cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1721
Views
0
Helpful
10
Replies

Move AP´s form 4400 to vWLC

Stefan Sawluk
Level 1
Level 1

Hello Community.

 

At the moment we migrate AP´s from our old 4402 WLC (Version 7.0.235) to a new vWLC (Version 7.5.102) 

I have to load a new image to the AP´s that they will connect with the new vWLC. 

My Problem is, when i upgrade a AP in a Branch Office everthing works fine. I enter the new controller IP directly to the AP, becouse the DNS points to the old controller which is the productiv at the moment. 

 

When i try to migrate a AP in our central, where also is the physikal old controller, the AP´s will not connect to the new vWLC. I make the Update from the AP and clear the private config and enter the ip of the new controller on the CLI of the AP. After a reboot the AP joins automaticly the old wlc and makes a firmwaredowngrad. 

 

Why ignores the AP the static configured controller IP?

 

Regards Stefan

 

10 Replies 10

Scott Fella
Hall of Fame
Hall of Fame

Typically you would want to not just clear the private config but also the nvram. Also, go ahead and change the DNS entry, because this is used really for initial join and will not harm your production network. Other options are using option 43 and forwarding UDP 5246 & 5247 with the use of IP helpers.  Also note that AP's join a vWLC if they have already joined a WLC running v7.3 or later or else you need to add the SSC:

http://www.cisco.com/c/en/us/support/docs/wireless/virtual-wireless-controller/113677-virtual-wlan-dg-00.html#tshoot

Also make sure the the VM is setup properly. 

Scott

-Scott
*** Please rate helpful posts ***

Hello Scott, 

 

the vWLC is setup correctly, becaouse when the ap is connected everthing works fine. The dns entry will also solved in our branch offices, but there the static configured ip works.

Is it possible that the ap discovers the controller over L2 or L3?

 

Stefan

Layer 2 is like the default when finding the WLC. For layer 3, you need option 43, DNS or forwarding the broadcast which is pretty simple. On the L3 device you use IP forward protocol UDP 5246 and also 5247 and then on the L3 interface that the APs are connected to, you use an IP helper with the vWLC management. That's really it. 

Scott

-Scott
*** Please rate helpful posts ***

Ok, we don´t have configured to forword UDP. Ok, than i have to change the DNS name. Maybe it will work than. I will let you know. 

 

Stefan

Console into the AP and you will see the ap join. This way you will be able to see if the vWLC is rejecting the join or maybe the AP isn't getting an join from the vWLC and the 4400 is responding. 

Scott

-Scott
*** Please rate helpful posts ***

Hi. 

 

I tried again to move the ap. I also changed the dns entrie to the vwlc, but it does not work.

 

*Mar  1 00:00:46.198: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.120.5.249, mask 255.255.0.0, hostname APfc99.47d5.411a

Translating "CISCO-CAPWAP-CONTROLLER.xxx.local"...domain server (10.120.200.6)
*Mar  1 00:00:57.081: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP. [OK]

*Mar  1 00:01:10.084: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 25 08:17:31.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.120.1.203 peer_port: 5246
examining image...
extracting info (292 bytes)
Image info:
    Version Suffix: k9w8-.124-23c.JA5
    Image Name: c1140-k9w8-mx.124-23c.JA5
    Version Directory: c1140-k9w8-mx.124-23c.JA5
    Ios Image Size: 4905472
    Total Image Size: 5100032
    Image Feature: WIRELESS LAN|LWAPP
    Image Family: C1140
    Wireless Switch Management Version: 7.0.235.0
Extracting files...
c1140-k9w8-mx.124-23c.JA5/ (directory) 0 (bytes)
extracting c1140-k9w8-mx.124-23c.JA5/8001.img (174932 bytes)
*Jul 25 08:17:33.607: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.120.1.203 peer_port: 5246
*Jul 25 08:17:33.608: %CAPWAP-5-SENDJOIN: sending Join Request to 10.120.1.203perform archive download capwap:/c1140 tar file
*Jul 25 08:17:33.616: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
c1140-k9w8-mx.124-23c.JA5/html/ (directory) 0 (bytes)
c1140-k9w8-mx.124-23c.JA5/html/level/ (directory) 0 (bytes)
c1140-k9w8-mx.124-23c.JA5/html/level/1/ (directory) 0 (bytes)
extracting c1140-k9w8-mx.124-23c.JA5/html/level/1/appsui.js (557 bytes)

HI Stefan,

Lets start from scratch...

1. How AP getting IP via Domain Controller or from DHCP server on Switch  ?

2.If via Switch then paste the config here.

 

Regards

The AP gets the ip from the DC. There are no options configured. 

 

 

paste the output of the command from AP: sh version

also paste the logs from AP console.

 

Regards

 

 

Venkatesh Attuluri
Cisco Employee
Cisco Employee

I would recommend to pay extra attention to Troubleshooting – AP Considerations section of the deployment guide. It literally states the following

  • An AP must be at software version 7.3.1.35 and above to successfully join a virtual controller. Virtual controllers use SSC in order to validate an AP before joining.

There are other items listed as well, but the main requirement is in that one sentence. Cisco Lightweight AP will not join vWLC if that AP lacks Software Release 7.3 or above. For clarity sake, the latest Cisco WLC 4400 Software Release is 7.0.250.0, which implies that it won’t be possible to migrate Lightweight APs from Cisco WLC 4400 to Cisco vWLC in a direct manner.

If you try to associate an AP that runs pre 7.3 WLC Software Release, you will likely notice the following messages in the console CLI, which is a good sign you need to upgrade AP’s software before it can join vWLC:

*Mar 28 12:07:20.227: %CAPWAP-5-SENDJOIN: sending Join Request to 10.175.1.200
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Mar 28 12:07:20.231: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.175.1.200
*Mar 28 12:07:20.231: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.175.1.200
*Mar 28 12:07:30.243: %CAPWAP-3-ERRORLOG: Go join a capwap controller

Before you even start to migrate APs to the vWLC, you have to understand if those APs are being supported in the new version of WLC software (7.3 and above).

Check the WLC 7.3.112.0 Release Notes, specifically “Software Release Support for Access Points” section. There’s a table that lists the majority of Cisco Access Point models and information about their life cycle – First Support and Last Support release versions. The latest column is of highest interest. You can expect an AP to work with the new WLC Software Releases if a dash is displayed in that column. Otherwise you will have to consider replacing APs as well, and not only the WLC.

For example, Cisco Lightweight AP 1142 can be upgraded to software version 7.3 (Last Support release column has the dash). At the same time Cisco Lightweight AP 1220 can not be upgraded (Last Support release version is 7.0.x). After you confirmed that your APs are being supported by WLC 7.3 or above, you can proceed further.

There are two ways to meet this main requirement: Manual and Automatic.

Manual Upgrade (slow, not recommended in large deployments)

This methods does not require any special kit except the console cable and network connectivity to the TFTP server. Process is as follows

  1. Get a recovery image software from the download section at Cisco.com, for WLC 7.3 or above. For example, IOS software that corresponds to WLC Software Release 7.3.112.0 is 15.2(2) JA1 – c1140-rcvk9w8-tar.152-2.JA1.tar;
  2. Interrupt AP boot process by holding Mode button for 30 seconds (until led becomes RED);
  3. Format flash, and download new software from the TFTP server.
    load_helper
    flash_init
    format flash:
    set IP_ADDR 192.168.0.200
    set NETMASK 255.255.255.0
    set DEFAULT_ROUTER 192.168.0.1
    tftp_init
    tar -xtract tftp://192.168.10.5/c1140-rcvk9w8-tar.152-2.JA1.tar flash:
    boot
  4. Reboot AP. It will begin a join process (will upgrade/downgrade to vWLC version, if required);

Automatic Upgrade (recommended)

This process is suitable for large environments, but it requires a presence of hardware WLC that supports Software Release 7.3 and above, like Cisco WLC 5508. Hardware WLC does not require AP to authenticate through SSC (Self-Signed Certificates) hash, thus making it possible for Lightweight AP to join hardware controller with Software Release 7.3 and above without extra efforts, and as result upgrading to the same version of software. The process is described below.

  1. Change an existing DHCP Option 43 to list an IP address of the hardware WLC 7.3 or above (Cisco 5508 will do the trick);
  2. Login to the old WLC’s web page (the one from where you want to migrate compatible APs);
  3. Choose an AP and select “Clear All Config”. This will remove the CAPWAP configuration from AP’s cache and reboot it;
  4. Wait for AP to reboot. It will join hardware WLC 7.3 and upgrade own software. Wait until AP’s status changes to REG;
  5. Change DHCP Option 43 again but this time it has list an IP address of the vWLC
  6. Force an upgraded AP to reboot with factory default settings (“Clear All Config”);
  7. Wait for AP to join vWLC. It may reboot a couple of times, if software versions on hardware and virtual WLCs differ;
  8. Voila – AP will join vWLC without physical intervention.

You can repeat steps 1 through 7 for the rest of APs one by one or in bulk.

One other important requirement to consider is that vWLC will only work with Lightweight APs configured to operate in FlexConnect mode (ex H-REAP). Even though, once upgraded, APs will eventually join vWLC, they won’t be able to associate clients until you switch them to FlexConnect mode. This can be done manually using web interface

vWLC FlexConnect

Or, vWLC can be configured to automatically convert all APs to work in FlexConnect mode after they join the controller for the first time, and after all required upgrades are complete. To do that, execute the following command using vWLC’s CLI:

config ap autoconvert flexconnect enable

Once applied, every single AP associated with this controller, will be switched to FlexConnect mode automatically.

Review Cisco Networking for a $25 gift card