I have 2 WLC in my network and all APs are configured in H-REAP mode local switching, central authentication. The initial association occurs in the right way and the network works just fine, but suddenly without being espected every AP from the same VLAN lost connection with its default gateway. After review and test the gateway (in this case a L3 switch from other vendor) we found that every works fine; actually we connected a pc in a port with the same configuration used for AP and the PC works fine every time, even when the problem occurs.
Solving the issue is easy; only have to plug and unplug the patchcord reseting the AP (works with PoE) and the AP again works fine, but there should be a deeper problem because the situation comes again and again. During the issue the AP show this log:
*Apr 13 06:10:59.173: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Apr 13 06:13:09.215: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Apr 13 06:15:19.257: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
It looks like a DHCP problem, but after checking the DHCP server it is found that there are free IPs in the designated scope. Actually the AP mantains the original IP but as I said before, connection is lost between AP and its gateway.
The log shows the following messages just before the disassociation:
*Apr 13 06:06:38.403: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
*Apr 13 06:06:38.403: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
*Apr 13 06:06:38.407: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Apr 13 06:06:38.407: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.133.129.4:5246
*Apr 13 06:06:39.084: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 13 06:06:39.087: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 13 06:08:49.127: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Apr 13 06:10:54.412: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type radius (UNKNOWN)
*Apr 13 06:10:54.413: %DOT11-7-AUTH_FAILED: Station 0024.2ce5.2876 Authentication failed
For detailed information about the AP, I attach the complete show tech.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...