cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1568
Views
31
Helpful
13
Replies

Cisco ASA pinging a wireless controller

Rosa Ladera
Level 1
Level 1

I have observed a billion messages like the following, on syslog :

Feb 23 10:12:32 wlan-controller-14-2 impa-wireless2: *spamReceiveTask: Feb 23 10:12:29.570: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP

Feb 24 18:18:44 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 24 18:18:44.064: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP


Cisco Adaptive Security Appliance Software Version 9.0(4)
Device Manager Version 7.3(1)101

ASA# sh int gigabitEthernet 0/2

Interface GigabitEthernet0/2 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
    Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
    Input flow control is unsupported, output flow control is off
    Description: Smale-Ethernet10/3
    Active member of Port-channel32
    MAC address 5475.d091.4f04, MTU not set
    IP address unassigned
    575994720 packets input, 230167959667 bytes, 0 no buffer
    Received 31034901 broadcasts, 0 runts, 0 giants
    54 input errors, 0 CRC, 0 frame, 54 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    671225576 packets output, 541877862255 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 input reset drops, 0 output reset drops, 0 tx hangs
    input queue (blocks free curr/low): hardware (511/486)
    output queue (blocks free curr/low): hardware (511/355)

(Cisco Controller) >show inventory

Burned-in MAC Address............................ 00:1E:13:50:AA:80
Maximum number of APs supported.................. 6
NAME: "Chassis"    , DESCR: "2100 Series WLAN Controller:6 APs"
PID: AIR-WLC2106-K9,  VID: V03,  SN: JMX1151K0DY

AIR-WLC2106-K9 controller is ruunning Software Version 7.0.251.2

(Cisco Controller) >debug capwap detail enable

*spamReceiveTask: Feb 23 10:12:36.756: 54:75:d0:91:4f:04 LWAPP Primary Discovery Request AP Software Version: 0x700fa00

(Cisco Controller) >debug arp all enable

*dtlArpTask: Feb 24 18:18:42.242: processEtherIcmp: Received ICMP request from wired client,Interface no:1, mtu:1280, SRC MAC: 54:75:D0:91:4F:04

*dtlArpTask: Feb 24 18:18:42.242: dtlArpFind: ARP Lookup succeeded on IP 147.65.14.7

*dtlArpTask: Feb 24 18:18:42.242: processEtherIcmp: Sending ICMP reply Successful !! , SRC MAC: 00:1E:13:50:AA:80


(Cisco Controller) >show arp kernel      
IP address       HW type     Flags       HW address            Mask     Device

147.65.14.7      0x1         0x2         54:75:D0:91:4F:04     *        dtl0

(Cisco Controller) >show arp switch

Number of arp entries................................ 142

    MAC Address        IP Address     Port   VLAN   Type
------------------- ---------------- ------ ------ ------

54:75:D0:91:4F:04   147.65.14.7      1      14     Host
00:23:04:49:9E:40   147.65.14.239    1      14     Permanent
00:21:A0:FE:A7:C0   147.65.14.240    1      14     Permanent
F8:66:F2:63:0F:00   147.65.14.241    1      14     Permanent

Controller management interface GW address : 147.65.14.7
Other controllers : 147.65.14.239, 147.65.14.240 and 147.65.14.241
ASA interface g 0/2 mac address : 54:75:D0:91:4F:04
Any idea?

13 Replies 13

Are any of your APs going thru the firewall to get to the WLAN controller?

Yes

A couple of more questions:

1. Are you using DHCP and, if yes, do you have option 43 defined in your DHCP?

See this link for more information:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html

 

2. Do you have LWAPP(5246/5247) and CAPWAP (12222/12223) ports open on the firewall?

 

 

Yes I am using option 43 as described on DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example.

There are no firewall droped ports --> LWAPP(5246/5247) and CAPWAP (12222/12223) .

