Solved: Re: Join-Request not received by WLC - Page 2

janesh_abey · ‎04-17-2009

Hi all,

I'm in the process of upgrading autonomous 1242(MIC) APs belongs to an external client of to make them part of the existing lwapp based infrastructure.

I could observe successful Discovery negotiation.Next,AP sends the join-request but WLC debug does not indicate receiving it.

1.wireshark packet capture indicates that Discovery & jOin processes use indentical ports at each phasee-this will rule out the firewalls.

2.no duplicate IPs

3.controllers are not exhausted with APs

4.DHCP option 43 is configured and could see it in action when I do a dhcp debug

The other interesting observation is that I could not see any certs on autonomous APs before conveting them to lwapp when I issue sh crypto pki certificates

Please refer to the attachment for debug outputs.

Any help is much appreciated.

cheers,

janesha

janesh_abey · ‎04-19-2009

Hi Leo,

Unfortunately, AP does not allow me to configure lwapp ap controller ip address x.x.x.x command.

However, I created a dummy ACl and enabled logging for the IP range of the controllers and AP manager addresses.Applied this on the uplink to client and I cannot see the traffic to AP-manager coming through although I can see the Discovery-request coming through.So it is definitely something blocking on the client side.

cheers,

janesha

Leo Laohoo · ‎04-19-2009

Hi Janesha,

Configure? You don't need to enter into configuration mode. Just enable mode and enter the command.

janesh_abey · ‎04-19-2009

Hi Leo,

My apologies as I did not word it properly.Basically,AP does not accpet the command under enable mode.

cheers,

Janesha

Leo Laohoo · ‎04-19-2009

Hi Janesha,

Wait a second ... The AP doesn't accept the command? Is the AP running on the Autonomous IOS or the LWAP image?

Leo Laohoo · ‎04-19-2009

Hi Janesha,

Wait a second ... The AP doesn't accept the command? Is the AP running on the Autonomous IOS or the LWAP image?

janesh_abey · ‎04-19-2009

Well I converted it to lwapp using the upgrade tool.Therefore it is running lwapp image.

Leo Laohoo · ‎04-19-2009

Can you do a "sh version" and post the result?

Scott Fella · ‎04-20-2009

Janesh,

Did you open up UDP port 12223 on the FW?

-Scott
*** Please rate helpful posts ***

janesh_abey · ‎04-20-2009

FW is managed by the client and according to him everything all the traffic from our side is permitted to the subnet where the APs are on and vice-versa.

Leo Laohoo · ‎04-20-2009

Hi Janesha,

On the AP, can you post the result of the command "dir"?

Scott Fella · ‎04-20-2009

Janesha,

If you can see traffic going to the mangement interface, then the ap's are doing what ther are suppose to.... the issue I though is that you were not seeing traffic when you spanned the wlc ports. This is because UDP 12223 is not reaching the wlc or that you have a duplicate ap-manager ip address, which you don't have since you have other ap's on the wlc. When the client say's they have everything open, are you sure there isn't another FW in the path.

-Scott
*** Please rate helpful posts ***

janesh_abey · ‎04-21-2009

Hi Fella,Leo,Gamccall and all,

The problem I had was that Join-request from Ap not received by the controller AP- manager interface.

Problem is solved.It was their freaking FWSM which was dropping packets to the AP-manager.Sorry for wasting forums valuable time.

cheers,

Janesha

gamccall · ‎04-21-2009

Not a waste- this is why we're here. The next time someone runs into this problem, you'll be able to answer it for them =)

Glad you got things squared away!

Leo Laohoo · ‎04-21-2009

Hi Janesha,

Now you can tell the client "it's your freakin' FWSM's fault!". :}