Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1024
Views
8
Helpful
11
Replies

Question about CAPWAP tunnel

Go to solution
athan1234
Level 3
Level 3

‎01-28-2025 12:44 AM

Hi,

I am discussing this topic with my cooworker, and I need to clarify these questions to determine who is correct.

My position is that if you have a CAPWAP tunnel, you don’t need to assign an IP address to the AP; you just need to have the controller's IP and set up a DHCP server on the controller.

The other position is that it is necessary to assign an IP address to the AP.

Could you please let me know who is correct?

 

Please tell me who has the reason 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to athan1234

‎01-28-2025 01:18 AM

@athan1234 

AP can get the IP via DHCP or static via capwap command

If you choose the do It statically, there a few comands you need to use 

You need to assing IP ,mask and Gateway

After that the WLC 

View solution in original post

11 Replies 11

Go to solution
Flavio Miranda
VIP
VIP

‎01-28-2025 12:51 AM

@athan1234 

 Unfortunatelly you are wrong. The AP need to get an IP address first. Only after it gets its IP address, it will be able to join the WLC in order to stablish the capwap tunnel in the first place. 

 Most of time, is during the DHCP process that the AP discovery the WLC IP address but even in situation where the WLC IP address if discovery by other method, the AP need to get IP address before anything. 

In the event of the WLC is actiing as DHCP server, which is very rare, the AP will use the WLC as DHCP service first, and then will join to the WLC after getting the IP address. 

Go to solution
athan1234
Level 3
Level 3
In response to Flavio Miranda

‎01-28-2025 01:02 AM - edited ‎01-28-2025 01:08 AM

Thanks, so how does the AP get its IP for the first time? Is it mandatory to assign an IP in the CAPWAP tunnel?

For example, if I set up a CAPWAP tunnel, imagine my controller management has a range of 10.0.0.5 255.255.255.0.

I set up a CAPWAP tunnel with 10.0.0.5 255.255.255.0 .

I also set up a DHCP opn the controller  for the AP management range of 10.0.0.10–10.0.0.50.

It is not working.

I set up a capwap tunnel 10.0.0.5 255.255.255.0 10.0.0.1 

I sett up a dhcp for the AP managment range 10.0.0.10 -10.0.0.50 .

It is not working 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to athan1234

‎01-28-2025 01:18 AM

@athan1234 

AP can get the IP via DHCP or static via capwap command

If you choose the do It statically, there a few comands you need to use 

You need to assing IP ,mask and Gateway

After that the WLC 

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎01-28-2025 12:54 AM

@athan1234 wrote:
you don’t need to assign an IP address to the AP

Wut?

How is the AP going to join the controller?

Think of a CAPWAP tunnel similar to a VPN tunnel.  Each ends needs to have an IP address.

Go to solution
athan1234
Level 3
Level 3

‎01-28-2025 01:34 AM

Thanks @Flavio Miranda 

Go to solution
athan1234
Level 3
Level 3

‎01-28-2025 01:42 AM

@Flavio Miranda  One more thing: you don’t need to use a CAPWAP tunnel if you want to have DHCP , for example  on the switch with Option 43 for the controller. It’s not necessary to have a CAPWAP tunnel, is it? CAPWAP tunnel is only required if you want to assign a static IP to the AP. isent ´it 

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to athan1234

‎01-28-2025 01:48 AM

 

 - Negative the AP and controller can only communicate through a CAPWAP tunnel in both scenarios

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to athan1234

‎01-28-2025 02:04 AM

No friend 

There are WLC and AP and discover method and capwap 

AP use discover method to detect wlc ip

One of discover method is dhcp 

After AP detect wlc ip it use IP to build capwap tunnel to wlc

For which this tunnel use ?

If AP is local mode it use for push config from wlc to AP and AP forward traffic from wifi to wire via wlc 

If AP is flex it only use to push config and/or authc of wifi clients.

Only one condition you not need capwap

If AP is standalone then you can do config on AP directly 

MHM

Go to solution
athan1234
Level 3
Level 3

‎01-28-2025 07:23 AM

Thanks  @MHM Cisco World 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to athan1234

‎01-28-2025 07:25 AM

You are so welcome friend 

MHM

Go to solution
Rich R
VIP
VIP

‎01-28-2025 07:46 AM

- AP always needs a CAPWAP tunnel to join the WLC.  UDP 5246  is for the CAPWAP control tunnel and UDP 5247 is for the CAPWAP data tunnel (client data).

- AP can use static IP or DHCP - DHCP is recommended.  AP can fall back to using DHCP automatically if it can't discover a WLC using static IP.

- AP can use a number of different methods to discover the WLC.  Recommended to use Option 43 with DHCP.  This allows to specify multiple WLC IPs (primary/secondary/tertiary) for resilience.

DHCP with option 43 means AP installation and replacement (in case of failure or upgrade) is made much quicker and easier - no specific AP config required, just plug in the AP.

See:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9120axe-access-point/221056-understand-the-ap-join-process-with-the.html
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card