05-28-2009 11:18 PM - edited 07-03-2021 05:39 PM
Hi,
I m using one 1522 AP as a RAP and one 1522 AP as a MAP.Also there are four 1242 RAP Aps.1522 AP could find its 1522 RAP earlier before connecting 1242 RAPs in network but after connecting 1242 RAP APs the mesh 1522 AP disappars after few menutes of joining to RAP 1522.
plase help.
output of 'debug mesh security events enable' is show below
(Cisco Controller) >debug mesh security events enable
(Cisco Controller) >Fri May 29 12:31:17 2009: 00:22:BE:43:4E:00 MESH_ASSOC_REQU
EST_PAYLOAD in Association Request for AP 00:22:BE:42:0B:00
Fri May 29 12:31:17 2009: 00:22:BE:43:4E:00 Mesh assoc request for known AP 00:
22:be:42:0b:00
Fri May 29 12:31:17 2009: 00:22:BE:43:4E:00 Mesh assoc request :child : 00:22:b
e:42:0b:00 NextHop : 00:22:be:43:4e:00 LradIp 10.7.51.74 vlanid: 0 mwarPort:
12223 lradPort: 13536
Fri May 29 12:31:17 2009: Sending PMK Delete request to other MDID members for A
P(mscb)00:22:be:42:0b:00
Fri May 29 12:31:17 2009: MAC Validation of Mesh Assoc Request for00:22:be:42:0b
:00 is 0, Mode is : 0
Fri May 29 12:31:17 2009: Starting dot1x authentication for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: Got the following AAA key message for : 00:22:be:42:0b
:00
Fri May 29 12:31:18 2009: Control Msg Hex Dump:
93 BC A8 97 57 2C 6B 82
0B EC 4F A
9 61 62 70 A2
F7 0F 5B 4F A3 68 4D 11
46 C9 12 F0 49 6F E1 6F
Fri May 29 12:31:18 2009: Parent Nonce for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: Key Hex Dump:
E2 D1 11 C6 79 FE 35 DD
F6 A6 0D 19 94 F7
C0 79
50 C3 80 AC B0 88 C7 62
2B 76 87 DF E0 F6 DF AA
Fri May 29 12:31:18 2009: PMK-R0 Key for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: NASID WLC1-T MGID: 00:00:00:00:00:00:00:00
Fri May 29 12:31:18 2009: Key Hex Dump:
03 95 21 5D 5A C0 26 7B
E6 02 DD 0D 09 F2
06 95
EB 9D CE 57 B0 76 92 51
1C 68 D6 E2 52 29 A3 44
Fri May 29 12:31:18 2009: PMK-R0 Name for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: Key Hex Dump:
B7 56 31 49 88 AC C2 5C
E7 85 98 56 E4 A6
A4 24
Fri May 29 12:31:18 2009: PMK-R1 Key for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: Key Hex Dump:
18 34 4B A1 52 86 58 FA
5E 59 75 F7 BA 0B
37 34
96 C3 FE 6E 13 24 11 88
1C 56 B3 19 B3 34 AD 47
Fri May 29 12:31:18 2009: Sending the following key for : 00:22:be:42:0b:00
Fri May 29 12:31:18 2009: Control Msg Hex Dump:
18 34 4B A1 52 86 58 FA
5E 59 75 F
7 BA 0B 37 34
96 C3 FE 6E 13 24 11 88
1C 56 B3 19 B3 34 AD 47
Fri May 29 12:31:18 2009: Processing of Mesh key response success from AP00:22:b
e:43:4e:00
and i can't see any output from 'debug lwapp events enable' for 30 min.
05-29-2009 12:42 AM
Hi,
I have a few questions:
1. Have you placed the 1522 RAP and 1242 RAP in different BGNs?
2. What is the signal strength between the 1522 RAP and MAP. Is there a chance that the 1522 MAP can hear from any of the 1242 RAPs?
3. What does the trap logs say when the 1522 MAP is dissociated from the network?
Regards,
Nagendra
05-29-2009 02:00 AM
HI,
thankx for your reply
1.I have not put any name for Bridge Group Name.do i need to do that ??
2.Signal strength between 1522 RAP and 1522 MAP is 23db.1522 MAP cannot hear from any of the 1242 RAPs.Regulatory domain not supported for 802.11a/n radio for 1242 RAPs.
3.when 1522 MAP dissociates from 1522 RAP WLC generates following log:
Mesh child node '00:22:be:42:0b:00' is no longer associated with mesh node '00:22:be:43:4e:00'
05-29-2009 04:11 AM
Hi,
Adding a BGN on all the aps means that aps would give more priority to join aps with the same BGN. So what you can do is to enter the same BGN on the 1522 RAP and MAP and see if the network becomes stable. Please enter the BGN first on the MAP and then on the RAP since adding a BGN would automatically reset the access point. If you add a BGN first on the RAP, then the RAP would reboot and then you would have to wait for a longer time for the MAP to connect to the RAP again. Also, how long does the MAP stay connected before getting disconnected?
Regards,
Nagendra
05-29-2009 04:54 PM
Did you add the mac address of the MAP and RAP to the mac filtering list then make sure that the MESH mode for each AP is defined properly? A good SNR of 24 or better would be desired as well.
05-31-2009 08:39 PM
Hi
I have added the mac addresses of RAP and MAP in controller.Mesh mode is also configured properly.Default Bridge Data Rate for RAP and MAP is 24 mbps.I tried changing that also but couldn't solve the problem.Link SNR between RAP and MAP is 23db and it shows acceptable IN WCS.Can u guide me how can i increase SNR level of a particular AP and link SNR as well?
05-31-2009 08:31 PM
Hi,
I entered same BGN on 1522 RAP and 1522 MAP as per your suggestion but the problem remain unsolved.After one or two min of joining 1522MAP gets disconnected from controller.
05-31-2009 09:39 PM
Hi,
Just to summarize, the 1522 MAP joins the 1522 RAP, stays connected for a minute or two and then disconnects. Does this pattern keep repeating?
Can you provide the following information?
1. What WLC version are you using?
2. When the 1522 MAP joins, check the neighbor information? You can check this via Web interface or through the CLI using the "show mesh neigh detail
3. Get a log of events on the ap using the "show ap eventlog
4. WLC configuration
Regards,
Nagendra
05-31-2009 11:03 PM
Hi,
1522 MAP joins 1522RAP only after I restart the 1522RAP ap but just for a min or two.Without doing this MAP never detects RAP.It was working fine before connecting 1242 RAP aps.
1.WLC Software Version 4.1.191.24M (Mesh)
2.Name of 1522MAP is 'MAP-AIT-shop-stores' and 1522RAP is 'RAP-B12-A13pillar'.Neighbor information after joining controller is here :
(Cisco Controller) >show mesh neigh detail MAP-AIT-shop-stores
AP MAC : 00:22:BE:43:4E:00 AP Name: RAP-B12-A13pillar
FLAGS : 86B UPDATED NEIGH PARENT BEACON
worstDv 0, Ant 0, channel 161, biters 0, ppiters 10
Numroutes 1, snr 0, snrUp 29, snrDown 28, linkSnr 26
adjustedEase 3448576, unadjustedEase 3448576
txParent 43, rxParent 26
poorSnr 0
lastUpdate 2487712291 (Tue Sep 24 16:43:15 1912)
parentChange 2258797272 (Sat Jun 24 05:12:56 1905)
Per antenna smoothed snr values: 26 0 0 0
Vector through 00:22:BE:43:4E:00
Vector ease 1 -1, FWD: 00:22:BE:43:4E:00
(Cisco Controller) >show mesh neigh detail RAP-B12-A13pillar
AP MAC : 00:22:BE:42:0B:00 AP Name: MAP-AIT-shop-stores
FLAGS : 961 UPDATED CHILD BEACON
