03-07-2024 09:19 AM
Good day,
I have the following issue.
I am configuring a WLC 9800 -l-f device and have the issue that the Access port is not getting the config from the controller. The AP just boots up and then flahes red and green. I think it cant get a connection to the controller or it cant get an IP from a DHCP.
Can someone just verify the switchport settings and the WLC settings for me please?
vlan 20 is for the WLC management
vlan 22 is supposed to be for AP's only
vlan 19 is the guest wifi
Switchport settings: Int gi1/0/10
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan 20,22,19
WLC config: vlan 20
name wlan mgmt
int vlan 20
ip add 192.168.10.2 255.255.255.240
ip route 0.0.0.0 0.0.0.0 192.168.10.1
wireless management interface vlan 20
vlan 22
name APs
vlan 19
name guest
int tw0/0/0
switchport trunk allowed vlan 19,20,22
switchport mode trunk
switchport trunk native vlan 20
that's about it. I can access the WLC via webinterface and can start the zero day configuration and can add wifi network etc.
I can ping the gateway and also have dhcp setup for the vlan 22 (AP's) but the AP is not getting an IP from the dhcp.
The WLC is only connected via one cable from port tw0/0/0 to the switchport gi1/0/10
they are both trunks and carry all of those mentioned vlans. I think either something is configured wrong here or maybe on the switchport where the AP is connected to.
The port on the switch for the AP is configured like this:
switchport mode trunk
switchport trunk native vlan 22
basically i am not sure why the WLC can not even "find" the AP so it can be managed by the wlc. Usually it is supposed to just work when you plug a new AP into t network socket with that config, the wlc should "discover" that new AP and then just load everything on it. But i can not get that far. Am I doing something wrong? Even I didnt finsih yet the complete WLC setup (Zero day is finished), it should at least find the AP.
can someone please give me a hint. I worked on this issue for the last 3 days almost nonstop but cant figure this out.
thank you for your help
Solved! Go to Solution.
03-12-2024 03:12 AM
Just an update for everyone. The Issue was that the WLC were running Version 17.3 and with our AP's CW9164-l it needed to run at least Version 17.9. After updating the WLC's, the AP's were all discovered successfully. maybe someone can mark this as solution, at least this was the issue for me. Thanks all for your ideas and help.
03-07-2024 09:36 AM
- Start with a checkup of the 9800-l-f controller configuration using the CLI command show tech wireless and feed that output into : https://cway.cisco.com/wireless-config-analyzer/
M.
03-07-2024 10:26 AM
thanks, i will check that out
03-07-2024 09:38 AM
if the AP in VLAN 22, where is the VLAN 22 Layer 3 Interface and where is the DHCP Server ?
where ever layer 3 interface you need to add ip helper address to reach DHCP and get DHCP IP
if you are using DHCP you need to add option 43 to tell where the WLC conttroller for the AP join
(there are different methods you can use for AP to Join WLC) in your case Option 43 is good to use case.
03-07-2024 10:27 AM
thanks for your input. Do i need to configure the IP helper address on the WLC or on the switch? or on both?
03-07-2024 10:31 AM
On the Switch where the Layer3 SVI for VLAN 22
what DHCP Server in the network.
Also make sure you setup WLC first before you join AP to WLC.
start from here :
03-07-2024 01:29 PM
thanks for the link. now i setup the helper address and the AP gets finally an IP address but the wlc still cant "see" the AP. But also under the SVI, the VLAN 22 has an Admin status that is UP but Operational Status DOWN.
03-08-2024 12:00 AM
VLAN 22 has an Admin status that is UP but Operational Status DOWN.
until any devices connected belong to VLAN 22 on the access port that will not come.
we need to see the cnfiguration.
AP gets finally an IP address but the wlc still cant "see" the AP
connect the console to AP and post complete boot Log
03-08-2024 07:05 AM
There's no need for VLAN 22 to be configured on the WLC at all - it's your AP VLAN. The switch needs to be routing between VLAN 20 and 22.
The WLC doesn't find the AP, the AP finds the WLC. As BB said you need to configure option 43 on the DHCP server to tell the AP where the WLC is:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html
03-07-2024 10:11 AM
>...Even I didnt finsih yet the complete WLC setup (Zero day is finished), it should at least find the AP.
Adding : to be honest , that is not a good strategy ; the controller should be properly configured first
M.
03-07-2024 10:29 AM
I would start by verifying Layer 2 & Layer 3 first -
Validate the wireless configuration using the following exec command:
c9800#wireless config validate
What is the AP model?
Jagan Chowdam
/**Pls rate useful responses**/
03-07-2024 01:26 PM
vlans 20 and 22 svis are defined. only vlan 20 is up and reachable. vlan 22 is not reachable
dhcp server is now reachable with the help of the ip helper address
AP port no need for trunk. MY idea is that the AP's are in VLAN 22,and getting an IP from DHCP in that network but the AP itself "carries" several SSID (With different vlans for example ssid guest with vlan 19)
AP-WLC disvovery. Not sure were to configer this option43 yet? on the AP join profile?
i executed both commands and the trustpoint is set (everything says it is available, except the FIPS suitability is not applicable.)
the AP models are the CW9164I-E. I just unpacked and connected one for now to see if the controller "sees" it.
the AP is now visible in the DHCP range but the wlc still cant see it.
03-07-2024 11:11 PM
i was able to figure out how to enable the SVI operational lines and also add the DHCP Option 43 to the dhcp server inside the scope options and added the hex code for my environment. but still the WLC cant see the Access Point which got an IP address already from dhcp. What i tried this morning is to change the switchport on the switch from trunk to access port on vlan 22. this change did nothing , it works (or doesnt) like before.
maybe the config like this is missing:
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router
dns-server
option 43 hex <hex-string>
but this needs to go on the switch right? but then i need to add this to all switches in the office?
03-07-2024 11:23 PM
>... but then i need to add this to all switches in the office?
- Seriously that is the definition for a dhcp server for which you only need one,
M.
03-07-2024 11:29 PM
yes of course i need only one dhcp server, but do I need to add this configuration on only one switch where the wlc is connected to?
ip dhcp pool <pool name>
network <ip network> <netmask>
default-router
dns-server
option 43 hex <hex-string>
because the option 43 on the scope options is pretty clear, on the dhcp server itself of course i can only set it once but im asking about that command i posted.
thanks for the help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide