05-08-2014 07:39 AM - edited 07-05-2021 12:47 AM
I basically need a confirmation on a particular setup I'm seeing:
So I'm thinking that is the main issue, but why they still end up joining the controller if they are in a different VLAN? I need to move all the AP's in VLAN1
Here is the log:
*May 8 03:50:56.835: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 2)
*May 8 03:50:56.835: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*May 8 03:50:56.835: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.141.80.35:5246
*May 8 03:50:56.915: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*May 8 03:50:56.915: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*May 8 03:50:56.927: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 8 03:50:56.927: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*May 8 03:50:56.939: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*May 8 03:50:56.955: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*May 8 03:50:57.531: %CLEANAIR-6-STATE: Slot 0 down
*May 8 03:50:57.531: %CLEANAIR-6-STATE: Slot 1 down
*May 8 03:50:57.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 8 03:50:57.967: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*May 8 03:50:57.975: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*May 8 03:50:58.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*May 8 03:50:58.967: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*May 8 03:50:58.995: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*May 8 03:50:59.003: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*May 8 03:50:59.011: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 8 03:50:59.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*May 8 03:51:00.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 8 03:51:00.031: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*May 8 03:51:01.031: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*May 8 03:51:06.955: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC-01'(index 0).
*May 8 03:51:06.955: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 8 03:50:57.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.141.80.35 peer_port: 5246
*May 8 03:50:57.447: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.141.80.35 peer_port: 5246
*May 8 03:50:57.447: %CAPWAP-5-SENDJOIN: sending Join Request to 10.141.80.35
*May 8 03:50:57.451: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*May 8 03:50:57.451: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*May 8 03:50:57.451: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*May 8 03:50:57.451: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.141.80.35
*May 8 03:50:57.911: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*May 8 03:50:57.979: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 8 03:50:58.051: ac_first_hop_mac - IP:10.141.84.1 Hop IP:10.141.84.1 IDB:BVI1
*May 8 03:50:58.051: Setting AC first hop MAC: 0000.0c07.ac28
*May 8 03:50:58.051: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*May 8 03:50:58.083: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC-01
*May 8 03:50:58.231: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*May 8 03:50:58.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 8 03:50:58.955: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*May 8 03:50:58.963: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*May 8 03:50:59.051: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*May 8 03:50:59.943: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*May 8 03:50:59.987: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*May 8 03:50:59.995: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*May 8 03:51:00.003: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 8 03:51:00.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*May 8 03:51:00.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 8 03:51:01.027: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*May 8 03:51:02.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*May 8 03:51:14.411: %CLEANAIR-6-STATE: Slot 0 enabled
*May 8 03:51:16.467: %CLEANAIR-6-STATE: Slot 1 enabled
Solved! Go to Solution.
05-09-2014 08:55 AM
For smaller deployments, putting AP's and the WLC on the same subnet is okay. Large deployments, I would seperate them. Once the AP joins, then you can move them to any subnet as they already know of the WLC ip. Option 43, DNS, boradcast forwarding is only really needs for discovery of the WLC for new access points. v7.4.121.1 is a stable code but I would also upgrade the FUS to 1.9.0.0 if possible. This does take around 35-45 munutes.
If your ap's that are havinf issues are specific to a location or maybe a switch, then that might be the issue.... connectivy somehow is breaking. Uptime shows the power up time of the AP, so there is no reboot. Join time, shows you how long it has been joined. I have customers with the same setup and no issues.
Please rate helpful post and Cisco Support Community will donate to Kiva
Scotty
05-08-2014 02:37 PM
AP & WLC management can be in different subnet (infact that is one of a best practice).
What is the WLC software version you running ? If it is below 7.4.x, go for at least 7.4.121.0 code with FUS 1.9.0.0
HTH
Rasika
**** Pls rate all useful responses ****
05-09-2014 07:52 AM
If they are in a different subnet won't I have the same issue with AP's not joining? I believe I'll need to specify DHCP options on the router so that I don't encounter this issue with AP's not joining. Currently I have 7.4.100 with FUS of 1.7.0.0.
Working on a schedule to upgrade all the controllers to 7.4.121 but I was thinking about 1.8.0.0 any specific reason you mentioned 1.9.0.0?
Also no the best practice part, is there a specific reason this is a best practice?
05-09-2014 08:55 AM
For smaller deployments, putting AP's and the WLC on the same subnet is okay. Large deployments, I would seperate them. Once the AP joins, then you can move them to any subnet as they already know of the WLC ip. Option 43, DNS, boradcast forwarding is only really needs for discovery of the WLC for new access points. v7.4.121.1 is a stable code but I would also upgrade the FUS to 1.9.0.0 if possible. This does take around 35-45 munutes.
If your ap's that are havinf issues are specific to a location or maybe a switch, then that might be the issue.... connectivy somehow is breaking. Uptime shows the power up time of the AP, so there is no reboot. Join time, shows you how long it has been joined. I have customers with the same setup and no issues.
Please rate helpful post and Cisco Support Community will donate to Kiva
Scotty
05-09-2014 12:32 PM
Thank you Scott yes as you mentioned AP's were already joined to the controller so the DHCP options were not needed any more. Yes I have a huge deployment coming up and going to need a /23 just for the AP's.
On the 7.4.121 code found out that the one we are running now is no longer the Cisco's suggested IOS so need to schedule these upgrades. Yes FUS upgrades are definitely long and very annoying lol.
05-09-2014 12:47 PM
You can use multiple /24 subnets if you want. That might be better than just creating one large subnet that might grow again.
Please rate helpful post and Cisco Support Community will donate to Kiva
Scotty
05-28-2014 04:34 PM
It is not recommended to have more then 60-80 access points on a vlan. If you do then I would strongly recommend configuring a unicast address for syslog messages from the access points.
From the WLC CLI console:
config ap syslog host global a.b.c.d
I recommend that a.b.c.d is routed to a null 0 or to a real syslog server. If you use something like 1.2.3.4 then you could be sending your syslog messages to the internet.
06-04-2014 05:10 AM
This is news to me and not something I have ever heard before. Also why would I want to send syslog messages from the AP going to an IP that is routed to null 0?
06-04-2014 05:24 AM
Just to give you control over where the packets get dropped.
06-04-2014 01:06 PM
I guess it would also be helpful if I pointed out that if you do not configure the global unicast syslog address that all of the syslog messages will go out as broadcast messages.
05-08-2014 06:36 PM
*May 8 03:50:58.083: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC-01
This is the only time I can see the AP join the WLC. Tell us, what is the "up time" of the AP once joined with the WLC?
05-09-2014 07:53 AM
Up time:
23 d, 20 h 08 m 59 s
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide