L3 Adoption of EAP660 HD fails
L3 Adoption of EAP660 HD fails
I have one main site where the Omada software controller v4.4.6 is hosted, one secondary side with 2 x EAP660s which I'm trying to adopt over L3.
I've properly exposed the Omada ports as per the documentation: UDP 29810, TCP 29811-29813. Setting the inform address in the EAPs makes them show up in the controller, pending adoption.
I click adopt, get prompted for user/pass where I enter the correct username & password combination for the EAPs (and not for the controller); in 30-45s, I get the error "Device adoption failed because the device does not respond to adopt commands." and then it says "ADOPT FAILED".
Any ideas what might be wrong here? UDP 29810, TCP 29811-29813 are going over the regular internet, with a firewall rule at termination which whitelists the secondary site.
What could be the problem? How can I look at more verbose logs for debugging?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I managed to adopt them. I did nothing, just kept retrying for about 1-2h. This is pretty dumb. There's probably a bug somewhere.
For anyone else reading this, here's a port breakdown for the Omada software controller:
- UDP 29810 is for discovery -- whether the devices even pop up in the UI
- TCP 29811 is for management after adoption
- TCP 29812 is for the adoption process specifically
- TCP 29813 is for upgrades only
That's it. You do not need TCP 29810 & UDP 29811-13. You can get away with shennanigans and re-map some ports however you want on the controller end, just make sure the endpoint that you feed to the APs have those ports specifically exposed because you can't change them client-side.
Note: at least for the APs you can't get to the point where you can input your controller hostname without changing the default user & pass. So the first adoption try will always fail because it assumes default credentials. On the 2nd try it will prompt you for credentials.
- Copy Link
- Report Inappropriate Content
I have now updated both EAPs to 1.0.6 Build 20210729 Rel. 64026(5553) and I have the same issue. It fails to adopt with the same errors.
- Copy Link
- Report Inappropriate Content
Regarding this issue: https://www.tp-link.com/en/support/faq/3192/
- Copy Link
- Report Inappropriate Content
Dear @runtime,
runtime wrote
I click adopt, get prompted for user/pass where I enter the correct username & password combination for the EAPs (and not for the controller); in 30-45s, I get the error "Device adoption failed because the device does not respond to adopt commands." and then it says "ADOPT FAILED".
Any ideas what might be wrong here? UDP 29810, TCP 29811-29813 are going over the regular internet, with a firewall rule at termination which whitelists the secondary site.
For L3 Adoption, you may log into the EAP management page to enable Layer-3 accessibility first.
- Copy Link
- Report Inappropriate Content
@John1234 I already went through that document, there's nothing helpful that I haven't tried. I find the recommendations to ping stuff particularly useless since ICMP is not used for adoption, only UDP & TCP.
- Copy Link
- Report Inappropriate Content
@Fae Thanks for the suggestion but that is already enabled.
Does the Controller need to talk back to the APs? should the EAPs be available to the controller in some way? Because they are not, currently.
I assumed this all worked with a pull model where I instruct the APs of the controller's hostname and the controller does not attempt a direct connection to the APs.
- Copy Link
- Report Inappropriate Content
There is no difference between EAP660HD and the other access points from TP-LINK, if you do not get adopted then you must check your firewall, reset EAP660 to deafult, it will not be necessary to do anything with the access point before you adopt.
Use omada discovery utility, type name or ip on remote site, username is admin password is admin
You download omada discovery utility here.
https://www.tp-link.com/en/support/download/eap660-hd/#Omada_Discovery_Utility
- Copy Link
- Report Inappropriate Content
@shberge I can verify that the ports are open and the sevice is accessible, there's not much more I can "check" on the firewall.
I was hesitant to reset the APs at first, but I did it anyway, and it's still the same error.
I'm at my wits' end with this, Unifi just worked with a similar setup...I think I'll send the TP Links back if I can't figure it out soon enough.
- Copy Link
- Report Inappropriate Content
If you is 100% sure that your firewall is right is this a case for TP-LINK support, I never have problem with adopt of TP-LINK EAP.
And Unifi is no different to TP-LINK, firewall have to be right.
So somthig stop you communication, you ned only nat on remote firewall to get it to work. my nat roule is like this.
What type of software controller do you use? mybee there is a firewall in controller that block adopt
- Copy Link
- Report Inappropriate Content
@shberge The official docs mention UDP 29810 & TCP 29811-29813. Do I need to open TCP 29810 & UDP 29811-29813? Is the documentation wrong?
- Copy Link
- Report Inappropriate Content
I Use TCP/UDP on port 29810 and it work, but doc sey only UDP, so it should be right.
I have som Cisco forewall to and ther is alo TCP/UDP on 29810 the other port is TCP
SO you can test and se. I dont think there any different.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4590
Replies: 11
Voters 0
No one has voted for it yet.