Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
0
Helpful
12
Replies

LWAPP over GRE

scottwilliamson
Level 2
Level 2

‎05-17-2007 07:03 AM - edited ‎07-03-2021 02:05 PM

Hi All,

I'm trying to get a lightweight AP to register with a controller via a GRE tunnel and I keep getting this on the AP:

*Mar :00:53.776:LWAPP_CLIENT_ERROR_DEBUG:spamHandleJoinTimer: Did not recieve the Join response

*Mar10:00:53.776 :LWAPP_CLIENT_ERROR_DEBUG:No more AP manager IP addresses remain.

*Mar 1 00:00:53.781: %SYS-5-RELOAD: reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.

*Mar 1 00:00:53.781: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.

The question is, is it possible to get an LWAPP tunnel established over a GRE tunnel or am I trying to force a square peg into a round hole?

Thanks

Scott

Labels:
0 Helpful
12 Replies 12

ericgarnel
Level 7
Level 7

‎05-17-2007 09:07 AM

lwapp running in layer 3 mode uses udp ports

12223 & 12222

See for details

http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a008052d55b.html

Also, this link may be of interest:

http://lists.frascone.com/pipermail/capwap/msg02090.html

0 Helpful

scottwilliamson
Level 2
Level 2
In response to ericgarnel

‎05-18-2007 12:28 AM

Hi Eric,

Thanks for the hints but I'm still none the wiser I'm afraid. Apologies for my ignorance but I'll need an explanation.

thanks

scott

0 Helpful

ericgarnel
Level 7
Level 7
In response to scottwilliamson

‎05-18-2007 07:16 AM

Perhaps if you can provide some details of how your network is setup. Why are you using GRE? is there a need to further encapsulate the traffic?

lwapp does this already from the ap to the controller.

0 Helpful

jakew
Level 1
Level 1

‎05-18-2007 08:30 AM

I would suspect the AP is discovering the WLC but failing on the join. Check at the controller that the LWAPP Join Request arrives and is properly processed. It may be something simple like the controller date & time, or you may be running into an issue with re-assembly of the fragmented LWAPP Join Request.

0 Helpful

ericgarnel
Level 7
Level 7
In response to jakew

‎05-18-2007 08:36 AM

Perhaps even fiddling with the MTU then?

0 Helpful

jakew
Level 1
Level 1
In response to ericgarnel

‎05-20-2007 07:30 AM

MTU is not configurable on the AP/WLC at this time.

Another thing to check is at the WLC. Fragments are re-assembled in HW, so they must arrive at the WLC on the same port. If you're using LAG, make sure the neighbor switch is using ip-src-dst Etherchannel load-balancing.

0 Helpful

rupert.wever
Level 1
Level 1

‎05-20-2007 04:44 PM

Not sure if you've already done this, but has the AP being 'primed'? How is the AP determining where the controller is? DHCP-Option43, DNS, pre-configured?

you may be able to force the AP to find the controller by using the following:

AP# lwapp controller ip address IP-address

where is the controller's mgmt interface.

0 Helpful

scottwilliamson
Level 2
Level 2
In response to rupert.wever

‎05-21-2007 12:32 AM

Hi Everyone,

Thanks for your responses - I've obviously stirred up some interest so here goes.

We're using a GRE tunnel through one of our firewalls into a partner organisation who has some of our staff in one of their buildings; we have 1751 on site to give us the flexibility to treat it like one of our conventional remote sites. I'm using option 43 for the discovery process which has worked ok from within our network, I have the controller set to layer 3, I'm not using LAG.

It seems the AP is discovering the controller;

LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found

the discovery response from MASTER Mwar

Jake, How does the controller date and time cause an issue?

Eric, Can I change the MTU of the GRE tunnel to accomodate the LWAPP tunnel.

Is it possible to do this or should I just relent and use an autonomous AP at this site?

Looking forward to your responses.

Thanks Again

Scott

0 Helpful

ericgarnel
Level 7
Level 7
In response to scottwilliamson

‎05-21-2007 05:20 AM

SO, if I understand you correctly, there is an lwapp ap at your partner site that you want to be able to control via WCS?

Have you considered a site-to-site vpn tunnel instead?

0 Helpful

jakew
Level 1
Level 1
In response to scottwilliamson

‎05-21-2007 06:42 AM

The LWAPP Join includes the AP's X.509 certificate for validation, which has a validity interval. If the controller date is outside that validity interval, then it will reject the certificate. This usually happens when the controller has the default date, which would pre-date the certificate's start date/time.

0 Helpful

sethgarnar
Level 1
Level 1
In response to jakew

‎05-21-2007 10:07 AM

try "debug lwapp packet enable" on your controller and logg it, wait for that AP to try and join. You should be able to see where the breakdown is from that. Like posted above make sure the date and time are also set correctly.

0 Helpful

scottwilliamson
Level 2
Level 2
In response to jakew

‎05-22-2007 12:15 AM

Hi Jake,

No it's not that as the same AP works fine without the GRE tunnel.

Thanks

Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card