Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2590
Views
4
Helpful
7
Replies

Mobility Express and Aironet 3800

Go to solution
drdrewusaf
Level 1
Level 1

‎03-23-2024 08:02 AM

Hi All!

I have a 3800i (second hand) and I'm banging my head against the wall with setting up Mobility Express.  I was a CCNP back when CLI and IOS were the de facto, and this new era of devices are either too easy or too hard...

I've (seemingly) successfully converted the AP to ME on 8.10.185 to be used as a controller and AP.  The AP boots and does both web provisioning and console provisioning (seemingly) successfully, but after that it's all downhill into weirdness.  The AP is attached to an 1112-8p ISR.  My previous WAP (3702i) was trunked to the router with VLAN 5 as management/native (DHCP on the ISR) and VLAN 11 (DHCP on the ISR) for clients.  I've tried to get the 3800 to work properly on the same setup, but I cannot get the AP to use the right VLANs.  No matter how I set the WLAN up, clients are being given IPs in the management VLAN.  As a workaround, I've made it an access port now and have set it to a static IP in client VLAN for management.  I've also had it working by setting the native VLAN to 11, but then the management interface is handed a client IP. 

The weirdest and most annoying part is, even though it's working, the AP itself doesn't "join" to itself.  So my dashboard shows 0 APs, and 0 clients (with a single rogue client every now and then) even though it's working (I'm using the WLAN to post this).  Screenshots attached.

Please help!  I'll post any console outputs that might help, but I don't know what's useful in this new-fangled/half-baked CLI.

ISR original AP interface config:

 

interface GigabitEthernet0/1/7
 description WAP
 switchport trunk native vlan 5
 switchport trunk allowed vlan 1,5,11,1002-1005
 switchport mode trunk
 zone-member security INSIDE

 

ISR current workaround config:

 

interface GigabitEthernet0/1/7
 description WAP
 switchport access vlan 11
  switchport mode access
 zone-member security INSIDE

 

Thanks!

 

Andrew

Preview file
180 KB
Preview file
191 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
drdrewusaf
Level 1
Level 1

‎03-25-2024 08:31 AM - edited ‎03-25-2024 08:32 AM

After reworking a lot of settings, I ran the analyzer again.  It led me to the 5GHz radio role being set to DOWNLINK.  I also found a Cisco Community post saying that backhaul client-serving needed to be enabled.  Well, then I decided to look at the AP settings one more time and noticed that the Operating Mode for the AP was Controller & Bridge.  I set it to AP & Controller and the 5GHz SSID came up immediately.

Additional solution steps: 

Ok, I've done some learning and got it almost working 100%. Using debug capwap errors enable, I found two issues.

First, regardless of any setting anywhere, the AP always sees the CAPWAP messages on VLAN0.  So, I set: config interface vlan management 0.  That started association, but if failed after that.

Reading the errors, I found that there was a regulatory domain conflict.  I didn't think the APs were hard locked to domains and you could select any (I had US selected).  Since my AP is a 3802i-E, I set the regulatory domain to a European country.  That fixed the association.

Both of those fixes combined to fix the VLAN tagging issue I was having (clients getting IPs from the management VLAN instead of the client VLAN).

Thanks again for the help!

 

Andrew

View solution in original post

7 Replies 7

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-23-2024 09:10 AM

 

   - Have a checkup of the mobility express controller configuration using : WirelessAnalyzer input (procedure) for AireOs controllers
      and feed that output into : Wireless Config Analyzer

   Stuff like 

zone-member security INSIDE

    worries me  (from the ISR) ; my proposal would be to connect the 3800 to a simple switch only and from that (the switch) 'let the needed vlans arrive from the ISR'  (or do the reverse ,define them , define them on the ISR too e.g.) , check if that makes a difference

 M.

 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
drdrewusaf
Level 1
Level 1
In response to marce1000

‎03-23-2024 11:05 AM

Thanks for that tool!  It was insightful!  I made some changes (the switchport is trunked as native 11, removed the zone-member statement).  Also realized I was considering the WLAN config the place to define VLANs; clearly it's not.  The fact that I can't configure the AP's ethernet ports directly threw me off.  In any case, the report is attached here.  The tool recommended, and I upgraded to 8.10.190.  I also removed the management VLAN from the WLAN (even though the tool still flags it).

Regardless of that, the AP is still not recognized by itself... I'm not sure where to go from here.  It seems like such a simple thing to have a controller recognize itself as an AP.

Any other tips?

 

Andrew

Preview file
92 KB
0 Helpful

Go to solution
drdrewusaf
Level 1
Level 1

‎03-23-2024 11:52 AM

I should also mention that the LED is constantly alternating green and red, indicating that it's still associating. But I don't know where to look to see the status or errors preventing association.

 

Andrew

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to drdrewusaf

‎03-24-2024 12:39 AM

 

 - Post the complete boot process of the Mobility Express AP , 

 M,



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
drdrewusaf
Level 1
Level 1
In response to marce1000

‎03-25-2024 05:44 AM

Ok, I've done some learning and got it almost working 100%. Using debug capwap errors enable, I found two issues.

First, regardless of any setting anywhere, the AP always sees the CAPWAP messages on VLAN0.  So, I set: config interface vlan management 0.  That started association, but if failed after that.

Reading the errors, I found that there was a regulatory domain conflict.  I didn't think the APs were hard locked to domains and you could select any (I had US selected).  Since my AP is a 3802i-E, I set the regulatory domain to a European country.  That fixed the association.

Both of those fixes combined to fix the VLAN tagging issue I was having (clients getting IPs from the management VLAN instead of the client VLAN).

However, and again although it's working, the 5Ghz radio is not transmitting the SSID.  I don't see any errors, but this output is confusing me:

(Cisco Controller) show>advanced 802.11-abgn summary
Member RRM Information
AP Name MAC Address Slot Admin Oper Channel TxPower BSS Color
-------------------------------- ----------------- ---- -------- ----------- ------------------ ------------- ---------
AetherWAP a0:3d:6f:7c:b5:40 0 ENABLED UP 1* *1/5 (14 dBm) N/A

(Cisco Controller) show>advanced 802.11a summary

Member RRM Information
AP Name MAC Address Slot Admin Oper Channel TxPower BSS Color
-------------------------------- ----------------- ---- -------- ----------- ------------------ ------------- ----------
AetherWAP a0:3d:6f:7c:b5:40 1 ENABLED UP 36* 7/7 ( 2 dBm) N/A

* global assignment

(Cisco Controller) show>advanced 802.11b summary

Member RRM Information
AP Name MAC Address Slot Admin Oper Channel TxPower BSS Color
-------------------------------- ----------------- ---- -------- ----------- ------------------ ------------- ---------
AetherWAP a0:3d:6f:7c:b5:40 0 ENABLED UP 1* *1/5 (14 dBm) N/A

* global assignment

Why would each radio show operational on their own, but in the abgn summary only the 2.4Ghz radio is showing?

 

Andrew 

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to drdrewusaf

‎03-25-2024 06:08 AM

 

          - No insights at this time ,others may pop-in , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
drdrewusaf
Level 1
Level 1

‎03-25-2024 08:31 AM - edited ‎03-25-2024 08:32 AM

After reworking a lot of settings, I ran the analyzer again.  It led me to the 5GHz radio role being set to DOWNLINK.  I also found a Cisco Community post saying that backhaul client-serving needed to be enabled.  Well, then I decided to look at the AP settings one more time and noticed that the Operating Mode for the AP was Controller & Bridge.  I set it to AP & Controller and the 5GHz SSID came up immediately.

Additional solution steps: 

Ok, I've done some learning and got it almost working 100%. Using debug capwap errors enable, I found two issues.

First, regardless of any setting anywhere, the AP always sees the CAPWAP messages on VLAN0.  So, I set: config interface vlan management 0.  That started association, but if failed after that.

Reading the errors, I found that there was a regulatory domain conflict.  I didn't think the APs were hard locked to domains and you could select any (I had US selected).  Since my AP is a 3802i-E, I set the regulatory domain to a European country.  That fixed the association.

Both of those fixes combined to fix the VLAN tagging issue I was having (clients getting IPs from the management VLAN instead of the client VLAN).

Thanks again for the help!

 

Andrew

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card