Cisco 4402 WLC configuration issue

Network-Drawing-for-WLC-New.tifHi,
I am configuring Cisco 4400 series Wireless Lan Controller model AIR-WLC4402-25-K9 V01 with following software detail.

Product Version:                            7.0.235.0
RTOS Version:                                7.0.235.0
Boot Loader Version:                   4.1.171.0
Emergency Image Version:         7.0.235.0
The problem that I am facing after the configuration is that from WLC I am unable to get an ICMP reply from AP manger port that is a part of same network.
Please find below configuration details:
1. Service port is completely on a different network with the IP address 192.168.100.1/24 and it’s not patched inn to our network I connect my laptop to access WLC using web interface.
2. It is also a non routable IP.
3. The Management and AP manager Interfaces are on a same network with following IP addresses.
4. Management Interface IP   10.30.0.20 /16.
5.  AP Manager IP: 10.30.0.21/16 and the VLANS are untagged.
6. WLC on both end (i.e. are connected using GLC connectors and are also trunk port on the switch.
7. One thing that I observed during the CLI configuration wizard was bit strange as Cisco documentation and Videos clearly showed this option:
‘’AP Transport Mode [Layer2][Layer3]:
But during configuration wizard on our WLC it didn’t appear, can someone guide me that how can I enable that feature on WLC.
Please find below network diagram as well.
abdullahjamaliAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
You can't ping the ap-manager address j that's by design.

The layer2  and layer3 option isn't available in v7 code.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
abdullahjamaliAuthor Commented:
Hi Craig,

Thanks for your solution, I have tried that and downgraded the software from 7.0 to 4.1 and Layer 3 option has now enabled and I've configured it but still my access points are unable to receive IP from dhcp server. The access points are connected to 3750 PoE switch who's uplink is configured as a trunk port and allowing all untagged traffic between AP manager port and switch, please consult with network design diagram that is attached with the question.

I've configured everything exactly in a same way as it's shwon in cisco documentations a part from IP addressing scheme, the model of access points is CISCO AIR-LAP1131AG-E-K9. If I bypass AP manager port and plugged in a direct connection from my core network to PoE switch then Access points will receive IP address from DHCP but they are not stable as they keep rebooting automatically, by doing this the whole point of having WLC will be wasted as the client will not have stable connectivity when they are moving between the floors.
0
Craig BeckCommented:
You don't need to use Layer-3 to get the APs to obtain an IP address.  I'd stay with v7 code on the WLC.

Your problem is in the way you have it all connected.  The switch that the APs connect to should be able to see BOTH the management and ap-manager interfaces.  This is why these two interfaces are on the same subnet.

Connect the AP switch and the ap-manager interface to the same switch as the PCs in the image and it will work.
0
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

abdullahjamaliAuthor Commented:
Hi Craig,

Thanks for your quick reply, As per your advice I've connected AP manager port and PoE switch to our main network switch where dhcp server resides and Management interface of WLC is also connected to that switch. I have changed AP transport mode from Layer3 to Layer2 but still AP's are keep rebooting after getting IP from dhcp server, should I have to upgrade WLC software back to version 7 ?? I've also configured IP helper-address 10.30.0.3 (dhcp server address) command on the switch as well the access points are still frequesntly rebooting.
0
abdullahjamaliAuthor Commented:
If I check on WLC under wireless tab and then under AP's it will show me AP for a short while but when I click on that it come up with and error ''Cell ID7 doesn't exist on the system anymore''. It's keep rebooting after every 10-15 seconds.
0
Craig BeckCommented:
I would upgrade back to v7 code.  The problem you have now is that you may not be able to directly upgrade to v7 without going to v5 first.

The APs are rebooting because they can't see the WLC.  They're not learning the WLC IP address.  You don't need an IP helper address for this as they're on the same VLAN as the DHCP server - you just need to configure DHCP option 43 to point the APs to the WLC management IP.
0
abdullahjamaliAuthor Commented:
Hi Craig,

I have configured option 43 on our dhcp server but still access points are rebooting, first I configured vendor class and where I got example of cisco Airespace (1200 series AP but I got 1131) then I configured option 43 and tested but it didn't work then I configured only option 43 on my dhcp server under server option and here I've setup hex value of my management interface IP.

Please confirm me about option 43 that should I have to configure vendor class first and the option 43 or just option 43 only and no vendor class as I have tried both methods.
0
Craig BeckCommented:
Can you reboot the WLC and try again?
0
abdullahjamaliAuthor Commented:
Didn't worked even after a reboot, now I am planning to rollback WLC to version 7 and then I will try again.
0
abdullahjamaliAuthor Commented:
I've just reboot WLC, Switch and AP's and after I can see on my DCHP that the IP has now assigned to AP's but I can't see them on WLC>> Wireless> All AP's, but I can ping them from my LAN without any problem. If I check controller>>> interfaces I can't see AP manager interface there anymore.

The Status indication light on AP's is keep changing it's colour sometimes it's geen and sometimes it's red, I don't understand why it's happening even after getting IP.

Currently The management port and AP manager port of WLC and PoE switch of AP's they all are connected to our core network but I am unable to get back a reply from AP manager's IP and virtual IP that is 1.1.1.1 (even from PoE switch).

So far I haven't rollback version 7.
0
Craig BeckCommented:
The APs should broadcast to find the address of the WLC.  If they're on the same IP range as the management interface on the WLC they'll see it.

