Wireless LAN Controller Issue after performing software upgrade

lnw-team · ‎05-30-2023

Hello,

Last week we were facing serious issues after performing software upgrade on Cisco Wireless LAN Controller in our production facility. After performing the upgrade, all wireless access points were trying to register to the WLC in a distant location (United States) although they were in the same VLAN/subnet as the local controller (we've got dedicated WLC for that particular location). The problem has already been solved by blocking traffic on the firewall from the network where both WLC and APs are located to the other location. However, we would like to know what caused it to be able to prevent it from happening again. As far as I know, access points should be able to discover WLC by sending broadcast messages first. Then, if that fails, DHCP Option 43 is used. In case it’s still impossible to discover controller, DNS query is made. My question is: why were all wireless access points trying to use the last discovery method first? Is there any way to change it?

Thanks!

Flavio Miranda · ‎05-30-2023

Hi

I believe the Access Point tries all method and broadcast first. I think the right question to do in your case is why the access point did not find the local WLC. It probably tried using broadcast and DHCP and DNS and failed to join the local WLC leaving no alternative but look for another WLC.

Probably after the upgrade the WLC had some issue replying on the network. Is it a cluster or standalone WLC ?

lnw-team · ‎05-30-2023

It's a cluster.

Flavio Miranda · ‎05-30-2023

Not sue which WLC is it but on the AirOS WLC there is the concept of master WLC. If you are using AirOS, by any change the US WLC is not set as master?

Leo Laohoo · ‎05-30-2023

@lnw-team wrote:
After performing the upgrade, all wireless access points were trying to register to the WLC in a distant location

The APs would search for the controllers based on the individual settings of the AP in the Primary/Secondary/Tertiary Controller.

DHCP Option 43 only steps in when the Primary/Secondary/Tertiary Controller information is incorrect (or no longer relevant).

Rich R · ‎05-30-2023

What model of WLC?
What version of software did you upgrade from and to? What version was the US WLC running?
What do you mean by cluster - N+1 resilience or HA-SSO?
Do you have the complete console logs from one of the APs?
What did the join stats and logs on the local WLC show?
As Leo pointed out the pri/sec/tertiary WLC setting on APs (HA tab) take precedence over all the dynamic discovery options which are then used as fallback options.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390