Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12855
Views
4
Helpful
9
Replies

Wireless AP - WLC Discovery

mirkobrodersen
Frequent Visitor
Frequent Visitor

‎01-26-2024 12:35 AM

Hello all,

I have a question regarding WLC discovery.

Now I've read the Chapter for that in the ENCOR OCG (2), and the order is as follows:

Step 1. The AP broadcasts a CAPWAP Discovery Request on its local wired subnet.

Step 2. An AP can be “primed” with up to three controllers—a primary, a second-
ary, and a tertiary.

Step 3. The DHCP server that supplies the AP with an IP address can also send DHCP
option 43 to suggest a list of WLC addresses.


Step 4. The AP attempts to resolve the name CISCO-CAPWAP-CONTROLLER.
localdomain with a DNS request


Step 5. If none of the steps have been successful, the AP resets itself and starts the
discovery process all over again.

 

So my thought process was, that this is the actual order in which the AP attempts to discover a WLC.

However in the following whitepaper: https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

The order is this:

The AP goes through this process on startup:

  1. The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  2. The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
    1. DHCP option 43 (good for global companies where offices and controllers are on different continents).
    2. DNS entry for cisco-capwap-controller (good for local businesses - can also be used to find where brand new APs join) If you use CAPWAP, make sure there is a DNS entry for cisco-capwap-controller.
    3. Management IP addresses of controllers the LAP remembers previously.
    4. A Layer 3 broadcast on the subnet.
    5. Statically configured information.
    6. Controllers present in the mobility group of the WLC the AP last joined.

So therefore I'm a bit confused what I should think about that. Since I would go with the official Whitepaper, but I'm not sure. Can someone verify and help me with this?

 

Thanks in advance!

Kind regards,

Mirko

1 person had this problem
Labels:
9 Replies 9

pieterh
VIP
VIP

‎01-26-2024 02:02 AM

read this carefully
The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:

this does not describe the priority, it describes what items are contained in the list
after the full list is built then a controller is selected through preference rules

nachoGrande
Frequent Visitor
Frequent Visitor

‎01-26-2024 07:40 AM

setup dhcp option 43 in your DHCP server.  Or better yet, but the AP on the same vlan as the WLC and it will find it through a broadcast packet. Once it has discovered and join, move it to another network if needed.

but to directly answer your question, i have never had an issue (and do a packet capture to check).

The AP goes through this process on startup:

  1. The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  2. The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
    1. DHCP option 43 (good for global companies where offices and controllers are on different continents).
    2. DNS entry for cisco-capwap-controller (good for local businesses - can also be used to find where brand new APs join) If you use CAPWAP, make sure there is a DNS entry for cisco-capwap-controller.
    3. Management IP addresses of controllers the LAP remembers previously.
    4. A Layer 3 broadcast on the subnet.
    5. Statically configured information.
    6. Controllers present in the mobility group of the WLC the AP last joined.

      Do you have DHCP helper address setup.  What do you see on the conroller or on the AP logs?
    7.  
0 Helpful

nachoGrande
Frequent Visitor
Frequent Visitor

‎01-26-2024 07:43 AM

what model and code is the Access point?

Also, if you don't have a static IP, the first step that happens is DHCP, so option 43 would be the first step.

 

 

0 Helpful

Rich R
VIP
VIP

‎01-27-2024 06:25 AM - edited ‎02-11-2024 04:20 PM

Option 43 is the recommended method.

Setting the static Primary/Secondary/Tertiary HA config on the AP will allow it to deterministically join them in that order otherwise it will simply join the first one it gets a reply from.  You will always see it sending discovery requests to every WLC it knows about too, including any WLC it has joined before or learned about from WLC mobility (basically it checks that list it compiled to see which ones it could join if needed).

Also note a fact often missed by people who like to try using static IP addresses for their APs instead of DHCP.  If, for any reason, an AP with static IP is not able to join a WLC it will automatically fall-back to using DHCP (override the static IP config) as a method of recovery to try to find a working WLC.  So it's best to just design for DHCP with option 43.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

mirkobrodersen
Frequent Visitor
Frequent Visitor
In response to Rich R

‎02-08-2024 02:10 AM

Hello @Rich R,

thanks for the reply. Tough my problem is, that I expect questions on exams like "If the AP couldn't discover a WLC via DHCP option 43 or via DNS, what is the next method which it is going to use". So I assume there has to be an order.

And because those two sources mentioning different orders, I'm not sure which order to learn.

Kind regards,

Mirko

 

MHM Cisco World
VIP
VIP
In response to mirkobrodersen

‎02-08-2024 02:44 AM

when I read this order first time I also confuse 
but I will clear it to you 
the AP will collect WLC IP from all discover method, the order here is which one of discover come first and so on 
the order not meaning that if AP detect WLC via DHCP then it stop and not check the WLC via DNS. 
so the AP collect all WLC IP and select one of them. 
if the WLC not in same subnet of AP then the first discovery method have no WLC IP 
if the DHCP op43 not correct or not send by DHCP then no WLC IP
if the DNS can not resolve the WLC IP then  no WLC IP 
here the AP will use last WLC use or use primary/secondary WLC IP save in runing ( also here the cisco have some note to prefer the WLC primary/secondary than the WLC learn from DHCP/DNS)

MHM

0 Helpful

pieterh
VIP
VIP
In response to mirkobrodersen

‎02-08-2024 02:57 AM - edited ‎02-08-2024 03:23 AM

separate the discovery process from the controller selection
maybe the document below answers your question sufficiently
I read it as primed controllers first,
next any of the discovered controllers with the most "free capacity" to service access points
when multiple controllers with equal capacity, then the first controller that has responded.

Understand the AP Join Process with the Catalyst 9800 WLC - Cisco

Note: The WLC Discovery methods listed do not have any precedence order.

Wireless LAN Controller Election

Once the AP has received a Discovery Response from any WLC using any of the WLC discovery methods, it selects one controller to join with this criteria:

  1. Primary Controller (Configured with the capwap ap primary-base <wlc-hostname> <wlc-IP-address> command)
  2. Secondary Controller (Configured with the capwap ap secondary-base <wlc-hostname> <wlc-IP-address> command) 
  3. Tertiary Controller (Configured with the capwap ap tertiary-base <wlc-hostname> <wlc-IP-address> command)
  4. If no Primary, Secondary or Tertiary WLC were previously configured, then the AP attempts to join the first WLC that responded to the Discovery Request with its own Discovery Response that has the maximum capacity of available APs (that is, the WLC that can support the most APs at a given time).

 

and this document
Joining Process of an Cisco Access Point - Cisco Community
mentions you have some influence on the selection process (where the default-logic is described as above)

  • (Once the LAP has list of all those WLCs to which it can join, the LAP can decide the WLC , it will like to join.
  • The logic for that decision can either be customized by the user or can be left to the default-logic).
  • The order of execution of logic is preferred with the customized logic first, else with default-logic.


all this results in that broadcast on the local network can be  preferred over configuring DHCP-43 and DNS,
because this always results in selecting  a controller on the same lan/subnet
depending on your own demands can result in priming the controller address as the preferred method.
this way YOU are in control, 
the other discovery methods are still executed, to build the list of candidates to use when ALL primed controllers do not respond

Rich R
VIP
VIP
In response to mirkobrodersen

‎02-11-2024 04:18 PM

If you want a definitive answer for the preferred order then you'll have to test it yourself and observe but you can't be sure it will always be the same on every AP type and software version.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

alijaan99901
Community Member

‎11-14-2025 07:19 AM

The AP discovery process can seem confusing because different sources present it differently, but the key is that the official Cisco whitepaper reflects the actual order used in modern APs. On startup, an AP first obtains an IP via DHCP (or uses a static IP if assigned), then attempts to discover controllers through all available methods: it checks DHCP option 43, looks up the DNS entry for, uses management IPs of controllers it remembers from before, sends a Layer 3 broadcast on its subnet, considers statically configured controller info, and finally checks controllers in the mobility group it last joined. The ENCOR OCG simplifies this into fewer steps for study purposes, but the whitepaper provides the detailed, real-world sequence that APs follow during WLC discovery.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card