Troubleshooting

Troubleshooting the Access Point to Controller Join Process

AP can fail to join a controller for many reasons: a RADIUS authorization is pending; self-signed certificates are not enabled on the controller; the AP and the controller regulatory domains do not match, and so on.

Controller software enables you to configure the AP to send all CAPWAP-related errors to a syslog server. You do not have to enable any debug commands on the controller. View all the of the CAPWAP error messages from the syslog server itself.

The AP is not maintained on the controller until it receives a CAPWAP join request from the AP. Therefore, it can be challenging to determine why the CAPWAP discovery request from a particular AP was rejected. To troubleshoot such joining problems without enabling CAPWAP debug commands on the controller, the controller collects information for all APs that send a discovery message and maintains information for any AP that has successfully joined it.

The controller collects all join-related information for each AP that sends a CAPWAP discovery request to the controller. The collection begins with the first discovery message received from the AP and ends with the last configuration payload sent from the controller to the AP.

When the controller maintains join-related information for the maximum number of APs, it does not collect information for any more APs.

An AP sends all syslog messages to IP address 255.255.255.255 by default.

You can also configure a DHCP server to return a syslog server IP address to the AP using option 7 on the server. The AP then starts sending all syslog messages to this IP address.

You can configure the syslog server for APs and view the AP join information only from the controller CLI interface.

Important Information for Controller-based Deployments

Keep these guidelines in mind when you use the AP:

  • The AP can only communicate with Cisco controllers.

  • The AP does not support Wireless Domain Services (WDS) and cannot communicate with WDS devices. However, the controller provides functionality equivalent to WDS when the AP joins it.

  • CAPWAP does not support Layer 2. The AP must get an IP address and discover the controller using Layer 3, DHCP, DNS, or IP subnet broadcast.

  • The AP console port is enabled for monitoring and debugging purposes. All configuration commands are disabled when the AP is connected to a controller.

Configuring DHCP Option 43

You can use DHCP Option 43 to provide a list of controller IP addresses to the AP, enabling it to find and join a controller.

The following is a DHCP Option 43 configuration example on a Microsoft Windows 2003 Enterprise DHCP server for Cisco Catalyst lightweight APs. For other DHCP server implementations, consult the product documentation to configure DHCP Option 43. In Option 43, use the IP address of the controller management interface.


Note
DHCP Option 43 is limited to one AP type per DHCP pool. You must configure a separate DHCP pool for each AP type.

The Cisco Catalyst 9124AX Series Outdoor AP uses the type-length-value (TLV) format for DHCP Option 43. DHCP servers must be programmed to return the option based on the AP DHCP Vendor Class Identifier (VCI) string (DHCP Option 43). The VCI string for the AP:

Cisco AP C9124AX

The format of the TLV block is listed below:

  • Type—0xf1 (decimal 241)

  • Length—Number of controller IP addresses * 4

  • Value—IP addresses of the controller management interfaces listed sequentially in hexadecimal format.

Procedure

Step 1

Enter configuration mode at the Cisco IOS CLI.

Step 2

Create the DHCP pool, including the necessary parameters such as default router and name server. A DHCP scope example is as follows:

Example:


ip dhcp pool <pool name> 
network <IP Network> <Netmask> 
default-router <Default router> 
dns-server <DNS Server>

Where:

Example:


<pool name> is the name of the DHCP pool, such as AP9124AX
<IP Network> is the network IP address where the controller resides, such as 10.0.15.1
<Netmask> is the subnet mask, such as 255.255.255.0
<Default router> is the IP address of the default router, such as 10.0.0.1
<DNS Server> is the IP address of the DNS server, such as 10.0.10.2

Step 3

Add the option 43 line using the following syntax:

Example:


option 43 hex <hex string>

The hex string is assembled by concatenating the TLV values shown below:

Type + Length + Value

For example, suppose that there are two controllers with management interface IP addresses, 10.126.126.2 and 10.127.127.2. The type is f1(hex). The length is 2 * 4 = 8 = 08 (hex). The IP addresses translate to 0a7e7e02 and 0a7f7f02. Assembling the string then yields f1080a7e7e020a7f7f02. The resulting Cisco IOS command added to the DHCP scope is option 43 hex f1080a7e7e020a7f7f02.