Lightweight Access points are part Cisco Unified Wireless Network architecture. The architecture centralized wireless LAN configuration and control on the controller.
In this Cisco Unified Wireless Network architecture, access points are "lightweight," meaning that they cannot act independently of a controller. The wireless LAN controller manages the access point configurations and firmware.
The access points are zero-touch and no individual configuration of access points is required.
Lightweight access points must be discovered by a controller before they can become an active part of the network. Cisco's lightweight access points use the Lightweight Access Point Protocol (LWAPP) to communicate between the controller and other lightweight access points on the network.
In an LWAPP environment, a lightweight access point discovers a controller by using LWAPP discovery mechanisms and then sends it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the access point to join the controller. When the access point joins the controller, the controller manages its configuration, firmware, control transactions, and data transactions.
Layer 3 LWAPP WLC Discovery Algorithm
Over-the-Air Provisioning (OTAP)
DHCP option 43
Using the DNS server in order to return WLC IP addresses to the LAP
Use IP helper address on the Router
Although this is not a part of the Layer 3 discovery algorithm, this is a simpler method that can be used when WLC and LAPs are in different subnets. After the LAP gets an IP address from the DHCP server, the LAP broadcasts a Layer 3 LWAPP discovery message on to its local subnet. The IP address of the WLC is configured as the ip-helper address on the router. The router forwards these broadcasts to the IP addresses configured with the ip-helper command on the interface on which the broadcast is heard. When you use the ip helper-address command, DIRECTED BROADCASTS, as well as unicasts, eight different UDP ports are forwarded automatically. Those ports are Trivial File Transfer (TFTP) (Port 69), Domain Name System (Port 53), Time Service (Port 37), NetBIOS Name Server (Port 137), NetBIOS Datagram Server (Port 138), Boot Protocol (BOOTP) Client and Server (Port 67 and Port 68), TACACS service (Port 49). Since LWAPP broadcast uses UDP port 12223 it must be explicitly forwarded on the router. Here is an example scenario. Assume that you have a WLC in one subnet, such as 172.16.0.0/16, and the LAPs and the DHCP server in a different subnet, such as 192.168.1.0/24. Routing is enabled between the two subnets. This example shows the configuration on the router:
Router(config)#interface Fastethernet 0/1 Router(config-if)#ip helper-address 172.16.0.1!--- IP address of the WLC Router(config-if)#exitRouter(config)ip forward-protocol udp 12223
LAP registration process Video
Troubleshooting - Debug from the Controller
There are a few debug commands on the controller you can use in order to see this entire process on the CLI .
- debug lwapp events enable—Shows discovery packets and join packets.
- debug lwapp packet enable— Shows packet level information of the discovery and join packets.
- debug pm pki enable—Shows certificate validation process.
- debug disable-all—Turns off debugs.
With a terminal application that can capture output to a log file, console in or secure shell (SSH)/Telnet to your controller, and enter these commands:
config session timeout 120 config serial timeout 120 show run-config (and spacebar thru to collect all) debug mac addr <ap-mac-address> (in xx:xx:xx:xx:xx format) debug client <ap-mac-address> debug lwapp events enable debug lwapp errors enable debug pm pki enable
After capturing the debugs, use the debug disable-all command to turn off all debugs.