08-03-2024 11:58 AM - edited 08-03-2024 12:14 PM
I'm having a dreadful issue with vWLC version 17.12.3. The 3802i I have was and can be connect locally to the controller but I cannot get the AP to register over port 5246 or 5247. When I checked the AP locally it does have the public IP address of the wan interface of the controller. I can also ping from the vWLC the core, router, and internet... Ports are port forwarded too.
08-03-2024 12:03 PM
- What do you mean by =>....I can't get it to join the capwap ports.
M.
08-03-2024 12:05 PM
So, I have the 3802i setup in OEAP mode but it won't join the vWLC over the internet using the ports 5246/5247. I'm not understanding why it won't join the controller over the WAN.
08-03-2024 12:19 PM
- Funny thing is when I look at : https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
and looking for OEAP with find in the browser (and matching your AP model) , I can only see support until
17.3.8(a). Possibly meaning that you might need a more recent model for the recent versions ; not exactly sure on that
M.
08-03-2024 12:24 PM
Interesting. I'm not totally sure if that is accurate or not but when I had the AP on the same subnet as the vWLC I had a 3rd icon on the AP when it was joined over Flexconnect with the OEAP profiles I configured. I was able to test OEAP connectivity where it gave me outputs of latency and dtls speeds. Just can't get it to phone back to the controller for some reason.
08-03-2024 12:34 PM
- Hm . the compatibility matrix must be seen as more authoritative ; in the mean time have a checkup of the vwlc controller's configuration with the CLI command show tech wireless and feed the output from that into Wireless Config Analyzer
(note use the full command , it does not work with a simple show tech).
Check if anything related to the OEAP configuration comes up (too)
M.
08-04-2024 08:13 AM
Your vWLC version 17.12.3 seems to be giving you trouble because the 3802i access point isn't registering over CAPWAP ports 5246 and 5247 in this case. The AP has the right public IP address of the controller's WAN interface, and the vWLC can ping the core, router, and internet. This suggests that there is a problem with the configuration or firewall. Make sure that these ports are not blocked by routers and that the NAT traversal settings are correct. To make sure communication is safe, also check the access point's configuration for any mistakes and make sure the controller's certificates are right.
08-04-2024 05:56 PM
Another inane chatbot-style copy/paste answer from you @Aina William ?
08-04-2024 06:04 PM
@matthew wolf can we please refer to the product by the correct name to avoid confusion?
vWLC was the old AireOS product which is now end of support.
As you're referring to IOS-XE 17.12.3 you must, in fact, be referring to the 9800-CL virtualised WLC.
A topology diagram showing the complete topology from AP to WLC would be useful to understand what you're doing.
What discovery mechanism are you using for the AP? (DHCP option 43 is recommended)
NAT for the AP IP is OK but if you use NAT for the WLC IP then you need additional config on the WLC for that.
Capture the complete console log of the AP from power-on and save to a text file (.txt) and attach here for us to see. Generally the AP will tell us exactly what is happening and we'll be able to see why it can't connect to the WLC. Also check the WLC logs.
OEAP should be supported on IOS-XE with 3802:
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/feature-matrix/ap-feature-matrix.html#_Toc118737975
08-05-2024 08:29 AM
I thought it was always called WLC and vWLC for simplicity sake but for this thread I'm referring to the 9800-CL. I was able to stand up an older version of the 9800-CL (17.3.1) on another Edge Router with a different public IP address and was able to get the 3802I joined via OEAP. I suspect the resolution was to downgrade the 9800-CL version per @marce1000 regarding the matrix compatibility and/or I was having NAT issues with the ISR. At the moment connectivity is working between the controller and access point.
I'm not sure if I need to open a new thread for this but the Corp SSID is not handing out DHCP. The SSID for the non-tunneled traffic for the home user is working just fine though.
08-11-2024 05:23 PM - edited 08-11-2024 05:25 PM
I think the fact that it (sort of) works now is luck or coincidence! 17.3.1 is end of life and very buggy. If you think 17.12.x is the problem (unlikely in my opinion but 17.12.4 is released now so you could try that) then you could just downgrade to latest 17.9 rather than going back to 17.3.
Still need the info I mentioned above to really help you but to address some of your specific points:
> I cannot get the AP to register over port 5246 or 5247
The AP always establishes the CAPWAP control connection on UDP 5246 regardless of whether it's local or remote. UDP 5247 (CAPWAP data) will only come up after the AP is registered on 5246.
> Ports are port forwarded too
Why are you using port forwarding? Are you using NAT between internet and WLC?
If so, did you enable NAT on the WLC and configure the external IP address?
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-12/config-guide/b_wl_17_12_cg/m_config-wmi.html#info-abt-nat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide