Reply
Veteran Member
Posts: 7,896
Registered: ‎04-21-2011
Kudos: 2745
Solutions: 173

Manual Discovery issue

[ Edited ]

We usually discover our devices manually, as we have ALL discovery turned off on our network for security issues.

 

Been noticing that any newer devices, such as NBE gen2 will not manual discover against the AP (which is it's normal gateway).

 

It comes up as error (SSH failed)

 

We have to first go into the site router, establish a DST-NAT directly to the CPE radio unit, manually discover it with that Internet IP address, then "Start monitoring", then go back into properties, put in the private IP address that is under the AP, select the proper "Topology branch" under that AP, enter it, and then all works well after that.

 

Seems that the AP's Gateway SSH is not being accessed as the initial way to manually discover these ?

 

AC2 firmware is 2.1.1beta

 

 

 

*** UPDATE ***

 

This seems to fail on any device that we are trying to manually discover.  Please note that we are also not using standard SSH port numbers !

Veteran Member
Posts: 7,896
Registered: ‎04-21-2011
Kudos: 2745
Solutions: 173

Re: Manual Discovery issue

[ Edited ]

@UBNT-Karolis

 

Anybody home ?   Need someone to look at this PLLEEEAAAASSSSE  !

 

Seems that the problem is that when trying to manually discover, the AP will not see the new device,(Failed SSH autentication) due to the fact that we are using custom SSH port numbers. If we setup a temporary DNAT on the router directly to the new CPE (Private IP address), then AC will discover and start monitoring the device.  We can then put the new private IP address of the CPE in AC, and it will continue to work.

Ubiquiti Employee
Posts: 766
Registered: ‎05-28-2012
Kudos: 391
Solutions: 79

Re: Manual Discovery issue

@wtm what do you mean manual discovery when discovery service is disabled on device? Are you adding device manually and it does not work? What error are you getting? Can I see the server logs with mac of device that can't be "discovered".

Veteran Member
Posts: 7,896
Registered: ‎04-21-2011
Kudos: 2745
Solutions: 173

Re: Manual Discovery issue

@UBNT-Karolis

OK, we do not have any discovery turned on, on our network due to security reasons. We normally "manually" discover the CPE by going to the AP listing on AC2, and doing a manual discovery.  You enter the "private IP address" of the device, and then AC goes to the AP radio (which has an outside IP address on), and finds the CPE.

 

With 2.1.1 beta, you can no longer do that!  It gives you and SSH authenication failure.

 

To get around that, we have to go to the router that the AP is on, and setup a temprary DNAT directly to the CPE ip address, so AC can see it to discover it. Once that happens, we can then go to the CPE properties, install the correct private ip address on it, and assign it to the AP.  Then AC works as normal on monitoring.

 

I am assuming that the reason this is happening, is that AC is not accepting "Custom" SSH port numbering on the AP during the initial discovery?

Reply