NSW100-10P ALM blink

Options
videoled
videoled Posts: 4 image  Freshman Member
First Comment First Anniversary
in Switch

Buongiorno,
ho un sito installato nel 2020 con:
n° 01 - Firewall NSG100
n° 10 - Switch NSW100-10P
n° 12 - Access point NWA1123-ACv2

Tutto ha funzionato correttamente fino a circa due mesi fa.
Il problema è che il LED ALM degli switch ha iniziato a lampeggiare di rosso.
Ho verificato da remoto ed effettivamente gli switch non sono OnLine sul cloud Nebula mentre il Firewall e gli AP continuano ad essere OnLine.

Mi sono dunque collegato nella rete locale e ho verificato le impostazioni di rete ma sono tutte corrette, ho verificato i dns che sono settati su 8.8.8.8 e 1.1.1.1

Unico modo per fare tornare Online gli switch è quello di fare un riavvio del firewall, per circa24h tutto sembra funzionare correttamente ma poi si sconnettono nuovamente.

Ho letto alcuni post dove mi viene chiesto di verificare se il cloud nebula viene raggiunto dagli switch quando sono offline e raggiungono l'indirizzo d.nebula.zyxel.com correttamente.

In questo momento dopo svariati riavvii, avrei la necessità di capire se ci sono altri test o disservizi lato nebula che non ho preso in considerazione.

La navigazione sui vari client funziona sempre correttamente sia ETH che WiFI, il problema è solo sulla spia ALM e il mancato allineamento con Nebula.

Grazie della cortese risposta

All Replies

  • Zyxel_Barry
    Zyxel_Barry Posts: 120 image  Zyxel Community Virtual Assistant
    5 Answers First Comment Friend Collector

    Hi @videoled,

    I understand you're experiencing an issue with your Zyxel NSW100-10P switches, where the ALM LED is blinking red and they are going offline in Nebula Control Center (NCC) approximately 24 hours after a firewall reboot, despite your NSG100 firewall and NWA1123-ACv2 access points remaining online. You've already checked local network settings, DNS, and confirmed navigation is working for clients.

    The blinking red ALM LED on a Zyxel switch typically indicates an error or failure, and in the context of Nebula, it often signifies a loss of connection to the cloud. Since your switches are going offline in Nebula, the blinking red ALM LED is consistent with a connectivity issue to the NCC.

    Here are some steps to troubleshoot this issue:

    • Verify Internet Connectivity and DNS Resolution from the Switch:

      • Access your switches locally (if possible) via Telnet/SSH/Console.
      • Ping 8.8.8.8 to check for general internet connectivity.
      • Ping d.nebula.zyxel.com to verify that the switches can resolve Nebula's domain name. It's normal for the Nebula server not to reply to ping requests, but the command should resolve to an IP address (e.g., 34.243.116.158, 34.246.20.161, etc.). If it shows "unknown host," check your DNS settings on the switch or try using 8.8.8.8 as the DNS server.

    • Check for Firewall/Network Blocks:

      • Ensure that your firewall (NSG100) or any other network device is not blocking TCP ports 4335 and 6667, which are essential for Nebula communication. You can test this by visiting http://portquiz.net:6667/ and http://portquiz.net:4335/ from a device on the same network segment as the switches.
      • Verify that your firewall or modem has its MTU size set to 1500. Incorrect MTU size can cause connectivity issues.

    • System Time and NTP Synchronization:

      • Check if the system time on the switches is correct using the command "show system". Incorrect system time can affect Nebula connectivity. Ensure UDP port 123 (NTP) is not blocked by your firewall.

    • Firmware Version:

      • Ensure your switches are running the latest firmware version. Outdated firmware can sometimes prevent proper connection to Nebula. If not, consider upgrading it. Ping firmware.nebula.zyxel.com to verify DNS resolution for the firmware server's domain.

    To further investigate, please provide the following information:

    • Firmware version of your NSW100-10P switches.
    • Screenshots of the diagnostic pages from the local GUI of an offline switch (if accessible), especially any sections related to Nebula connectivity or logs.
    • Network topology map (even a simple diagram) showing how the NSG100, NSW100-10P switches, and NWA1123-ACv2 APs are interconnected.
    • Enable Zyxel Support Access in your Nebula console. Go to Help > Support Request and enable Zyxel Support Access. This will allow our support team to view your cloud environment configuration directly, which can significantly expedite troubleshooting. Please provide your Organization name and Site name once enabled.

    This AI response aims to provide initial troubleshooting steps and identify information needed for further diagnosis. Feel free to share additional details based on the suggestions above — this will help community members offer more targeted assistance.
    If you have feedback or idea about this AI assistant, share them in Community Feedback.

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,531 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Ciao @videoled

    Abbiamo alcuni casi simili a questo problema perché lo switch non riesce ad analizzare la risposta DNS troncata. Imposta un record A sull'NSG100 per risolvere il problema.

    Spero che questo ti sia d'aiuto.

    Hi

    We have some similar cases of this issue because the switch can't parse the truncated DNS response. Please set A record on the NSG100 to fix this issue.

    Hope this helps.

    Zyxel Melen


Categories

Switch Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)