AP7921B unable access via web (NEW PDU)

micmanoj · ‎2024-05-23

Hi All,

Here is my problem statement, we use APC AP7921B from past two years and have seen no issue. So, I have ordered couple of more. Observed default when I set the boot in mode DHCP it's not selecting an IPV4 from the network.

I tried to assign a static IP for the same and enable HTTP, FTP protocols. Observed everything went well but I am not to connect to device from the web through another computer which is on same network. (No ping & status LED on device)

I have connected the LAN connection back-to-back from my computer to device and observed now the LAN port is working and could load web console.

I configured the device now same as the older one (all settings same) and connected the LAN back to network switch. I see my old APC is able to ping and open on my laptop but again my new APC device wont.

Please help me with a fix for this.

Also, I am still puzzled to know why in first case an DHCP IP is not being allocated to the new device when old device work perfectly to same (which are all on the same switch)

Teken · ‎2024-05-28

A few things to validate and check as it relates the PDU and your network. Cross off all the items that don’t pertain to your environment.

PDU: If the DHCP Cookies are enabled uncheck this box. Ping, verify ping reply is enabled. HTTPS, this needs to be enabled and you must access the webpage so the SSL certificate is generated.

As it relates to the HTTPS certificate verify the from - to period. You’ll find it either expired or listed as one year. If both are true delete the certificate and let the PDU generate a new self signed certificate.

You’ll probably be asked to reboot the PDU (NMC) and log out. Once you log back in the NMC will auto generate a new self signed certificate. Once complete validate the period is something reasonable like 5-10 years. TLS, validate the correct minimum encryption is enabled and your browser environment is defined the same! The lowest you should be set to is TLS 1.1 / 1.2. If it’s set to TLS 1.3 you’re going to have problems if the environment isn’t defined the same. ☝️

Network: As it relates to the network and not knowing anything about yours. My reply will be general in nature and assumes your company follows basic security protocols and guidelines.

Port Security: If this is active you’ll need to make the required changes. Whether that be MAC enrolment, 802.1X, firewall, Radius authentication etc.

Firewall: It goes without saying if policies are in place you’ll need to create an allow rule for the new hardware to connect to the network. The most common problem is ARP rules that compare what MAC address was connected to a specific port and changes seen later. If such a rule is in place it will restrict that specific port from being used because the MAC address isn’t the same / valid.

As noted this can be enforced on the target switch or firewall / both.

Lastly, as stated up above if there is any kind of authentication used in the environment. Everything must be well defined to allow the new hardware to be enrolled and commissioned.

Let us know what you see and observe and the final outcome. 👍