cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
6
Helpful
24
Replies

Ap 9130 can't access to 9800-L-F

sigcerder
Level 1
Level 1

Hi Collegues.
Can you help me solve a problem. There is an issue with connecting a Cisco AP 2802 access point to a Cisco 9800-L wireless controller.
The access point fails during the CAPWAP Discovery stage, and the following logs are observed on the AP console:

[*11/19/2024 18:22:27.7743] CAPWAP State: Discovery
[*11/19/2024 18:22:27.7788] Not Sending the TLV_AP_EWLC_TAGS_PAYLOAD.
[*11/19/2024 18:22:27.7791] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:22:27.7845] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*11/19/2024 18:23:01.9391] Received Capwap watchdog update msg.
[*11/19/2024 18:23:34.6082] !!!!! {watchdogd} Unable to reach gateway for 1200 seconds


Network Diagram

Switch: Cisco CBS350 in L2 mode connects the controller and the AP.
Wireless Controller: Cisco 9800-L-F (physical) is configured with a management VLAN (VLAN 2, IP 10.1.2.7).
Access Point: Cisco AP 2802 connected in VLAN 60 (IP 10.1.60.10) on SW
Router: GW-1111 acting as the gateway and DHCP server for the network:
Router IP: 10.1.2.1.
DHCP server provides IP addresses for VLAN 60.

 

Screenshot_4.png


Error Details
The AP and controller can ping each other successfully.
However, the CAPWAP Discovery process fails, and the AP switches to standalone mode.

I guess there is a possible issues, incorrect trustpoint on the controller — does it need to be reconfigured or reissued?
What mode is recommended for configuring the controller — L2 between the router and the switch or L3?
What additional configurations are required to ensure successful CAPWAP Discovery?

 

GW Configuration:

interface GigabitEthernet0/1/2
description SW-C350
switchport
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk

interface Vlan2
description NETWORK-MGMT
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly

interface Vlan60
description LWAP
ip address 10.1.60.254 255.255.255.0
ip nat inside
ip virtual-reassembly

ip default-gateway 10.1.100.254

ip dhcp pool VLAN60
network 10.1.60.0 255.255.255.0
default-router 10.1.60.254
dns-server 8.8.8.8 8.8.4.4
lease 30
!


SW Configuration:

interface vlan 2
name NETWORK_MGMT
ip address 10.1.2.2 255.255.255.0

interface GigabitEthernet7
description AP-9130
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan none
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!
interface GigabitEthernet17
description 9800
switchport mode trunk
switchport access vlan none
switchport trunk native vlan 2
!
ip dhcp snooping
ip dhcp snooping information option allowed-untrusted
ip dhcp snooping vlan 2
ip default-gateway 10.1.2.1


9800 Configuration:

vlan 60
name LWAP

interface TwoGigabitEthernet0/0/0
switchport trunk native vlan 60
switchport mode trunk
negotiation auto
!
interface TwoGigabitEthernet0/0/1
negotiation auto
!
interface TwoGigabitEthernet0/0/2
negotiation auto
!
interface TwoGigabitEthernet0/0/3
no switchport
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface TenGigabitEthernet0/1/0
description SW-C350
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate
negotiation auto
!
interface TenGigabitEthernet0/1/1
no negotiation auto
no snmp trap link-status
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address dhcp
negotiation auto
!
interface Vlan1
no ip address
no ip proxy-arp
shutdown
!
interface Vlan2
ip address 10.1.2.7 255.255.255.0
no ip proxy-arp
!
ip default-gateway 10.1.2.1
ip route 0.0.0.0 0.0.0.0 10.1.2.1
!
!

2 Accepted Solutions

Accepted Solutions

Haydn Andrews
VIP Alumni
VIP Alumni

Looks like you have defined the native vlan on the WLC but not on the switch port
also recommend defining the native vlan for the AP

Can you ping the WLC from the source interface of the AP VLAN from the router?

can you do a show interfaces trunk on the switch and WLC
and show wireless interface summary on the WLC

Which physical port is connected from the WLC to the switch

 

You may also need this command:
wireless management interface interface-type interface-number

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

Which is exactly why I was asking whether they'd tried Config Analyzer @Haydn Andrews - that will highlight obvious mistakes like missing wireless management interface.  So far not seen any reply ...

View solution in original post

24 Replies 24

sigcerder
Level 1
Level 1

I also tried another access point, the 9130 model, and the result was the same.

@sigcerder hi have you tried configuring the DHCP option 43 as mentioned by @Flavio Miranda and @balaji.bandi .

Configure DHCP OPTION 43 for Lightweight Access Points - Cisco

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

@sigcerder 

A few considerations. The title says

AP 9130 but you mention after AP 2800.

Second, you have the AP apparently in a different vlan from the WLC management interface. If you add the AP on vlan 2, It would probably find the WLC but as you connected in vlan 60, the AP seems to be failing to find the WLC. You need to setup the WLC's IP address on the AP with capwap command or you need to inform the WLC management IP using DHCP option 43.

 I see you have "ip nat inside" on vlan 60. I dont see the whole router config but It could interfere on the communication between AP and WLC.

 Last, If the AP is 2800 and WLC 9800, take a look on the version and AP bundle. 2800 is a bit old already.

balaji.bandi
Hall of Fame
Hall of Fame

If the switch is acting as layer two only and the GW router doing all related routing, then you need to enable IP routing and

what is the IP default gateway 10.1.100.254 (where is this IP ?)

you need to fix routing and option 43 for AP to join WLC

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1552hz/installation/guide/1552hzhig/1552hz_axf.pdf

make sure you also check the compatible matrix

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leo Laohoo
Hall of Fame
Hall of Fame

Look at the time and date of the logs from the AP. 

Make sure the WLC's time and date is correct.

sigcerder
Level 1
Level 1

I completely forgot to mention that I tried configuring Option 43 on the DHCP server and applied it to the 9130 access point. The log was as follows:

[*11/19/2024 18:05:31.5110] CAPWAP State: Discovery
[*11/19/2024 18:05:31.5141] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:05:31.5243] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:05:31.5282] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*11/19/2024 18:05:31.7907] AP: Got IP address from DHCP, WLC IP: 10.1.2.7

I also accessed the access point directly and manually specified the controller details (for both the 2802 and 9130 models) using the following command:
capwap ap primary-base WLC-9800 10.1.2.7

The controller is running version 17.12.3.

The 9130 AP was manually upgraded. Initially, I used it as an Embedded Wireless Controller (EWC). Unfortunately, I don’t remember the exact firmware version, but it was relatively recent—either 17.9 or 17.11, so it definitely wasn’t an AireOS-based firmware. I can check the exact version later when I return to the location.

Additionally, the address 10.1.100.254 is configured on the router (10.1.2.1), but I believe it should be removed as it is no longer relevant.

As an experiment, I added ip nat inside for VLAN 60. However, this VLAN was not intended to use NAT, and there is no difference in behavior with or without this configuration.

Most of the commands and actions were executed on the 9130 AP, but I later added the 2802 AP to verify that the issue is not with the access point itself.

Let me know if you need further details or clarification!

@sigcerder 

The problem seems to be connectivity.

[*11/19/2024 18:23:34.6082] !!!!! {watchdogd} Unable to reach gateway for 1200 seconds

Add the AP to vlan 2 and Will Join the wlc

I added my AP to Vlan2, but it doesn't work

 

show capwap client config

 

AdminState : ADMIN_ENABLED(1)
Name : AP2
Location : default location
Primary controller name : WLC-9800
Primary controller IP : 10.1.2.7
Secondary controller name :
Tertiary controller name :
ssh status : Disabled
ApMode : Local
ApSubMode : Not Configured
Link-Encryption : Disabled
OfficeExtend AP : Disabled
Discovery Timer : 10
Heartbeat Timer : 30
Syslog server : 255.255.255.255
Syslog Facility : 0
Syslog level : errors
AP join priority : 1
IP Prefer-mode : Unconfigured
CAPWAP UDP-Lite : Unconfigured
AP retransmit count : 5
AP retransmit timer : 3
AP lsc enable : 0
AP Policy Tag : UNKNOWN
AP RF Tag : UNKNOWN
AP Site Tag : UNKNOWN
AP Tag Source : 0
Static IP Failover : True
Static Wired IP : 10.1.2.30
Static Wired Netmask : 255.255.255.0
Static Wired Netmask : 10.1.2.1
AP lsc reboot cnt : 0
AP lsc max num of retry : 1
AP lsc mode : 0x1
AP lsc dtls fallback state : 0
SwVer : 17.6.4.56
spamStatTimer : 30
Led State Enabled : 1
Led Brightness Level : 8
Primed Interval : 0
AP ILP Pre-Standard Switch Support : Disabled
IPv4 TCP MSS Adjust : Disabled
IPv6 TCP MSS Adjust : Disabled
LinkFailure : 0
SpamReboots : 27
ApCrashes : 0
AP VLAN Tag status : Disabled 0
AP Power Injector : Disabled
Indoor Deployment : 0
Slot 0 Config:
Radio Type : RADIO_TYPE_80211bg

 

[*11/19/2024 18:04:56.6968] CAPWAP State: Discovery
[*11/19/2024 18:04:56.7079] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:04:56.7094] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:04:56.7108] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*11/19/2024 18:05:26.1569]
[*11/19/2024 18:05:26.1569] CAPWAP State: Discovery
[*11/19/2024 18:05:26.1622] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:05:26.1640] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:05:26.1655] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)

 

Configuration from SW:

interface GigabitEthernet7
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan none
switchport trunk native vlan 2
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!

 


@sigcerder wrote: 
[*11/19/2024 18:02:06.7895] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:02:06.7913] Discovery Request sent to 10.1.2.7, discovery type STATIC_CONFIG(1)
[*11/19/2024 18:02:06.7928] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)

The AP has sent out Discovery Request but there is no response from 10,1.2.7.  

Change the switch port to access (instead of a trunk).

Your AP does not have connectivity with the WLC

This configuration seems to be not right. Can you change this?

interface GigabitEthernet7
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan none
switchport trunk native vlan 2
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type switch
!

default interface GigabitEthernet7

interface GigabitEthernet7

switchport mode access

switchport  access vlan 2

Test only with this config.

sigcerder
Level 1
Level 1

The time and date on the controller are set correctly; I checked this first. Unfortunately, it didn't help either.

Console into the AP and reboot.

Post the entire bootup process.

Complete AP loading process

Share below 
show ap uptime 
show wireless stats ap join summary 
show wireless stats ap mac address <mac of AP> join detailed
then run below debug and share output (note run debug one by one)
debug cap client error 
debug cap client events

MHM

Review Cisco Networking for a $25 gift card