Solved

Cisco catalyst 3850 switch wireless controller configurations

Posted on 2014-10-17
57
2,809 Views
Last Modified: 2014-11-14
Hi experts ,

I'm stuck on a  Cisco problem...

I'm trying to do the simple but I'm not getting it right.
the switch comes with an integrated wireless controller and this can be configured via command line or GUI interface.  We use a normal ADSL that provides dhcp and since this is a layer 2 and layer 3 switch, I've enabled IP routing.  

AP's  are connect to switch port mode access ports and some other AP's are connect on 2960 s switches but all are stack.  

Licenses are all verified and country codes are set, etc.

do you guys perhaps have a link where one can see how to configure the the controller on this switch and connect it to the AP's.  It Seems like no discovery's taking place her.

I've enable the ap cpd,  set mobility controller, etc but I still can't see any AP on  my side.

note,  I've also setup vlans...  and all AP's are on the wireless vlans

Thanx
0
Comment
Question by:salt-eit
  • 29
  • 15
  • 13
57 Comments
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40386619
normal ADSL that provides dhcp
Did you create interface VLAN <x> and set ip address and helper IP address if it is needed for wirelles VLAN and in DHCP set it as default gateway?
Just to eliminate problem with VLAN.
Maybe to copy your VLAN configuration.
0
 

Author Comment

by:salt-eit
ID: 40386684
here are my configs.. thanx
inter vlan has been created too
configs.txt
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40386745
Is your dhcp server capable of leasing 2 or more IP address ranges, since it is ADSL ?
And I don't see any default route configured.

I don't see that you have configured POE on ports (if this is POE model).

command is under interface
interface GigabitEthernet1/0/45
power inline {auto [max max-wattage] | never | static [max max-wattage]}

and please remove crypto pki certificate from config
and which is wireless VLAN?
0
 

Author Comment

by:salt-eit
ID: 40386771
it's a POE model...  will configure it.

The ADSL, I'll have to see, why would it be necessary and if not,  does this mean my switch should also be playing the DHCP role or only the switch?

default route,  why would this be necessary?
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40386793
Since it is not flat network (just one VLAN) you need default route, switch needs to know which network is exit from your network to internet.
I guess that L3 Switch is far more better for DHCP than DHCP device.
Default gateway is L2 thing, you need L3 route.
ip route 0.0.0.0 0.0.0.0 x.x.x.x (next-hop address - probably your ADSL IP address)
And  while it is same VLAN you usually don't need ip helper-address
ip address 192.168.178.3 255.255.255.0
ip helper-address 192.168.178.1
0
 

Author Comment

by:salt-eit
ID: 40386874
thanx,  we'll probably have the server playing the DHCP role later.... but, for now the switch will handle.  Sorry,  I'm just try to gather as much info as possible before configuring again.

my bad on the helper... but still seems like I can't see any of the 8 AP's.
confusion comes to play when setting the management vlan,  wireless vlan and the vlan on the controller side....  what IP should be broadcast to the AP's.


one get's the wireless mobility controller IP...  what IP goes here?
and,  should the controller be set to agent or controller mode?

what should be the controller management IP and does this differ from the switch's vlan 1 management interface.  


one also get's tftp on a certain interface with and a IP....  this can than be used to access the GUI.  if it changes away from TFTP. web access become inaccessible


don't you have something like and example site with configs.
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40387351
First get your configuration work, then care about Wireless. Otherwise you will probably try to solver problems that don't exist.
First things first.
And what is your AP model.
0
 

Author Comment

by:salt-eit
ID: 40387443
Cool,
Ap model
Cisco Wireless AIR-CAP1602I-E-K9
0
 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 250 total points
ID: 40388702
0
 

Author Comment

by:salt-eit
ID: 40388717
thanx,  quick questions...

scenario 1
let's say the adsl was handling DHCP and if I connect it to the main switch, it a hands out IP's to every device that connects on the switch. And,  the main switch have vlans cofigured on it, etc...  for example vlan 100 for data and vlan 101 for wireless.

other switches are connected via trunk ports but  If i do connect any other laptop/pc to those switches,  they aren't getting any IP's...  vtp modes for all switches are set to transparent and the vlan ports were configured manually.

