Hi,

What about APs that are not directly connected, can they connect to a centralized controller (5700 for example) instead ? 

In my case the AP sees the 3650 but fails to join it (as expected), and then it won't go further trying to join other controllers.

I've even tried to configure the controller manualy on a selected AP, without any luck. 

No, if a switch is configured as a MA it will not allow the CAPWAP tunnel to pass upstream.  The only way you could make that work, is if you had a path from the AP to the WLC that didn't have to cross through a MA.

HTH,

Steve

Hi Steve,

In 3.6 if you put AP onto different vlan other than wireless management, it would go & register to a central WLC.

"AP pass through" is coming on the next release which is the same function.

HTH

Rasika

Hi Rob,

How is your setup in place ? Is it something like this 

AP <-> 3650 <-> core network <-> 5760 

If you want AP to register for your 3650 you have to do these

1. If your 3650 act as MA & 5760 act as MC, then AP licence will reside on 5760. So you have to have mobility configured between 5760/3650.
2. In this scenario, you have to create a wireless management interface (SVI) on your 3650 & AP to connect to the switchports configured with same vlan access port.

Refer this for a similar setup config

http://mrncciew.com/2013/12/14/3850ma-with-5760mc/

If you want 3650 act as MA/MC (no centralized controller like 5760/5508 as MC)

1. In addition to the wireless management interface, you have to change the mobility role as "mobility controller" 
2. Then AP connects directly to 3650 on the same vlan as wireless management.
3. In this case your 3650 should have licences.

Refer this for similar setup

http://mrncciew.com/2013/09/29/getting-started-with-3850/

If you have indirectly connect switches & those AP needs to register to a  central controller, then you have to put them on to any other vlan other than wireless management vlan configured on your 3650.(IOS-XE should be 3.6 onward)

Let me know if you want help further.. Happy to have a look if you could extend access remotely.

Pls do not forget to rate our responses if that useful.

HTH

Rasika

Hi Rasika and thanks for the quick response! 

The setup looks something like this:

AP <-> L2 switch <-> 3650 (MC) <-> core network <-> 5760 
But there are also AP's directly connected to the 3650, that works just fine. 

So the solution is to put the indirectly connected APs on a different VLAN than the wireless management. Okey. :)

But Im a little curious why the discovery/join process stops on the AP-side, after it fails to join the 3650. Why will it not continue to try connect/join to a centralized controller? I did a debug ip udp (on the AP) and saw packets go out to the centralized controller(s) after configuring the capwap controller ip. Im not trying to be difficult here, Im just curious. Hehe

Below is a stripped down log from the AP that is indirectly connected:

UDP: sent src=XXX.XXX.XXX.85(60244), dst=YYY.YYY.YYY.70(5246), length=211
UDP: sent src=XXX.XXX.XXX.85(60244), dst=255.255.255.255(5246), length=211
UDP: rcvd src=XXX.XXX.XXX.87(5246), dst=XXX.XXX.XXX.85(60244), length=120
%CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: XXX.XXX.XXX.87 peer_port: 5246
UDP: sent src=XXX.XXX.XXX.85(60244), dst=XXX.XXX.XXX.87(5246), length=103
DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x502C428!

XXX.XXX.XXX.85 = AP
XXX.XXX.XXX.87 = 3650 (MC)
YYY.YYY.YYY.70 = 5760

Did 1602 register to the centralized controller once you put it to different vlan ?  

But Im a little curious why the discovery/join process stops on the AP-side, after it fails to join the 3650. Why will it not continue to try connect/join to a centralized controller? 

This is because your AP does not know 5760 WLC existence unless you tell him (statically, DHCP option 43, etc). If you configure your AP like below statically it should go & register to your 5760. (assuming 3650 running 3.6 IOS-XE)

LAP#capwap ap primary-base <5760_Name> <5760_mgt_IP>

HTH

Rasika

*** Pls rate all useful responses ****

Very strange, but if I understand you correctly it should work when the AP is still on the same vlan as the wireless management? 

The 3650 has 3.6 IOS-XE yes..

We have both Option 43 in place, and configured primary-base on the AP, but it still wont connect to the 5760. (they are still on the same vlan as wireless management tho). 

The log that I've pasted in one post up, shows that there is a UDP packet going out from the AP to the 5760, but nothing else happens.. It "hangs" on the process of trying to join the 3650. 

edit: Other APs on a different vlan (and location) than the wireless management connect to the centralized controller without any problems, yes.

but if I understand you correctly it should work when the AP is still on the same vlan as the wireless management? 

NO, It is not correct understanding. 3650 with IOS-XE 3.6 will not allow to capwap to go out if it is coming from wireless management vlan (in previous versions I think irrespective of vlan it won't allow capwap to go out when you enable MA role)

If you put 1602 to different vlan & configured with primary WLC as 5760 what is the behavior ?

HTH

Rasika

*** Pls rate all useful responses ****