Re: LAP1142N do not join a WLC4402 using CAPWAP over WAN link

thomaslegler · ‎02-26-2009

We have a WLC4402 with FW 5.2.157.0. At the WLC site LAP1142N have no problems to join the WLC. This might be a prove to have a CAPWAP enabled image.

00:1c:f6:XX:XX:XX.......................................... Joined (1131)

00:1d:45:XX:XX:XX.......................................... Joined (1242 H-REAP)

00:22:90:XX:XX:XX.......................................... Joined (1142 on WLC site)

The LAP1142N comes out of the box. In the branch site we've a DSL WAN link with IP-Tunnel between 2 2800 Series ISR. There are no access lists which may block CAPWAP. A LAP1242AG has joined immediately without any problems.

On the access point console I get these informations:

LAP1142N:

*Mar 1 01:19:07.057: CAPWAP Control mesg Sent to 192.168.X.X, Port 5246

*Mar 1 01:19:07.057: Msg Type : CAPWAP_DISCOVERY_REQUEST

*Mar 1 01:19:07.057: Msg Length : 29

*Mar 1 01:19:07.057: Msg SeqNum : 0

*Mar 1 01:19:07.057: CAPWAP Control mesg Sent to 255.255.255.255, Port 5246

*Mar 1 01:19:07.057: Msg Type : CAPWAP_DISCOVERY_REQUEST

*Mar 1 01:19:07.057: Msg Length : 29

*Mar 1 01:19:07.057: Msg SeqNum : 0

The WLC has been discovered and the packets will be sent to the correct IP address.

On the WLC I see following errors in debug:

Controller:

*Feb 26 15:14:00.371: 00:22:90:XX:XX:XX AP not registering with BASE MAC.

*Feb 26 15:14:00.371: Failed to parse CAPWAP packet from 192.168.X.X:2331

*Feb 26 15:14:00.371: Failed to process packet from 192.168.X.X:2331

Now I run out of ideas about this problem.

Kind regards

Thomas

Leo Laohoo · ‎02-26-2009

Console into the AP and type the following commands:

lwapp ap controller ip add

thomaslegler · ‎03-13-2009

Thanks for your answer. Unfortunately this is no solution.

The access point comes out of the box. When it starts, the controller could be found via DNS query. The controller has been contacted but the controller is unable to parse the received frame header.

Because the frame is really small I don't believe in an MTU problem.

Moreover the command is not possible to give. It responds an error. I attempt it several times.

dennischolmes · ‎03-13-2009

Are you using a firewall? If you are the old UDP ports for LWAPP are no longer valid. 12222 and 12223 will no longer need to be open. You need 5246 for control and 5247 for data to be open in your firewalls.

rseiler · ‎03-13-2009

Do you have the clock set on the controller? Are you using NTP on the controller?

I'm assuming you have firewall policy/ACLs to permit the CAPWAP protocol vs LWAPP.

The last item to check is when you say DSL and WAN link, what does that mean? Is this a VPN link over the Internet?

Are you using a VPN tunnel? What is an "IP-tunnel" you refer to? GRE/IP? IPSEC?

What is the config of the DSL? ATM or PPPoE?

This may be an IP MTU issue. Try the 'ip tcp mss-adjust 1380' command on the *inside* LAN interface on both ends of the connection.

Leo Laohoo · ‎03-15-2009

Ok then. Connect your 1142 into the same LAN segment with your WLC and prime it.

If there no WLC at the branch site, are you using H-REAP?