Access Points CAP2702 don't see controller

sergo777 · ‎09-02-2020

Hi Everybody

Maybe somebody saw same issues.

I have Cisco controller 3500 and some access point 2702, some of them sitting in branch offices, connected via VPN. Some offices have also Cisco and some Fortinet-s, Cisco use DMVPN and Forti standard VPN with each site. Everything works fine, until we loose VPN connection with site (ISP issues, modem/router restarted), after that controller loose AP. It has IP, i tested capwap all good, but i dont see registered AP on controller. Easy fix, just reboot AP, everything works after that, until next outage.

Its weird, but its happen only with standard VPN with Forti, Cisco DMVPN works good, after outage all APs connect to controller themselves.

Not sure where is issue, VPN config, or need to do something on controller side.

Thanks

Rasika Nayanajith · ‎09-02-2020

Do these AP configure with Primary Controller Name & IP address in "High Availability" configuration of individual AP? If not I would try that.

Also what code version you running on your 3504?

HTH

Rasika

*** Pls rate all useful responses ***

sergo777 · ‎09-03-2020

Thanks Rasika,

3504 is 8.5.110.0

No, it doesnt configure in High Availability ( i checked global conf)

also its happen again and i see this (modem had power outage)

*Sep 3 14:48:24.174: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Sep 3 14:48:27.250: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.10.100, mask 255.255.255.0, hostname AP002

*Sep 3 14:48:34.178: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.200 obtained through DHCP

sergo777 · ‎09-03-2020

i did some more troubleshooting..

looks like this is error

%CAPWAP-3-EVENTLOG: Could not discover any MWAR

Rafael E · ‎09-04-2020

when you see the problem,

can the AP reach the WLC?

If yes, If you check on AP statistics what is the reason for failure?

This message is too general "Could not discover any MWAR" I would not focus on that.

Probably you can benefit from taking a packet capture on your firewall sounds like some packets are being dropped somewhere therefore AP cannot register to WLC

Saludos,
Rafael - TAC

sergo777 · ‎09-04-2020

Its happen when device before AP (modem, router) has been restarted, or VPN down and AP lost connection with controller, i can reboot AP and it works fine.

its sitting in Discovery operationState until next reboot:

AP002#sh capwap client rcb
AdminState : ADMIN_ENABLED
SwVer : 8.5.110.0
NumFilledSlots : 2
Name : AP002
Location :
MwarName :
MwarMacAddr : 0a00.ff1e.0000
MwarHwVer : 0.0.0.0
ApMode : Local
ApSubMode : Not Configured
OperationState : DISCOVERY
CAPWAP Path MTU : 1485
IPv6 Capwap UDPLite : Enabled
Link-Encryption (AP) : Disabled
Link-Encryption (MWAR) : Enabled
Prefer-mode : IPv4
LinkAuditing : disabled
AP Rogue Detection Mode : Enabled
AP Tcp MSS Adjust : Disabled
Predownload Status : None
Auto Immune Status : Disabled
RA Guard Status : Enabled
Efficient Upgrade State : Disabled
Efficient Upgrade Role : None
TFTP Server : Disabled
Antenna Band Mode : Unknown
Universal AP Priming mode : Unprimed
802.11bg(0) Radio

patoberli · ‎09-07-2020

I suggest first doing a software update. The build 8.5.110.0 is very old and has a lot of known bugs. I suggest upgrading to 8.5.161.0 and then test again.

sergo777 · ‎09-10-2020

Thank you! i will try to update it

Arthur Spaehnle · ‎05-05-2023

Hi, did the upgrade work? I'm heaving the same problem with 17.6.5

sergo777 · ‎05-05-2023

no, upgrade didnt help, but all forti gone, replaced to cisco-s and problem gone