L3 Adoption of EAP660 HD fails

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

L3 Adoption of EAP660 HD fails

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
L3 Adoption of EAP660 HD fails
L3 Adoption of EAP660 HD fails
2021-11-29 23:49:29 - last edited 2021-11-30 22:26:08
Model: EAP660 HD  
Hardware Version: V1
Firmware Version: 1.0.5 Build 20201120 Rel. 54290

I have one main site where the Omada software controller v4.4.6 is hosted, one secondary side with 2 x EAP660s which I'm trying to adopt over L3.

 

I've properly exposed the Omada ports as per the documentation: UDP 29810, TCP 29811-29813. Setting the inform address in the EAPs makes them show up in the controller, pending adoption.

 

I click adopt, get prompted for user/pass where I enter the correct username & password combination for the EAPs (and not for the controller); in 30-45s, I get the error "Device adoption failed because the device does not respond to adopt commands." and then it says "ADOPT FAILED".

 

Any ideas what might be wrong here? UDP 29810, TCP 29811-29813 are going over the regular internet, with a firewall rule at termination which whitelists the secondary site. 

 

What could be the problem? How can I look at more verbose logs for debugging?

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:L3 Adoption of EAP660 HD fails-Solution
2021-11-30 22:25:58 - last edited 2021-11-30 22:27:04

I managed to adopt them. I did nothing, just kept retrying for about 1-2h. This is pretty dumb. There's probably a bug somewhere.

 

For anyone else reading this, here's a port breakdown for the Omada software controller:

 

  • UDP 29810 is for discovery -- whether the devices even pop up in the UI
  • TCP 29811 is for management after adoption
  • TCP 29812 is for the adoption process specifically
  • TCP 29813 is for upgrades only

 

That's it. You do not need TCP 29810 & UDP 29811-13. You can get away with shennanigans and re-map some ports however you want on the controller end, just make sure the endpoint that you feed to the APs have those ports specifically exposed because you can't change them client-side.

 

Note: at least for the APs you can't get to the point where you can input your controller hostname without changing the default user & pass. So the first adoption try will always fail because it assumes default credentials. On the 2nd try it will prompt you for credentials.

Recommended Solution
  2  
  2  
#12
Options
11 Reply
Re:L3 Adoption of EAP660 HD fails
2021-11-30 00:10:54

I have now updated both EAPs to 1.0.6 Build 20210729 Rel. 64026(5553) and I have the same issue. It fails to adopt with the same errors.

  0  
  0  
#2
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 04:55:33
  0  
  0  
#3
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 06:54:29

Dear @runtime,

 

runtime wrote

I click adopt, get prompted for user/pass where I enter the correct username & password combination for the EAPs (and not for the controller); in 30-45s, I get the error "Device adoption failed because the device does not respond to adopt commands." and then it says "ADOPT FAILED".

 

Any ideas what might be wrong here? UDP 29810, TCP 29811-29813 are going over the regular internet, with a firewall rule at termination which whitelists the secondary site. 

 

For L3 Adoption, you may log into the EAP management page to enable Layer-3 accessibility first.

 

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 14:01:17

@John1234 I already went through that document, there's nothing helpful that I haven't tried. I find the recommendations to ping stuff particularly useless since ICMP is not used for adoption, only UDP & TCP.

  0  
  0  
#5
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 14:01:41 - last edited 2021-11-30 14:13:08

@Fae  Thanks for the suggestion but that is already enabled.

 

Does the Controller need to talk back to the APs? should the EAPs be available to the controller in some way? Because they are not, currently.

 

I assumed this all worked with a pull model where I instruct the APs of the controller's hostname and the controller does not attempt a direct connection to the APs.

  0  
  0  
#6
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 15:07:52

@runtime 

 

There is no difference between EAP660HD and the other access points from TP-LINK, if you do not get adopted then you must check your firewall, reset EAP660 to deafult, it will not be necessary to do anything with the access point before you adopt.

Use omada discovery utility, type name or ip on remote site, username is admin password is admin

 

You download omada discovery utility here.

https://www.tp-link.com/en/support/download/eap660-hd/#Omada_Discovery_Utility

 

 

 

 

  0  
  0  
#7
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 20:16:04 - last edited 2021-11-30 20:21:11

@shberge I can verify that the ports are open and the sevice is accessible, there's not much more I can "check" on the firewall.

 

I was hesitant to reset the APs at first, but I did it anyway, and it's still the same error.

 

I'm at my wits' end with this, Unifi just worked with a similar setup...I think I'll send the TP Links back if I can't figure it out soon enough.

  0  
  0  
#8
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 20:44:23

@runtime 

 

 

If you is 100% sure that your firewall is right is this a case for TP-LINK support, I never have problem with adopt of TP-LINK EAP.

And Unifi is no different to TP-LINK, firewall have to be right.

 

So somthig stop you communication, you ned only nat on remote firewall to get it to work. my nat roule is like this. 

What type of software controller do you use? mybee there is a firewall in controller that block adopt

 

 

 

 

  0  
  0  
#9
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 20:49:51

@shberge The official docs mention UDP 29810 & TCP 29811-29813. Do I need to open TCP 29810 & UDP 29811-29813? Is the documentation wrong?

  0  
  0  
#10
Options
Re:L3 Adoption of EAP660 HD fails
2021-11-30 20:55:01

@runtime 

 

I Use TCP/UDP on port 29810 and it work, but doc sey only UDP, so it should be right.

 

I have som Cisco forewall to and ther is alo TCP/UDP on 29810 the other port is TCP 

SO you can test and se. I dont think there any different.

  0  
  0  
#11
Options