The LEDs will change colour while the AP is doing different things.  It sounds to me like the AP is in discovery mode but can't find the WLC, so I'd guess that they're not on the same subnet as the WLC management interface.  If they're not you need to use DNS or DHCP option 43.
0
abdullahjamaliAuthor Commented:
The IP address of management interface, AP manager and PoW switch is of from same network and they are:

Management Interface IP: 192.168.10.44/24
AP Manager IP: 192.168.10.45/24  (after the configuration of option 43 I cant see this port any more)
PoE Switch IP: 192.168.10.46/24
AP1 IP:  192.168.10.66/24
AP2 IP: 192.168.10.68/24
AP3 IP: 192.168.10.78/24
AP4 IP: 192.168.10.79/24
AP5 IP: 192.168.10.82/24

From switch I can ping Default Gateway, DHCP server, Management interface ip all AP's and same is from WLC, since I have configured option 43 on the server the AP's are stable with IP addresses but still they are discoverying something. I can ping AP's but I can't see them on WLC>>> Wireless>>>> AP's option and since after option 43 configuration I can't see AP Manager interface anymore under controllers>>>>>interfaces options, I can see there management port, service port and virtual port with 1.1.1.1 IP.

I've just console into AP's and they are waiting to resolve name lookup of Wireless LAN Controller as currently they can't.
0
Craig BeckCommented:
The ap-manager interface has disappeared because you changed the transport mode to Layer2.  You only need a static ap-manager interface if you're using Layer3 mode.

Install v7 code on the WLC again, cable it up as I explained earlier and it will work.
0
abdullahjamaliAuthor Commented:
I will upgrade to version 5,6 and then 7 tomorrow morning, will that fix the name resolution issue as I can't see anything option on WLC (version 4) to add DNS entries.
0
Craig BeckCommented:
Name resolution is just one method that the AP uses to learn the IP of the WLC.  DHCP can also be used, or subnet broadcast if the AP and WLC management interface are on the same subnet/VLAN.  As everything is on the same subnet you don't need DNS or DHCP to make it work, but the AP will still try.
0
abdullahjamaliAuthor Commented:
Hi Craig,

I have upgraded software on WLC from 4 to 7 and now I can see AP Manager Interface on my network and AP's are also trying to establish connection with controller but some how they are fail, please find attached snapshots of AP's error msgs (no longer name resolution issue), WLC controller general config and AP's settings that I can see on WLC when AP's eastablished connection after first reboot.

At the moment all connections are patched into our core network and I can ping PoE Switch,WLC and AP's from each others but still AP's are not stable.
AP-console-error-msgs-after-upgrade-to-V
AP-settings.png
WLC-controller-General-settings.png
0
Craig BeckCommented:
It looks like the Ethernet link is dropping from the AP.

Can you configure HyperTerminal to log to a file then capture the AP's log from boot to the point where it attempts to obtain an IP address for the SECOND time?

The APs don't have the correct version of code on them.  In the AP-settings image you can see the Operational Status is 'Downloading' and the version is 6.0.196.0.  This means they still need to download the correct version of code before they'll remain connected to the WLC anyway to service clients.
1
abdullahjamaliAuthor Commented:
Do we have to update software on AP's manully by ourselves or should we have to make changes on WLC, the AP's are listening onto AP manager port rather then Management port.
0
Craig BeckCommented:
Do you have the management port and the ap-manager port on the same switch, on the same VLAN?
0
abdullahjamaliAuthor Commented:
Yes they all are now on same VLAN and same switch.
0
Craig BeckCommented:
Are you sure the cabling to the APs is good?  I'm wondering why the one in the log you sent keeps saying its link is down.
0
abdullahjamaliAuthor Commented:
I've tested them by continuously pinging for whole day from server and not even a single packet dropped, I will double check cabling again.
0
abdullahjamaliAuthor Commented:
Hi Craig, I have checked the cabling again and everything is patched according to your instructions.
0
Craig BeckCommented:
Ok.  Can you configure HyperTerminal to log to a file then capture the AP's log from boot to the point where it attempts to obtain an IP address for the SECOND time please?
0
abdullahjamaliAuthor Commented:
Hi Craig, I am on another site but I will do this first thing tomorrow morning and post the results. Thanks.
0
abdullahjamaliAuthor Commented:
Hi Craig,

Please find attached requested logs from AP's, there are 2 files one contains logs before rebooting AP and one is of after reboot. The status is same I can ping all devices to and from my network even AP's are not dropping ping reply's while rebooting (I don't understand how's that possible).

Please also find snapshot of ping reply's from AP where you can see after 10-12 packets the response time increases to 100ms+ comparing to <1 or =1ms and I think that is the point when AP resend joining request to WLC or AP reset itself to go for discovery after refusel.
AP-Logs-File-1.txt
Logs-after-reboot-AP.txt
AP-Ping-reply-s.png
0
Craig BeckCommented:
The status is same I can ping all devices to and from my network even AP's are not dropping ping reply's while rebooting (I don't understand how's that possible)
You need to find out why...
0
abdullahjamaliAuthor Commented:
I dont understand that...... that's why I raise this question.

As it looks like to me that after getting IP from dhcp it just restart joining request to WLC to refresh the process and it's not completeing rebooting AP.
0
Craig BeckCommented:
That's not why you raised this question.  You asked why you couldn't change layer-2 or layer-3 mode, and why you couldn't ping the ap-manager interface.  Both questions were answered.

You say you can still ping the IP of an AP when you reboot it, so you obviously have other devices on the network with the same IP address.  That's 99.9% the reason why your APs aren't connecting to the WLC.

So, YOU need to find out why there are other devices on the network with the same IP as the APs.
0
abdullahjamaliAuthor Commented:
Hi Craig,

I have checked on my network and none of the other devices picked up/manually configured with same IP's, anyway I am raising new question please answer that one.

Thanks for your help.
DHCP-Lease-snapshot.png
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.