WLC01#show ip int brie Interface IP-Address OK? Method Status Protocol GigabitEthernet1 unassigned YES unset up up GigabitEthernet2 unassigned YES unset up up GigabitEthernet3 192.168.10.182 YES NVRAM up up Loopback10 1.1.1.1 YES TFTP up up Port-channel1 unassigned YES unset up up Vlan1 unassigned YES NVRAM up up Vlan100 192.168.100.182 YES NVRAM up up Vlan110 192.168.110.254 YES NVRAM up up Vlan120 192.168.120.254 YES NVRAM up up Vlan130 192.168.130.254 YES NVRAM up up WLC01#
10. Client 에서 TEST01를 접속하고 IP주소를 확 합니다.
11. WLC에서 DHCP Binding 확인
WLC01#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type State Interface Hardware address/ User name 192.168.110.11 0056.6c31.3130 Mar 01 2025 12:48 PM Automatic Selecting Vlan110 WLC01#
지금까지 [C9800CL][#14]- DHCP - WLC Internal DHCP - option 5 글을 읽어주셔서 감사합니다.
Security -> Layter2 -> None를 설정해서 SSID 패스워드 없이 접속 가능 하게 합니다.
테스트 용도이기 때문에 이렇게 설정합니다.
그리고 Save버튼을 클릭 합니다.
4. VLAN 설정
Configuration -> Layer2 -> VLAN
Add버튼을 클릭 합니다.
4. Policy 설정
아래처럼 설정합니다.
아래처럼 VLAN를 설정하고 나머지를 디폴트 값으로 두고 SAVE버튼을 클릭 합니다.
5. TAG설정 - POLICY
Name: TEST01-POLICY-TAG
WLAN: TEST01
PLOICY: TEST01_POLICY
6. TAG 설정 - SITE
Name: TEST_SITE_TAG
아래처럼 설정 합니다.
6. AP에 TAG 설정
7. 설정값을 적용하면 AP가 재부팅이 됩니다.
8. DC SWITCH에서 DHCP 설정
DHCP ip dhcp excluded-address 192.168.110.1 192.168.110.230 ! ip dhcp pool VL110 network 192.168.110.0 255.255.255.0 default-router 192.168.110.1 dns-server 8.8.8.8 ! VLAN 110 ! Int vlan 110 ip add 192.168.110.1 255.255.255.0 no shutdown
9. DHCP Binding 확인
SW01#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type State Interface Hardware address/ User name SW01#
10. Client 에서 TEST01를 접속하고 IP주소를 확 합니다.
11. DC BackBone Swtich에서 DHCP Binding 확인
SW01#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type State Interface Hardware address/ User name 192.168.110.239 011e.e792.411c.f0 Mar 02 2025 06:56 AM Automatic Active Vlan110 SW01#
SW01#ping 192.168.110.239 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.110.239, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/19/48 ms SW01#
지금까지 [C9800CL][#10]- DHCP Bridging - Option1 - BackBone SW DHCP 글을 읽어주셔서 감사합니다.
ip dhcp pool VLAN110 network 192.168.110.0 255.255.255.0 dns-server 8.8.8.8 default-router 192.168.110.254 !
IP주소를 Clinet에게 할당 하였습니다.
SW01#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type State Interface Hardware address/ User name 192.168.110.1 013e.6d3f.25af.12 Dec 27 2024 07:16 AM Automatic Active Vlan110 SW01#
오늘은 C9800에 Data Interface 2개를 Port Channel로 구성하는 방법에 대해서 알아보겠습니다.
WLC01: Gi3 - MGMT IP vrf MGMT
G1 and G2 - Portchannel 01로 묶고 Trunk 포트로 모든 VLAN를 허용 하게 설정 하겠습니다.
1. WLC GUI에 접속합니다.
Gi1/Gi2를 아래와 같이 설정합니다.
2. Port-channel를 설정합니다.
SW01(config)#int ra g1/0, gi0/3 SW01(config-if-range)#channel-group 1 mode on SW01(config)#int po 1 SW01(config-if)#sw tr en dot1q SW01(config-if)#sw mo trunk
Interface Status 확인
SW01#show int status
Port Name Status Vlan Duplex Speed Type Gi0/0 connected trunk auto auto unknown Gi0/1 connected trunk auto auto unknown Gi0/2 connected 100 auto auto unknown Gi0/3 connected trunk auto auto unknown Gi1/0 connected 1 auto auto unknown Gi1/1 connected 10 auto auto unknown Gi1/2 connected 20 auto auto unknown Gi1/3 connected 100 auto auto unknown Po1 connected trunk auto auto SW01#
테스트를 위해서 WLC 아래와 같이 설정 합니다.
