NXC2500 not accessible after failed upgrade

FrankLauer
FrankLauer Posts: 50  Ally Member
First Comment First Answer Friend Collector Fourth Anniversary
edited May 21 in Wireless

Hello,

I tried to upgrade one of our NXC2500 controller from 5.x up to 6.10 from here:https://support.zyxel.eu/hc/de/articles/5741937172370

Unfortunately this link was may not a firmware upgrade instead a kind of a fix. The firmware upgrade failed and the SYS led was blinking red.

After that the controller was not any more accessible by LAN. I have done a factory reset by pressing the reset button, but no luck.

The controller is booting normally but I can't access it on 192.168.1.1 neither by SSH nor by Web GUI and no Ping.

However I have access to the console with serial cable. I can log in with default password 1234 and can't see any special errors. The config file is set back to factory default.

Fun fact: From the console I can ping outside to other devices in 192.168.1.x and if I set a gateway I can ping into the internet, f. ex. 8.8.8.8.

What do I need to do ?

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,577  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @FrankLauer,

    The SYS LED was blinking red means the NXC2500 is upgrading firmware. I used the firmware from your link to upgrade and successfully upgrade. I can also access the NXC2500.

    Since you have reset the NXC2500, I would like to clarify some details with you:

    1. What IP address was your PC when you tried to log in to NXC2500?
    2. The NXC2500 doesn't enable the DHCP server by default. So, after resetting the NXC2500, your PC might not have an IP address or get the IP address from another DHCP server, and the IP range might be different from 192.168.1.0/24 subnet. Please use the ZON utility to find the NXC2500 and its IP address to log in. The download link is below:
    3. Or you can set a static IP address, 192.168.1.100, for your PC and try to log in.

    Zyxel Melen


  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary

    I'm in an own 192.168.1.0/24 network only for setting up zyxel devices. My PC is 192.168.1.10 and the gateway 192.168.1.2.

    When I ping on the NXC2500 CLI (connected by serial cable) I can ping PC and gateway successful. Looking with Wireshark I can see the ICMP traffic from 192.168.1.1 to 192.168.1.10.

    But if I ping from 192.168.1.10 to 192.168.1.1 the NXC isn't responding to the ICMP requests nor to other requests f.ex. http or https.

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,577  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @FrankLauer,

    Thanks for your feedback. Since you can access the NXC2500 via serial cable, could you help to dump some information? Please enter these commands to dump:

    1. show version
    2. show interface all
    3. show running-config

    Thanks in advance.

    Zyxel Melen


  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary

    Here it is:

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,577  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @FrankLauer,

    Thanks for the configuration file. After checking, I found there's no policy that blocks access to device and ping. Since you mentioned you reset the NXC2500, could you help to isolate the NXC2500, only connect a PC to the NXC2500, and access it again? I would like to clarify if there was an IP conflit.

    Zyxel Melen


  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary

    That's normally what I do on a first step, connecting the laptop with 192.168.1.10 to a Zyxel device for setup.

    With this setting I attach 3 files:

    CLI messages while booting

    Network capture while booting

    Network capture while sending a ping from NXC to laptop (192.168.1.1 to 192.168.1.10) with ICMP response. And a ping from laptop to NXC ( 192.168.1.10 to 192.168.1.1) without response.

    Hint: You need to remove the .txt extension from the capture file names because I couldn't upload .pcapng files.

    Thank you for your help.

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,577  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @FrankLauer,

    Thanks for these packets and the boot log.

    I found the NXC was trying to use the vulnerability firmware to boot up, but somehow the device uses the older firmware. I'm checking more details from the boot log and might need a remote PC to access your NXC. Once I finish checking, I will send a private message to request the remote.

    Zyxel Melen


  • FrankLauer
    FrankLauer Posts: 50  Ally Member
    First Comment First Answer Friend Collector Fourth Anniversary

    Just wanted to say that I bought a cheap 2nd hand NXC2500 controller. So we don't need to invest time in this issue with TeamViewer.

    But thank you very much for your help and looking into all the files.