How would you make it possible for IP's to be assigned when plugging into other switches?


steps?

switch set to ip routing; default router  0.0.0.0 0.0.0.0 ADSL ip;
interface vlans for both have an ip helper of the ADSL ip

But,  none of this goes over to the other switches
0
 

Author Comment

by:salt-eit
ID: 40388723
scenario 2..


turn of DHCP on the ADSL router...

setup dhcp on the main switch with the following but no IP's are also given out still....  

ip dhcp pool vlan100 ( data)
network...  vlan interface network 0/24
default router-  ????? this was set to the vlan interface  ip addresss.
no dns,  etc if needed, I'll set it to 8.8.8.8

ip dhcp exclusion list was set.

then a second pool was created,
ip dhcp pool vlan101(wireless)
all basic were set similar to vlan100,  just different IP's

ip default-gateway ADSL IP ( should the port where the ADSL connects)

the port where adls connects where set to this:
no switch port
exit, no shut,  etc

routing 0.0.0.0 0.0.0.0 (should it still be the ADSL router).

ip routing was set,  


now,  when I plug something it...  nothing happens,  that means my AP's are also not getting IP's.

thanx
0
 

Author Comment

by:salt-eit
ID: 40388868
Thanx for the links but the problem now doesn't sit with the access points,  they are usually like plug and play devices...  the problem sits with cisco catalyst 3850 switch wireless controller....

how to configure the controller  as MC,  how to make it communicate with my access points.
How does capwap interface work,  etc...
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40388873
0
 

Author Comment

by:salt-eit
ID: 40389896
thanx, quick question....

if dhcp goes to my layer 3 switch... enabling ip routing, etc.

let put it this way... we have 3 switches,

2 are stacked and they connect to the core switch
now...

if the core switch plays the DHCP role and I'm only going to describe two vlans now...
adsl router ip is 192.168.178., DHCP off

let say vlan 1 have ip 192.168.1.1/24
vlan 2- 192.168.2.1/24
service dhcp enabled

now,  
ip dhcp pool vlan1
network  192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns 192.168.178.1

exclud- .1- .30

ip dhcp pool vlan2
network  192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns 192.168.178.1

exclusion is the same as vlan 1's ....


now...  from the core switch where the adsl's connected?  how do I ping 192.168.178.1 (ADSL router),
from my testing,  I figured that that port should be set to no switchport and given an IP that's in the same range as the ADSL, I've set it to 192.168.178.2....  then I could ping it. But,  this sounds wrong.


from the other 2 stacked switches....  one can't ping the ADSL ip,  even if there's a static route on it.

what am I missing here?  this means my users won't be able to access the internet?

thanx for your feedback so far
0
 

Author Comment

by:salt-eit
ID: 40389902
oh,  where does IP helper fit in the last comment,  is it still necessary
0
 

Author Comment

by:salt-eit
ID: 40389984
okay,  I configured it as explained in my second comment...

but,  the interface where the adsl (fritzbox) is connecting to, I've set it to switchport and gave it an IP which is in the same range as the ADSL.
now I can ping the ADSL,  ( ICMP but I can't log into it via the web)...

based on the configs...  I do get an IP now with the dns of the adsl, but I can't ping out to the web....  8.8.8.8
from the switch,  I can ping out with no error.

see my configs attached
configs.txt
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390027
For DHCP to work you need to create loopback interface

interface loopback 0
ip address 10.1.1.1 255.255.255.255 (or whatever you want)

and under VLAN interfaces you need to add that address as ip helepr-address
and DHCP will work

interface vlan 100
ip address 10.9.8.1 255.255.255.0
ip helper-address 10.1.1.1

and any other vlan interface that need DHCP :)

And  one more question... do you need just one VLAN on AP?

remove
ip default-gateway 192.168.178.1

what is output of your
show ip route command

I've set it to 192.168.178.2....  then I could ping it. But,  this sounds wrong.
It's OK. That's the way it should be.
0
 

Author Comment

by:salt-eit
ID: 40390048
But dhcp does work....  Based on my settings.  In the previous comment.  Why do I need the loop back interface.  Without the helper address.  The machine are getting ip's but in still can browse to the Internet.  Would u need nat  translation?
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390057
OK, I miss that that DHCP works... :)
I used to create loopback interface for this...
Your ADSL router don't know where you other networks are.
You can create static routes to L3 router for each network on ADSL router
ip route 10.9.8.0 255.255.255.0 192.168.178.2
ip route 10.9.9.0 255.255.255.0 192.168.178.2
0
 

Author Comment

by:salt-eit
ID: 40390060
Okay will test it
0
 

Author Comment

by:salt-eit
ID: 40390069
Oh on the client machines

I have the following up info:
ip v4: 10.9.8.51
gateway: 10.9.8.1
dns 192.168.178.1  and 8.8.8.8

On the router I can't ping the adsl/dns ip unless I set that port to no switchport and give an IP in the same range as the adsl
I'll try the routing.... Cool
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390077
On the router I can't ping the adsl/dns ip unless I set that port to no switchport and give an IP in the same range as the adsl
I told you, that's the way that supposed to be.
:)
Otherwise router don't know to what interface send ping, or ADSL router don't know where from ping came from to send it back.
0
 

Author Comment

by:salt-eit
ID: 40390121
Just a quick throwback....
If the adsl was doing dns and stuff no vlans  were configured on either switch.  
But one only gets internet when connected to the core switch, where adsl's on...

How would one then get internet to the other switches...?
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 40390132
You don't need a loopback interface for DHCP to work - that's just not right at all.  DHCP is sourced from the client and the DHCP server sends an IP from the relevant scope based on what info was in the DHCP request.  Similarly, pings, etc, use standard routing to determine which interface to send a response out of.

You can also source traffic from the switch itself to any interface you choose.  You don't HAVE to use a Loopback interface.

This will get you going with a basic overview of how to configure the switch and get some wireless working...

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/deployment_guide_c07-727067.html#_Toc350855362

Also I noticed in your config that you're enabling WPA1 with TKIP and AES but only allowing WPA2 to use TKIP.  This will cause at least 2 problems for you...

1] Clients won't be able to achieve 802.11n data-rates, so 54Mbps will be the maximum PHY rate.
2] Some clients may experience compatibility issues as AES was never meant to be used with WPA1.

You should only use WPA1 with TKIP and WPA2 with AES.  If you require 802.11n data-rates you must use only WPA2 with AES - WPA1 with TKIP or AES doesn't support 802.11n data-rates.
0
 

Author Comment

by:salt-eit
ID: 40390144
For now... I'll put all management  interfaces on the same range as the adsl and then I'll do configs on another day.
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390150
There's always VLANs, in your case it is native VLAN 1 - no tags, and that's flat network.
Then you don't need trunks between switches, you can set all your switches to VLAN 1 and access port to connect switches.

But, I myself would not like that solution, because, since you have wireless, sooner or later, you will have to create separate WLAN for guest for security.

(that's if I good understood question)
0
 

Author Comment

by:salt-eit
ID: 40390178
Cool....  Just quickly want to setup the wifi side  before I go into the switch.  Flat network
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390186
In that case you can turn of ip routing (if all ports will be in vlan 1). You don't need it.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 45

Expert Comment

by:Craig Beck
ID: 40390192
With everything on the same VLAN you don't need an IP helper for DHCP to work from the ADSL box.
0
 

Author Comment

by:salt-eit
ID: 40390201
Thanx guys... This will only be temporary
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390291
You don't need a loopback interface for DHCP to work - that's just not right at all.  DHCP is sourced from the client and the DHCP server sends an IP from the relevant scope based on what info was in the DHCP request.  Similarly, pings, etc, use standard routing to determine which interface to send a response out of.

You can also source traffic from the switch itself to any interface you choose.  You don't HAVE to use a Loopback interface.

I don't have L3 switch at my disposal, and in Cisco packet tracer DHCP won't work if there is no loopback interface, and under vlan interface and defined ip helper-address, but probably reason for that is that this is only simulator for L3 switch. That's the reason why somewhere along the way I used to create loopback interface on L3 switch so hosts in VLAN can get ip addresses. Soon I'll try on real L3 switch and see if it's work without loopback interface. :)

It is definitely Packet tracer issue, and I found workaround for problem what many on internet wonder why DHCP not work. :)
OK, thanks for info it means a lot to me, wrong learned thing are hardest to correct.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40390700
Think about a layer2 switch.  You can run DHCP on a L2 switch.  That instantly tells you that you don't need neither routing nor a loopback interface.

