I'm trying to get a lightweight AP to register with a controller via a GRE tunnel and I keep getting this on the AP:
*Mar :00:53.776:LWAPP_CLIENT_ERROR_DEBUG:spamHandleJoinTimer: Did not recieve the Join response
*Mar10:00:53.776 :LWAPP_CLIENT_ERROR_DEBUG:No more AP manager IP addresses remain.
*Mar 1 00:00:53.781: %SYS-5-RELOAD: reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar 1 00:00:53.781: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
The question is, is it possible to get an LWAPP tunnel established over a GRE tunnel or am I trying to force a square peg into a round hole?
lwapp running in layer 3 mode uses udp ports
12223 & 12222
See for details
Also, this link may be of interest:
Perhaps if you can provide some details of how your network is setup. Why are you using GRE? is there a need to further encapsulate the traffic?
lwapp does this already from the ap to the controller.
I would suspect the AP is discovering the WLC but failing on the join. Check at the controller that the LWAPP Join Request arrives and is properly processed. It may be something simple like the controller date & time, or you may be running into an issue with re-assembly of the fragmented LWAPP Join Request.
MTU is not configurable on the AP/WLC at this time.
Another thing to check is at the WLC. Fragments are re-assembled in HW, so they must arrive at the WLC on the same port. If you're using LAG, make sure the neighbor switch is using ip-src-dst Etherchannel load-balancing.
Not sure if you've already done this, but has the AP being 'primed'? How is the AP determining where the controller is? DHCP-Option43, DNS, pre-configured?
you may be able to force the AP to find the controller by using the following:
AP# lwapp controller ip address IP-address
Thanks for your responses - I've obviously stirred up some interest so here goes.
We're using a GRE tunnel through one of our firewalls into a partner organisation who has some of our staff in one of their buildings; we have 1751 on site to give us the flexibility to treat it like one of our conventional remote sites. I'm using option 43 for the discovery process which has worked ok from within our network, I have the controller set to layer 3, I'm not using LAG.
It seems the AP is discovering the controller;
LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found
the discovery response from MASTER Mwar
Jake, How does the controller date and time cause an issue?
Eric, Can I change the MTU of the GRE tunnel to accomodate the LWAPP tunnel.
Is it possible to do this or should I just relent and use an autonomous AP at this site?
Looking forward to your responses.
SO, if I understand you correctly, there is an lwapp ap at your partner site that you want to be able to control via WCS?
Have you considered a site-to-site vpn tunnel instead?
The LWAPP Join includes the AP's X.509 certificate for validation, which has a validity interval. If the controller date is outside that validity interval, then it will reject the certificate. This usually happens when the controller has the default date, which would pre-date the certificate's start date/time.
try "debug lwapp packet enable" on your controller and logg it, wait for that AP to try and join. You should be able to see where the breakdown is from that. Like posted above make sure the date and time are also set correctly.