Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CT 2504 and remote site AP

I have a CT 2504 configured for a  customer with a few 1041N AP and 1310 AP connected. I am trying to  connect 1041 AP from 2 remote sites but it doesn't works. The remote  sites are connected though an operator MPLS vpn with a latency aroung 60  or 70 ms.

I  tried with unconfigured AP or configured in local or HREAP mode, the  result is the same, the AP associates to the controller, doesn't seems  to register completely and then disassociates from the controller and  try again.

The first time I connect an AP, it registers correctly to the controller and normaly download the software update.

How can I see clearly the reason why these AP don't associate correctly to the controller ?

I tried some debug commands but I can't see clearly a reason why I loose the AP.

Here is the console log of one AP :

*Nov 18 14:54:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.210 peer_port: 5246

*Nov 18 14:54:50.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 

*Nov 18 14:54:51.380: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.210 peer_port: 5246

*Nov 18 14:54:51.381: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.210

*Nov 18 14:54:51.381: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Nov 18 14:54:51.631: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG

*Nov 18 14:55:09.675: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.210:5246

*Nov 18 14:55:09.723: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Nov 18 14:55:09.724: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

12 REPLIES

CT 2504 and remote site AP

You can enable " debug capwap errors enable" in the wlc console. This will show you the errors. If you want to see the full process you can enable" debug capwap events enable"

Thanks

NikhiL

New Member

Re: CT 2504 and remote site AP

Thank you for your answer.

I aleady did a "debug capwap events enable" but I can't really understand the reason why the AP deregisters, here Is the result of debug command (I suppressed the other AP dialogs in the log file) :

*spamApTask3: Nov 18 17:21:42.057: 2c:3f:38:c0:0b:00 Discovery Request from 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:42.057: 2c:3f:38:c0:0b:00 Join Priority Processing status = 1, Incoming Ap's Priority 2, MaxLrads = 15, joined Aps =6

*spamApTask3: Nov 18 17:21:42.058: 2c:3f:38:c0:0b:00 Discovery Response sent to 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:42.058: 2c:3f:38:c0:0b:00 Discovery Request from 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:42.058: 2c:3f:38:c0:0b:00 Join Priority Processing status = 1, Incoming Ap's Priority 2, MaxLrads = 15, joined Aps =6

*spamApTask3: Nov 18 17:21:42.058: 2c:3f:38:c0:0b:00 Discovery Response sent to 192.168.8.30:8805

...

*spamApTask3: Nov 18 17:21:52.297: 2c:3f:38:c0:0b:00 DTLS connection not found, creating new connection for 192:168:8:30 (8805) 192:168:1:210 (5246)

*spamApTask3: Nov 18 17:21:53.626: 2c:3f:38:c0:0b:00 Allocated index from main list, Index: 11

*spamApTask3: Nov 18 17:21:53.626: 2c:3f:38:c0:0b:00 DTLS keys for Control Plane are plumbed successfully for AP 192.168.8.30. Index 12

*spamApTask3: Nov 18 17:21:53.626: 2c:3f:38:c0:0b:00 DTLS Session established server (192.168.1.210:5246), client (192.168.8.30:8805)

*spamApTask3: Nov 18 17:21:53.626: 2c:3f:38:c0:0b:00 Starting wait join timer for AP: 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:53.703: 2c:3f:38:c0:0b:00 Join Request from 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 Deleting AP entry 192.168.8.30:8805 from temporary database.

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 Join Version: = 117496832

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 Join resp: CAPWAP Maximum Msg element len = 88

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 Join Response sent to 192.168.8.30:8805

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 CAPWAP State: Join

*spamApTask3: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 capwap_ac_platform.c:1217 - Operation State 0 ===> 4

*apfReceiveTask: Nov 18 17:21:53.704: 2c:3f:38:c0:0b:00 Register LWAPP event for AP 2c:3f:38:c0:0b:00 slot 0

*apfReceiveTask: Nov 18 17:21:53.705: WARP IEs: (12)

*apfReceiveTask: Nov 18 17:21:53.705:      [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01

*apfReceiveTask: Nov 18 17:21:53.705: WARP IEs: (12)

*apfReceiveTask: Nov 18 17:21:53.705:      [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01

*apfReceiveTask: Nov 18 17:21:53.705: 2c:3f:38:c0:0b:00 Register LWAPP event for AP 2c:3f:38:c0:0b:00 slot 1

*spamApTask3: Nov 18 17:21:53.708: 2c:3f:38:c0:0b:00 Join Version: = 117496832

*spamApTask3: Nov 18 17:21:53.708: 2c:3f:38:c0:0b:00 Join resp: CAPWAP Maximum Msg element len = 88

...

*spamApTask3: Nov 18 17:22:12.356: 2c:3f:38:c0:0b:00 DTLS keys for Control Plane deleted successfully for AP 192.168.8.30

*spamApTask3: Nov 18 17:22:12.357: 2c:3f:38:c0:0b:00 DTLS connection closed event receivedserver (192:168:1:210/5246) client (192:168:8:30/8805)

*spamApTask3: Nov 18 17:22:12.357: 2c:3f:38:c0:0b:00 Entry exists for AP (192:168:8:30/8805)

*spamApTask3: Nov 18 17:22:12.357: 2c:3f:38:c0:0b:00 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 2c:3f:38:c0:0b:00 slot 0

*apfReceiveTask: Nov 18 17:22:12.357: 2c:3f:38:c0:0b:00 Deregister LWAPP event for AP 2c:3f:38:c0:0b:00 slot 0

*spamApTask3: Nov 18 17:22:12.358: 2c:3f:38:c0:0b:00 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 2c:3f:38:c0:0b:00 slot 1

*apfReceiveTask: Nov 18 17:22:12.358: 2c:3f:38:c0:0b:00 Deregister LWAPP event for AP 2c:3f:38:c0:0b:00 slot 1

*spamApTask3: Nov 18 17:22:12.358: 2c:3f:38:c0:0b:00 No AP entry exist in temporary database for 192.168.8.30:8805

Added logs in attached files

Cisco Employee

CT 2504 and remote site AP

both the outputs you gave are showing the ap re-joining. We don't see when it disconnected which would be the most useful part

New Member

Re: CT 2504 and remote site AP

Thank you for your help.

I added to my previous message the logs in attached files.

During these logs, almost 1 AP (192.168.8.30) tries to join about 2 times. I don't see a line that shows the disconnection, I don't understand that.

New Member

Re: CT 2504 and remote site AP

Hello

I have exactely the same pb

One  CT2504 ( Soft 7.0.116)  and  AP 1242  in remote site configured in H-REAP mode.

AP can join the controller the fist time and upgrade their firmware successfully.

Then AP join again the controller, and as soon as it receive its config, it makes again a discovery.

So AP never stays in connected mode.

See log.

Regards

Michel

*Feb 15 12:06:50.539: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.26.12.57 peer_port: 5246

*Feb 15 12:06:50.540: %CAPWAP-5-SENDJOIN: sending Join Request to 172.26.12.57

*Feb 15 12:06:50.540: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Feb 15 12:06:50.758: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG

Translating "CISCO-LWAPP-CONTROLLER.bmw"...domain server (255.255.255.255)

*Feb 15 12:07:08.810: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.26.12.57:5246

*Feb 15 12:07:08.865: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Feb 15 12:06:50.539: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.26.12.57 peer_port: 5246

*Feb 15 12:06:50.540: %CAPWAP-5-SENDJOIN: sending Join Request to 172.26.12.57

*Feb 15 12:06:50.540: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Feb 15 12:06:50.758: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG

Translating "CISCO-LWAPP-CONTROLLER.bmw"...domain server (255.255.255.255)

*Feb 15 12:07:08.810: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.26.12.57:5246

*Feb 15 12:07:08.865: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

Re: CT 2504 and remote site AP

can u check if the ap and wlc are in same country code

from ap

show controllers d0

show controllers d1

from WLC

show country

New Member

Re: CT 2504 and remote site AP

Hello

I can not answer you, because I am not on site now.

I can tel you that  I connected  finally the AP to a CT 5508 ( Vers 7.0.116), and it works fine.

There is something different between 2504 et 5508,  perhaps dscp with could be dropped by the operator ???

Michel

New Member

Re: CT 2504 and remote site AP

My problem was, in fact, not due to Cisco equipments.

It was a bug in the french ISP Orange router's firmware which provides my customer's MPLS VPN interconnection between a few sites. This buggy firmware alters CAPWAP packets and the remote AP aren't able to register correctly.

Strangely during my tests, I didn't have this problem with a 4400 controller even in the same version.

The router firmware upgrade done by the ISP solved immediately the problem with the 2500 controller.

New Member

Re: CT 2504 and remote site AP

Hello

As I said in my previous discussion, there is something different between 2504 et 5508,  but what ?

( MTU, DSCP ..?)

There is also the message "%DTLS-5-SEND_ALERT: Send FATAL" immediately after it received his CFG.

Reagrds

Michel

Hall of Fame Super Silver

CT 2504 and remote site AP

Can you post your show run-config so we can see how you have it setup.

-Scott
*** Please rate helpful posts ***
New Member

Re: CT 2504 and remote site AP

Hello

Here is the sh run-config from 2504 (Not Working)  and the 5508 ( Working fine)

Reagrds

Michel

New Member

CT 2504 and remote site AP

Cisco Wireless Controllers (2500/5500/7500/WISM2) DTLS License

*Mar 21 22:22:36.495: PTMU : Setting MTU to : 1485
*Mar 21 22:22:36.495: Dot11 binding decode: Join Response
*Mar 21 22:22:36.496: WLC does not support data DTLS encryption, restarting CAPWAP...
*Mar 21 22:22:36.496:

Noticed this on the AP.

Jeff N. from Cisco - needed a license

users can self generate

http://cisco.com/go/license

Cisco Wireless Controllers (2500/5500/7500/WISM2) DTLS License <-link

If you do not have a PAK, please click here for Demo and Evaluation licenses.  <-link

2126
Views
0
Helpful
12
Replies
CreatePlease to create content