VLAN 110
VLAN 120 VLAN 130
SVI 110 - 192.168.110.254
SVI 120 - 192.168.120.254
SVI 130 - 192.168.130.254
VLAN 110를 설정합니다. 그리고 아래 사진처럼 VLAN 120, VLAN 130도 설정 합니다.
VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0 10 VLAN0010 active Gi1/1 20 VLAN0020 active Gi1/2 30 VLAN0030 active 100 VLAN0100 active Gi0/2, Gi1/3 110 VLAN0110 active 120 VLAN0120 active 130 VLAN0130 active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup SW01#
SW01#show ip int brie Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/2 unassigned YES unset up up GigabitEthernet0/3 unassigned YES unset up up GigabitEthernet1/0 unassigned YES unset up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset up up GigabitEthernet1/3 unassigned YES unset up up Port-channel1 unassigned YES unset down down Vlan10 192.168.10.250 YES NVRAM administratively down down Vlan20 unassigned YES unset administratively down down Vlan100 192.168.100.179 YES NVRAM up up Vlan110 192.168.110.253 YES manual up up Vlan120 192.168.120.253 YES manual up up Vlan130 192.168.130.253 YES manual up up
ping test
SW01#ping 192.168.110.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.110.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms SW01#ping 192.168.120.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.120.254, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/6 ms SW01#ping 192.168.130.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.130.254, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms SW01#
SW01#show etherchannel summary Flags: D - down P - bundled in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use N - not in use, no aggregation f - failed to allocate aggregator
M - not in use, minimum links not met m - not in use, port not aggregated due to minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1 Number of aggregators: 1
Group Port-channel Protocol Ports ------+-------------+-----------+----------------------------------------------- 1 Po1(SU) - Gi0/3(P) Gi1/0(P)
지금까지 [C9800CL][#8]- Data Interface Redundancy - Port Channel 글을 읽어주셔서 감사합니다.
사용할 방법은 AP MAC주소를 WLC에 등록해서 허가된 AP MAC만 WLC에 등록 할 수 있습니다.
AP IP: DHCP Server로 부터 IP주소를 받아감. 192.168.200.X/24
AP GW: 192.168.200.181
WLC: 192.168.100.182 DHCP option43를 이용함.
1. Configuration -> Security -> AAA 클릭 합니다.
2. AAA Advanced -> AP Policy 에서 Authorized AP aginast MAC를 Enable하고 Apply를 클릭 합니다.
*** 만약에 Default값으로 아래 처럼 설정 안되어져 있으면 추가로 설정 합니다. ***
3. 현재 아래처럼 AP한대가 WLC에 등록 되어져 있습니다.
4. AP를 재부팅 합니다.
5. 약 5분후 - Monitoring -> Wireless -> AP statistics를 클릭해서 AP가 상태를 확인 합니다.
AP가 WLC에게 CAPWAP join request 메시지를 전송하지만 reponse패킷을 받지 못합니다.
그리고 CAPWAP state: DTLS Teardown이 되고, 다시 CAPWAP join request를 보냅니다. 이 과정을 반복합니다.
[*12/25/2024 05:57:51.4299] CAPWAP State: Join [*12/25/2024 05:57:51.6198] Sending Join request to 192.168.100.182 through port 5272, packet size 1376 [*12/25/2024 05:57:56.3783] Sending Join request to 192.168.100.182 through port 5272, packet size 1376 [*12/25/2024 05:58:01.0569] Sending Join request to 192.168.100.182 through port 5272, packet size 896
[*12/25/2024 05:58:48.1321] CAPWAP State: DTLS Teardown [*12/25/2024 05:58:48.3621] status 'upgrade.sh: Script called with args:[CANCEL]' [*12/25/2024 05:58:48.4121] do CANCEL, part2 is active part [*12/25/2024 05:58:48.4320] status 'upgrade.sh: Cleanup tmp files ...' [*12/25/2024 05:58:53.0506] dtls_queue_first: Nothing to extract! [*12/25/2024 05:58:53.0506] [*12/25/2024 05:58:53.5504] Discovery Response from 192.168.100.182 [*12/25/2024 05:59:04.0000] Started wait dtls timer (60 sec) [*12/25/2024 05:59:04.0099] [*12/25/2024 05:59:04.0099] CAPWAP State: DTLS Setup [*12/25/2024 05:59:04.1799] First connect to vWLC, accept vWLC by default [*12/25/2024 05:59:04.1799] [*12/25/2024 05:59:04.1799] dtls_verify_server_cert: vWLC is using SSC, returning 1 [*12/25/2024 05:59:04.2599] [*12/25/2024 05:59:04.2599] CAPWAP State: Join [*12/25/2024 05:59:04.4299] Sending Join request to 192.168.100.182 through port 5272, packet size 1376 [*12/25/2024 05:59:09.1284] Sending Join request to 192.168.100.182 through port 5272, packet size 1376
[*12/25/2024 06:20:28.8807] CAPWAP State: Discovery [*12/25/2024 06:20:28.8807] Got WLC address 192.168.100.182 from DHCP. [*12/25/2024 06:20:29.1006] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1) [*12/25/2024 06:20:29.3005] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*12/25/2024 06:20:29.3005] Discovery Response from 192.168.100.182 [*12/25/2024 06:20:39.0000] Started wait dtls timer (60 sec) [*12/25/2024 06:20:39.0099] [*12/25/2024 06:20:39.0099] CAPWAP State: DTLS Setup [*12/25/2024 06:20:39.1099] First connect to vWLC, accept vWLC by default [*12/25/2024 06:20:39.1099] [*12/25/2024 06:20:39.1199] dtls_verify_server_cert: vWLC is using SSC, returning 1 [*12/25/2024 06:20:39.1799] [*12/25/2024 06:20:39.1799] CAPWAP State: Join [*12/25/2024 06:20:39.3399] Sending Join request to 192.168.100.182 through port 5272, packet size 1376 [*12/25/2024 06:20:43.9185] Sending Join request to 192.168.100.182 through port 5272, packet size 1376 [*12/25/2024 06:20:44.1484] Join Response from 192.168.100.182, packet size 1397 [*12/25/2024 06:20:44.1484] AC accepted previous sent request with result code: 0 [*12/25/2024 06:20:44.1484] Received wlcType 0, timer 30 [*12/25/2024 06:20:44.2584] nss_capwapmgr_enable_tunnel[1682]:ef30e800: tunnel 0 is already enabled [*12/25/2024 06:20:44.2783] [*12/25/2024 06:20:44.2783] CAPWAP State: Image Data [*12/25/2024 06:20:44.2883] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107 [*12/25/2024 06:20:44.2883] Version is the same, do not need update. [*12/25/2024 06:20:44.3583] status 'upgrade.sh: Script called with args:[NO_UPGRADE]' [*12/25/2024 06:20:44.3983] do NO_UPGRADE, part2 is active part [*12/25/2024 06:20:44.4183] [*12/25/2024 06:20:44.4183] CAPWAP State: Configure [*12/25/2024 06:20:44.6382] Radio [2] Administrative state DISABLED change to ENABLED [*12/25/2024 06:20:44.6382] Radio [1] Administrative state DISABLED change to ENABLED [*12/25/2024 06:20:44.6382] Radio [0] Administrative state DISABLED change to ENABLED [*12/25/2024 06:20:45.3880] [*12/25/2024 06:20:45.3880] CAPWAP State: Run [*12/25/2024 06:20:45.4680] AP has joined controller WLC01 [*12/25/2024 06:20:45.4680] Flexconnect Switching to Connected Mode! [*12/25/2024 06:20:46.0678] Previous AP mode is 2, change to 2 [*12/25/2024 06:20:46.0778] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes [*12/25/2024 06:20:46.0778] [*12/25/2024 06:20:46.3377] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes [*12/25/2024 06:20:46.3377] [*12/25/2024 06:20:46.3577] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes [*12/25/2024 06:20:46.3577] [*12/25/2024 06:20:46.4177] chpasswd: password for user changed [*12/25/2024 06:20:46.4677] chpasswd: password for user changed [*12/25/2024 06:20:46.6376] [*12/25/2024 06:20:46.6376] Same LSC mode, no action needed [*12/25/2024 06:20:46.9275] Same value is already set. [*12/25/2024 06:20:47.2374] USB Device Disconnected from the AP [*12/25/2024 06:20:47.3974] Got WSA Server config TLVs [*12/25/2024 06:20:48.7270] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10 [*12/25/2024 06:20:50.4064] SD AVC only supports 802.11ax AP [*12/25/2024 06:20:50.5664] Re-Tx Count=1, Max Re-Tx Value=5, SendSeqNum=16, NumofPendingMsgs=1 [*12/25/2024 06:20:50.5664] [*12/25/2024 06:20:50.8163] DOT11_DRV[0]: Stop Radio0 - Begin [*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Stop Radio0 - End [*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Start Radio0 - Begin [*12/25/2024 06:20:50.8963] DOT11_DRV[0]: Start Radio0 - End [*12/25/2024 06:20:53.0756] **** CAC start for 62 seconds for radio 1 **** [*12/25/2024 06:21:15.6385] netlink socket init done, pnl->spectral_fd=4 [*12/25/2024 06:21:15.6385] CLEANAIR: Slot 0 admin disabled [*12/25/2024 06:21:16.6382] CLEANAIR: Slot 1 admin disabled [*12/25/2024 06:21:55.1962] cac_timeout cac expired, chan 5560 curr time 306 [*12/25/2024 06:21:55.1962] **** CAC stop for radio 1 ****
Username: Username: % Authentication failed
아래 사진처럼 AP가 WLC에 등록 되었습니다.
