Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need help provisioning remote Access Points

I am having a problem with a new WLC2500 where I can't seem to provision Access Points located on a different subnet from the Dynamic AP Management interface (or the management interface for that matter). The Access Points in question have no problem joining a WLC at a different location, which is accessed through the gateway used by the new WLC2500 - and traffic can reach the new WLC2500 from the subnet the new AP's are residing too.

I get the Discovery phase request and response ticking up on the WLC2500, but nothing on the Join phase.

The WLC 2500 is running 7.0.220.0 software and the WLC 4400 (which is where the AP's seem to join up without any problems) is running 6.0.196.0

I am wondering if something have changed in the new version of the software that might be giving this issue. I don't have physical access to the AP's in the remote location (they're a couple of hundred miles away) so my troubleshooting is kinda one-way.

Lastly, I'd like to add that I am not in any way a wireless network technician - I'm just a routing and switching guy

Any and all help would be much appreciated.

10 REPLIES
Hall of Fame Super Silver

Re: Need help provisioning remote Access Points

Derry,

There is a little difference with the 2504 compared to the 4400. You are not required to add an AP manager since by default the management will also function as the AP manager, which you already know. Other things to look out for it the system time. Make sure the wlc time is set correctly and if your using NTP in your network, then make sure the wlc is configured to use NTP. Another reason an AP can fail to join is the mismatch in the country code specified on the wlc and varies depending on what ap model you purchased. One other thing is place the ap on the same subnet and see if it joins. If the ap joins them free it completes the download of the code, you can place it back on the vlan you want it to be on. Be careful with not having the same code on the WLC's. If APs fail from one tithe other, they will have to upgrade or downgrade each time.

Here are some general links that might help.

http://www.cisco.com/en/US/docs/wireless/controller/2500/quick/guide/ctr2504_q_s.html

https://supportforums.cisco.com/docs/DOC-17826

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Need help provisioning remote Access Points

I have now made sure that NTP settings are correct and I do not think that is has anything to do with country code - i have 22 similar AP's associated and running and then 3 are not joining up. The difference between the working and non-working AP's are that the non-working AP's are on a remote subnet accessed through an ISP IPSec tunnel. I founda  hint that maybe it may be because of the path MTU being below 1500, but since they associate to the 4400 WLC I doubt that is the case.

Need help provisioning remote Access Points

Hey Derry,

You may not be a wireless guy but you provided very good information and you knew that the issue with the AP manager and not with the management. That is pretty cool to know if you are not a wireless guy.

Well, You said that 4400 WLC is working fine although same management/ap manager subnets are being used. correct?

Now, 4400 WLC supports LAG mode that is not supported on WLC2500. Does your WLC 4400 have the LAG mode enabled (check under GUI: controller-> General).

Also, if you receive no response on AP manager it means the communication lost between the AP and the AP Manager interface at some where in between.

Make sure that the AP subnet  can reach AP manager subnet and vise versa. I think it is a routing/switching issue more than anything else. So it is your game now to check it. ;-)

Let us know how things turn.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Need help provisioning remote Access Points

The 4400 WLC is on a third subnet which is access through the MLS that is connecting to the 2500 WLC, which ain't working. The 4400 WLC has LAG enabled (what is LAG ?) and it seems to associate with the AP's using DNS to supply them with a controller IP.

The 2500 controlled IP is being provisioned to the AP's via Option 43 (which is working in the main office, but not in the two remote offices).

I can route from the remote subnets to both the management IP of the 2500 WLC and the AP management IP, but it may still be something with firewall denying traffic - the problem with that is that the people managing the network leading to the two remote sites have said that they see no dropped traffic in their firewall.

Need help provisioning remote Access Points

Derry:

I assumed that there is no problem with your WLC other than the traffic is not being received. but after Scotts reply I foudn that I may be wrong and that the WLC would possibly rejected the AP join for some reason.

You can troubleshoot from WLC CLI about why the AP fails joining:

Show ap join stats detailed 

Also you can check the msglog and traplog and search for the AP mac address in the logs and see why the AP fails to join.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Need help provisioning remote Access Points

The show command returns nothing - the controller states there are no entries with the specified mac.

Below is a dump of the AP Join page on the 2500 WLC.

Need help provisioning remote Access Points

Well, that means maybe the AP was not able to connect to the management interface as well.

You can consider LAG as the ethernet channel on the switch; gropu all the interfaces in one logical link.

Try to issue the debugs then for the AP that is trying to join on the WLC's CLI:

debug mac addre

debug capwap events enable

debug capwap errors enable

That should tell exactly what the WLC sees from the AP.

Also, have you managed to check the logs and search for the AP mac address?

- show msglog

- show traplog

hope this helps.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Need help provisioning remote Access Points

I don't find anything regarding the AP joins in the msglog or traplog.

This is the output I get from the AP I currently test with:

*spamApTask0: Jul 03 15:05:43.116: c8:f9:f9:d4:cd:f0 Discovery Request from 139.118.23.70:34138

*spamApTask0: Jul 03 15:05:43.116: c8:f9:f9:d4:cd:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =22
*spamApTask0: Jul 03 15:05:43.116: c8:f9:f9:d4:cd:f0 Discovery Response sent to 139.118.23.70:34138

*spamApTask0: Jul 03 15:05:53.116: c8:f9:f9:d4:cd:f0 Discovery Request from 139.118.23.70:34138

*spamApTask0: Jul 03 15:05:53.116: c8:f9:f9:d4:cd:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =22
*spamApTask0: Jul 03 15:05:53.116: c8:f9:f9:d4:cd:f0 Discovery Response sent to 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:03.116: c8:f9:f9:d4:cd:f0 Discovery Request from 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:03.116: c8:f9:f9:d4:cd:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =22
*spamApTask0: Jul 03 15:06:03.116: c8:f9:f9:d4:cd:f0 Discovery Response sent to 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:13.115: c8:f9:f9:d4:cd:f0 Discovery Request from 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:13.115: c8:f9:f9:d4:cd:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =22
*spamApTask0: Jul 03 15:06:13.115: c8:f9:f9:d4:cd:f0 Discovery Response sent to 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:23.115: c8:f9:f9:d4:cd:f0 Discovery Request from 139.118.23.70:34138

*spamApTask0: Jul 03 15:06:23.116: c8:f9:f9:d4:cd:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =22

Re: Need help provisioning remote Access Points

Derry,

I think from the debug output the discovery response is not successfully received by The AP or it is received and ap replied but wlc did not receive the reply.

We need two things to verify further: Ap console output and packet capture at AP side.

From the debug output it is clear the Wlc does not receive the join request. This could be due AP did not receive the discovery response OR it received it and replied with join request but the join packet got lost on its way.

Hope it is clear enough to you to proceed from here.

More points to highlight:

You are not using the default ap manager interface (same as management) but you are using a new ap dynamic ap manager interface that you created.

What is the interface that is mapped to the dynamic ip manager? Is it the correct interface that is connected to the neighbor switch?

What vlan is mapped to the interface? Is the same vlan allowed on the trunk interface on the switch?

Is the dynamic ap manager configured with the correct settings of subnet mask and default gateway?

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Cisco Employee

Need help provisioning remote Access Points

are the joined APs and AP on question are same model?

are we meeting below requirements?

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080736123.shtml#WAN

815
Views
5
Helpful
10
Replies