ā03-26-2022 02:41 AM
1. I have Ten(10) 2602i and 2702i APs on one site, all APs are intermittent, both models are mixed mode(Flex and local), I have enable link latency on all APs and Max is between 250 and 200, I have got debug logs of APs from controller and one log is common (*osapiBsnTimer: Mar 25 23:02:13.036: [SA] Same gateway prevails), please anybody has information about this log message, what is the reason for this message, I have searched a lot for this log message but couldn't find a concrete answer, btw all things are normal (domain, country code, MIC), Primary and secondary controllers are on same code(8.5.151.0), one more thing is common whenever APs capwap restart, most of time they start redownloading the code.
2. My 2nd question is about ping, when I ping the AP IP from controller CLI or GUI it only pings for 3 packets, how can set the repeat count when I use command on WLC Ping x.x.x.x VLAN XX 100 1500 it still pings for 3 packets or show me incorrect interface.
Thanks
ā03-26-2022 03:06 AM
- I wouldn't get too much involved with the pings, for controller have a config sanity check with : https://cway.cisco.com/tools/WirelessAnalyzer/ also use recommended software release wherever possible : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
M.
ā03-26-2022 06:44 AM
under config boot, which image you see active ?
what is redundancy you have N+1 or SSO? what is your WLC ?
ā03-26-2022 10:07 AM
WLC is 8510, infect when APs started flapping, I migrated all APs to 3rd controller that has 8.0.120.21 code, APs were still intermittent, then I reverted all to 1st and 2nd controllers that have 8.5.151.0 code, but now when they flap they 1st download the old code 120.21 and then latest code 151.0. , I have SSO redundancy..
ā03-26-2022 01:41 PM
please can you share the output form one AP
AP# Show running-config
ā03-26-2022 10:33 PM
Dear MHM, Here is the O/P
dot11 ssid XXXXX
!
dot11 pause-time 100
dot11 syslog
dot11 flex native-vlan-lvl 0
dot11 flex clear 0
eap profile lwapp_eap_profile
method fast
!
no ipv6 cef
!
crypto pki trustpoint cisco-m2-root-cert
revocation-check none
!
crypto pki trustpoint Cisco_IOS_M2_MIC_cert
revocation-check none
!
crypto pki trustpoint airespace-old-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint airespace-new-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint airespace-device-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint cisco-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint Cisco_IOS_MIC_cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
match certificate ciscomic allow expired-certificate
!
crypto pki trustpoint virtual_wlc_trust_point
revocation-check crl
match certificate vwlcssc allow expired-certificate
!
!
!
crypto pki certificate map ciscomic 10
issuer-name co cn = cisco manufacturing ca, o = cisco systems
!
crypto pki certificate map vwlcssc 1
subject-name co o = cisco virtual wireless lan controller
!
crypto pki certificate chain cisco-m2-root-cert
certificate ca 01
30820313 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxx
quit
crypto pki certificate chain Cisco_IOS_M2_MIC_cert
certificate ca 02
30820465 3082034D XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain airespace-old-root-cert
certificate ca 00
30820406 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain airespace-new-root-cert
certificate ca 00
3082045A XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain airespace-device-root-cert
certificate ca 03
3082047F XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain cisco-root-cert
certificate ca 5FF87B282XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain Cisco_IOS_MIC_cert
certificate 263D02A70000002F45A1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
certificate ca 6A6967B3000000000003 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
quit
crypto pki certificate chain virtual_wlc_trust_point
username admin secret XXXXXXXXXXXXXXXXXXXXXXX.
!
!
lldp run
bridge irb
!
!
!
interface Dot11Radio0
no ip route-cache
antenna gain 0
stbc
ampdu transmit priority 1
ampdu transmit priority 2
ampdu transmit priority 3
mbssid
speed 11.0 6.0 basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
power local 7
power client local
packet retries 64 drop-packet
station-role root
!
interface Dot11Radio0.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio0.19
encapsulation dot1Q 19
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface Dot11Radio1
no ip route-cache
antenna gain 0
peakdetect
stbc
ampdu transmit priority 1
ampdu transmit priority 2
ampdu transmit priority 3
mbssid
speed 6.0 9.0 basic-12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
power client local
packet retries 64 drop-packet
station-role root
!
interface Dot11Radio1.18
encapsulation dot1Q 18
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Dot11Radio1.19
encapsulation dot1Q 19
no ip route-cache
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
!
interface Dot11Radio1.20
encapsulation dot1Q 20
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface GigabitEthernet0
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.750
encapsulation dot1Q 750 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address bc16.65XX.XXXX
ip address 172.19.XX.XX 255.255.XXXX
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
interface BVI2
mac-address f41f.c25b.XXXX
no ip address
!
interface BVI3
mac-address 0000.0c44.XXXX
no ip address
!
interface BVI4
mac-address 0000.0c44.XXXX
no ip address
!
interface Virtual-WLAN0
no ip route-cache
!
ip default-gateway 172.19.XX.XX
ip forward-protocol nd
no ip http server
no ip http secure-server
ip ssh version 2
!
!
!
logging trap emergencies
logging origin-id string AP:bc16.XXXX.XXXX
logging facility kern
logging host 172.19.XX.XX
!
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 route ip
bridge 3 route ip
bridge 4 route ip
parser view capwap-config-view
secret 5 XXXXXXXXXXXXXXXXXXXX
commands configure include all capwap
commands exec include all enable
commands exec include configure terminal
commands exec include configure
commands exec include all show capwap
commands exec include show running-config
commands exec include show
!
parser view pnp-config-view
secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX
commands configure include-exclusive capwap ap flexgroup
commands configure include capwap ap
commands configure include capwap
commands exec include all enable
commands exec include configure terminal
commands exec include configure
commands exec include show running-config
commands exec include show
!
!
line con 0
line vty 0 4
transport input ssh
line vty 5 15
transport input ssh
!
capwap ap strict-daisy-rap disable
capwap ap pause-time 100
capwap ap flexgroup default-flex-group
capwap ap unencrypted_data_keep_alive enable
capwap ap hyperlocation disable
capwap ap halo-APflag disable
capwap ap dot1x-port-state 0
capwap ap ble-adv-power 0
end
ā03-27-2022 12:23 AM - edited ā03-27-2022 02:02 AM
Let me know about other information..logs etc
ā03-27-2022 07:47 PM
From the sounds of the downloading, it is failing over to another controller and falling back. You stated your code is different on the controllers so itās download and triggering a fall back due to the fall back being enabled globally on the controller. Aps lose connectivity to that controller and go to their secondary.
ā03-27-2022 09:41 PM
Adam I said just for experiment I migrated APs to the controller that is on old code, but APs were still restarting, then I reverted all to controllers(Primary/secondary) that have latest code.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: