LWAPP over GRE

Unanswered Question
May 17th, 2007

Hi All,

I'm trying to get a lightweight AP to register with a controller via a GRE tunnel and I keep getting this on the AP:

*Mar :00:53.776:LWAPP_CLIENT_ERROR_DEBUG:spamHandleJoinTimer: Did not recieve the Join response

*Mar10:00:53.776 :LWAPP_CLIENT_ERROR_DEBUG:No more AP manager IP addresses remain.

*Mar 1 00:00:53.781: %SYS-5-RELOAD: reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.

*Mar 1 00:00:53.781: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.

The question is, is it possible to get an LWAPP tunnel established over a GRE tunnel or am I trying to force a square peg into a round hole?

Thanks

Scott

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scottwilliamson Fri, 05/18/2007 - 00:28

Hi Eric,

Thanks for the hints but I'm still none the wiser I'm afraid. Apologies for my ignorance but I'll need an explanation.

thanks

scott

ericgarnel Fri, 05/18/2007 - 07:16

Perhaps if you can provide some details of how your network is setup. Why are you using GRE? is there a need to further encapsulate the traffic?

lwapp does this already from the ap to the controller.

jakew Fri, 05/18/2007 - 08:30

I would suspect the AP is discovering the WLC but failing on the join. Check at the controller that the LWAPP Join Request arrives and is properly processed. It may be something simple like the controller date & time, or you may be running into an issue with re-assembly of the fragmented LWAPP Join Request.

jakew Sun, 05/20/2007 - 07:30

MTU is not configurable on the AP/WLC at this time.

Another thing to check is at the WLC. Fragments are re-assembled in HW, so they must arrive at the WLC on the same port. If you're using LAG, make sure the neighbor switch is using ip-src-dst Etherchannel load-balancing.

rupert.wever Sun, 05/20/2007 - 16:44

Not sure if you've already done this, but has the AP being 'primed'? How is the AP determining where the controller is? DHCP-Option43, DNS, pre-configured?

you may be able to force the AP to find the controller by using the following:

AP# lwapp controller ip address IP-address

where is the controller's mgmt interface.

scottwilliamson Mon, 05/21/2007 - 00:32

Hi Everyone,

Thanks for your responses - I've obviously stirred up some interest so here goes.

We're using a GRE tunnel through one of our firewalls into a partner organisation who has some of our staff in one of their buildings; we have 1751 on site to give us the flexibility to treat it like one of our conventional remote sites. I'm using option 43 for the discovery process which has worked ok from within our network, I have the controller set to layer 3, I'm not using LAG.

It seems the AP is discovering the controller;

LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found

the discovery response from MASTER Mwar

Jake, How does the controller date and time cause an issue?

Eric, Can I change the MTU of the GRE tunnel to accomodate the LWAPP tunnel.

Is it possible to do this or should I just relent and use an autonomous AP at this site?

Looking forward to your responses.

Thanks Again

Scott

ericgarnel Mon, 05/21/2007 - 05:20

SO, if I understand you correctly, there is an lwapp ap at your partner site that you want to be able to control via WCS?

Have you considered a site-to-site vpn tunnel instead?

jakew Mon, 05/21/2007 - 06:42

The LWAPP Join includes the AP's X.509 certificate for validation, which has a validity interval. If the controller date is outside that validity interval, then it will reject the certificate. This usually happens when the controller has the default date, which would pre-date the certificate's start date/time.

sethgarnar Mon, 05/21/2007 - 10:07

try "debug lwapp packet enable" on your controller and logg it, wait for that AP to try and join. You should be able to see where the breakdown is from that. Like posted above make sure the date and time are also set correctly.

scottwilliamson Tue, 05/22/2007 - 00:15

Hi Jake,

No it's not that as the same AP works fine without the GRE tunnel.

Thanks

Scott

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode