07-14-2017 02:27 PM - edited 03-08-2019 11:20 AM
Hello,
I have a Cisco 1941 with some DHCP scopes on it and I need to add option 43 to them so they can locate our Cisco Wireless LAN Controller using CAPWAP, has anyone done this before?
WLC = 192.168.0.110
My router DHCP is:
ip dhcp pool vlan20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.1
dns-server 172.16.20.1
option 43 hex f104.c0a8.006e
APs are on VLAN 20 - 172.16.20.x
But they don't seem to attach to the WLC
Thanks
07-14-2017 04:46 PM
But they don't seem to attach to the WLC
Console into one of the APs and reboot. Post the entire boot-up process.
07-15-2017 01:30 PM
Sure:
APs have been used on the controller before (Cisco 3702i's)
Hex f104c0a8006e = the service port IP 192.168.0.110
*Mar 1 00:12:15.887: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
AP1#
*Mar 1 00:12:21.007: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.24, mask 255.255.255.0, hostname AP1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.20.1)
*Mar 1 00:12:26.887: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.0.110 obtained through DHCP
Should I build a DNS server and add an A host for CISCO-CAPWAP-CONTROLLER and point to 192.168.0.110?
If the APs are put on the same VLAN as the management ports (LAG) the boot up fine, but want them on a different VLAN.
Thanks
07-15-2017 02:21 PM
It looks like the AP is looking for the right controller, based on the capture. Is there a path from the subnet the AP is on to the WLC (and does the DHCP include a valid gateway to that gateway)? Plug a PC into a port in the AP vlan, and make sure you can ping the controller.
Also, is there a valid path from the WLC management address back to the AP and it's subnet? The PC test above, if successful, would indicate there is.
(Both of those through either static routing or valid IP routing).
Messages in the WLC may provide a clue - did the controller SEE the request coming in and attempt to initiate connection?
1. Was the request SEEN on the controller
2. Did the controller accept and not reject the connection? If these worked before, I presume the country code and certificates are OK, but...
3. Is there a valid path from the controller's management address to the AP subnet.
07-15-2017 04:32 PM
Look at the time and date of the logs from the AP. The time and date found in the controller is incorrect.
07-15-2017 01:53 PM
On the router I added:
Router(config)#ip dns server
Router(config)#ip host CISCO-CAPWAP-CONTROLLER 192.168.0.110
Now showing as ok, but still no joy.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.20.1) [OK]
*Mar 1 00:49:49.539: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.0.110 obtained through DHCP
Not in Bound state.
*Mar 1 00:50:34.543: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:50:39.663: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.102, mask 255.255.255.0, hostname AP1
07-15-2017 10:46 AM
I believe you have the option 43 string correct. Check both the boot-up via serial on the AP, and the Monitor page on the WLC for AP joins or trap messages, both options reachable from the Monitor page on the WLC. You may have certificate, AP model not supported by the controller, country code not matching...
07-15-2017 02:35 PM
On my router (acting as a DNS server) I changed:
ip host CISCO-CAPWAP-CONTROLLER 192.168.0.110 (Service Port)
to
ip host CISCO-CAPWAP-CONTROLLER 172.16.10.110 (management port)
And all is working, so can the service port not be used?
07-15-2017 02:44 PM
I believe the service port is unroutable - one of those funny little gotcha's you have to watch out for. Sort of like the one that there's no internal DHCP on 5520's.
07-16-2017 01:32 AM
Ah so maybe that is it? I was trying to connect to the service port with option 43, but it is unroutable (I think I can add a static route to the 5508 WLC). So using the Management port worked because it is routable?
So what is normally used in a production network to find the CAPWAP, Service Port or Management?
I can use option 43 in DHCP or DNS and point CISCO-CAPWAP-CONTROLLER to the Service Port or Management Port.
Thanks
07-16-2017 07:49 AM
From another discussion here. I think you'd find many simply ignore the service port, except for troubleshooting.
https://supportforums.cisco.com/discussion/13334926/how-do-i-add-option-43-dhcp-scope-router
07-16-2017 10:02 AM
Isn't that the same discussion as this one that you replied to?
07-16-2017 10:34 AM
Yep, I had been jumping browsers, as this forum doesn't work so well in IE9.
https://supportforums.cisco.com/discussion/12089021/wlc-5508-what-use-service-port
07-16-2017 11:39 AM
I will just use the management port then as that works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide