cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
10
Helpful
8
Replies
Erfan7
Beginner

APs capwap is not stable..and How to ping the AP from controller

1. I have Ten(10) 2602i and 2702i APs on one site, all APs are intermittent, both models are mixed mode(Flex and local), I have enable link latency on all APs and Max is between 250 and 200, I have got debug logs of APs from controller and one log is common (*osapiBsnTimer: Mar 25 23:02:13.036: [SA] Same gateway prevails), please anybody has information about this log message, what is the reason for this message, I have searched a lot for this log message but couldn't find a concrete answer, btw all things are normal (domain, country code, MIC), Primary and secondary controllers are on same code(8.5.151.0), one more thing is common whenever APs capwap restart, most of time they start redownloading the code.

 

2. My 2nd question is about ping, when I ping the AP IP from controller CLI or GUI it only pings for 3 packets, how can set the repeat count when I use command on WLC Ping x.x.x.x VLAN XX 100 1500 it still pings for 3 packets or show me incorrect interface.

 

Thanks

8 REPLIES 8
marce1000
VIP Mentor

 

 - I wouldn't get too much involved with the pings, for controller have a config sanity check with : https://cway.cisco.com/tools/WirelessAnalyzer/ also use recommended software release wherever possible : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html 

  M.

MHM Cisco World
Advisor

under config boot, which image you see active ? 
what is redundancy you have N+1 or SSO? what is your WLC ?

WLC is 8510, infect when APs started flapping, I migrated all APs to 3rd controller that has 8.0.120.21 code, APs were still intermittent, then I reverted all to 1st and 2nd controllers that have 8.5.151.0 code, but now when they flap they 1st download the old code 120.21 and then latest code 151.0. , I have SSO redundancy..

please can you share the output form one AP
AP# Show running-config 

Dear MHM, Here is the O/P

 

dot11 ssid XXXXX

!

dot11 pause-time 100

dot11 syslog

dot11 flex native-vlan-lvl 0

dot11 flex clear 0

eap profile lwapp_eap_profile

 method fast

!

no ipv6 cef

!

crypto pki trustpoint cisco-m2-root-cert

 revocation-check none

!

crypto pki trustpoint Cisco_IOS_M2_MIC_cert

 revocation-check none

!

crypto pki trustpoint airespace-old-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-new-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-device-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint cisco-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint Cisco_IOS_MIC_cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

 match certificate ciscomic allow expired-certificate

!

crypto pki trustpoint virtual_wlc_trust_point

 revocation-check crl

 match certificate vwlcssc allow expired-certificate

!

!

!

crypto pki certificate map ciscomic 10

 issuer-name co cn = cisco manufacturing ca, o = cisco systems

!

crypto pki certificate map vwlcssc 1

 subject-name co o = cisco virtual wireless lan controller

!

crypto pki certificate chain cisco-m2-root-cert

 certificate ca 01

  30820313 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxx

 

        quit

crypto pki certificate chain Cisco_IOS_M2_MIC_cert

 certificate ca 02

  30820465 3082034D XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

        quit

crypto pki certificate chain airespace-old-root-cert

 certificate ca 00

  30820406 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

        quit

crypto pki certificate chain airespace-new-root-cert

 certificate ca 00

  3082045A XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

        quit

crypto pki certificate chain airespace-device-root-cert

 certificate ca 03

  3082047F XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain cisco-root-cert

 certificate ca 5FF87B282XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

        quit

crypto pki certificate chain Cisco_IOS_MIC_cert

 certificate 263D02A70000002F45A1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

        quit

 certificate ca 6A6967B3000000000003 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

        quit

crypto pki certificate chain virtual_wlc_trust_point

username admin secret XXXXXXXXXXXXXXXXXXXXXXX.

!

!

lldp run

bridge irb

!

!

!

interface Dot11Radio0

 no ip route-cache

 antenna gain 0

 stbc

 ampdu transmit priority 1

 ampdu transmit priority 2

 ampdu transmit priority 3

 mbssid

 speed  11.0 6.0 basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.

 power local 7

 power client local

 packet retries 64 drop-packet

 station-role root

!

interface Dot11Radio0.18

 encapsulation dot1Q 18

 no ip route-cache

 bridge-group 2

 bridge-group 2 subscriber-loop-control

 bridge-group 2 spanning-disabled

 bridge-group 2 block-unknown-source

 no bridge-group 2 source-learning

 no bridge-group 2 unicast-flooding

!

interface Dot11Radio0.19

 encapsulation dot1Q 19

 no ip route-cache

 bridge-group 3

 bridge-group 3 subscriber-loop-control

 bridge-group 3 spanning-disabled

 bridge-group 3 block-unknown-source

 no bridge-group 3 source-learning

 no bridge-group 3 unicast-flooding

!

interface Dot11Radio0.20

 encapsulation dot1Q 20

 no ip route-cache

 bridge-group 4

 bridge-group 4 subscriber-loop-control

 bridge-group 4 spanning-disabled

 bridge-group 4 block-unknown-source

 no bridge-group 4 source-learning

 no bridge-group 4 unicast-flooding

!

interface Dot11Radio1

 no ip route-cache

 antenna gain 0

 peakdetect

 stbc

 ampdu transmit priority 1

 ampdu transmit priority 2

 ampdu transmit priority 3

 mbssid

 speed  6.0 9.0 basic-12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.

 power client local

 packet retries 64 drop-packet

 station-role root

!

interface Dot11Radio1.18

 encapsulation dot1Q 18

 no ip route-cache

 bridge-group 2

 bridge-group 2 subscriber-loop-control

 bridge-group 2 spanning-disabled

 bridge-group 2 block-unknown-source

 no bridge-group 2 source-learning

 no bridge-group 2 unicast-flooding

!

interface Dot11Radio1.19

 encapsulation dot1Q 19

 no ip route-cache

 bridge-group 3

 bridge-group 3 subscriber-loop-control

 bridge-group 3 spanning-disabled

 bridge-group 3 block-unknown-source

 no bridge-group 3 source-learning

 no bridge-group 3 unicast-flooding

!

interface Dot11Radio1.20

 encapsulation dot1Q 20

 no ip route-cache

 bridge-group 4

 bridge-group 4 subscriber-loop-control

 bridge-group 4 spanning-disabled

 bridge-group 4 block-unknown-source

 no bridge-group 4 source-learning

 no bridge-group 4 unicast-flooding

!

interface GigabitEthernet0

 no ip route-cache

 duplex auto

 speed auto

!

interface GigabitEthernet0.750

 encapsulation dot1Q 750 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

 no bridge-group 1 source-learning

!

interface BVI1

 mac-address bc16.65XX.XXXX

 ip address 172.19.XX.XX 255.255.XXXX

 no ip route-cache

 ipv6 address dhcp

 ipv6 address autoconfig

 ipv6 enable

!

interface BVI2

 mac-address f41f.c25b.XXXX

 no ip address

!

interface BVI3

 mac-address 0000.0c44.XXXX

 no ip address

!

interface BVI4

 mac-address 0000.0c44.XXXX

 no ip address

!        

interface Virtual-WLAN0

 no ip route-cache

!

ip default-gateway 172.19.XX.XX

ip forward-protocol nd

no ip http server

no ip http secure-server

ip ssh version 2

!

!

!

logging trap emergencies

logging origin-id string AP:bc16.XXXX.XXXX

logging facility kern

logging host 172.19.XX.XX

!

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 2 route ip

bridge 3 route ip

bridge 4 route ip

parser view capwap-config-view

 secret 5 XXXXXXXXXXXXXXXXXXXX

 commands configure include all capwap

 commands exec include all enable

 commands exec include configure terminal

 commands exec include configure

 commands exec include all show capwap

 commands exec include show running-config

 commands exec include show

!

parser view pnp-config-view

 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX

 commands configure include-exclusive capwap ap flexgroup

 commands configure include capwap ap

 commands configure include capwap

 commands exec include all enable

 commands exec include configure terminal

 commands exec include configure

 commands exec include show running-config

 commands exec include show

!        

!

line con 0

line vty 0 4

 transport input ssh

line vty 5 15

 transport input ssh

!

capwap ap strict-daisy-rap disable

capwap ap pause-time 100

capwap ap flexgroup default-flex-group

capwap ap unencrypted_data_keep_alive enable

capwap ap hyperlocation disable

capwap ap halo-APflag disable

capwap ap dot1x-port-state 0

capwap ap ble-adv-power 0

end

Erfan7
Beginner

Let me know about other information..logs etc

AdamF1
Beginner

From the sounds of the downloading, it is  failing over to another controller and falling back. You stated your code is different on the controllers so it’s download and triggering a fall back due to the fall back being enabled globally on the controller. Aps lose connectivity to that controller and go to their secondary. 

Erfan7
Beginner

Adam I said just for experiment I migrated APs to the controller that is on old code, but APs were still restarting, then I reverted all to controllers(Primary/secondary) that have latest code.

Create
Recognize Your Peers
Content for Community-Ad