LAP 1240 won't join WLC across subnets

Answered Question
Oct 29th, 2009

I am having a problem getting LAPs that are in other subnets to join our WLC. If I take the LAP and place it on the same VLAN/subnet as the WLC, it joins as expected. If I move it to another subnet, I get the following:

*Mar 1 00:00:13.065: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Fri 08-Feb-08 17:24 by prod_rel_team

*Mar 1 00:00:13.119: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Mar 1 00:00:13.519: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Mar 1 00:00:14.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down

*Mar 1 00:00:14.536: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar 1 00:00:14.545: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 24 seconds

*Mar 1 00:00:15.536: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Mar 1 00:00:28.133: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

*Mar 1 00:00:28.171: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar 1 00:00:28.177: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar 1 00:00:28.192: SSC Load Current Size crypto_mykey 120, offset 9389, Saved Size soap_cert_crypto_mykey 124

*Mar 1 00:00:28.390: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Mar 1 00:00:28.892: Logging LWAPP message to 255.255.255.255.

%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated

%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

%LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.115.75, mask 255.255.255.192, hostname AP0013.c3a7.bf97

Translating "CISCO-LWAPP-CONTROLLER.mydomain.here"...domain server (X.X.X.X) [OK]

%LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.

%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.

%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.mydomain.here

%LWAPP-3-CLIENTEVENTLOG: Controller address Y.Y.Y.Y obtained through DNS

%LWAPP-5-CHANGED: LWAPP changed state to JOIN

%LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

%LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down

%LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - 2169-WLC4402-1)

%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain

%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.

%LWAPP-5-CHANGED: LWAPP changed state to DOWN

I have checked the WLC for any messages that look like crypto or other problems, but I don't see anything that stands out. Any suggestions or pointers would be greatfully accepted.

I have this problem too.
0 votes
Correct Answer by JASON BOYERS about 7 years 1 month ago

I looked at this again, and yes, GLBP appears to be the issue. Per the release notes for 5.0.148.0, GLBP is not supported. http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html. I just took a quick look and there are no versions 4.2 and above that support it. So, you will need to have a fixed IP address for your wireless management subnet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jeromehenry_2 Thu, 10/29/2009 - 12:22

I would try to ping the controller from the AP CLI. I can get the same message when there is asymmetric routing between the AP and the controller (so the controller gets the join request, but the AP never gets the join response).

I would also do a debug lwapp events enable on the controller to see if the AP is seen and how the controller reacts to that join request.

I would bet 2 cents on asymmetric routing issue...

:-)

dmcushing Fri, 10/30/2009 - 05:03

My core routers use GLBP - do you think that would that cause any problems? Other than that, I don't think there is any asymmetric routing (we only have routing at the core).

Unfortunately, once I converted the AP to an LWAPP, I cannot access the cli (or if I can, I do not know the credentials I am supposed to use).

I did run the lwapp events enable, but didn't see anything unusual. I will capture and post that in case I am missing something that someone with more experience may catch. Thanks for the help.

Correct Answer
JASON BOYERS Mon, 11/09/2009 - 06:59

I looked at this again, and yes, GLBP appears to be the issue. Per the release notes for 5.0.148.0, GLBP is not supported. http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn501480.html. I just took a quick look and there are no versions 4.2 and above that support it. So, you will need to have a fixed IP address for your wireless management subnet.

dmcushing Mon, 11/09/2009 - 07:27

I must've missed that when I did the upgrade (sigh). RTFM bites me again. Thanks very much for the help.

dmcushing Mon, 11/09/2009 - 07:35

I've confirmed that GLBP is the issue. Once I pointed the AP Manager interface to a static IP, the AP was able to join properly. Thanks for the good catch - hope this thread helps someone else out too.

Leo Laohoo Thu, 10/29/2009 - 20:13

%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain

Can you provide more information such as:

1. How many APs can the WLC4402 support and how many are currently joined?

2. What is your WLC's firmware?

3. Is there a possibility of a duplicate IP address in your network?

Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

dmcushing Fri, 10/30/2009 - 04:58

1. The WLC can support 50, there are currently 38 joined.

2. WLC firmware is 5.0.148.0

3. I've tried the LWAPP on multiple subnets with DHCP, all failed. The only subnet that works is the same subnet the WLC is on.

Leo Laohoo Sun, 11/01/2009 - 13:28

What's your trunk port configurations like? Is the VLAN of the AP and WLC allowed?

JASON BOYERS Mon, 11/02/2009 - 19:47

Actually, if the AP is on a different VLAN than the AP manager, you don't want to trunk that APs VLAN to the WLC. The AP will think that it can connect, but the WLC won't be able to respond since it receives the request from a VLAN that is not the AP manager VLAN. If you have the AP VLAN trunked to the WLC, remove the VLAN and see if that fixes the issue.

dmcushing Mon, 11/09/2009 - 06:50

The APs that I am having a problem with are on a VLAN that is not trunked to the WLC. The AP VLAN (ie. 200) *has* to go through L3 routing at the core (dual 7206 routers with GLBP). No matter what VLAN or router I have tried, the WLC fails to see the packet from the AP.

If the AP is on the same VLAN as the WLC (ie. the AP Management VLAN) there is no problem.

j.metzger Mon, 11/09/2009 - 06:12

You do have the controller configured for Layer 3 mode don't you (controller, general settings)?

dmcushing Mon, 11/09/2009 - 06:44

Yes, I have it configured in L3 mode :) Thanks for getting me to double check though.

j.metzger Mon, 11/09/2009 - 07:24

Have you tried to change the AP VLAN gateway from GLBP to static or HSRP?

Actions

This Discussion

 

 

Trending Topics - Security & Network