LAP's are unable to join Cisco WLC

Unanswered Question

Dear all,

I  have moved my WLC to my datacentre from branch office. after movement i have updated DHCP options with the new ip address but all of my access point are not joining  to WLC.Kindly check the attached cofiguration of WLC as well as LAP logs and It will be a great help if somebody can help me to relsolve this issue.


Please note that  for datacenter -  Branch connectivity we are using L3  MPLS line and there is no firewall between the office and I am using Ver 7 software on my WLC

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Sat, 06/26/2010 - 17:33
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Try configuring DNS entry for "CISCO-LWAPP-CONTROLLER".


If you can console into the LWAP, try the command "lwapp ap controller ip add " and see what happens.


Hope this helps.


Please don't forget to rate useful posts.  Thanks.

Chris Illsley Mon, 06/28/2010 - 04:21
User Badges:
  • Bronze, 100 points or more

As said you can add it into your DNS ior you can manualloy input the controller IP address.


Also, it would appear your DHCP isn't properly configured for option 43, this will give out your controller IP addresses with the DHCP, instructions below:


https://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml


Hope this helps.


Cheers

Chris

abersven Mon, 06/28/2010 - 12:33
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Hi,


Your DHCP option 43 is good


From your file ‘AP error logs.txt’ it’s clear that the DHCP server provides option 43 that point to 10.204.20.4.

I also see that the controller name is AEDXBWLC01. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} The AP cannot guess this name so this means that it can communicate with the controller.



You do not need to configure DNS


Your DNS server is not configured with CISCO-LWAPP-CONTROLLER.localdomain. But you do not need to configure DNS since you already have a working option 43.


If you want to use DNS you should configure both CISCO-CAPWAP-CONTROLLER.localdomain and CISCO-LWAPP-CONTROLLER.localdomain, where localdomain is the access point domain name. Old software use LWAPP and new software uses CAPWAP.



What might cause the problems?


I believe that you have a certificate mismatch between the controller and the AP. In order to fix this you can manually add the AP to the AP authorization list.



In order to allow APs to join, use one of these options:


  • Add them to the authorization list of the WLC: use the config auth-list add mic command.
  • Add them as clients to the RADIUS server. The Called-Station-ID is the MAC address of the controller. If you separate the APs into groups, you can create policies to define which APs can authenticate against which Called-Station-IDs.



Debug


  • You can debug to see what’s happening when the AP tries to join the controller.
  • You can also use this debug to obtain the Ethernet address for the AP:


(Cisco Controller) >debug lwapp events enable

Mon May 22 12:00:21 2006: Received LWAPP DISCOVERY REQUEST from AP 00:0b:85:5b:fb:d0 to ff:ff:ff:ff:ff:ff on port '1'

Mon May 22 12:00:21 2006: Successful transmission of LWAPP Discovery-Response to AP 00:0b:85:5b:fb:d0 on Port 1



/André

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode