1130 cannot get to controller

Unanswered Question
Mar 9th, 2009
User Badges:

I have some 1130ag lwapp's that cannot reach the controller for some reason. They are located in a remote building connected via a ds3 circuit. The AP is getting a dhcp address via a scope built on a 3560 switch, here is the scope.


ip dhcp pool APScope

network 192.168.201.0 255.255.255.0

default-router 192.168.201.3

option 60 ascii "Cisco AP c1130"

option 43 hex f104.aa63.c736


When I debug dhcp events on the switch, I see the ap get an address, then I see it release, then reboot, then get another address. This just continues.


I am able to plug a pc into the port and get a valid ip address, then I am able to ping the WLC. So it appears the routing is working correctly.


I am running 4.2.176 on the controller. These Ap's are brand new never used anywhere else.


This is the config of the interface on the router as well.


interface GigabitEthernet2/0.301

encapsulation dot1Q 301

ip address 192.168.201.3 255.255.255.0

no ip redirects

ip load-sharing per-packet

arp timeout 1200


HELP! Thanx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Mon, 03/09/2009 - 15:07
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

AP is "located in a remote building connected via a ds3 circuit."


I presume that WLC is NOT co-located with this AP? If so, console into the AP and try the command "lwapp ap controller ip address ".


I know that you've configured Option 43/60 but try this and see if this works.


Hope this works.

srosenthal Mon, 03/09/2009 - 15:34
User Badges:

I will try this. Also, does the option 43 address need to be the management address of the controller, or the ap manager address?


Here is another question. I have my controller management and ap manager address setup on the same subnet. This subnet is on vlan 199, which is not the native vlan. The interfaces on the controller are set for vlan 199. The switch is passing vlan 199.


Should the management and ap manager be on the native vlan? If so, then I could set the switch to show switchport trunk native vlan 199 and change the controller to 0.


Seth

Leo Laohoo Mon, 03/09/2009 - 16:57
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Q: Also, does the option 43 address need to be the management address of the controller, or the ap manager address?


A: This should be the Management IP Address. The AP-Manager is not ping-able and is used predominantly between the WLC and the AP after the AP has joined.


Q: Should the management and ap manager be on the native vlan?


A: You can configure both the Management and AP-Manager on the same VLAN.

srosenthal Mon, 03/09/2009 - 17:30
User Badges:

The Management and the AP-manager are both already on the same vlan.


They are not however on the native vlan. The question is, should then be on the native vlan?


Seth

Leo Laohoo Mon, 03/09/2009 - 22:23
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

If they are both in the same VLAN, then they must be in the same Native VLAN.

srosenthal Tue, 03/10/2009 - 07:05
User Badges:

They are both now in the native vlan.


Here is the output from the LWAPP while it is booting up.


*Mar 1 00:00:25.305: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

*Mar 1 00:00:40.443: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.201.75, mask 255.255.255.0, hostname AP0021.a0d5.fe10


*Mar 1 00:00:56.715: LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found the discovery response from MASTER Mwar


*Mar 1 00:00:56.724: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

*Mar 1 00:01:01.724: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response


*Mar 1 00:01:01.724: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.


Any suggestions?

srosenthal Tue, 03/10/2009 - 08:01
User Badges:

I have run the following debug's on the contoller


debug pm pki enable

debug mac addr [ap's mac address]


The controller is not showing anything. It seems the ap's join request is not getting to the WLC.


I also noticed that I cannot ping the AP from the controller, or from the switch the ap scope is on. Not sure if the AP will respond to pings while it is attempting to get to the controller.

jeff.kish Tue, 03/10/2009 - 08:05
User Badges:
  • Silver, 250 points or more

*Mar 1 00:01:01.724: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.


This normally means that you're out of space on your controller, or specifically your AP Manager interface. How many access points do you have on it?

srosenthal Tue, 03/10/2009 - 10:58
User Badges:

The controller is a 4404-100 and it only currently has 12 ap's on it in another building.


Seth

srosenthal Tue, 03/10/2009 - 13:52
User Badges:

Ok, I tried the lwapp ap controller ip address command and that seems to have helped get the lwapp packet to the controller. However, the response packets do not seem to make it back to the ap. Here is the output of the controller debugs.


(Cisco Controller) >Tue Mar 10 20:46:23 2009: 00:21:a0:d5:fd:18 Received LWAPP D

ISCOVERY REQUEST from AP 00:21:a0:d5:fd:18 to 00:24:97:3c:33:20 on port '29'

Tue Mar 10 20:46:23 2009: Start of Packet

Tue Mar 10 20:46:23 2009: Ethernet Source MAC (LRAD): 00:21:A0:D5:FD:18

Tue Mar 10 20:46:23 2009: Msg Type :

Tue Mar 10 20:46:23 2009: DISCOVERY_REQUEST

Tue Mar 10 20:46:23 2009: Msg Length : 21

Tue Mar 10 20:46:23 2009: Msg SeqNum : 0

Tue Mar 10 20:46:23 2009:

IE : UNKNOWN IE 58

Tue Mar 10 20:46:23 2009: IE Length : 1

Tue Mar 10 20:46:23 2009: Decode routine not available, Printing Hex Dump

Tue Mar 10 20:46:23 2009: 00000000: 01

.

Tue Mar 10 20:46:23 2009:

IE : RAD_PAYLOAD

Tue Mar 10 20:46:23 2009: IE Length : 14

Tue Mar 10 20:46:23 2009: H/W Version : 1

Tue Mar 10 20:46:23 2009: H/W Release : 0

Tue Mar 10 20:46:23 2009: H/W Maint : 0

Tue Mar 10 20:46:23 2009: H/W Build : 0

Tue Mar 10 20:46:23 2009: S/W Version : 3

Tue Mar 10 20:46:23 2009: S/W Release : 0

Tue Mar 10 20:46:23 2009: S/W Maint : 51

Tue Mar 10 20:46:23 2009: S/W Build : 0

Tue Mar 10 20:46:23 2009: Boot Version : 12

Tue Mar 10 20:46:23 2009: Boot Release : 3

Tue Mar 10 20:46:23 2009: Boot Maint : 8

Tue Mar 10 20:46:23 2009: Boot Build : 0

Tue Mar 10 20:46:23 2009: numSlots : 0

Tue Mar 10 20:46:23 2009: numFilledSlots : 0

Tue Mar 10 20:46:23 2009: End of Packet

Tue Mar 10 20:46:23 2009: 00:21:a0:d5:fd:18 Successful transmission of LWAPP Dis

covery Response to AP 00:21:a0:d5:fd:18 on port 29


Seth



Leo Laohoo Tue, 03/10/2009 - 14:40
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Hi Seth,

Any result? Is it still not joining?


Have a read of this link:


Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

srosenthal Wed, 03/11/2009 - 06:51
User Badges:

I still cannot get any ap's to register with the controller. I have over 30 ap's at this remote location and none of them are getting to the controller.


On one of them, I added this command to the AP - lwapp ap controller ip address and I am now seeing the Discovery request get to the WLC and a response being sent from the WLC, but it never gets to the AP.



srosenthal Wed, 03/11/2009 - 07:53
User Badges:

Here is what I get on the AP from the following debugs


debug dhcp detail

debug ip udp

debug lwapp client event


It is attached as a notepad file. To big to post.


The controller's ip is 170.99.199.54



Leo Laohoo Wed, 03/11/2009 - 15:14
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Seth,

Before you sent your AP off-site, did you prime them?

When the AP's get an IP Address, can you ping and traceroute the WLC Management IP Address?

Are there any firewalls present between the AP's and the WLC?

Scott Fella Wed, 03/11/2009 - 20:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Seth,


Just to verify, did you set the WLC management and ap-manager to vlan identifier to "0" and on the trunk port you have configured it to native vlan? If so, just for kicks, try to configure this on the router:


On the AP vlan:

ip helper-address

ip helper-address


Global configuration on the router:

ip forward-protocol udp 12222

ip forward-protocol udp 12223



srosenthal Mon, 03/16/2009 - 13:12
User Badges:

Just to update this, after working with the TAC and getting some sniffer traces, it appears to be a problem with the customer's SONET network. The AP sends a jumbo frame (1544) when it tries to contact the AP-manager interface. If the medium cannot handle the jumbo frame, it should send back to the AP and ICMP message and then the AP will drop the packet size down.


We never got any ICMP messages and when the packet gets to the WLC, it was chopped.


Telco is going to up the size of the MTU on the SONET tonight. I will keep all posted.


Seth

srosenthal Tue, 03/17/2009 - 06:59
User Badges:

Problem fixed, but it was not the MTU size on the SONET. I talked with another TAC engineer this morning and he realized that the 3750 that the 4404 was connected to was using the default load-balancing method. He made the change to src-dst-ip and all the AP's started to register with the WLC.


Thank you everyone for your help.

victorgarciaternero Sat, 03/21/2009 - 04:48
User Badges:

Hello, I have the same problem, with a WLC4402 and LAP1131AG. Between them there are two 3750 with 8 links (L3) with automatic load-balancing. What could I do to solve the problem?


Regards.

Scott Fella Sat, 03/21/2009 - 06:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What do you exactly mean 8 links (L3)? 8 links between the 3750's or 3750 to 3750 then 8 L3 links?

srosenthal Sun, 03/22/2009 - 17:26
User Badges:

The command is a global command and it is "port-channel load-balance src-dst-ip".


Seth

shahedvoicerite Tue, 03/24/2009 - 04:01
User Badges:

I have a similar issue with a 1131 and a NM-WLC.


I can get the discover response from the managment interface, but the WLC never sees the JOIN message.


I am over an ipsec vpn, so it may have something to do with MTU though...

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode