This is an in-depth guide for troubleshooting a network setup. It is advised to communicate with your network admin while going through these steps.
To troubleshoot the device instead: EAPro Gateway Network Troubleshooting
If you can ping the unit and the Ping Test passes, it typically implies an issue with NTP or a blocked port. A device that keeps dropping network or broken logs on INSIGHT, would imply port isolation / isolated VLAN is needed.
General Network Information:
This device uses Azure IoT Hub. IoT Hub IP addresses are not static and can change based upon device/region and version of communication and Azure itself. Winland currently does not have a static IP option for IoT communication at this time.
Azure IoT Hub does not currently support IPv6.
For more information dealing with IPv4 routing and IPv6 see: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-understand-ip-address
Ethernet MAC address follows 00:1C:5F:00:XX:XX where XX:XX is the serial number of the device.
Networking Rules/Ports Required
Note: For best network performance on heavy traffic networks: Winland recommends device isolation/port isolation and if needed keeping the device on its own VLAN.
Note: It is recommended to disable any SNMP calls to the EAPro-Gateway.
NTP RJ45: time.nist.gov (Default, can change though configuration file or through UI on certain firmware)
NTP WIFI: DNS query to time.nist.gov for IP (default, can change through config file or through UI on certain firmware)
NTP Port: 123 (UDP)
DNS: EAProHub-Prod.azure-devices.net (hardcoded, not adjustable)
DNS Port: 53
SSL: Handled by IoT Hub
SSL: 443
MQTT: Communication to IoT Hub
MQTT Port: TCP 8883
This firewall port should be allowed for: EAProHub-Prod.azure-devices.net and NOT locked to a static IP.
Once installed and configured the EAPro-GTWY communicates to the Host System on a 2-minute interval for live readings, and for logs it sends based on the Cloud Sync setting. The EAPro-Gateway does not accept any inbound connections.
Reporting issues
The image below highlights a device that is not isolated and then having port isolation & an isolated VLAN. This is caused by the device IoT system being flooded with network traffic. If your report shows gaps in data on INSIGHT while the data is on your local storage, it will imply the device needs port isolation, and/or isolated VLAN.
Port Isolation / VLAN validation with Wireshark
Port Isolation should stop devices from trying to reach the EAPro-Gateway, and the packet logs (from Wireshark) will typically imply the unit is getting flooded with broadcasts / UDP traffic.
Wireshark packets will give an indication of how much IoT parsing the device needs to work with. Dropping packets is not uncommon with MQTT protocol and how the device constantly cycles its network port up and down for WolfSSL communication. By reviewing the number of packets, we can validate VLAN or Port Isolation is working. A typical port isolated / VLAN isolated EAPro-Gateway should be seeing less than 5k packets in 2 minutes.
0 Comments