购买或续订
购买或续订
Umbrella 发布说明和公告现已在 Cisco 社区发布!点击查看详情。
取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
搜索替代 
您的意思是: 
cancel
开始对话
2516
查看次数
0
有帮助
2
回复

wlc5508 添加AP

查看解答
573007580
Level 1
Level 1

发布时间 ‎05-06-2023 08:54 AM

 近期采购了一批 3702系列的AP,发现控制器上一直没有上线。

思科AP 需要手动去进行配置,才能上线吗?

有没有WLC5508 添加AP的基本步骤说明呢?感激不尽

标签:
0 有帮助
1 个已接受解答

已接受的解答

查看解答
Rps-Cheers
VIP
VIP

‎05-07-2023 11:19 PM - 编辑日期 ‎05-07-2023 11:21 PM

首先,AP注册到WLC,只要能够通信,AP可以以如下几种方式来注册,可以在AP手动配置WLC的信息,也可以自动获取:

The AP goes through this process on startup:

  1. The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  2. The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
    1. DHCP option 43 (good for global companies where offices and controllers are on different continents).
    2. DNS entry for cisco-capwap-controller (good for local businesses - can also be used to find where brand new APs join) If you use CAPWAP, make sure there is a DNS entry for cisco-capwap-controller.
    3. Management IP addresses of controllers the LAP remembers previously.
    4. A Layer 3 broadcast on the subnet.
    5. Statically configured information.
    6. Controllers present in the mobility group of the WLC the AP last joined.

如果是WLC上没有看到AP没有上线的话,可能需要从如下几个方面考虑一下:

1、WLC的当前版本是否支持AP3702,可以通过WLC上输入show sysinfo来查看WLC当前的版本。

your controller must be running release 7.6.0.0 or later to support 3700 series access points.

2、WLC的证书是否有问题(例如是否过期)

可以通过如下的命令检查Certificate Name: Cisco SHA1 device cert的证书是否还在有效期内。当然,也可以在AP上show logging看看是否有明显的证书失败的告警!

(Cisco Controller) >config boot primary

如果因为证书的问题导致AP无法注册,可以参考如下链接的解决方案。忽略证书、修改WLC系统时间可能都是一个临时的解决方法。

https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html

如果想忽略证书,参考的命令也在如上链接中:

 config ap cert-expiry-ignore {mic|ssc} enable 以及config ap cert-expiry-ignore {mic|ssc} enable

如果手动修改WLC的系统时间到证书范围内,则可以使用如下命令手动修改。

(Cisco Controller) >config time manual

<MM/DD/YY> MM/DD/YY - Date portion

注意:如上的情况,都是在AP和WLC的连通性等都正常,而无法注册的情况。我们首先还是需要保证AP和WLC互通!(至少是他们使用的端口要互通,一般来说,中间没有安全设备,ping通也就能说明AP和WLC通信基本没有问题)

All you need for the AP to join the WLC is UDP 5246 and UDP 5247.

 

其他关于排查AP注册WLC的文档,可以参考:

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

https://community.cisco.com/t5/wireless-mobility-knowledge-base/joining-process-of-an-cisco-access-point/ta-p/3149279

希望能帮到你。

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

在原帖中查看解决方案

0 有帮助
2 条回复2

查看解答
Rps-Cheers
VIP
VIP

‎05-07-2023 11:19 PM - 编辑日期 ‎05-07-2023 11:21 PM

首先,AP注册到WLC,只要能够通信,AP可以以如下几种方式来注册,可以在AP手动配置WLC的信息,也可以自动获取:

The AP goes through this process on startup:

  1. The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  2. The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
    1. DHCP option 43 (good for global companies where offices and controllers are on different continents).
    2. DNS entry for cisco-capwap-controller (good for local businesses - can also be used to find where brand new APs join) If you use CAPWAP, make sure there is a DNS entry for cisco-capwap-controller.
    3. Management IP addresses of controllers the LAP remembers previously.
    4. A Layer 3 broadcast on the subnet.
    5. Statically configured information.
    6. Controllers present in the mobility group of the WLC the AP last joined.

如果是WLC上没有看到AP没有上线的话,可能需要从如下几个方面考虑一下:

1、WLC的当前版本是否支持AP3702,可以通过WLC上输入show sysinfo来查看WLC当前的版本。

your controller must be running release 7.6.0.0 or later to support 3700 series access points.

2、WLC的证书是否有问题(例如是否过期)

可以通过如下的命令检查Certificate Name: Cisco SHA1 device cert的证书是否还在有效期内。当然,也可以在AP上show logging看看是否有明显的证书失败的告警!

(Cisco Controller) >config boot primary

如果因为证书的问题导致AP无法注册,可以参考如下链接的解决方案。忽略证书、修改WLC系统时间可能都是一个临时的解决方法。

https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html

如果想忽略证书,参考的命令也在如上链接中:

 config ap cert-expiry-ignore {mic|ssc} enable 以及config ap cert-expiry-ignore {mic|ssc} enable

如果手动修改WLC的系统时间到证书范围内,则可以使用如下命令手动修改。

(Cisco Controller) >config time manual

<MM/DD/YY> MM/DD/YY - Date portion

注意:如上的情况,都是在AP和WLC的连通性等都正常,而无法注册的情况。我们首先还是需要保证AP和WLC互通!(至少是他们使用的端口要互通,一般来说,中间没有安全设备,ping通也就能说明AP和WLC通信基本没有问题)

All you need for the AP to join the WLC is UDP 5246 and UDP 5247.

 

其他关于排查AP注册WLC的文档,可以参考:

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

https://community.cisco.com/t5/wireless-mobility-knowledge-base/joining-process-of-an-cisco-access-point/ta-p/3149279

希望能帮到你。

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 有帮助

查看解答
573007580
Level 1
Level 1
回复 Rps-Cheers

发布时间 ‎05-08-2023 01:06 AM

ths

0 有帮助
快捷链接

浏览社区快速链接并以您的母语获取个性化内容:

发布或浏览文章 分享想法或新闻 观看我们的所有视频
Customers Also Viewed These Support Documents