Solved: Configuring Indoor AP 2702 in RAP/MAP

Rajhans Shere · ‎11-04-2015

Hi ,

A very good afternoon to all.

This is Rajhans here , and have one query regards to AP 2702. Following is the challenge that i am facing now. I am implementing Wireless RAP/MAP architecture first time.

I have two AP of 2702 Series and a WLC 5508 (Keeping the setup small, In reality i have more than 200 AP)

One 2702 AP i am configuring it as RAP and one 2702 AP i am configuring it as MAP.

My APs are getting registered smoothly with WLC, But the clients are not able to connect and receive ip address from eternal DHCP Server.

Below are the configurations i have done so far.

1. Configured both the 2702 APs in bridge mode.

2. Choose one AP as RAP. The one which has physical cable connected to it.

3. Choosed another 2702 AP as MAP.

4. Disabled the Transpernt bridging.

5. Did not enable ethernet bridging option under Mesh tab of AP

In above step 44 and 5 i have tried enabling it also but no luck.

My setup is very simple. Both the APs are connected with switch over a access port in vlan 1

My users are also from vlan 1.

In the samy office other 2702 APs are working without any problem. But where physical cabling has challenge i am configuring them as RAP/MAP

Am i missing anything here?

Cheerss!!!!

Raj

Sandeep Choudhary · ‎11-06-2015

Hi Rajan,

I tested it and its working for me.

I just allowed client on the backhaul because i dont have antenna for 2.4 Ghz on one of my AP.

what I did:

Below are the configurations i have done so far.

1. Configured both the APs in bridge mode.

2. Choose one AP as RAP. The one which has physical cable connected to it.

3. Choosed another 2702 AP as MAP and then shutdown the port where this AP connected on swicth.

4. Disabled the Transpernt bridging.

5. Enable the Backhaul Clinet access (Dont enable Extended Backhaul Client Access)

5. Did not enable ethernet bridging option under Mesh tab of AP

Regards

Dont forget to rate helpful posts

View solution in original post

Sandeep Choudhary · ‎11-04-2015

Check this post: https://rscciew.wordpress.com/2014/11/15/wlc-mesh-network-configuration/ Regards

Rajhans Shere · ‎11-06-2015

Hi

Thanks for the link.

I have tried the same options. But no luck.

It has one setting of enabling backhaul client access in mesh settings

Is it required for AP2702 ,and when i enable it says all your mesh ap wil reboot.

Reboot mesh ap means will it reboot all the ap or it will reboot only the ap which i connfigured in bridge mode rap/map

Cheers

Raj

Sandeep Choudhary · ‎11-06-2015

It will reboot all Mesh APs and force to reconnect again with RAP.

question:

AP management and Client use the same vlan or different ?

Regards

Rajhans Shere · ‎11-06-2015

Hi,

Both uses same vlan.

Cheers!!

Raj

Sandeep Choudhary · ‎11-06-2015

Hi Rajan,

I tested it and its working for me.

I just allowed client on the backhaul because i dont have antenna for 2.4 Ghz on one of my AP.

what I did:

Below are the configurations i have done so far.

1. Configured both the APs in bridge mode.

2. Choose one AP as RAP. The one which has physical cable connected to it.

3. Choosed another 2702 AP as MAP and then shutdown the port where this AP connected on swicth.

4. Disabled the Transpernt bridging.

5. Enable the Backhaul Clinet access (Dont enable Extended Backhaul Client Access)

5. Did not enable ethernet bridging option under Mesh tab of AP

Regards

Dont forget to rate helpful posts

Rajhans Shere · ‎11-06-2015

Hi,

Thanks for the reply. :)

i tried the same option but its not working.

Also i would like to highlight one option, which initially i thought not required.

My wlc is at location 1 and my APs are at location 2.

when i run the debug i found that it is trying to take ip address from location 1. in debug it reflected the ip address of location 1 dhcp server.

when i added the mac address of RAP and MAP , i choosed interface as branch 2 interface.

