I am having a wireless LAN controller AIR-WLC4404-100-K9 with IOS 184.108.40.206.with in the LAN I am having 10 LWAP AIR-LAP1131AG-A-K9 they are working fine I am able to access them at any time but, I am having a problem with this (AIR-LAP1131AG-A-K9) out side the LAN (which are connected to my branch office network).Few times they will disconnect from my controller and after rebooting the LWAP it works fine. This is happening in all the locations .Please help me in resolving this issue.
LWAPP require the RTT between WLC and LAP less than 100ms, exceed this number, LAP will be disconnected from WLC, so make sure the quality of WAN link between WLC and LAP is good enough to support this delay. Meanwhile, you can configure QoS between the WLC and LAP, enable LWAPP(UDP 12222/12223) to have high priority over other traffic and reserve certain bandwidth for LWAPP traffic .
To have a more close look at what happened there, you can use "debug mac addr xx.xx.xx.xx.xx.xx" and "debug lwapp events enable" in the WLC to do troubleshooting. You can also get some useful information from WLC GUI-->Management-->Logs-->Message Logs
Can you please tell me if this is a mandatory thing? I mean, if there's any official document that's saying: "your LAP will definitely disconnect as soon as you get RTT above 100ms". It would also be good if there's any official algorithm by Cisco that explains how this mechanism actually works.
And if you maybe know, what would be error message in debug lwapp event enable when we reach this 100ms limit and LAP actually disconnects?
I have two networks connected via MPLS cloud and when client implements routers, there's no disconnections. As soon as client implements firewall device, I assume some delay is introduced (especially because of a lot of fragmentation, since LWAPP is using UDP and firewall spends a lot of CPU power to de-fragment IP datagrams in order to do a proper firewall inspection).
Thanks in advance
Thanks for reply. Yes, ports are opened, LAP is able to register to WLC. But the thing is, from time to time, LAP gets disconnected. I think I can co-relate this disconnection with users traffic load since most of the time this disconnection happens in the middle of the working days/hours, and during the weekend everything works smooth.
Are ports 12222 and 12223 used only for LWAPP control traffic, or those ports are also used for LWAPP data? I was thinking to try to implement a little bit of QoS (guarantied bandwidth + traffic prioritization on Firewalls themselves) as it was stated in this post. I just want to learn as much as possible from professional guys like you here, to make my life easier. Any tip would be more than helpful (what to look in the logs, what particular messages should show me that LAP is actually disconnected and so on).
So, what I know for now is that LAP is disconnecting from time to time.
Thanks a million
port 12222 is LWAPP data
port 12223 is LWAPP control
should be able to see some traces obout bandwidth on your network.
There is a statement somewhere in Cisco that states RTT as less than 100ms though as I have read it
So you think if RTT exceeds 100ms, LAP should be disconnected then? If this is true, that can be an explanation why LAP is getting disconnected in the first place.
Now I only have to figure out how this RTT is calculated. Is it calculated only on ECHO messages that are running over control channel? If that's true, than proper QoS would be to prioritize traffic for application on port 12223 and give it some guarantied bandwidth, and leave LWAPP data channel to use smaller priority.
Please feel free to correct me if I'm wrong somewhere in this calculation
If my assumption from previous post was correct... what would be your advice on what to put guarantied bandwidth for control channel? If I have 20Mbps link for example, what would you put as something that's guarantied for LWAPP 12223 control channel?
here is the definitive document
You can give me a rating if this helps?
Thanks for your quick response:) here's another rating (I also found very useful your post about which port is used for which channel so I had to rate that one too)
I found 100ms information... to bad that Cisco doesn't put sentences like... if you exceed 100ms LAP would be disconnected and so on. Only one sentence about latency: " As a general guideline, the AP-to-WLC link must not exceed 100ms round-trip latency."... but they don't say what are the consequences... what a pity.
Thanks again for tips so far
If anyone has ever implemented LWAPP over a WAN with proper QoS, any advice would be more than helpful. I would like to learn from someone with plenty of hand on experiences when dealing with the scenario similar to the one that I have. It's difficult to find out about LWAPP over WAN since there are not many documents about this (or at least I can't find them)
Also, if you have any tips on what debug messages should I search to find out why LAP is being disconnected, please share (also I can't find what are possible reasons for LAP to disconnect from WLC... is it only latency and lack of heartbeats? Or maybe also packet loss on control and/or data channel, and so on)
Thanks for your time
All the WLC debug commands are in here
I have installed WLC over a WAN but we had loacl controllers and failover to a secondary WLC over a WAN so not so critical.
What RTT are you getting, can you install local controllers?
Typical commands would be
debug lwapp events enable
debug lwapp error enanle
Then google any strange outputs to get some hints