Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
66693
Views
5
Helpful
0
Comments

How to add Lightweight Access point to Wireless LAN Controller

Rajesh Premachandran
Level 1
Level 1

‎07-02-2009 04:54 AM - edited ‎11-18-2020 02:48 AM

 

 

Introduction

Lightweight Access points are part Cisco Unified Wireless Network architecture. The architecture centralized wireless LAN configuration and control on the controller.

 

In this Cisco Unified Wireless Network architecture, access points are "lightweight," meaning that they cannot act independently of a controller. The wireless LAN controller manages the access point configurations and firmware.

The access points are zero-touch and no individual configuration of access points is required.

Lightweight access points must be discovered by a controller before they can become an active part of the network. Cisco's lightweight access points use the Lightweight Access Point Protocol (LWAPP) to communicate between the controller and other lightweight access points on the network.

In an LWAPP environment, a lightweight access point discovers a controller by using LWAPP discovery mechanisms and then sends it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the access point to join the controller. When the access point joins the controller, the controller manages its configuration, firmware, control transactions, and data transactions.

 

Layer 3 LWAPP WLC Discovery Algorithm

 

 

lap_registration1.gif

 

Over-the-Air Provisioning (OTAP)

 

 

lap_registration2.gif

 

 

DHCP option 43

 

lap_registration3.gif

 

 

Using the DNS server in order to return WLC IP addresses to the LAP

 

lap_registration4.gif

 

 

Use IP helper address on the Router

Although this is not a part of the Layer 3 discovery algorithm, this is a simpler method that can be used when WLC and LAPs are in different subnets. After the LAP gets an IP address from the DHCP server, the LAP broadcasts a Layer 3 LWAPP discovery message on to its local subnet. The IP address of the WLC is configured as the ip-helper address on the router. The router forwards these broadcasts to the IP addresses configured with the ip-helper command on the interface on which the broadcast is heard. When you use the ip helper-address command, DIRECTED BROADCASTS, as well as unicasts, eight different UDP ports are forwarded automatically. Those ports are Trivial File Transfer (TFTP) (Port 69), Domain Name System (Port 53), Time Service (Port 37), NetBIOS Name Server (Port 137), NetBIOS Datagram Server (Port 138), Boot Protocol (BOOTP) Client and Server (Port 67 and Port 68), TACACS service (Port 49). Since LWAPP broadcast uses UDP port 12223 it must be explicitly forwarded on the router. Here is an example scenario. Assume that you have a WLC in one subnet, such as 172.16.0.0/16, and the LAPs and the DHCP server in a different subnet, such as 192.168.1.0/24. Routing is enabled between the two subnets. This example shows the configuration on the router:

 

Router(config)#interface Fastethernet 0/1
Router(config-if)#ip helper-address 172.16.0.1!--- IP address of the WLC Router(config-if)#exitRouter(config)ip forward-protocol udp 12223

LAP registration process Video

Lightweight Access Point Registration with Wireless LAN Controllers (WLCs)

 

lap_registration6.gif

Troubleshooting - Debug from the Controller

There are a few debug commands on the controller you can use in order to see this entire process on the CLI .

  • debug lwapp events enable—Shows discovery packets and join packets.
  • debug lwapp packet enable— Shows packet level information of the discovery and join packets.
  • debug pm pki enable—Shows certificate validation process.
  • debug disable-all—Turns off debugs.

With a terminal application that can capture output to a log file, console in or secure shell (SSH)/Telnet to your controller, and enter these commands:

 

    config session timeout 120
    config serial timeout 120
    show run-config     (and spacebar thru to collect all)
 
    debug mac addr <ap-mac-address>
    (in xx:xx:xx:xx:xx format)
    debug client <ap-mac-address>

    debug lwapp events enable
    debug lwapp errors enable
    debug pm pki enable


After capturing the debugs, use the debug disable-all command to turn off all debugs.

Reference Link

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents