Consolidated Platform Configuration Guide, Cisco IOS XE Release 3.3SE (Cisco WLC 5700 Series)
Configuring the Controller for Access Point Discovery
Downloads: This chapterpdf (PDF - 1.33MB) The complete bookPDF (PDF - 23.06MB) | The complete bookePub (ePub - 5.56MB) | Feedback

Configuring the Controller for Access Point Discovery

Contents

Configuring the Controller for Access Point Discovery

Finding Feature Information

Your software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Configuring the Controller for Access Point Discovery

  • Ensure that the Control and Provisioning of Wireless Access Points (CAPWAP) UDP ports 5246 and 5247 (similar to the Lightweight Access Point Protocol (LWAPP) UDP ports 12222 and 12223) are enabled and are not blocked by an intermediate device that could prevent an access point from joining the controller.
  • If access control lists (ACLs) are in the control path between the controller and its access points, you must open new protocol ports to prevent access points from being stranded.
  • If an access point is in the UP state and its IP address changes, the access point tears down the existing CAPWAP tunnel and rejoins the controller.
  • Access points must be discovered by a controller before they can become an active part of the network. The lightweight access points support the following controller discovery processes:
    • Layer 3 CAPWAP discovery—You can enable this feature on different subnets from the access point. This feature uses IP addresses and UDP packets rather the MAC addresses used by Layer 2 discovery.
    • Locally stored controller IP address discovery—If the access point was previously associated to a controller, the IP addresses of the primary, secondary, and tertiary controllers are stored in the access point’s nonvolatile memory. This process of storing controller IP addresses on an access point for later deployment is called priming the access point.
    • DHCP server discovery—This feature uses DHCP option 43 to provide controller IP addresses to the access points. Cisco switches support a DHCP server option that is typically used for this capability.
    • DNS discovery—The access point can discover controllers through your domain name server (DNS). You must configure your DNS to return controller IP addresses in response to CISCO-CAPWAP-CONTROLLER. localdomain, where localdomain is the access point domain name. When an access point receives an IP address and DNS information from a DHCP server, it contacts the DNS to resolve CISCO-CAPWAP-CONTROLLER. localdomain. When the DNS sends a list of controller IP addresses, the access point sends discovery requests to the controllers.

Restrictions for Configuring the Controller for Access Point Discovery

  • Ensure that the controllers are configured with the correct date and time. If the date and time configured on the controller precedes the creation and installation date of certificates on the access points, the access point fails to join the controller.
  • During the discovery process, access points that are supported by the Cisco controller, such as the 1140, 1260, 3500, 1040,1600, 2600, or 3600 query only for Cisco controllers.

Information About Configuring the Controller for Access Point Discovery

In a CAPWAP environment, a lightweight access point discovers a controller by using CAPWAP discovery mechanisms and then sends a CAPWAP join request to the controller. The controller sends a CAPWAP join response to the access point that allows the access point to join the controller. When the access point joins the controller, the controller manages its configuration, firmware, control transactions, and data transactions.

Access Point Communication Protocols

Cisco lightweight access points use the IETF standard CAPWAP to communicate with the controller and other lightweight access points on the network.

CAPWAP, which is based on LWAPP, is a standard, interoperable protocol that enables a controller to manage a collection of wireless access points. CAPWAP is implemented in controller for these reasons:

  • To provide an upgrade path from Cisco products that use LWAPP to next-generation Cisco products that use CAPWAP
  • To manage RFID readers and similar devices
  • To enable controllers to interoperate with third-party access points in the future

Viewing Access Point Join Information

Join statistics for an access point that sends a CAPWAP discovery request to the controller at least once are maintained on the controller even if the access point is rebooted or disconnected. These statistics are removed only when the controller is rebooted or when you choose to clear the statistics.

Troubleshooting the Access Point Join Process

Access points can fail to join a controller for many reasons such as a RADIUS authorization is pending, self-signed certificates are not enabled on the controller, the access point and controller’s regulatory domains do not match, and so on.

You can configure the access points to send all CAPWAP-related errors to a syslog server. You do not need to enable any debug commands on the controller because all of the CAPWAP error messages can be viewed from the syslog server itself.

The state of the access point is not maintained on the controller until it receives a CAPWAP join request from the access point, so it can be difficult to determine why the CAPWAP discovery request from a certain access point was rejected. In order to troubleshoot such joining issues without enabling CAPWAP debug commands on the controller, the controller collects information for all access points that send a discovery message to this controller and maintains information for any access points that have successfully joined this controller.

