Access points can fail to
join a controller for many reasons such as a RADIUS authorization is pending,
self-signed certificates are not enabled on the controller, the access point
and controller’s regulatory domains do not match, and so on.
Controller software release
5.2 or later releases enable you to configure the access points to send all
CAPWAP-related errors to a syslog server. You do not need to enable any debug commands
on the controller because all of the CAPWAP error messages can be viewed from the syslog
server itself.
The state of the access point
is not maintained on the controller until it receives a CAPWAP join request
from the access point, so it can be difficult to determine why the CAPWAP
discovery request from a certain access point was rejected. In order to
troubleshoot such joining issues without enabling CAPWAP debug commands on the
controller, the controller collects information for all access points that send
a discovery message to this controller and maintains information for any access
points that have successfully joined this controller.
The controller collects all
join-related information for each access point that sends a CAPWAP discovery
request to the controller. Collection begins with the first discovery message
received from the access point and ends with the last configuration payload
sent from the controller to the access point.
You can view join-related
information for the following numbers of access points:
When the controller is
maintaining join-related information for the maximum number of access points,
it does not collect information for any more access points.
If any of these conditions
are met and the access point has not yet joined a controller, you can also
configure a DHCP server to return a syslog server IP address to the access
point using option 7 on the server. The access point then starts sending all
syslog messages to this IP address.
 Note |
The access point joins the controller with a DHCP address from an internal DHCP pool configured on WLC. When the DHCP lease
address is deleted in WLC, the access point reloads with the following message:
AP Rebooting: Reset Reason - Admin Reload. This is a common behavior in Cisco Wave 1 and Wave
2 APs.
|
You can also configure the
syslog server IP address through the access point CLI, provided the access
point is currently not connected to the controller by entering the
capwap ap log-server
syslog_server_IP_address command.
When the access point joins a
controller for the first time, the controller pushes the global syslog server
IP address (the default is 255.255.255.255) to the access point. After that,
the access point sends all syslog messages to this IP address, until it is
overridden by one of the following scenarios:
-
The access point is still
connected to the same controller, and the global syslog server IP address
configuration on the controller has been changed using the
config ap syslog host
global
syslog_server_IP_address command. In this case,
the controller pushes the new global syslog server IP address to the access
point.
-
The access point is still
connected to the same controller, and a specific syslog server IP address has
been configured for the access point on the controller using the
config ap syslog host
specific
Cisco_AP
syslog_server_IP_address command. In this case, the controller
pushes the new specific syslog server IP address to the access point.
-
The access point gets
disconnected from the controller, and the syslog server IP address has been
configured from the access point CLI using the
lwapp ap log-server
syslog_server_IP_address command. This command
works only if the access point is not connected to any controller.
-
The access point gets
disconnected from the controller and joins another controller. In this case,
the new controller pushes its global syslog server IP address to the access
point.
Whenever a new syslog server
IP address overrides the existing syslog server IP address, the old address is
erased from persistent storage, and the new address is stored in its place. The
access point also starts sending all syslog messages to the new IP address,
provided the access point can reach the syslog server IP address.
You can configure the syslog
server for access points using the controller GUI and view the access point
join information using the controller GUI or CLI.
When the name of the access point is modified using the
config ap name
new_name
old_name command, then the new AP name is updated.
You can view the new AP name updated in both the
show ap join stats summary
all as well as the
show ap summary
commands.
 Note |
When an AP in a Release 8.0 image tries to join Cisco WLC, Release 8.3 (having
Release 8.2 as the primary image and Release 8.2.1 as the secondary image on Flash),
the AP goes into a perpetual loop. (Note that the release numbers are used only as
an example to illustrate the scenario of three different images and does not apply
to the releases mentioned.) This loop occurs due to version mismatch. After the
download, when the AP compares its image with the Cisco WLC image, there will be a
version mismatch. The AP will start the entire process again, resulting in a loop.
|