I've never ever seen PT needing a loopback to allow DHCP server functions to work.  I think maybe you're needing a loopback because you're assuming that you need an IP helper to be configured??  Take a look here... no loopback...

http://chennaicisco.blogspot.co.uk/2013/10/how-to-configure-dhcp-in-cisco-router.html

@salt-eit... sorry for hijacking your thread :-)
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40390762
My bad.
I found where was my problem.
I forgot about STP, and I was impatient to wait 30 seconds on multilayer switch, and took it for granted.
Just in this case I created loopback on L3 switch, not on router. On router STP always did his job, I gave it enough time while work something other.

:)

Thank you very much.
0
 

Author Comment

by:salt-eit
ID: 40391832
@craigbeck,  no problem...

Note, I didn't bail on you guys, I'm just going through a few testing via Packet tracer and reading on the Mobility controller ( Capwap).

@Predrag Jovic,  Try Packet tracer version  6.1
0
 

Author Comment

by:salt-eit
ID: 40396953
Hi Experts,

I'm back... sorry for the delay though  

On the wifi  and mobility controller side,

most would say " You have to remember that all your AP should be configured with same vlan access port where you configured for wireless management, otherwise AP won’t join"


in my scenario,  how would this fit in?  Note,  I've manage to get 4 AP's registered and Four are missing but,  I also do get some errors:

Let's do it this way...

with these switches,  there's usually also a controller interface ( G0/0) which can be configured for GUI use, web access.
One should also enable the mobility features for wireless feature to work.

let's do it this way,

Vlan101 ( wireless vlan) have the IP of 192.168.1.1

AP's interface are configure as follow:
switchport mode access
power inline static
switchport mode vlan101
port-fast
no shut

dhcp setting are:

pool vlan101
network 192.168.1.0/24
default-gateway 192.168.1.1 ( vlan interface)
DNS- 8.8.8.8

exclusion 192.168.1.1 192.168.1.10
service DHCP enable...

now, if the management interface is in a different subnet ( 192.168.2.1) and I should advertise this IP to  my AP's,  what should the IP helper be under my vlan interface or won't it be necessary?

the wireless mobility  controller ip set to vlan 101

errors  I get with my AP's on CAPWAP protocol:

Oct 22 15:53:31.537: *spamApTask1: 1 wcm:  %LOG-3-Q_IND: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
*Oct 22 15:53:31.537: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f4f2.3380 , VLAN (1) scrIp (192.168.178.28) dstIp(255.255.255.255), could not get wireless interface belonging to this network

According to this error, it got an IP from the ADSL, I'll still move that to the switch and see what happs

here are some of the other errors:  I'll log into the AP's configure the country codes....  Let me know if you guys have experienced some of these problems

*Oct 22 15:53:34.015: *spamApTask0: 1 wcm:  %LWAPP-3-RD_ERR8: Country code (ZA ) not configured for AP dc:a5:f4:43:ca:00
*Oct 22 15:53:34.016: *spamApTask0: 1 wcm:  %LOG-3-Q_IND: Country code (ZA ) not configured for AP dc:a5:f4:43:ca:00[...It occurred 2 times.!]
*Oct 22 15:53:34.016: *spamApTask0: 1 wcm:  %LWAPP-3-RD_ERR4: Invalid regulatory domain 802.11bg:-A     802.11a:-A for AP dc:a5:f4:43:ca:00
*Oct 22 15:53:34.018: *spamApTask0: 1 wcm:  %CAPWAP-3-POST_DECODE_ERR: Post decode processing failed for Config status from AP dca5.f443.ca00
*Oct 22 15:53:34.030: %LINK-3-UPDOWN: Interface Capwap0, changed state to up
*Oct 22 15:53:34.034: *spamReceiveTask: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Configuration Update Request) and state (CAPWAP Join Response) combination
*Oct 22 15:53:34.041:  Warning: Modification to policy defportangn on wired port is unrecommended, please remove and reapply if unexpected behavior is seen
*Oct 22 15:53:34.063: *qosSvcTask: 1 wcm:  %SPI-3-QOS_INSTALL_RADIO_POLICY: ERROR: AP DCA5.F443.CA00 Radio policy def-11gn Slot 0 install failed


Note,  I've used the Ip protocol forwarding udp and ip helper method
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40396994
now, if the management interface is in a different subnet ( 192.168.2.1) and I should advertise this IP to  my AP's,  what should the IP helper be under my vlan interface or won't it be necessary?
You don't need an IP helper to get APs to join a WLC.  For this to happen in a L3 scenario you need to use either...

1] Static controller IP configured on the AP
2] DHCP option 43 configured with WLC management IP
3] DNS entry for "CISCO-CAPWAP-CONTROLLER" pointing to WLC management IP
0
 

Author Comment

by:salt-eit
ID: 40397009
Okay I'm using the options of udp ports...
How do one get the controller interface up.  Even though I set the ip and no shut,  I still can't ping it from the switch.
I'll try dhcp option 43 or dns
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40397078
You configure a VLAN on the switch and use the wireless management interface vlan x command to tell the WLC which interface to use for management traffic.

Let's say your WLC management VLAN is 101 and your AP VLAN is 102.  On the switch you'd use this...

wireless mobility controller
wireless management interface vlan 101
!
interface Vlan101
 description WLAN Managment
 ip address 192.168.1.1 255.255.255.0
 no shutdown
!
interface Vlan102
 description AP VLAN
 ip address 192.168.2.1 255.255.255.0
 no shutdown
!
ip dhcp pool WLAN_MGMT
 network 192.168.1.0 /24
 default-router 192.168.1.1
 dns-server 8.8.8.8
!
ip dhcp pool AP
 network 192.168.2.0 /24
 default-router 192.168.2.1
 dns-server 8.8.8.8
 option 43 ascii f104c0a80101
!

Open in new window



That would get you started, and APs joining.  Have a look at the link I posted, it contains full configs for a MC and a MA.
0
 

Author Comment

by:salt-eit
ID: 40397227
okay,  I did those configs....  Oh,  and thanx for your link,  can't believe I missed it.

I just had a little blackout moment... I've just complicated things for myself and only now I understand what the AP's were trying to do when they couldn't find the controller.

"management wlan....   and wireless controller IP address,  which is GIG0/0"

firstly,  I would go around and put an IP on interface G0/0,  thinking that it should be the controller IP and that's the only way to access the switch via the web and manage the AP's.

Forgot about  my IP on vlan 1 can be used for web access.

Now,  after setting the IP on G0/0...  I still couldn't ping it,  even though the interface shows up. This IP was then used to as the ip helper address...  my bad.


wlan managment IP was wet on vlan101 and I had no vlan or IP for the controller itself in that vlan, my bad.

I still think my UDP approach will work,  thanx...  will check the link.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40397581
The UDP approach won't work - that's why Cisco created the DHCP Option 43 approach, and the DNS approach.

GigabitEthernet0/0 is the switch management interface.  It is used for out-of-band management of the switch.  It is in a VRF so you can't use it for real traffic on the switch, therefore you'll never ever get an AP to join the WLC using that IP address.
0
 

Author Comment

by:salt-eit
ID: 40397595
once the SSID stuff has been set, how do one make this broadcast and set a password for this WIFI

https://www.youtube.com/watch?v=pKEiPCLO3Qk

okay I'll try DHCP option 43 or DNS
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40397642
To broadcast an SSID you need to use the broadcast-ssid command...

wlan Sacu
 broadcast-ssid

Open in new window

0
 

Author Comment

by:salt-eit
ID: 40397815
quick follow up...

with the dns method...  there are only two commands needed.

ip domai-name cisco-capwapp-controller.domain
and
ip host cisco-capwapp-controller.domain

I get the errors below when enabling logging,  what could be missing

Oct 22 21:12:07.371: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f443.c820 , VLAN (101) scrIp (10.9.9.216) dstIp(255.255.255.255), could not get wireless interface belonging to this network

Oct 22 21:14:50.654: *spamApTask1: 1 wcm:  %CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: Unable to process discovery request from AP dca5.f4f2.3380 , VLAN (101) scrIp (10.9.9.233) dstIp(255.255.255.255), could not get wireless interface belonging to this network
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40397829
You need to create a host record on your DNS server to use the DNS method.  You have a DHCP scope on your switch so option 43 is the obvious and most practical choice.
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40397831
The APs need to be connected to access mode switchports in the same VLAN!

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080c16223.shtml

APs need to be on the same vlan where you configure the wireless management on 3850.

Converged Access Controller/ NGWC AP Join Issue Troubleshoot with Traces

Common Reasons for AP Join Failure (from link above)

This section describes common causes of AP join failure.

Problem 1: The AP on the Catalyst 3850 Series Switch is not in the wireless management VLAN.

 #show run interface gig1/0/22

interface GigabitEthernet1/0/22
 description AP
 switchport access vlan 25
 switchport mode access

#show run | inc wireless

wireless mobility controller
wireless management interface Vlan1104

#show log

*%CAPWAP-3-DISC_WIRELESS_INTERFACE_ERR1: 1 wcm:  Unable to process discovery
request from AP 0019.0737.f630 , VLAN (25) scrIp (10.10.25.13) dstIp
(255.255.255.255), could not get wireless interface belonging to this network

 The AP is in VLAN 25, and there is no wireless management interface configuration for VLAN 25.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40397906
That is very true.  Connecting to a MC requires the AP to be on the same VLAN as the wireless management VLAN.
0
 

Author Comment

by:salt-eit
ID: 40398091
Thanx...
now that it's in the same vlan,  it only sees the AP's directly connected to the switch but I'll troubleshoot further.

ct 22 22:20:20.973: *spamApTask1: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
*Oct 22 22:20:21.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap1, changed state to up
*Oct 22 22:20:29.814: %LINEPROTO-5-UPDOWN: Line protocol on Interface Capwap0, changed state to down
*Oct 22 22:20:29.980: *spamApTask0: 1 wcm:  %CAPWAP-3-INVALID_STATE_EVENT: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination[...It occurred 2 times/sec!.]
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40398135
You can only terminate APs on a 3850 or a 3650 where MC is a 3x50.  If you connect an AP to a different switch it must be configured as a MC or MA, otherwise you need a non-CA WLC such as the 5508 for APs connected to a non-CA switch.
0
 

Author Comment

by:salt-eit
ID: 40398647
@craigbeck,

In my environment, I have 8 AP's,  and 4 switches... Ap's are spread equally all over these switches but are in the same vlan101.

3850 is my MC and its interface is now in the same vlan as the AP's...  vlan101, strange that 3850 only sees the AP 's directly connected to it.  I'll do research on the join problem. I think I'll start manually configuring the AP's priority

note,  the broadcast command didn't do any changes
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40398746
What are your other switches?  They too must be either 3850 or 3650 - you can't terminate APs on a non-CA switch when MC is a 3x50.
0
 

Author Comment

by:salt-eit
ID: 40399390
2960 s they are all in the same vlan as the management interface (WLC)
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40399563
No that won't work.  You'll need to use a 5508 or 2504 (for example) instead of a 3850 as a WLC if you use 2960 switches.

https://supportforums.cisco.com/discussion/11916031/access-points-joining-3850-next-generation-switches
0
 

Author Comment

by:salt-eit
ID: 40405897
Hi Guys,  thanx for all thee assist and time...

I really appreciated and you guys have brought out the cisco mojo within me.

The wireless is working now, a few AP's were connected to my 3850 switch where the controller is and the other AP's were left connected on the 2960 switches.  All AP's are in the same vlan and the works fine.
0
 

Author Comment

by:salt-eit
ID: 40415595
Hi guys...  is there a command that one can use to see the wireless key?
Is it possible to remove vlans from vtp version primary server. ( switch acting as primary)
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40415605
On the client or switch?

On the switch you can't generally view the key once you've entered it, although depending on the way the key is hashed on the switch in the CLI you may be able to decode it using a Cisco 7 password decrypter (just search for one in a search engine - there are hundreds).
0
 

Author Comment

by:salt-eit
ID: 40415631
just on the switch but thanx.... sorry I found it in the config,  my bad.

"can't remove vlans from a switch in primary server mode"

vtp is mode sever....

if my vtp primary are set for vlans and mst....  how do one go afterwards and removed unnecessary vlans
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40415744
Set vtp to transparent mode. :)
And then remove VLANs.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now