Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
3
Replies

Flexconnect AP not working at remote location

patoberli
VIP Alumni
VIP Alumni

‎08-30-2019 04:44 AM - edited ‎07-05-2021 10:55 AM

Hello all

I've configured my first Flexconnect AP and put it into OfficeExtend mode. The remote location is connected via Internet and protected through a VPN. The AP is there connected to a VLAN and the needed UDP ports should be open.

 

On the WLC I see the following in the debug capwap events and error log (filtered for the affected MAC):

*spamApTask2: Aug 30 13:51:14.832: [SA] f4:db:e6:d9:fd:20 Echo Request from 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:14.832: [SA] f4:db:e6:d9:fd:20 Echo Response sent to 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:18.830: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165878
*spamApTask2: Aug 30 13:51:18.830: [SA] f4:db:e6:d9:fd:20 WTP Event Response sent to 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:18.831: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165878
*SNMPTask: Aug 30 13:51:25.821: [SA] f4:db:e6:d9:fd:20 Tx-Power of slot 0 is 3
*SNMPTask: Aug 30 13:51:25.822: [SA] f4:db:e6:d9:fd:20 Tx-Power of slot 1 is 1
*spamApTask2: Aug 30 13:51:40.491: [SA] f4:db:e6:d9:fd:20 Primary Discovery Request from 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:40.491: [SA] f4:db:e6:d9:fd:20 ApModel: AIR-AP2802I-E-K9
*spamApTask2: Aug 30 13:51:40.491: [SA] f4:db:e6:d9:fd:20 apType = 56 apModel: AIR-AP2802I-E-K9
*spamApTask2: Aug 30 13:51:40.491: [SA] f4:db:e6:d9:fd:20 apType: Ox38 bundleApImageVer: 
*spamApTask2: Aug 30 13:51:40.491: [SA] f4:db:e6:d9:fd:20 Primary Discovery Response sent to  172.16.102.124:5248
*spamApTask0: Aug 30 13:51:40.492: [SA] f4:db:e6:d9:fd:20 Primary Discovery Request from fe80::f6db:e6ff:fede:deae:5248
*spamApTask0: Aug 30 13:51:40.492: [SA] f4:db:e6:d9:fd:20 ApModel: AIR-AP2802I-E-K9
*spamApTask0: Aug 30 13:51:40.492: [SA] f4:db:e6:d9:fd:20 Unable to process Primary Discovery Request from f4:db:e6:d9:fd:20 due to missing IPv6 AP Manager interface, discovery request received on interface 8 vlan 612
*spamApTask0: Aug 30 13:51:40.492: [SA] f4:db:e6:d9:fd:20 State machine handler: Failed to process  msg type = 19 state = 11 from fe80::f6db:e6ff:fede:deae:5248
*spamApTask2: Aug 30 13:51:41.256: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165901
*spamApTask2: Aug 30 13:51:41.256: [SA] f4:db:e6:d9:fd:20 WTP Event Response sent to 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:41.698: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165901
*spamApTask2: Aug 30 13:51:41.698: [SA] f4:db:e6:d9:fd:20 WTP Event Response sent to 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:41.698: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165901
*spamApTask2: Aug 30 13:51:41.698: [SA] f4:db:e6:d9:fd:20 WTP Event Response sent to 172.16.102.124:5248
*spamApTask2: Aug 30 13:51:41.728: [SA] f4:db:e6:d9:fd:20 WTP Event Request from 172.16.102.124:5248 epoch 1567165901
*spamApTask2: Aug 30 13:51:41.728: [SA] f4:db:e6:d9:fd:20 WTP Event Response sent to 172.16.102.124:5248

We nowhere have IPv6 enabled.

What confuses me is the IP address, that one is from the local network and not the remote network. 

 

WLC running 8.5.151.0, time is correct and currently no access to remote AP is possible.

 

I tested the AP in another VLAN here in the company and it was working fine.

Any ideas?

All other APs are in local mode and working fine.

 

Thanks

Patrick 

Labels:
0 Helpful
3 Replies 3

pieterh
VIP
VIP

‎08-30-2019 06:22 AM

if I recall right in office-extend mode the AP itself tries to setup a VPN to the WLC !

it is intended to move an AP to any network connected to the internet ad it will "call-home" to the controller.

and provides a WLAN that connects to the internal network

 

but you mention you all ready got a VPN setup to your local network 

-> either remove the office-extend mode

- or connect the ap outside the existing VPN connection (then the WLC must be reachable for office-extend mode)

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to pieterh

‎08-30-2019 07:01 AM

Hmm, but shouldn't it still work through the VPN at the remote site? Yes I'd use two VPNs, which is not very useful, but shouldn't matter a lot.
Then again, maybe I didn't configure OEAP, but just enabled Flexconnect Central-Switching. I think OEAP was not possible because of restrictions. Sadly I didn't document this (my fault, I know) and can't look at it on the WLC now, while the AP is not connected.
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to patoberli

‎09-02-2019 01:55 AM

Solved it.
It was actually not this AP at all (no idea why this one brings those error messages, the AP seems to run correct).

It was a NAT issue on the outer firewall, which NATed the packets into the wrong interface. Once I fixed the NAT, the AP associated within 2 minutes and already has clients connected to it :)
Thanks for the help.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card