cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
3
Replies

Access Points not joining WLC thru DHCP option

mario.jost
Level 3
Level 3

We have 2 WLCs. One physical and one vWLC. We are in the transition of moving to the new WLC.

We configured DHCP option 43 for the models AP 2800 and AP 1530 Series. We want to point these models to the new WLC with IP 172.16.222.70 whereas the old WLC with IP 172.16.222.75 should be discovered by all other APs thru a DNS lookup.

With the 2800 models, this works fine. They get the option 43 and join the new wlc. Our 1530 access points get the option as well, but then decide to join the old WLC for some reason:

*Mar  1 00:00:44.687: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.240.55, mask 255.255.255.0, hostname AP00c1.649c.0a8e

*Mar  1 00:00:50.155: Currently running a Release Image

*Mar  1 00:00:50.163: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:01:48.167: APAVC: Succeeded to activate all the STILE protocols.

*Mar  1 00:01:48.167: APAVC: Registering with CFT

*Mar  1 00:01:48.167: APAVC: CFT registration of delete callback succeeded

*Mar  1 00:01:48.167: APAVC: Reattaching  Original Buffer pool for system use

*Mar  1 00:01:48.167: Pool-ReAtach: paks 11465 radio10857
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar  1 00:01:51.363: AP image integrity check PASSED

*Mar  1 00:01:51.375: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg

*Mar  1 00:01:51.471: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:52.483: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:01:52.491: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:01:53.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:01:53.515: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:01:54.515: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%Error opening flash:/capwap-saved-config (No such file or directory)
*Mar  1 00:02:01.483: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER.merbag.local"...domain server (172.16.222.50) [OK]

*Mar  1 00:02:11.495: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.222.70 obtained through DHCP
*Mar  1 00:02:21.499: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 12 08:57:32.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.222.75 peer_port: 5246
*Apr 12 08:57:32.563: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.222.75 peer_port: 5246
*Apr 12 08:57:32.567: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.222.75
*Apr 12 08:57:33.219: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WCRZ1001
*Apr 12 08:57:33.283: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.222.75:5246
*Apr 12 08:57:34.319: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 12 08:57:34.327: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 12 08:57:35.319: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 12 08:57:35.355: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 12 08:57:35.363: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 12 08:57:35.371: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 12 08:57:36.355: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 12 08:57:36.363: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 12 08:57:36.391: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 12 08:57:37.391: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 12 08:57:43.411: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 12 08:57:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.222.75 peer_port: 5246
*Apr 12 08:57:44.543: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.222.75 peer_port: 5246
*Apr 12 08:57:44.543: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.222.75
*Apr 12 08:57:45.091: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WCRZ1001

In my understnding the discover process has following order:

1. Layer 3 LWAPP discovery

2. Over-the-Air Provisioning

3. WLC IP addresses cached in NVRAM

4. DHCP option 43

5. DNS lookup

I can join the AP to the new WLC fine, if i enter the IP into the high availablity tab. But that is not the point. The 1530 (to be more precise: AIR-CAP1532I-E-K9) models dont seem to follow the hardcoded joining order. If i clear all config from the AP on both controllers, the ap is joining the old WLC again.

Anyone has any idea what seems to be the problem here?

3 Replies 3

Leo Laohoo
Hall of Fame
Hall of Fame

The 1530 models dont seem to follow the hardcoded joining order.

Did you add the MAC address of the 1530 into the MAC address filter?

Dear Leo

Yes, I added the MAC address to the new WLC. As i wrote into my post:

I can join the AP to the new WLC fine, if i enter the IP into the high availablity tab. But that is not the point.

mario.jost
Level 3
Level 3

I ended up opening a tac case for this. This 1530 models were not behaving in another way. They behaved like other access point models i tried (1142, 2602, 1530). Only the 2802 models joined the new vWLC because the firmwareversion on the old WLC was too old for them. The 2802 were too new and were not supported by the old WLC firmware anymore.

So the order above is just for discovering the WLC's. Once all WLCs have been discovered, the access point selects one from the following order:

1. The WLC has been configured on the AP, either on the cli or the high availability tab.

2. The WLC is a master WLC.

3. The lowest load based on percentage of licenses used

The problem on my setup was, that the old WLC was configured as master WLC. As soon as i upgraded the vWLC as master, Rule number 3 came into place and the APs joined the WLC with the most unused licenses available.

You can change master role on a WLC under Controller > Advanced > Master Controller Mode

No need to reboot or interrupt service in any way. Hope i can help with somone else having the same problem. Altough our setup is a very uncommon one.

Review Cisco Networking for a $25 gift card