Everityng runs fine, except those billion messages sent to syslog which I suppose are sent by pix asa to syslog and are also seen by (Cisco Controller) >debug arp all enable:

*dtlArpTask: Feb 24 18:18:42.242: processEtherIcmp: Received ICMP request from wired client,Interface no:1, mtu:1280, SRC MAC: 54:75:D0:91:4F:04

*dtlArpTask: Feb 24 18:18:42.242: dtlArpFind: ARP Lookup succeeded on IP 147.65.14.7

*dtlArpTask: Feb 24 18:18:42.242: processEtherIcmp: Sending ICMP reply Successful !! , SRC MAC: 00:1E:13:50:AA:80

The messages indicate the controller is dropping the LWAPP requests because it knows the AP can do CAPWAP. I am not sure if what you are seeing is a bug, but for some reason the CAPWAP messages are not arriving.

Everything is, however, working because you have dhcp option 43 with the controllers IP address.

Have you tried adding ip forward protocol udp 12222 and ip forward-protocol udp 12223 on your L3 device where you point the AP's DHCP requests to the DHCP server? Where you have your ip helper-address statement.

 

I will dig in more.

 

 

Correction. I meant:

ip forward protocol udp 5246

ip forward-protocol udp 5247

I supose you do not understand.

The billion messages come from PIX ASA.

Rosa

In answer to my first question you said the APs are going thru the firewall to reach the Controller. Correct?

That means on L2 the Controller sees ALL L2 traffic coming from the firewall. Therefore, you see the ASA's Mac address. You will not see the AP's MAC address. I though that was clear.

 

This message:

" *spamReceiveTask: Feb 25 17:00:09.198: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP"

means the controller knows the AP can do CAPWAP, but it is receiving LWAPP, and is, therefore, discarding it.

 

What version of s/w are you running on the Controller(s)?

Correct.

Yes I see ASA's macaddress.

7.0.251.2 for software and emergency.

There is somthing importante to tell you.

management and ap_manager are in different vlans.

I am concened that is the problema.

I am just working to have one of the four controllers configured with ap-manager and management in the same vlan.

Yes, it is recommended that they both be in the same VLAN.

I would also consider having the "management" interface act as AP Manager (this can beset via the Dynamic AP Management check box). I don't know how many ports you are using, but specs indicate one AP-Management interface per port.

 

We use DHCP Option 43, and we have a DNS entry for 

cisco-capwap-controller.domain_name pointing to Management interface of the controller. If you have a different AP-Management interface, then DNS entry should point to the AP-Management IP for CAPWAP.

 

 

 

That is exactly what a I did for one of the four controllers I have, and as expected all messages for this controller disappear.

If everythig runs fine this weekend I will extend the solution for the other 3 controllers.

Thanks for your help.

Regards

Rosa

Excellent!

 

Best wishes.

 

I have 26 APs.

Take a look the ping's frequence ( 8 times per second):

Feb 25 16:57:38 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:57:31.496: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:57:51 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:57:44.397: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:57:59 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:57:52.681: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:09 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:02.414: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:16 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:09.242: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:20 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:13.341: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP[...It occurred 3 times/sec!.]
Feb 25 16:58:31 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:24.049: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:36 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:29.198: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:37 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:30.526: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:41 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:34.223: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:47 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:40.782: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:49 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:41.830: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:50 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:42.920: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:51 wlan-controller-14-1 impa-wireless1: *apfReceiveTask: Feb 25 16:58:44.514: %LOG-6-Q_IND: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:58:54 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:58:47.177: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:10 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:03.155: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:14 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:07.301: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:18 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:11.018: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:34 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:27.279: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:36 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:29.413: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP[...It occurred 2 times/sec!.]
Feb 25 16:59:38 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:31.449: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:51 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:44.384: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 16:59:59 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 16:59:52.667: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:08 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:01.657: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:16 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:09.198: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:17 wlan-controller-14-1 impa-wireless1: *mmListen: Feb 25 17:00:10.153: %LOG-6-Q_IND: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP[...It occurred 2 times.!]
Feb 25 17:00:20 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:13.328: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:30 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:23.007: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:35 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:28.441: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:37 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:30.515: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:41 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:34.179: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:47 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:40.737: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:49 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:42.163: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP[...It occurred 2 times/sec!.]
Feb 25 17:00:50 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:43.303: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
Feb 25 17:00:54 wlan-controller-14-1 impa-wireless1: *spamReceiveTask: Feb 25 17:00:47.163: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP

 

Review Cisco Networking for a $25 gift card