cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2762
Views
0
Helpful
13
Replies
Andy White
Explorer

How do I add option 43 on DHCP scope on router?

Hello,

I have a Cisco 1941 with some DHCP scopes on it and I need to add option 43 to them so they can locate our Cisco Wireless LAN Controller using CAPWAP, has anyone done this before?

WLC = 192.168.0.110

My router DHCP is:

ip dhcp pool vlan20
network 172.16.20.0 255.255.255.0
default-router 172.16.20.1
dns-server 172.16.20.1
option 43 hex f104.c0a8.006e

APs are on VLAN 20 - 172.16.20.x

But they don't seem to attach to the WLC

Thanks

13 REPLIES 13
Leo Laohoo
VIP Community Legend

But they don't seem to attach to the WLC

Console into one of the APs and reboot.  Post the entire boot-up process.

Sure:

APs have been used on the controller before (Cisco 3702i's)

Hex f104c0a8006e = the service port IP 192.168.0.110

*Mar 1 00:12:15.887: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
AP1#
*Mar 1 00:12:21.007: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.24, mask 255.255.255.0, hostname AP1

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.20.1)
*Mar 1 00:12:26.887: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.0.110 obtained through DHCP

Should I build a DNS server and add an A host for CISCO-CAPWAP-CONTROLLER and point to 192.168.0.110?

If the APs are put on the same VLAN as the management ports (LAG) the boot up fine, but want them on a different VLAN.

Thanks

It looks like the AP is looking for the right controller, based on the capture.  Is there a path from the subnet the AP is on to the WLC (and does the DHCP include a valid gateway to that gateway)?  Plug a PC into a port in the AP vlan, and make sure you can ping the controller.

Also, is there a valid path from the WLC management address back to the AP and it's subnet?  The PC test above, if successful, would indicate there is.

(Both of those through either static routing or valid IP routing).

Messages in the WLC may provide a clue - did the controller SEE the request coming in and attempt to initiate connection?

1. Was the request SEEN on the controller

2. Did the controller accept and not reject the connection?  If these worked before, I presume the country code and certificates are OK, but...

3. Is there a valid path from the controller's management address to the AP subnet.

Leo Laohoo
VIP Community Legend

Look at the time and date of the logs from the AP.  The time and date found in the controller is incorrect.  

On the router I added:

Router(config)#ip dns server

Router(config)#ip host CISCO-CAPWAP-CONTROLLER 192.168.0.110

Now showing as ok, but still no joy.

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.20.1) [OK]

*Mar 1 00:49:49.539: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.0.110 obtained through DHCP
Not in Bound state.
*Mar 1 00:50:34.543: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:50:39.663: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.102, mask 255.255.255.0, hostname AP1

pwwiddicombe
Enthusiast

I believe you have the option 43 string correct.   Check both the boot-up via serial on the AP, and the Monitor page on the WLC for AP joins or trap messages, both options reachable from the Monitor page on the WLC.  You may have certificate, AP model not supported by the controller, country code not matching...

On my router (acting as a DNS server) I changed:

ip host CISCO-CAPWAP-CONTROLLER 192.168.0.110 (Service Port)

to 

ip host CISCO-CAPWAP-CONTROLLER 172.16.10.110 (management port)

And all is working, so can the service port not be used?

I believe the service port is unroutable - one of those funny little gotcha's you have to watch out for.  Sort of like the one that there's no internal DHCP on 5520's.

Ah so maybe that is it?  I was trying to connect to the service port with option 43, but it is unroutable (I think I can add a static route to the 5508 WLC).  So using the Management port worked because it is routable?

So what is normally used in a production network to find the CAPWAP, Service Port or Management?

I can use option 43 in DHCP or DNS and point CISCO-CAPWAP-CONTROLLER to the Service Port or Management Port.

Thanks

From another discussion here.  I think you'd find many simply ignore the service port, except for troubleshooting.

https://supportforums.cisco.com/discussion/13334926/how-do-i-add-option-43-dhcp-scope-router

Isn't that the same discussion as this one that you replied to?

Yep, I had been jumping browsers, as this forum doesn't work so well in IE9.

https://supportforums.cisco.com/discussion/12089021/wlc-5508-what-use-service-port

I will just use the management port then as that works fine.