WAP Connectivity Issues

What should you do when your wireless access point (WAP) cannot join the controller or you have decided for whatever reason, to change the IP address of your WLC?

Few things come to my mind, right away.If you use DHCP services, like Infoblox or other third-party DHCP server, you have to update hex value for option 43. The hex values for option 43 consists of few strings. The syntax is like this:
option 43 hex hex string
The hex strings is assembled from the following values: Type + Length + Value

Type: is always f1
Length: is number of WLCs times 4 (1 wireless controller times 4)
Values: are ip addresses of WLCs presented in hex format.

Since i will have two controllers, I ended up having the following hex value
f1:08:0a:da:03:c8:0a:ee:d4:ca

Great. I managed this part. So, back to WAPs..

After updating WLC ip address with a new value and updating option 43 on Infoblox, it was matter of just waiting for WAPs to find and join the newly IP-ed WLC.
Worst case scenario would be just a matter of shut /no shut on interface that connecting my WAPs and providing PoE. Well, kinda…

All my WAPs are configured with static ip addresses so I can safely SSH into for troubleshooting purposes.
Shut/no shut trick did not do the “trick”. No WAPs in WLC yet.
At this moment, there are few options (if you forgot to uncheck “static IP” for every WAP and reboot them so they can get the hex value from the Infoblox):

First option:
you can SSH into WAP and issue following commands:
#debug capwap console cli
#conf t
#interface bvi 1
#ip address dhcp
This will force WAP to go to DHCP server and get info about option 43 and to get an IP address of WLC. This trick worked for majority of my WAPs. For some of them I had to enter few other commands, in addition to above:
#end
#reload
Unfortunately I was not that lucky with about 20 WAPs. 15 of them were on remote locations and 5 were in my office. So grabbing a tall ladder and reaching out to WAPs was a..

Second option:
Console into WAP, disconnect the patch cord (remember all my WAPs are PoE), press and hold the mode button and put the power back in. Count 5 or 6 seconds and release the mode button. Observe the console output.
Basically, this is a “soft” factory reset, which will force WAP to get option 43 from the Infoblox but still will keep setting like WAP name, etc.
This is what you are looking for at the console:

*Nov 6 20:26:42.555: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP…
*Nov 6 20:26:42.575: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.216.3.37, mask 255.255.255.224, hostname WAP-W-LASVEGAS-001
A little bit of blah, blah…
*Nov 6 20:27:02.767: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.218.3.200 obtained through DHCP
*Nov 6 20:27:02.767: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.238.212.201 obtained through DHCP
A little bit of blah, blah…
*Aug 29 18:13:23.655: %CAPWAP-5-SENDJOIN: sending Join Request to 10.218.3.200

Yeah, we got the WLC ip address. Back to WLC console and WAPs are starting to show up.

Third option:
– Disconnect the power on WAP
– Press and hold the mode button
– Put the power back in
– Hold the mode button until the WAP light start flashing red (at this time you will be entering into RONmon)
– At the ap: prompt, type “boot”
– The WAP will boot with default, factory settings and will try to reach controller via broadcasting, DHCP or DNS way..

Fourth option, and the most painful one, was:
Since I have two WLC in redundant mode, I broke the redundancy, configured one WLC with old WLC ip address and connected WLC back to network. Waited few minutes and those WAPs from the remote locations started to show up in WLC ( old ip address). Now, I was able to force WAP to obtain IP address from the Infoblox, which in turn was enough for WAP to discover the new WLC (option 43) and to happily join it with a smile on its face. Yes, I am getting to attached to WAPs…

Some of the WAPs were one of those embedded into Cisco 891 router so the process is slightly different:
– Connect to the router
– #service-module wlan-ap 0 reset bootloader – this forces WAP to get into RONmon
– #service-module wlan-ap 0 session
– At ap: prompt type “boot”

This will reboot the WAP with factory default settings. If you are on the console, you will see the same lines as above, about DHCP ..

Oh yes… To log out of session, type shift-ctrl-x and type exit at the WAP# prompt. This will close the session.

What they would like to say in this part of the world, the lesson learned is before the work uncheck static ip address assignments on WLC for all WAPs. On next reboot the WAP will contact Infoblox for ip address and option 43. I also have Cisco Prime Infrastructure but being the fact that i inherited this network (as part of my new job assignments), the PI was not ready to deploy all these changes. I am spending time to get PI ready for me in the future.

But, i would say that this was also fun too and interesting experience.

	makarijecudotvorac on Switch Port Security
	Alina on Switch Port Security
	makarijecudotvorac on IP SLA on ASA firewalls
	kjell och company öp… on IP SLA on ASA firewalls
	elias on ASA Object-group Access l…

CCIE Security Blog

Recent Posts

Recent Comments

Archives

Categories

Meta