The controller collects all join-related information for each access point that sends a CAPWAP discovery request to the controller. Collection begins when the first discovery message is received from the access point and ends when the last configuration payload is sent from the controller to the access point.

When the controller is maintaining join-related information for the maximum number of access points, it does not collect information for any more access points.

You can also configure a DHCP server to return a syslog server IP address to the access point using option 7 on the server. The access point then starts sending all syslog messages to this IP address.

You can configure the syslog server IP address through the access point CLI, if the access point is not connected to the controller by entering the capwap ap log-server syslog_server_IP_address command.

When the access point joins a controller for the first time, the controller pushes the global syslog server IP address (the default is 255.255.255.255) to the access point. After that, the access point sends all syslog messages to this IP address, until it is overridden by one of the following scenarios:

  • The access point is still connected to the same controller, and you changed the global syslog server IP address configuration on the controller by using the ap syslog host Syslog_Server_IP_Address command. In this case, the controller pushes the new global syslog server IP address to the access point.
  • The access point is still connected to the same controller, and you configured a specific syslog server IP address for the access point on the controller by using the ap name Cisco_AP syslog host Syslog_Host_IP_Address command. In this case, the controller pushes the new specific syslog server IP address to the access point.
  • The access point gets disconnected from the controller, and you configured the syslog server IP address from the access point CLI by using the capwap ap log-server syslog_server_IP_address command. This command works only if the access point is not connected to any controller.
  • The access point gets disconnected from the controller and joins another controller. In this case, the new controller pushes its global syslog server IP address to the access point.

Whenever a new syslog server IP address overrides the existing syslog server IP address, the old address is erased from persistent storage, and the new address is stored in its place. The access point also starts sending all syslog messages to the new IP address, if the access point can reach the syslog server IP address.

How to Configure Access Point Discovery

Configuring the Syslog Server for Access Points (CLI)

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ap syslog host host_ip_address

    4.    end

    5.    show ap config global

    6.    show ap name Cisco_AP config general


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Controller# enable
    
     

    Enters privileged EXEC mode.

     
    Step 2 configure terminal


    Example:
    Controller# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ap syslog host host_ip_address


    Example:
    Controller(config)# ap syslog host
     10.9.9.16
     

    Configures the global syslog server for all access points that join this controller.

    Note   

    By default, the global syslog server IP address for all access points is 255.255.255.255. Make sure that the access points can reach the subnet on which the syslog server resides before configuring the syslog server on the controller. If the access points cannot reach this subnet, the access points are unable to send out syslog messages.

     
    Step 4 end


    Example:
    Controller(config)# end
     

    Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode.

     
    Step 5 show ap config global


    Example:
    Controller# show ap config global
    
     

    Displays the global syslog server settings for all access points that join the controller.

     
    Step 6 show ap name Cisco_AP config general


    Example:
    Controller# show ap name AP03 config general
     

    Displays the syslog server settings for a specific access point.

     

    Monitoring Access Point Join Information (CLI)


    Note


    The procedure to perform this task using the controller GUI is not currently available.


    SUMMARY STEPS

      1.    enable

      2.    show ap join stats summary

      3.    show ap mac-address mac_address join stats summary

      4.    show ap mac-address mac_address join stats detailed

      5.    clear ap join statistics


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Controller# enable
      
       

      Enters privileged EXEC mode.

       
      Step 2 show ap join stats summary


      Example:
      Controller# show ap join stats summary
       

      Displays the MAC addresses of all the access points that are joined to the controller or that have tried to join.

       
      Step 3 show ap mac-address mac_address join stats summary


      Example:
      Controller# show ap mac-address
       000.2000.0400 join stats summary
       

      Displays all the statistics for the AP including the last join error detail.

       
      Step 4 show ap mac-address mac_address join stats detailed


      Example:
      Controller# show ap mac-address
       000.2000.0400 join stats detailed
       

      Displays all join-related statistics collected for a specific access point.

       
      Step 5 clear ap join statistics


      Example:
      Controller# clear ap join statistics
      
       
      Clears the join statistics for all access points.
      Note   

      To clear the join statistics that correspond to specific access points, enter the clear ap mac-address mac_address join statistics command.

       

      Searching for Access Point Radios (GUI)


        Step 1   Choose Monitor > Wireless > Access Points and click 802.11a/n/ac Statistics or 802.11b/g/n Statistics.