worstDv 255, Ant 0, channel 161, biters 0, ppiters 10
Numroutes 1, snr 0, snrUp 28, snrDown 29, linkSnr 28
adjustedEase 0, unadjustedEase 0
txParent 0, rxParent 0
poorSnr 0
lastUpdate 2487712947 (Tue Sep 24 16:54:11 1912)
parentChange 0
Per antenna smoothed snr values: 27 0 0 0
Vector through 00:22:BE:42:0B:00
Vector ease 1 3048576, FWD: 00:22:BE:43:4E:00 00:22:BE:42:0B:00
3.I didn't get any event logs from this command you provided.But from WCS i got these alarms and events :
'AP 'MAP-AIT-shop-stores', interface '802.11a' is down on Controller '10.7.51.10'.Max retransmissions for the AP have reached. '
'AP 'MAP-AIT-shop-stores', interface '802.11b/g' is down on Controller '10.7.51.10'.Max retransmissions for the AP have reached. '
05-31-2009 11:15 PM
4.WLC configuration:
(Cisco Controller) >show running-config
802.11a cac voice tspec-inactivity-timeout ignore
802.11a cac voice stream-size 84000 max-streams 2
802.11a channel global off
802.11a rate supported 12
802.11a rate supported 24
802.11b cac voice tspec-inactivity-timeout ignore
802.11b cac voice stream-size 84000 max-streams 2
802.11b channel global off
advanced 802.11a channel add 165
advanced 802.11a profile coverage global 15
advanced 802.11a profile foreign global 60
advanced 802.11a profile level global 12
advanced 802.11b profile foreign global 60
advanced 802.11b profile clients global 15
advanced 802.11b profile level global 12
advanced 802.11b profile coverage global 15
advanced location expiry tags 1200
advanced location expiry client 150
advanced location expiry calibrating-client 30
advanced location expiry rogue-aps 1200
Cisco Public Safety is not allowed to set in this domain
auth-list ap-policy ssc enable
auth-list add mic 00:22:be:41:e3:00
auth-list add mic 00:22:be:42:0b:00
auth-list add mic 00:22:be:43:4e:00
auth-list add mic 00:23:5e:03:b2:14
auth-list add mic 00:23:5e:03:b2:c6
country IN
dhcp create-scope DHCP Scope
dhcp create-scope Electronic Shop
dhcp address-pool DHCP Scope 10.7.51.12 10.7.51.254
dhcp address-pool Electronic Shop 10.7.24.240 10.7.24.250
dhcp default-router DHCP Scope 10.7.51.1
dhcp default-router Electronic Shop 10.7.24.1
dhcp enable DHCP Scope
dhcp enable Electronic Shop
dhcp dns-servers DHCP Scope 10.7.24.2 172.16.7.86
dhcp dns-servers Electronic Shop 10.7.24.2 172.16.7.86
dhcp domain DHCP Scope lthed.com
dhcp domain Electronic Shop lthed.com
dhcp network DHCP Scope 10.7.51.0 255.255.255.0
dhcp network Electronic Shop 10.7.24.0 255.255.255.0
interface address ap-manager 10.7.51.11 255.255.255.0 10.7.51.1
interface address management 10.7.51.10 255.255.255.0 10.7.51.1
interface address service-port 192.168.1.1 255.255.255.0
interface address virtual 1.1.1.1
interface dhcp ap-manager primary 10.7.51.10
interface dhcp management primary 10.7.51.10
interface dhcp service-port disable
interface port ap-manager 1
interface port management 1
known ap add 00:30:5b:02:3b:9f
load-balancing window 5
wlan apgroup add EleShop Electronic Shop
logging buffered 2
macfilter add 00:0e:35:90:ee:85 0 management U1
macfilter add 00:17:23:06:54:54 0 management U2
macfilter add 00:17:23:06:59:4d 0 management U3
mesh client-access enable
mesh security rad-mac-filter disable
mesh security eap
mgmtuser add admin **** read-write
mobility group domain Mobility
mobility group member add 00:23:33:b2:c3:c0 172.16.5.1 Mobility
msglog level critical
network telnet enable
network broadcast enable
network mgmt-via-wireless enable
network fast-ssid-change enable
network rf-network-name none
radius auth add 1 172.16.7.12 1812 ascii ****
radius auth rfc3576 enable 1
radius auth retransmit-timeout 1 5
snmp version v2c enable
snmp version v3 enable
snmp trapreceiver create WCS 10.7.24.39
snmp trapreceiver mode enable WCS
syslog 172.16.7.12
sysname WLC1-T
trapflags 802.11-Security wepDecryptError disable
trapflags rrm-profile load disable
trapflags rrm-params tx-power disable
trapflags rogueap disable
wlan create 1 LTAIT LTAIT
wlan mac-filtering enable 1
wlan session-timeout 1 1800
wlan session-timeout 2 disable
wlan wmm allow 1
wlan wmm allow 2
wlan radius_server auth add 1 1
wlan radius_server acct disable 2
wlan security static-wep-key encryption 1 104
wlan security wpa disable 2
wlan security wpa wpa1 enable 1
wlan security wpa wpa1 ciphers tkip enable 1
wlan security wpa wpa2 disable 1
wlan dhcp_server 1 0.0.0.0 required required
wlan dhcp_server 2 0.0.0.0 required required
wlan enable 1
wlan enable 2
06-01-2009 01:25 AM
Thanks for the information.
From the WCS logs, it seems to indicate that the 802.11a interface on the MAP is going down and that means it can't talk to the RAP anymore. Can you check on the WLC and see if the 802.11a interface on the RAP is steady and not flapping? Make sure that interference is not an issue on the 802.11a channel that you have assigned to the RAP. Also, ensure that the power to the MAP is not causing an issue with the 802.11a interface going down.
Since you mentioned that both these 1522 aps were working before you tried putting the 1240 aps in the network, did you make any changes on the WLC to accomodate the 1240s?
If it is possible, it would be good to get the following debugs on the controller at the time when the 1522 MAP is joining and then disconnecting:
debug lwapp events enable
debug lwapp errors enable
debug mesh security events enable
debug mesh security errors enable
Regards,
Nagendra
06-01-2009 02:33 AM
802.11a interface on the RAP is steady and there are no interference issues as well.Power settings to the MAP is absolutely fine.
We didn't make any changes to existing setup after connecting 1242 RAPs.We just connected 1242 APs and configured them as a RAP.
I have attached the debug o/ps wen 1522 MAP connects and disconnects.One debug o/p i have already posted in forum.
06-02-2009 05:52 AM
Hi,
I went through the debugs, but the debugs didn't give much information on why the MAP got disconnected. So, not much luck with the debugs too.
Since the logs from the WCS suggested that the 802.11a interface of the MAP went down, I suggest we try the following in order:
1. Change the channel on the RAP and see if it makes a difference.
2. Increase the SNR between the RAP and MAP to around 28-30. You can do this by increasing the power level on the rap/map.
3. If both 1 & 2 doesn't work, can you clear the configuration of both the aps and see if that works?
As you mentioned in one of your mails, the 1240s initially couldn't join because of some regulatory domain issues and later you mentioned that they are now connected as RAPs. So, are all the 1240s operating normally? If so, how were they able to join the WLC?
Regards,
Nagendra
06-03-2009 10:58 PM
Hi,
I tried all these possibilities before only so many times but doesn't work.Also checked with clearing the Aps.1242 RAP APs can join the WLC but they cannot detect any of the 1522 APs may be because of regulatory domain not supported for 802.11a radio.But 1242Aps as a RAP works fine..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide