Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

APs not Join WiSM

Hello, I am Claudio

I have problems with register the APs in the module WiSM, the AP join statistics is null.

The IPs from APs are local DHCP in the module.

The softtware version in the WiSM is 7.0.116. The APs are 1140. The IOS version on the Cat6500 is 12.2.33SXI4a.

Some of you had a similar problem.

Thanks, best regards

33 REPLIES
Cisco Employee

APs not Join WiSM

are the APs getting the IP address from the same subnet as that of the management int of the WLC is it??

Regards

Surendra

New Member

APs not Join WiSM

Hi,

The APs is in another VLAN, the APs have ip from DHCP in the WiSM.

In the vlan of APS the command "ip helper address" points to the direction of the interface management.

Thanks

Claudio

Cisco Employee

APs not Join WiSM

This does not work.. The APs wil get an IP only if the AP is in the same subnet as that of management interface.. Even the IP helper address will not help..

Regards

Surendra

New Member

APs not Join WiSM

Are you sure?.
I have the same topology in others sites, but with WLC 5508s, and this works.

In this case the APs have IP was given by the WiSM.

Cisco Employee

APs not Join WiSM

Yes this doesnot work...

Regards

Surendra

New Member

APs not Join WiSM

this does not work in the WiSM only?

Cisco Employee

APs not Join WiSM

afaik.. this will not work at all..

New Member

APs not Join WiSM

I'm confused!

I believe in something we are not getting it.

this is the topology....

and this is the DHCP leases...

(WiSM-slot2-1) >(WiSM-slot2-1) >show dhcp leases

        MAC                IP         Lease Time Remaining

e8:b7:48:d6:e6:9d    172.23.24.56    23 hours 59 minutes 24 seconds

e8:b7:48:f5:35:46    172.23.24.57    23 hours 59 minutes 22 seconds

e8:b7:48:2c:64:1c    172.23.24.58    23 hours 59 minutes 17 seconds

00:07:7d:2d:69:e5    172.23.24.59    23 hours 59 minutes 13 seconds

e8:b7:48:f5:1f:b4    172.23.24.60    23 hours 59 minutes 23 seconds

00:07:7d:13:06:eb    172.23.24.61    23 hours 59 minutes 29 seconds

e8:b7:48:f5:35:48    172.23.24.63    23 hours 59 minutes 42 seconds

  (WiSM-slot2-1) >

APs not Join WiSM

We are talking about access points not joining the WLC, correct ?

1) Do you have DHCP option 43 set up ?

2) Do you have DNS set up to resolve CISCO-CAPWAP CONTROLLER

3) You dont have it in the same broadcast domain. So the anwser is NO...

So do you have 1 or 2 set up ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

APs not Join WiSM

That would work if you were doing IP FOWRADING on the router. The router will take the AP broadcast and send it to the WLC. Check your router see if you have a IP Forward rule set up on your other deployment.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Cisco Employee

APs not Join WiSM

WOW!! i dint know this.. 5+ , worked on a case for hours and it just dint work!! thats y good to be a all round network engineer!!

Regards

Surendra

APs not Join WiSM

WOW, back at ya!

I was able to finally give back to you for once!

Yup, you add a IP helper of the WLC managment address and you do a IP FORWARD on the router with UDP 5246 and the router will send the request to the WLC (and the other ip helpers as well).

Works great when you dont control DHCP (option 43) or DNS servers.

Works great ... I just used it on a big customer a few weeks ago. After I set it up and get the APs to join I take it back off ...

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

APs not Join WiSM

As mentioned above, the APs if they get ip from WiSM module, but not join...

APs not Join WiSM

Understood. Next step...

Do you have 1 or 2 set up from my previuos post ?

Get an IP is a totally different process from the AP joining the WLC.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

APs not Join WiSM

4) None of te above....

I have internal DHCP in the WiSM....

(WiSM-slot2-1) >show dhcp summary

  Scope Name                   Enabled          Address Range
APS_AVARAS                       Yes      172.23.24.50 -> 172.23.24.200


(WiSM-slot2-1) >show dhcp leases

       MAC                IP         Lease Time Remaining
e8:b7:48:d6:e6:9d    172.23.24.56    23 hours 59 minutes 29 seconds
e8:b7:48:f5:35:46    172.23.24.57    23 hours 59 minutes 28 seconds
e8:b7:48:2c:64:1c    172.23.24.58    23 hours 59 minutes 23 seconds
00:07:7d:2d:69:e5    172.23.24.59    23 hours 59 minutes 19 seconds
e8:b7:48:f5:1f:b4    172.23.24.60    23 hours 59 minutes 29 seconds
00:07:7d:13:06:eb    172.23.24.61    23 hours 59 minutes 35 seconds
e8:b7:48:f5:35:48    172.23.24.63    23 hours 59 minutes 48 seconds

(WiSM-slot2-1) >show dhcp detailed APS_AVARAS


Scope: APS_AVARAS

Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 172.23.24.50
Pool End......................................... 172.23.24.200
Network.......................................... 172.23.24.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 172.23.24.1  0.0.0.0  0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0  0.0.0.0  0.0.0.0
Netbios Name Servers............................. 0.0.0.0  0.0.0.0  0.0.0.0

(WiSM-slot2-1) >

APs not Join WiSM

Ok all good stuff.

Correct your AP is getting an IP address. However, you need to set up DHCP option 43, DNS, IP FORWARD, or put the AP on the same broadcast domain as the WLC. Or manual prime. These "methods" are how the access points finds and joins the WLC.

Here is an exmaple of option 43

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml

So you need to understand what each one does and what makes the most sense in your enviroment to use.

Again, just becuase the AP as an IP address. Does not mean it joined the WLC.

Does this help or are you still confused ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

APs not Join WiSM

The problem do not is the AP IP address.

When the DHCP is the same WLC or module,  the option 43 is configured by default.

Also set the option 43 in the router, but the result was the same.

Even config the AP by console port. (lwap ap ip address.....lwap controller ip address, etc.)

Thanks.

APs not Join WiSM

Option 43 is not set by default. If you are using option 43, it sounds like its not working propertly. Post your option 43 config of your router so we can take a peek.

You can also console into a AP. You can see what the ap is telling us ...

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

APs not Join WiSM

I don't cant see the AP logs.

But now the WiSM shown this logs...

*osapi_ping_rx: Jul 20 08:04:20.344: %OSAPI-3-TASK_SET_TICKLE: osapi_task.c:3886  Task osapi_ping_rx requesting 1 second timer. Minimum is 20.Setting to 20

APs not Join WiSM

again, i think you need to console into the AP. You also need to read that link to make sure you have your option 43 is configured proprtly. Its sounds like the ap isnt joing the controller.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Gold

APs not Join WiSM

Are you sure the APs are running LWAP/CAPWAP image?  Please post the output to the command "sh version" please.

Console into the AP and enter the enable command "lwapp ap controller ip address ".  If this command allows your AP to join the controller then you need to configure DNS, Option 43 as what George and Surendra has recommended.

New Member

APs not Join WiSM

The option 43 is configured, and APs is configured by console port (lwapp ap controller ip address

Now the log is...

*osapi_ping_rx: Aug 29 18:42:20.000: %OSAPI-3-TASK_SET_TICKLE: osapi_task.c:3886  Task osapi_ping_rx requesting 1 second timer. Minimum is 20.Setting to 20.

*emWeb: Aug 29 18:35:41.654: %SYSTEM-3-NOTIFY_SAVE_FAIL: nvstore.c:167 Failed to save data for a Non-volatile component. Registrar ID: 42.

*nim_t: Aug 29 18:32:30.548: %SIM-3-PORT_UP: sim.c:9943 Physical port 1 is up!.

*nim_t: Aug 29 18:32:27.775: %SIM-3-PORT_DOWN: sim.c:9946 Physical port 1 is down!.

*nim_t: Aug 29 18:32:26.769: %SIM-3-PORT_UP: sim.c:9943 Physical port 1 is up!.

*fp_main_task: Aug 29 18:26:59.028: %CNFGR-3-INV_COMP_ID: cnfgr.c:2219 Invalid Component Id : Unrecognized (77) in cfgConfiguratorInit.

*fp_main_task: Aug 29 18:26:58.958: %RFID-3-INVALID_NOTIFICATION_INTERVAL: rfid_cfg.c:419 Illegal rfid rssi notification interval value 0-- defaulting.

*fp_main_task: Aug 29 18:26:58.948: %LOG-3-Q_IND: rrmCfg.c:1501 RRM LOG: Airewave Director: Configuration has been sanitized -- save configuration to commit

*fp_main_task: Aug 29 18:26:58.733: %RRM-3-RRM_LOGMSG: rrmCfg.c:1501 RRM LOG: Airewave Director: Configuration has been sanitized -- save configuration to commit

*fp_main_task: Aug 29 18:26:43.585: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:909 Could not add Mobility Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, IP: 0.0.0.0

*fp_main_task: Aug 29 18:26:43.377: %DTL-3-DSNET_CONF_FAILED: dtl_ds.c:424 Unable to set symmetric mobility tunneling to disabled on Distribution Service interface.

*fp_main_task: Aug 29 18:26:43.364: %SYSTEM-3-PASSWD_STORE_INTEGRITY_FAILED: passwd_store.c:470 Cannot retrieve secret from store -- integrity check failed.

*fp_main_task: Aug 29 18:26:33.393: %CNFGR-3-INV_COMP_ID: cnfgr.c:2219 Invalid Component Id : Unrecognized (36) in cfgConfiguratorInit.

*mfpKeyRefreshTask: Aug 29 18:26:33.392: %SSHPM-3-NOT_INIT: bsnrandom.c:619 Random context not initialized

Hall of Fame Super Gold

APs not Join WiSM

Here's a stupid question:  Can the WAP ping the management IP address of the WiSM?

New Member

APs not Join WiSM

Dont worry...

Yes.

(Cisco Controller) >show dhcp summary

  Scope Name                   Enabled          Address Range
APs                              Yes      172.23.24.100 -> 172.23.24.150


(Cisco Controller) >show dhcp leases

       MAC                IP         Lease Time Remaining
e8:b7:48:f5:35:46    172.23.24.100    23 hours 59 minutes 39 seconds
e8:b7:48:d6:e6:9d    172.23.24.101    23 hours 59 minutes 40 seconds
00:07:7d:13:06:eb    172.23.24.102    23 hours 59 minutes 41 seconds
00:07:7d:2d:69:e5    172.23.24.103    23 hours 59 minutes 7 seconds
e8:b7:48:2c:64:1c    172.23.24.104    23 hours 59 minutes 11 seconds
e8:b7:48:f5:1f:b4    172.23.24.105    23 hours 59 minutes 18 seconds


(Cisco Controller) >ping 172.23.24.100

Send count=3, Receive count=3 from 172.23.24.100

(Cisco Controller) >

Hall of Fame Super Gold

APs not Join WiSM

Can the wireless access point (WAP) ping the management IP address of the WiSM?

Bronze

APs not Join WiSM

Hello,

You have stated on several occasions that the DHCP pool has been configured with Option 43, but you have not posted the requested output of this configuration.  Please provide the output of this command as well as the IP address of the management interface so we can verify the hex value, if applicable, is configure properly.

If you do not want to provide this information, you can perform the following debug from the AP's console

#debug dhcp detail

You will see whether or not the "Option 43" information is received, as well as a message showing the deciphered decimal IP that the AP is trying to use to send a join request to.  I would perform this debug at the AP's console as well as the following from the WLC CLI to see if any joins are arriving at the controller:

#debug client

Perform a reload on the AP to see if we see the disovery/join traffic to the controller; post the outputs requested to your reply and we can examine what is happening.

If you are not seeing any join requests for this AP at the WLC then the AP is not communicating to the WLC either because option 43 is incorrect or the AP is in another vlan than the management interface with no other disvoery mechanisms in place.

For reference, the following link explains a light weight APs registration process to a WLC; good info, including Option 43, and other discovery mechanisms, as well as the APs "preference" for joining discovered vs configured WLCs, etc.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

New Member

Re: APs not Join WiSM

The option 43 is......

ip dhcp pool APs

network 172.23.24.0 255.255.255.0

default-router 172.23.24.1

option 43 hex f108ac140194ac140196

The problem is not the option 43, the problem is between the module WiSM and SUP720.


I Replace WiSM for a WLC4402 and APs were recorded without problems

debug WiSM.....

URA_NUNOA_SW_6500_CLH#

Aug 31 16:27:20.818: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1

Aug 31 16:27:20.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d                            22

Aug 31 16:27:20.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2

Aug 31 16:27:20.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58                            e2

Aug 31 16:27:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1

Aug 31 16:27:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

Aug 31 16:27:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1

Aug 31 16:27:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

Aug 31 16:28:00.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2

Aug 31 16:28:00.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58                            e2

Aug 31 16:28:00.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1

Aug 31 16:28:00.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d                            22

Aug 31 16:28:15.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1

Aug 31 16:28:15.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

Aug 31 16:28:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1

Aug 31 16:28:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

Aug 31 16:28:40.818: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1

Aug 31 16:28:40.818: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d22

Aug 31 16:28:40.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2

Aug 31 16:28:40.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58e2

Aug 31 16:28:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1

Aug 31 16:28:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

Bronze

Re: APs not Join WiSM

You are now describing a new problem (ie. a bigger problem, although this is most likely leading to the AP join failure symptoms).  Can you verify the following for your WiSM module.  This information is coming from the WiSM config and troubleshooting guide.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a00808330a9.shtml

Is the wism showing "Oper-Up" for both WLCs on this WiSM?

#sh wism status

Do you have your etherchannel load balancing configured properly for: src-dst-ip ?

#show etherchannel load balance

Are you etherchannel interfaces up and permitting traffic?

#show etherchannel summary

Also, form the WLC logs above

*fp_main_task: Aug 29 18:26:43.364: %SYSTEM-3-PASSWD_STORE_INTEGRITY_FAILED: passwd_store.c:470 Cannot retrieve secret from store -- integrity check failed.

Explanation    The system failed an integrity check. The secret might have been compromised.

Recommended Action    Reconfigure the secret for security reasons.

You might want to recreate your enable secret; I don't think this is applicable to your problem but should be addressed.

Bronze

Re: APs not Join WiSM

Also, as Surendra has pointed out, you must be in the management interface's network if you wish for the LAP to join the WLC via its internal DHCP because, while it is addressed, it must still "discover" the WLC via a L2 broadcast.  In theory your ip helper should forward the L2 broadcast from the AP on to the WLC's mgmt interface.  Is your WLC allowing L2 discovery? Are you forwarding the proper traffic? "(config)ip forward-protocol udp 12223", if not, you must have a layer 3 discovery mechanism as well: DNS, Option 43.

LAP registration to WLC, See section 6 "Use IP helper address on the Router" from this anchored link.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#topic2

Remember, you must provide alternate discovery as some CAPWAP only devices, 1260, 3500 would not support a L2 discovery

"If" you insist on offering DHCP please keep this in mind...

Taken from WLC FAQ http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00808b4c61.shtml

"The internal server provides DHCP addresses to wireless clients, LAPs, appliance-mode APs on the management interface, and DHCP requests that are relayed from LAPs. WLCs never offer addresses to devices upstream in the wired network. DHCP option 43 is not supported on the internal server, so the AP must use an alternative method to locate the management interface IP address of the controller, such as local subnet broadcast, DNS, Priming, or Over-the-air discovery."

1. I would suggest that you use another device as your DHCP server if feasible and configure Option 43 if desired.

     a. I would also recommend DNS as a good "set it and forget it" discovery mechanism. "CISCO-CAPWAP-CONTROLLER.your.domain" should resolve to your MGMT interface.

2. If your APs are "not" on the same VLAN as the mgmt interface and you really want internal DHCP on the WLC, you must use an alternate discovery method.  Verify your WLC is allowing L2 discovery. For your chosen discovery method of an ip helper, verify you are forwarding udp 12223.

4855
Views
10
Helpful
33
Replies