        The 802.11 Radio pages are displayed. These pages show all of the 802.11a/n/ac or 802.11b/g/n access point radios that are associated with the controller and their current settings.

        Note   

        In a Cisco converged access environment, the 802.11a/n/ac and 802.11b/g/n radios should not be differentiated based on their Base Radio MAC addresses, because they might have the same addresses. Instead, the radios should be differentiated based on their physical addresses.

        Step 2   From the Show drop-down list, choose Quick Filter.

        The filter options (text boxes) appear in each of the column header in the table.

        Step 3   Enter a keyword in the corresponding text boxes to specify the filter criteria based on which you want to search, and click the Filter icon.

        Monitoring the Interface Details (GUI)


          Step 1   Choose Configuration > Wireless > Access Points > All APs.

          The All APs page is displayed showing a list of access points that are associated with the controller.

          Step 2   Click the access point name.

          The AP > Edit page is displayed.

          Step 3   Click the Interface tab.

          The interface details are displayed.


          Configuration Examples for Configuring the Controller for Access Point Discovery

          Displaying the MAC Addresses of all Access Points: Example

          This example shows how to display MAC addresses of all the access points that are joined to the controller:

          Controller# show ap join stats summary
          Number of APs.......................................... 4
          
          Base Mac          EthernetMac       AP Name IP Address    Status
          ----------------- ----------------- ------- ------------- ----------
          00:0b:85:57:bc:c0 00:0b:85:57:bc:c0 AP1130  10.10.163.217 Joined
          00:1c:0f:81:db:80 00:1c:63:23:ac:a0 AP1140  10.10.163.216 Not joined
          00:1c:0f:81:fc:20 00:1b:d5:9f:7d:b2 AP1     10.10.163.215 Joined
          00:21:1b:ea:36:60 00:0c:d4:8a:6b:c1 AP2     10.10.163.214 Not joined

          This example shows how to display the last join error details for a specific access point:

          Controller# show ap mac-address 000.2000.0400 join stats summary
          Is the AP currently connected to controller................ Yes
          Time at which the AP joined this 
          controller last time................................. Aug 21 12:50:36.061
          Type of error
          that occurred last.................. AP got or has been disconnected
          Reason for error 
          that occurred last........... The AP has been reset by the controller
          Time at which the last join error occurred......... Aug 21 12:50:34.374
          

          This example shows how to display all join-related statistics collected for a specific access point:

          Controller# show ap mac-address 000.2000.0400 join stats detailed
          Discovery phase statistics
          - Discovery requests received........................ 2
          - Successful discovery responses sent................ 2
          - Unsuccessful discovery request processing.......... 0
          - Reason for last unsuccessful discovery attempt..... Not applicable
          - Time at last successful discovery attempt.......... Aug 21 12:50:23.335
          - Time at last unsuccessful discovery attempt........ Not applicable
          
          Join phase statistics
          - Join requests received............................. 1
          - Successful join responses sent..................... 1
          - Unsuccessful join request processing............... 1
          - Reason for last unsuccessful join attempt.....      RADIUS authorization
                                                                is pending
                                                                for the AP
          - Time at last successful join attempt............... Aug 21 12:50:34.481
          - Time at last unsuccessful join attempt............. Aug 21 12:50:34.374
          
          Configuration phase statistics
          - Configuration requests received..................... 1
          - Successful configuration responses sent............. 1
          - Unsuccessful configuration request processing....... 0
          - Reason for last unsuccessful configuration attempt.. Not applicable
          - Time at last successful configuration attempt....... Aug 21 12:50:34.374
          - Time at last unsuccessful configuration attempt..... Not applicable
          
          Last AP message decryption failure details
          - Reason for last message decryption failure.......... Not applicable
          
          Last AP disconnect details
          - Reason for last AP connection failure............... The AP has been reset by
                                                                 the controller
          Last join error summary
          - Type of error that occurred last.................... AP got or has been
                                                                 disconnected
          - Reason for error that occurred last................. The AP has been reset
                                                                 by the controller
          - Time at which the last join error occurred.......... Aug 21 12:50:34.374
          

          DHCP Option 43 for Lightweight Cisco Aironet Access Points Configuration Example

          For more information about the AP join process, see DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example at http:/​/​www.cisco.com/​en/​US/​tech/​tk722/​tk809/​technologies_​configuration_​example09186a00808714fe.shtml.