Avisos
¡Bienvenido a la nueva Comunidad de Soporte de Cisco! Nos encantaría conocer su opinión
New Member

APs cambian de vlan

Buen día!

Tengo un problema, el cual radica en que hay veces que algunos APs cambian de vlan sin ningún motivo, y tengo que volver a configurar la VLAN que debe de tener.

El escenario es con 2 WLCs, de los cuales uno tiene 23 APs y el otro tiene 24 APs, al desconectar (por algun mtto) la WLC-1 se pasan sus APs a la WLC-2 y siguen trabajando (Soporta hasta 50 APs, y se queda con 47), pero al volver a pasarle la carga a la WLC-1, algunos APs cambian de VLAN.

No encontré documentación que me pudiese ayudar, espero y me puedan apoyar.

Gracias, saludos!

1 SOLUCIÓN ACEPTADA

Soluciones aceptadas

Perfecto.Puedes ayudar a la

Perfecto.

Puedes ayudar a la comunidad marcando tu respuesta como contestada?.

Gracias y  aqui estamos.

13 RESPUESTAS

Podrías proporcionar mas

Podrías proporcionar mas información acerca de tus VLANs? Es importante saber cual es el direccioamiento de administración de tu WLC 1 y de tu WLC 2, Lo mismo con tus AP's.

 

También si es posible, podrías compartir el show config de tus equipos?

New Member

Estuve checando, y al parecer

Estuve checando, y al parecer el problema radicó en que la wlc tenia solamente 1 grupo de Wlan (default), y lo que se hizo fue crear 2 grupos, uno para la WLC1 y otro para la WLC2, y que ambas WLC tuvieran ambos grupos.

Una disculpa por la tardanza y por la falta de información, el problema es de un cliente el cual no estuvo disponible.

Perfecto.Puedes ayudar a la

Perfecto.

Puedes ayudar a la comunidad marcando tu respuesta como contestada?.

Gracias y  aqui estamos.

New Member

Saludos,

Saludos,

Me remito solicitando apoyo en un tema similar al de este foro.

Tengo dos WLC 5508 en alta disponibilidad y modo Flexconect.

hay aproximadamente 265 AP asociados a 3 AP groups.

Lightweight AP IOS Software-15.3.3-JA10

Tengo una VLAN de administración XXX en la cual quedan los AP´s mapeados al levantar el tunel CAPWAP desde el Router, para la operación se tienen 2 WLAN´s creadas, una asociada a una VLAN YYY para el SSID de usuarios frecuentes y otra asociada a una VLAN ZZZ para el SSID de invitados.

Algunos AP Groups tienen ambas WLAN´s para irradiar los dos SSID. Eventualmente algunos AP´s que están asociados al SSID de usuarios pierden la VLAN y se mapean en la VLAN  de administración. sin razón alguna y se debe mapear manualmente de nuevo, curiosamente solo se cambia la VLAN de usuario asi esten ambas WLAN dentro de el grupo afectado.

Agradezco la orientación y ayuda que me puedan dar.

Adjunto el log emitido por el AP.

Log Buffer (1048576 bytes):

*Mar 1 00:00:13.723: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:14.719: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (1-8)
*Mar 1 00:00:14.719: Registering HW DTLS

*Mar 1 00:00:14.727: APAVC: Initial WLAN Buffers Given to System is 500

*Mar 1 00:00:14.743: APAVC: WlanPAKs 9355 RadioPaks 8747

*Mar 1 00:00:16.767: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:21.707: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:21.855: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JA10/K2.bin. Class = A
*Mar 1 00:00:21.855: record size of 3ss: 1168 read_ptr: 34DFF5E

*Mar 1 00:00:26.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:28.151: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:28.227: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JA10/K5.bin. Class = A
*Mar 1 00:00:28.227: record size of 3ss: 1168 read_ptr: 34DFF5E

*Mar 1 00:00:28.407: Wait until the stile protocol list is initialized.

*Mar 1 00:00:30.591: Start STILE Activation
capwap_read_version_info: Info file flash:/ap1g2-k9w8-mx.152-4.JB5/info not find
*Mar 1 00:00:34.019: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.3(3)JA10, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 23-Aug-16 00:43 by prod_rel_team
*Mar 1 00:00:34.019: %SNMP-5-COLDSTART: SNMP agent on host AP-Corfinsura-04 is undergoing a cold start
*Mar 1 00:00:35.115: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:46.647: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:46.675: Starting Ethernet promiscuous mode
*Mar 1 00:00:46.883: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:50.167: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar 1 00:00:51.667: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Mar 1 00:00:51.759: Using SHA-1 signed certificate for image signing validation.
*Mar 1 00:01:19.767: APAVC: Succeeded to activate all the STILE protocols.

*Mar 1 00:01:19.767: APAVC: Registering with CFT

*Mar 1 00:01:19.767: APAVC: CFT registration of delete callback succeeded

*Mar 1 00:01:19.767: APAVC: Reattaching Original Buffer pool for system use

*Mar 1 00:01:19.767: Pool-ReAtach: paks 9355 radio8747

*Mar 1 00:01:26.071: AP image integrity check PASSED

*Mar 1 00:01:26.143: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:01:26.143: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:01:26.575: validate_sha2_block:No SHA2 Block present on this AP.

*Mar 1 00:01:26.623:
Note: A random mac address of 0000.0000.0000
has been chosen for BVI in bridge group 3 since the selected mac address
is already being used by Bridge Group 2.
*Mar 1 00:01:26.623:
Ensure that this address is unique.

*Mar 1 00:01:27.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI2, changed state to up
*Mar 1 00:01:27.623: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI3, changed state to up
*Mar 1 00:01:36.275: %LINK-6-UPDOWN: Interface BVI2, changed state to down
*Mar 1 00:01:36.275: %LINK-6-UPDOWN: Interface BVI3, changed state to down
*Mar 1 00:01:36.635: Logging LWAPP message to 255.255.255.255.

*Mar 1 00:01:36.643: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Mar 1 00:01:37.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI2, changed state to down
*Mar 1 00:01:37.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI3, changed state to down
*Mar 1 00:01:39.586: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:01:40.870: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:41.870: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:01:42.150: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:42.870: %LINK-6-UPDOWN: Interface BVI2, changed state to up
*Mar 1 00:01:43.150: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:43.870: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI2, changed state to up
*Mar 1 00:01:44.150: %LINK-6-UPDOWN: Interface BVI3, changed state to up
*Mar 1 00:01:45.150: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI3, changed state to up
*Mar 30 01:44:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.xx.xx.xx peer_port: 5246
*Mar 30 01:44:36.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.xx.xx.xx peer_port: 5246
*Mar 30 01:44:36.467: %CAPWAP-5-SENDJOIN: sending Join Request to 10.xx.xx.xx
*Mar 30 01:44:36.783: %LWAPP-4-CLIENTEVENTLOG:
Checksum required saved version = 8.0.140.0, file flash:/lwapp_reap.cfg
*Mar 30 01:44:37.995: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 30 01:44:38.003: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 30 01:44:38.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Mar 30 01:44:38.711: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Mar 30 01:44:38.831: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 30 01:44:38.835: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 01:44:38.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 30 01:44:39.039: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 01:44:39.047: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 01:44:39.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 01:44:39.239: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC-xxx
*Mar 30 01:44:39.311: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Mar 30 01:44:39.311: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Mar 30 01:44:39.311: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Mar 30 01:44:39.311: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration fileWLAN id 1, SSID YYY, L2ACL , L2ACL AP
WLAN id 2, SSID ZZZZZ, L2ACL , L2ACL AP
capwap_delete_all_l2Acls_in_nacl_list:336. Deleting all L2Acls in AP config

*Mar 30 01:44:40.031: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 30 01:44:40.079: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5260 MHz for 60 seconds.
*Mar 30 01:44:40.083: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 01:44:40.091: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 30 01:44:40.099: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 30 01:44:41.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 01:44:41.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 30 01:44:41.243: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 30 01:44:41.251: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 01:44:41.279: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 01:44:42.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 30 01:44:42.251: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 01:44:42.259: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Mar 30 01:44:42.375: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5260 MHz for 60 seconds.
*Mar 30 01:44:42.379: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 01:44:42.411: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 30 01:44:42.415: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 30 01:44:43.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 01:44:43.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 30 01:44:43.443: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 30 01:44:43.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 01:44:43.459: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 01:44:44.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 30 01:44:44.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 01:44:44.491: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5260 MHz for 60 seconds.
*Mar 30 01:44:44.495: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 01:44:45.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 01:45:01.427: %CLEANAIR-6-STATE: Slot 1 disabled
*Mar 30 01:45:11.427: %CLEANAIR-6-STATE: Slot 0 disabled
*Mar 30 01:45:44.503: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on frequency 5260 MHz
*Mar 30 14:42:29.282: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Mar 30 14:42:29.282: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Mar 30 14:42:29.294: %LWAPP-3-CLIENTERRORLOG: spamSendDeleteMobile : AP is not UP state.

*Mar 30 14:42:29.474: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 30 14:42:29.474: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 14:42:30.286: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 30 14:42:30.318: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 14:42:30.326: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 14:42:31.310: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 30 14:42:31.318: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 14:42:31.354: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 14:42:31.362: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 30 14:42:31.370: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 30 14:42:32.354: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 14:42:32.362: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 30 14:42:32.398: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 30 14:42:33.398: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 30 14:42:54.282: %CLEANAIR-6-STATE: Slot 0 disabled
*Mar 30 14:42:54.282: %CLEANAIR-6-STATE: Slot 1 disabled
*Mar 30 14:43:40.149: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 30 14:50:51.351: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:11 Source MAC:
*Mar 30 14:50:51.351: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:11 Source MAC:
*Mar 30 15:00:45.863: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
*Mar 30 15:00:45.863: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
*Mar 30 15:31:31.571: %DOT11-6-DFS_TRIGGERED: DFS: triggered on frequency 5260 MHz
*Mar 30 15:31:32.419: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 15:31:32.423: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 15:31:33.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 15:31:33.467: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 15:31:34.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 16:26:21.567: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxx.xxx.xxx
*Mar 30 16:35:35.479: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxx.xxx.xxx
*Mar 30 16:41:21.319: %DOT11-4-CCMP_REPLAY: Client xxxxxxxxxxxxx  had 1 AES-CCMP TSC replays
*Mar 30 16:42:13.222: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 16:42:13.230: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 16:42:14.222: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 16:42:14.258: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 16:42:15.258: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 16:57:33.186: %DOT11-4-CCMP_REPLAY: Client xxxxxxxx had 1 AES-CCMP TSC replays
**Mar 30 21:15:45.511: %DOT11-6-DFS_TRIGGERED: DFS: triggered on frequency 5260 MHz
*Mar 30 21:15:46.355: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 21:15:46.359: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 21:15:47.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 21:15:47.407: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 21:15:48.407: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 22:29:05.875: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 22:29:05.887: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 22:29:06.883: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 22:29:06.911: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 22:29:07.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 30 22:39:17.467: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 30 22:39:17.475: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 30 22:39:18.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 30 22:39:18.507: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 30 22:39:19.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 31 05:23:35.231: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:5 Channel:11 Source MAC:xxxxxxxxx
*Mar 31 05:43:23.843: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:5 Channel:11
**Mar 31 09:02:37.769: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
*Mar 31 09:02:37.769: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
*Mar 31 13:41:24.150: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth e4a4.71d2.13bf
*Mar 31 15:43:24.315: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth 4851.b767.97ec
*Mar 31 15:51:34.301: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:2 Channel:11 Source MAC:xxxxxxxxxxxxxxxx
*Mar 31 16:01:29.114: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:2 Channel:11
*Mar 31 20:14:03.707: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxxxxxxxxxxx
*Mar 31 20:24:48.959: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxxxxxxxxxxxx
*Mar 31 20:32:52.893: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxxxxxxxxxxx
*Mar 31 21:44:08.395: %DOT11-4-FLUSH_DEAUTH: Consecutive tx fail 500+: deauth xxxxxxxxxxxxxxxxxx
*Apr 2 11:03:28.177: %WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:5 Channel:11 Source MAC:xxxxxxxxxxxxxxxx
*Apr 2 11:23:16.781: %WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:5 Channel:11
*Apr 2 13:45:56.634: %EVT-4-WRN: Write of flash:/event.capwap done
*Apr 2 13:45:56.654: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Apr 2 13:45:56.654: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to WLC_PPAL
*Apr 2 13:45:56.726: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 2 13:46:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: WLC_BK peer_port: 5246
*Apr 2 13:46:07.915: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: WLC_BK peer_port: 5246
*Apr 2 13:46:07.919: %CAPWAP-5-SENDJOIN: sending Join Request to WLC_BK
*Apr 2 13:46:10.127: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Apr 2 13:46:10.659: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC-BK
*Apr 2 13:46:10.731: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:46:10.731: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:46:10.731: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:46:10.731: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration fileWLAN id 1, SSID YYYYY, L2ACL , L2ACL AP
WLAN id 2, SSID ZZZZZZZ L2ACL , L2ACL AP

*Apr 2 13:46:10.803: %LWAPP-3-CLIENTERRORLOG: Switching to Connected modecapwap_delete_all_l2Acls_in_nacl_list:336. Deleting all L2Acls in AP config

Por ultimo, por favor puedes

Por ultimo, por favor puedes compartir el output del comando show version

New Member

Saludos,

Saludos,

Adjunto informacion de versión del IOS.

Cisco IOS Software, C1700 Software (AP3G2-K9W8-M), Version 15.3(3)JA10, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 23-Aug-16 02:04 by prod_rel_team

ROM: Bootstrap program is C1700 boot loader
BOOTLDR: C1700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.3() [ TRUE]

AP00154 uptime is 1 week, 2 days, 14 hours, 20 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.153-3.JA10/ap3g2-k9w8-xx.153-3.JA10"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP1702I-A-K9 (PowerPC) processor (revision A0) with 376814K/134656K bytes of memory.
Processor board ID FJxxxxxxxx
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.140.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: xx:Xx:xx:xx
Part Number : 73-16776-01
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : Fxxxxxxxxxxxx
Top Assembly Part Number : 068-05568-02
Top Assembly Serial Number : Fxxxxxxxxxxxx
Top Revision Number : A0
Product/Model Number : AIR-CAP1702I-A-K9

Configuration register is 0xF

Adjunto nuevo LOG


*Apr 2 13:46:32.611: %CLEANAIR-6-STATE: Slot 0 enabled
*Apr 2 13:46:34.675: %CLEANAIR-6-STATE: Slot 1 enabled
*Apr 2 13:48:07.927: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Apr 2 13:48:07.927: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to WLC-BK
*Apr 2 13:48:08.043: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Apr 2 13:48:08.047: %CLEANAIR-6-STATE: Slot 0 down
*Apr 2 13:48:08.047: %CLEANAIR-6-STATE: Slot 1 down
*Apr 2 13:48:18.047: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 2 13:48:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: WLC-PPAL
*Apr 2 13:48:19.511: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: WLC-PPAL
*Apr 2 13:48:19.511: %CAPWAP-5-SENDJOIN: sending Join Request to WLC-PPAL
*Apr 2 13:48:21.023: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Apr 2 13:48:21.783: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC-PPAL
*Apr 2 13:48:21.899: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:48:21.899: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:48:21.899: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 2 13:48:21.899: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration fileWLAN id 1, SSID YYYY, L2ACL , L2ACL AP
WLAN id 2, SSID ZZZZZ , L2ACL , L2ACL AP

De antemano gracias¡¡¡¡¡

La perdida del mapeo de VLANs

La perdida del mapeo de VLANs solo ocurre en las redes Flex-Connect?

New Member

Hola Daniel, es correcto solo

Hola Daniel, es correcto solo ocurre en modo Flex connect y solo con un SSID, es posible que la version del IOS este causando problema. Pero porque no afecta el otro SSID GUEST.?

Que nombre tiene ese SSID?

Que nombre tiene ese SSID? Tienes algún carácter especial?

New Member

Saludos, 

Saludos, 

El SSID no tiene caracteres especiales, el tema es que constantemente se pasa a la WLC de respaldo y es allí en donde se pierde la VLAN de usuarios y se mapea a la Vlan que esta asociada a al interfaz de administración. Cuando debería continuar en HA sin perder ninguna configuración.

Ok.

Ok.

Y que método de HA estas utilizando?

Estimado Carlos.

Estimado Carlos.

Si no estas utilizando SSO cómo método de HA y en su lugar utilizas algún N+1 la respuesta podría ser esta.

Ambas configuraciones de los WLCs deben de ser la misma esto incluye la creación de las WLANs en el mismo orden (WLAN ID) al igual que los mismos grupo de AP’s incluyendo los nombres de forma idéntica (Esto involucra mayusculas y minúsculas) .

Por favor revisa este consejo. Adicionalmente si me puedes compartir la versión de OS de de tu WLC y el archivo de configuración.

***Please rate the answer if this information was useful***

**Por favor si la información fue util marca esta respuesta como correcta**

*Tu reconocimiento nos alienta a seguir participando en los foros *

 

** ¡Las calificaciones fomentan la participación! **
Por favor asegúrese de calificar special-programs.png las respuestas a sus preguntas.

New Member

Saludos Daniel,

Saludos Daniel,

Te comento que haciendo caso a tu consejo se corrigieron los nombre de los grupos en los cuales se tenian asociados algunos AP´s, estos quedaron identicos e ambas controladoras, y hasta ahora no se han presentado más incidentes de este tipo.

Agradezco mucho tu apoyo, este Tip soluciono el problema.

Un Feliz día.

84
Visitas
10
ÚTIL
13
Respuestas
CrearPor favor para crear contenido