two created sites in omada oc300 .
Both sites is connected through AUTO IPSEC VPN
My network is
ER605 (1) v 2 ---- Internet ---- ER7206(2)----Omada Controller v5.4.7
Both router is connected with controller. I have port forward All 29810 to 29814 on ER 7206 SITE A.
I have forwarded my controller https port on er 7206 and port All 29810 to All 29814 . All ports is accesible through my phone internet and other internet outside my network.
My ER 7206 where omada oc300 is located is site A
SITE B IS WHERE MY ER 605 is located.
BUT WHEN I UPGRADE SITE B - ER 605 Router firmware i get below error ::
[Failed]Failed to upgrade ER-605 ROUTER to firmware version 2.0.0 Build 20220106 Rel.56391 online. Please check your network configuration and make sure the device can access the Controller's HTTPS management port.
ALSO my network is simple . there is no VLAN or ACL or Static routing.
MY controller https port is accesible through internet , so the NAT port forwarding is working.
BUT Still i get the error.
PLEASE HELP WITH THIS ERROR.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@kdurigan This actually worked! I I forwarded the TCP port 443 from the gateway to the controller at the main site, and then was able to update the gateway at the remote site. The port is definitely listening and when attempting to connect to it, it complains that the request requires TLS.
- Copy Link
- Report Inappropriate Content
Have you checked this post: https://community.tp-link.com/en/business/forum/topic/559150
Make sure that all opening port entries are set on the controller side, i.e. ER7206, and that they are valid?
Have you tried manually upgrading the firmware ER605(UN)_V2_2.0.1 Build 20220223?
- Copy Link
- Report Inappropriate Content
YES . i have checked this post: https://community.tp-link.com/en/business/forum/topic/559150
IT did not work
ALso my https port in controller side ER7206 is open and working.
I disconnect/forget the eR 605 from controller and manually upgrade the device firmware and then reconnect it to controller.
BUT I cannot directly upgrade the firmware from controller.SO every time i have to disconnect and upgrade and reconnect .
NOT good idea
Do i need static WAN IP on both side or only controller side??
Thanks virgo
- Copy Link
- Report Inappropriate Content
Dear @atc ,
atc wrote
I disconnect/forget the eR 605 from controller and manually upgrade the device firmware and then reconnect it to controller.
BUT I cannot directly upgrade the firmware from controller.SO every time i have to disconnect and upgrade and reconnect .
Thank you for reporting this issue in the community.
This issue has been escalated to the support engineer for further investigation and it has been confirmed that this issue will be optimised in the next release.
Until then, you may need to upgrade the router locally (not via VPN), sorry for the inconvenience.
Best Regards!
- Copy Link
- Report Inappropriate Content
@Hank21 - Hello i am experiencing the same issue - in simplified terms - i have a site 2 site vpn via two er605 routers. - everything* works except upgrading the remote router site B (the controller is at site A). Cannot manually update it as well. the router / equipment on the same side of the vpn upgrades fine.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
@atc I am running the software controller on a Windows VM and missed adding TCP port 8043 to the firewall rule on the VM. Once I opened that port all was well. Not sure how the hardware controller works but this is how my Windows firewall config looks now:
Any <> Any allowed
TCP Ports: 29811-29814, 8043
UDP Ports: 29810
- Copy Link
- Report Inappropriate Content
@kdurigan - no impact. issue still persists; enabled 8043 under transmission .... still cannot upgrade remote router.
Caption
always stalls at 99% and reports a failed upgrade - so presumably i do not have a connectivity issue.
- Copy Link
- Report Inappropriate Content
@mis203a - I am using the software controller which needs TCP 8043 for controller management. I looked at the documentation again and the hardware controller and see the following:
For Omada Software Controller v5, the default port is TCP 8043,
For OC200/OC300 with built-in Controller v5, the default port is TCP 443.
Note: The port used for device upgrading will change as the setting of “HTTPS Ports for Controller Management” changes. For example, if you change the HTTPS Port for Controller Management from 8043 to 8000, the port used for device upgrading will also change from 8043 to 8000 accordingly.
So I doubt you need to define 443 in the firewall since that is likely open, but wonder if you changed the default port for controller management? If you have not opened a ticket yet that would be a good place to start. The TP-Link folks seem to be pretty helpful. I may purchase a OC200/OC300 instead of using the software controller so this info will be useful to me eventually as well.
Good luck, and please post the answer if you find one.
- Copy Link
- Report Inappropriate Content
@kdurigan technically there is no firewall - as its a site to site vpn in this scenario, local subnets are trusted. what i'm not clear on is if the remote router goes around the vpn (open internet) to communicate with the controller from the easy discovery url....
will do a test with nat forwarding of 443 to the oc200.
one would think this is possible...i dont have any non-standard configurations...
*update - doesn't work.
- Copy Link
- Report Inappropriate Content
@mis203a You are correct in that the VPN tunnel is not used for communication between the controller and the router. It sure seems to me like the router cannot communicate to the controller for the upgrade process only. To test this you may want to try installing a software controller, open the firewall ports as I mentioned in my earlier post on the VM hosting the software controller, and then adopt the router in the software controller and see if the upgrade is successful. I realize that is probably painful, but I really needed the upgrade to the router to version 1.2.3. The new version fixed an issue with a S2S Azure connection issue that caused disconnects that did not quickly reconnect (Teams calls would fail). Fortunately my problem was resolved with the router firmware upgrade. It may be worth the pain and suffering, or may at least point you to what the problem may be.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3565
Replies: 16
Voters 0
No one has voted for it yet.