Below is the debug capture

(Cisco Controller) >debug client 2c:d0:5a:44:bd:cd

(Cisco Controller) >*pemReceiveTask: Oct 24 13:57:46.346: [PA] 2c:d0:5a:44:bd:cd Sent an XID frame
*apfMsConnTask_0: Nov 07 08:14:52.922: [PA] 2c:d0:5a:44:bd:cd Processing assoc-req station:2c:d0:5a:44:bd:cd AP:a4:6c:2a:11:33:90-00 thread:1511aac0
*apfMsConnTask_0: Nov 07 08:14:52.922: [PA] 2c:d0:5a:44:bd:cd Association received from mobile on BSSID a4:6c:2a:11:33:93 AP Ground_Shop
*apfMsConnTask_0: Nov 07 08:14:52.922: [PA] 2c:d0:5a:44:bd:cd Global 200 Clients are allowed to AP radio

*apfMsConnTask_0: Nov 07 08:14:52.922: [PA] 2c:d0:5a:44:bd:cd Max Client Trap Threshold: 0 cur: 1

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd override for default ap group, marking intgrp NULL
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 96

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Re-applying interface policy for client

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 DHCP_REQD (7) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2399)
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 DHCP_REQD (7) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2420)
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Setting the NAS Id to WLAN specific Id 'EAPOWWLAN1'
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Finding random interface from interface group 'mahape-interfaces' for the client since original interface 'mahape-1' is not operational or marked dirty.
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd STA - rates (4): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd STA - rates (12): 130 132 139 150 12 18 24 36 48 72 96 108 0 0 0 0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] RSNIE in Assoc. Req.: (20)

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] [0000] 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] [0016] ac 01 00 00

*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Processing RSN IE type 48, length 20 for mobile 2c:d0:5a:44:bd:cd
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Received 802.11i 802.1X key management suite, enabling dot1x Authentication
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd RSN Capabilities: 0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd apfValidateDot11iCapabilities:1286 Received RSNIE with Capabilities with STA MFPC: 0, STA MFPR:0, & AP MFPC:0MFPR:0
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Marking Mobile as non-11w Capable
*apfMsConnTask_0: Nov 07 08:14:52.923: [PA] 2c:d0:5a:44:bd:cd Received RSN IE with 0 PMKIDs from mobile 2c:d0:5a:44:bd:cd
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Found an cache entry for BSSID a4:6c:2a:11:33:90 in PMKID cache at index 0 of station 2c:d0:5a:44:bd:cd
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Removing BSSID a4:6c:2a:11:33:90 from PMKID cache of station 2c:d0:5a:44:bd:cd
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Resetting MSCB PMK Cache Entry 0 for station 2c:d0:5a:44:bd:cd
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Setting active key cache index 0 ---> 8
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd unsetting PmkIdValidatedByAp
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd apfValidateDot11wGroupMgmtCipher:1716, Received NULL 11w Group Mgmt Cipher Suite for STA, hence returning

*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd apfMs1xStateDec
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 DHCP_REQD (7) Change state to START (0) last state DHCP_REQD (7)

*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 START (0) Initializing policy
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state START (0)

*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)

*pemReceiveTask: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 Removed NPU entry.
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Encryption policy is set to 0x80000001
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Not Using WMM Compliance code qosCap 00
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Sending 11w Flag 0 for Client 2C:D0:5A:44:BD:CD
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd 0.0.0.0 8021X_REQD (3) Plumbed mobile LWAPP rule on AP a4:6c:2a:11:33:90 vapId 4 apVapId 1 flex-acl-name:
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd apfPemAddUser2 (apf_policy.c:352) Changing state for mobile 2c:d0:5a:44:bd:cd on AP a4:6c:2a:11:33:90 from Associated to Associated

*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd apfPemAddUser2:session timeout forstation 2c:d0:5a:44:bd:cd - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0

*apfMsConnTask_0: Nov 07 08:14:52.924: [PA] 2c:d0:5a:44:bd:cd Sending assoc-resp with status 0 station:2c:d0:5a:44:bd:cd AP:a4:6c:2a:11:33:90-00 on apVapId 1
*apfMsConnTask_0: Nov 07 08:14:52.925: [PA] 2c:d0:5a:44:bd:cd Sending Assoc Response to station on BSSID a4:6c:2a:11:33:90 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_0: Nov 07 08:14:52.925: [PA] 2c:d0:5a:44:bd:cd apfProcessAssocReq (apf_80211.c:9463) Changing state for mobile 2c:d0:5a:44:bd:cd on AP a4:6c:2a:11:33:90 from Associated to Associated

