No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server

Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server

Symptom

When an intelligent upgrade is performed on the AC6508 running V200R020C00SPC300 through the web system, the following message is displayed: The network between the device and server (https://s.houp.huawei.com) is disconnected. Connect the network.

Relevant Alarms and Logs

None

Cause Analysis

The certificate of the HOUP server on the public network is updated. As a result, the certificate on the AC does not match that on the server.

Procedure

  1. Check the network connectivity between the AC and s.houp.huawei.com. The HOUP server is reachable from the AC.

  2. Run the telnet s.houp.huawei.com 80 command. Ports 80 and 443 are reachable between the AC and HOUP server.
  3. Check whether HTTP and HTTPS packets are normally exchanged between the AC and HOUP server.

    1. Run the packet-capture command to obtain packets between the AC and s.houp.huawei.com.
      <AC> system-view
[AC] acl 3000
[AC-acl-adv-3000] rule 10 permit ip source 103.218.217.58 0.0.0.0
[AC-acl-adv-3000] quit
[AC] capture-packet interface gigabitethernet 0/0/1 acl 3000 destination terminal packet-len 64 packet-num 10
    2. Configure port mirroring on the AC. Packets are normally exchanged between the AC and s.houp.huawei.com.
      [AC] observe-port interface GigabitEthernet 0/0/10    //Configure GE0/0/10 as the observing port, that is, the port connected to the PC for obtaining packets.
[AC] interface GigabitEthernet 0/0/1
[AC-GigabitEthernet0/0/1] mirror to observe-port both  //Configure the mirrored port, that is, the physical port through which the AC communicates with the HOUP server.
[AC-GigabitEthernet0/0/1] quit

  4. According to the preceding steps, the AC and HOUP server are properly connected over the network. So the certificate may be incorrectly installed.

    After the latest software patch and web patch are installed on the AC, log in to the web system again, choose Maintenance > Device Upgrade > Intelligent Upgrade, and update the certificate on the displayed page.

Translation
简体中文
Download
Updated: 2023-06-02

Document ID: EDOC1000060368

Views: 1823629

Downloads: 5811

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :