Device showing as "online now" but always return offline on GPV

1

Hello Guys!

I have a genieacs v1.2.9+ installed here, and i also have a Huawei HG8145V5 CPE pointed to my server.

When i redirect my TR069 config on CPE to my server, i can see my device arriving and also can see it as “online now” on Devices page.

image
image1454×271 31.7 KB

But when i click on “SHOW” button and access my device and try to Summon or try any other GPV to refresh any parameter i always receive the message “Device is offline”

My ACS is installed on a AWS linux machine (i dont know if this could be the problem), but anyway i cant send RPC commands (GPV or SPV) to my CPE, even my ACS server saying and showing that my CPE is online.
BTW, when i redirect my CPE to my ACS server i didnt receive any kind of error on ACS side, actually i can see the CPE summary info just fine.

Does anyone have any idea on how can i debug my scenario? Please!!!

Thank you in advance!

2

Does the Huawei CPE have a private or public IP?

I suspect the ACS is unable to reach the CPE, although the CPE can reach the ACS; hence the “online now” status on the ACS.

DR

3

On CPE side i can see that is a public IP for WAN…

image
image1291×541 45.1 KB

But i tried to run a TCP from my ACS machine to the WAN CPE IP, and could reach the CPE…

traceroute 186.235.221.26 7547

Do you have any idea on how to debug this case?

Thank you in advance!

4

So you have L3 connectivity, good.
Can you try an http request to the CPE, using the CPE’s connection request URL?

You should be prompted for username and password.
Compare the connection request username and password on the ACS and on the CPE’s TR69 page.

5

I get the Connection Request URL from ACS platform under TR069 objetct “Editing InternetGatewayDevice.ManagementServer.ConnectionRequestURL”

image
image794×142 17.7 KB

OBS: I think it strange that we have a string after the port 7547…

i tried to run the http command and this was the result:

acs@vero-acs:~$ sudo curl -m 5 http://186.235.221.26:7547
curl: (28) Connection timed out after 5001 milliseconds
acs@vero-acs:~$ sudo curl -m 10 http://186.235.221.26:7547
curl: (28) Connection timed out after 10001 milliseconds
acs@vero-acs:~$ sudo curl -m 10 http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
curl: (28) Connection timed out after 10001 milliseconds
acs@vero-acs:~$

Any other clue?

6

Just to you know…

I also tried to run a WGET to the Connection Request URL… but the same result… =(

acs@vero-acs:~$ sudo time wget --timeout=10 --tries=2 http://186.235.221.26:7547
--2022-10-28 12:33:55--  http://186.235.221.26:7547/
Connecting to 186.235.221.26:7547... failed: Connection timed out.
Retrying.

--2022-10-28 12:34:06--  (try: 2)  http://186.235.221.26:7547/
Connecting to 186.235.221.26:7547... failed: Connection timed out.
Giving up.

Command exited with non-zero status 4
0.00user 0.00system 0:21.00elapsed 0%CPU (0avgtext+0avgdata 4932maxresident)k
0inputs+0outputs (0major+296minor)pagefaults 0swaps
acs@vero-acs:~$ sudo time wget --timeout=10 --tries=2 http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
--2022-10-28 12:34:30--  http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
Connecting to 186.235.221.26:7547... failed: Connection timed out.
Retrying.

--2022-10-28 12:34:41--  (try: 2)  http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
Connecting to 186.235.221.26:7547... failed: Connection timed out.
Giving up.

Command exited with non-zero status 4
0.00user 0.00system 0:21.00elapsed 0%CPU (0avgtext+0avgdata 4912maxresident)k
0inputs+0outputs (0major+297minor)pagefaults 0swaps
acs@vero-acs:~$
7

I tried as well but I am not getting anything. It seems as if that port is blocked.
“7547/tcp filtered cwmp”

8

Sorry, but in this case this port 7547 is blocked on CPE side?

I mean… i should “talk” with Huwaei vendor to request to open this specific port on the CPE firmware?

What should i do?

9

Couple things:

  1. Ensure there is no firewall from the ISP side.
  2. Ensure there is nothing on the CPE that is blocking that port (NAT, port-forwarding etc)
  3. I see “1723/tcp open pptp”
  4. It’s not uncommon to have a string after the port. Here is one of my test device’s URL “http://x.x.173.186:8099/CRQ
1 Like
10

OK! Got it!

I will double check the steps 1 and 2 with ISP and CPE vendor and let you know the result after.

Thank you so much for all your support so far!

11

I check the info with ISP team, and they really had a filter on port 7547.

Now they open the port for testing and i am getting a error during authentication…

acs@vero-acs:~$ sudo time wget --timeout=10 --tries=2 http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
[sudo] password for acs: 
--2022-10-28 19:35:23--  http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
Connecting to 186.235.221.26:7547... connected.
HTTP request sent, awaiting response... 401 Unauthorized

Username/Password Authentication Failed.
Command exited with non-zero status 6
0.00user 0.00system 0:00.27elapsed 0%CPU (0avgtext+0avgdata 4664maxresident)k
0inputs+0outputs (0major+296minor)pagefaults 0swaps
acs@vero-acs:~$ sudo curl -m 10 http://186.235.221.26:7547/d72aae6e69614c474d2b8bcd1cb6b3fb
acs@vero-acs:~$ 
acs@vero-acs:~$

Now i believe is problem is in here… with ACS authentication…

image

I was reading about this in another topic here in forum, but i didnt understand very well …
I tried to add the config parameter on Admin Page > Config > Add new config
cwmp.connectionRequestAuth and value AUTH(“cpeuser”, “password”)
But when i try to save it returns “Config value must be a valid expression”

image
image1169×714 57.2 KB

Could you please help me?

12

I do not use that AUTH parameter in my testing but it is not for the connection request.
I usually set the connection request credentials on the CPE to admin/admin, and allow the ACS to change it.

You can try deleting the device from the ACS, set the CPE connection request username and password to admin, and allow the device to register again. After it registers, try the summon again.

1 Like
13

You were right was something related with my “current activation”.

I just delete de device from ACS, clean the settings on Huawei CPE (“admin” / “passwd with security needs”) and change the Periodic Inform to force the device to hit the ACS again.

This way i get a new activation for this device and could summon just FINE! :grin:

image
image912×64 9 KB

Thank you sooooo much for all your support!!!

Now a question for understanding… when should i use this authentication fields? i mean, in which cases should i use it?

1 Like
14

Without the AUTH option, anyone who knows your ACS server URL, can register their device on your server. Using the AUTH option is one way to restrict that.

Personally, I just allow trusted subnets that belong to our subscribers.
Besides, my server is just for testing. It has less than 30 devices right now.

DR

1 Like