*spamApTask6: Nov 07 08:14:52.927: [PA] 2c:d0:5a:44:bd:cd Sent 1x initiate message to multi thread task for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.928: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.928: [PA] 2c:d0:5a:44:bd:cd EAP-PARAM Debug - eap-params for Wlan-Id :4 is disabled - applying Global eap timers and retries
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.928: [PA] 2c:d0:5a:44:bd:cd Disable re-auth, use PMK lifetime.
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.928: [PA] 2c:d0:5a:44:bd:cd dot1x - moving mobile 2c:d0:5a:44:bd:cd into Connecting state
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.928: [PA] 2c:d0:5a:44:bd:cd Sending EAP-Request/Identity to mobile 2c:d0:5a:44:bd:cd (EAP Id 1)
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd Reset the reauth counter since EAPOL START has been received!!!
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:53
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd Received EAPOL START from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd dot1x - moving mobile 2c:d0:5a:44:bd:cd into Connecting state
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd Sending EAP-Request/Identity to mobile 2c:d0:5a:44:bd:cd (EAP Id 2)
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.953: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.963: [PA] 2c:d0:5a:44:bd:cd Received EAPOL EAPPKT from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.963: [PA] 2c:d0:5a:44:bd:cd Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.963: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd Received EAPOL EAPPKT from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd Received Identity Response (count=1) from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd Resetting reauth count 1 to 0 for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd EAP State update from Connecting to Authenticating for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd dot1x - moving mobile 2c:d0:5a:44:bd:cd into Authenticating state
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.971: [PA] 2c:d0:5a:44:bd:cd Entering Backend Auth Response state for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.972: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.976: [PA] 2c:d0:5a:44:bd:cd Processing Access-Challenge for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.976: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.977: [PA] 2c:d0:5a:44:bd:cd Entering Backend Auth Req state (id=3) for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.977: [PA] 2c:d0:5a:44:bd:cd Sending EAP Request from AAA to mobile 2c:d0:5a:44:bd:cd (EAP Id 3)
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.977: [PA] 2c:d0:5a:44:bd:cd Allocating EAP Pkt for retransmission to mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.977: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd Received EAPOL EAPPKT from mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd Received EAP Response from mobile 2c:d0:5a:44:bd:cd (EAP Id 3, EAP Type 25)
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd Resetting reauth count 0 to 0 for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd Entering Backend Auth Response state for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.984: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.985: [PA] 2c:d0:5a:44:bd:cd Processing Access-Challenge for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.985: [PA] 2c:d0:5a:44:bd:cd reauth_sm state transition 0 ---> 0 for mobile 2c:d0:5a:44:bd:cd at 1x_reauth_sm.c:71
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.985: [PA] 2c:d0:5a:44:bd:cd Entering Backend Auth Req state (id=4) for mobile 2c:d0:5a:44:bd:cd
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.985: [PA] 2c:d0:5a:44:bd:cd Sending EAP Request from AAA to mobile 2c:d0:5a:44:bd:cd (EAP Id 4)
*Dot1x_NW_MsgTask_5: Nov 07 08:14:52.985: [PA] 2c:d0:5a:44:bd:cd Reusing allocated memory for EAP Pkt for retransmission to mobile 2c:d0:5a:44:bd:cd

Rajhans Shere · ‎11-06-2015

my branch 2 also has dhcp server. All other APs of location 2 which are configured in flex connect mode are receving the ip addess from that server, but only RAP and MAP users are falling on location 1 dhcp server

Rajhans Shere · ‎12-22-2015

Hi ALL,

The issue has resolved.

Sandeep, I have enabled the suggested settings and it worked post reboot of AP.

I choose the mode as flex connect + bridge

Also the AP 2702 is indoor AP with omni directional antenna, Hence the space between the RAP and MAP is limited

One Observation was if i keep the MAP AP beyond 50ft of RAP then it continously reboots

Thanks for the help

Cheerss

Raj