시간이 지나도 AP는 계속 UP상태 입니다. 그 이유는 이미 WLC등록되어기 때문에, 다시 AP Authentication를 확인 하지 않습니다.
AP를 재부팅 합니다.
재부팅후에는 다시 AP authentication를 시도해야합니다. 하지만 WLC에서 AP MAC주소를 제거 했기 떄문에, 아래처럼 인증 실패로 표시 됩니다.
지금까지 [C9800CL][#7]- AP authentication - AP Mac Filter 글을 읽어주셔서 감사합니다.
Type: Sub-option code 241, used to define a method for Cisco Lightweight APs, represented in hex (f1)
Length: Number of controller IP addresses to be supplied - multiplied by 4, represented in hex (04)
Value: List of Cisco WLC IP addresses, represented in hex(c0a864b6)
1. 스위치에서 DHCP 서버를 설정합니다
ip dhcp pool AP-MGMT-POOL network 192.168.200.0 255.255.255.0 dns-server 8.8.8.8 default-router 192.168.200.181 option 43 hex f104.c0a8.64b6
2. AP에서 IP주소를 확인 합니다
APC884.A1CC.2F48#show ip interface brief Brief summary of IP status and configuration APC884.A1CC.2F48#show ip interface brief Interface IP-Address Method Status Protocol Speed Duplex wired0 192.168.200.1 DHCP up up 1000 full wired1 n/a n/a administatively down down n/a n/a auxiliary-client unassigned unset up up n/a n/a wifi0 n/a n/a administatively down down n/a n/a wifi1 n/a n/a administatively down down n/a n/a
3. switch에서 IP주소 Binding를 확인 합니다
SW1#show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 192.168.200.1 01c8.84a1.cc2f.48 Dec 25 2024 11:09 AM Automatic SW1#
4. 아래처럼 capwap 명령어로도 확인 가능 합니다.
APC884.A1CC.2F48#show capwap ip config CAPWAP IP static configuration APC884.A1CC.2F48#show capwap ip config IP Address : 192.168.200.1 IP netmask : 255.255.255.0 Default Gateway : 192.168.200.181
5. 패킷 상황
[*12/24/2024 10:49:41.9079] pid 4559's new affinity mask: 1 [*12/24/2024 10:49:42.0079] hostapd:failed to open wcp socket [*12/24/2024 10:49:42.2878] device aptrace0 entered promiscuous mode [*12/24/2024 10:49:43.0275] pid 4632's current affinity mask: 3 [*12/24/2024 10:49:43.0275] pid 4632's new affinity mask: 1 [*12/24/2024 10:49:43.6273] USB not initialized [*12/24/2024 10:49:44.0372] chpasswd: password for user changed [*12/24/2024 10:49:45.0069] ethernet_port wired0, ip 192.168.200.1, netmask 255.255.255.0, gw 192.168.200.181, mtu 1500, bcast 192.168.200.255, dns1 8.8.8.8, vid 0, static_ip_failover false, dhcp_vlan_failover false [*12/24/2024 10:49:46.0366] Check whether client_ip_table entry need to be cleared 0 [*12/24/2024 10:49:46.0366] Clearing client entry [*12/24/2024 10:49:46.1366] DOT11_TXP[0]:Domain configured: 1 class:E [*12/24/2024 10:49:46.3365] DOT11_TXP[0]:Regdb file: /radio_fw/AP1852I_power_table_mapping.txt [*12/24/2024 10:49:46.3665] DOT11_TXP[1]:Domain configured: 14 class:S [*12/24/2024 10:49:46.8263] /etc/dnsmasq.host.conf: [*12/24/2024 10:49:46.8363] no-resolv [*12/24/2024 10:49:46.8363] pid-file=/var/run/dnsmasq.host.pid [*12/24/2024 10:49:46.8363] port=53 [*12/24/2024 10:49:46.8363] min-port=61000 [*12/24/2024 10:49:46.8363] server=8.8.8.8 [*12/24/2024 10:49:46.8363] bind-interfaces [*12/24/2024 10:49:46.8363] interface=lo [*12/24/2024 10:49:47.1363] DOT11_TXP[1]:Regdb file: /radio_fw/AP1852I_power_table_mapping.txt [*12/24/2024 10:49:47.4661] DOT11_DRV[1]: vendor_set_slot_capability: slot 1, radio_service_type 0 [*12/24/2024 10:49:47.4661] DOT11_DRV[1]: Init Radio1 [*12/24/2024 10:49:47.4961] DOT11_DRV[1]: set_channel Channel set to 36 [*12/24/2024 10:49:47.5261] DOT11_DRV[0]: vendor_set_slot_capability: slot 0, radio_service_type 0 [*12/24/2024 10:49:47.5261] DOT11_DRV[0]: Init Radio0 [*12/24/2024 10:49:47.5561] DOT11_DRV[0]: set_channel Channel set to 6 [*12/24/2024 10:49:47.9660] DOT11_DRV[0]: set_channel Channel set to 1 [*12/24/2024 10:49:47.9760] DOT11_DRV[0]: Channel set to 1, width 20 [*12/24/2024 10:49:47.9760] DOT11_DRV[0]: Channel set to 1 skipped [*12/24/2024 10:49:48.3559] DOT11_DRV[0]: Channel set to 1, width 20 [*12/24/2024 10:49:48.3559] DOT11_DRV[0]: Channel set to 1 skipped [*12/24/2024 10:49:48.4358] DOT11_DRV[1]: set_channel Channel set to 36 [*12/24/2024 10:49:48.4358] DOT11_DRV[1]: Channel set to 36, width 20 [*12/24/2024 10:49:48.4358] DOT11_DRV[1]: Channel set to 36 skipped [*12/24/2024 10:49:48.5258] DOT11_DRV[1]: Channel set to 36, width 20 [*12/24/2024 10:49:48.5258] DOT11_DRV[1]: Channel set to 36 skipped [*12/24/2024 10:49:54.5839] pid 4895's current affinity mask: 3 [*12/24/2024 10:49:54.5839] pid 4895's new affinity mask: 1 [*12/24/2024 10:49:55.2737] AP IPv4 Address updated from 0.0.0.0 to 192.168.200.1 [*12/24/2024 10:49:58.9726] dtls_init: Use MIC certificate [*12/24/2024 10:49:59.2825] [*12/24/2024 10:49:59.2825] CAPWAP State: Init [*12/24/2024 10:50:08.5096] PNP:Server not reachable, Start CAPWAP Discovery [*12/24/2024 10:50:08.5196] [*12/24/2024 10:50:08.5196] CAPWAP State: Discovery [*12/24/2024 10:50:08.5196] Got WLC address 192.168.100.182 from DHCP. [*12/24/2024 10:50:08.7295] Discovery Request sent to 192.168.100.182, discovery type DHCP(2) [*12/24/2024 10:50:08.7795] Discovery Response from 192.168.100.182 [*12/24/2024 10:50:08.9294] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*12/24/2024 10:50:08.9494] [*12/24/2024 10:50:08.9494] CAPWAP State: Discovery [*12/24/2024 11:24:00.0000] Started wait dtls timer (60 sec) [*12/24/2024 11:24:00.0000] [*12/24/2024 11:24:00.0000] CAPWAP State: DTLS Setup [*12/24/2024 11:24:00.0999] First connect to vWLC, accept vWLC by default [*12/24/2024 11:24:00.0999] [*12/24/2024 11:24:00.1099] dtls_verify_server_cert: vWLC is using SSC, returning 1 [*12/24/2024 11:24:00.1699] [*12/24/2024 11:24:00.1699] CAPWAP State: Join [*12/24/2024 11:24:00.3499] Sending Join request to 192.168.100.182 through port 5248, packet size 1376 [*12/24/2024 11:24:02.5492] [*12/24/2024 11:24:02.5492] phy_value=0: org="0x1800" phy_reg="0x1000" [*12/24/2024 11:24:02.5592] device wired1 left promiscuous mode [*12/24/2024 11:24:02.5592] [*12/24/2024 11:24:02.5592] Detect link-status changed !! [*12/24/2024 11:24:02.5592] wired1 ADDED [*12/24/2024 11:24:04.9185] Sending Join request to 192.168.100.182 through port 5248, packet size 1376 [*12/24/2024 11:24:05.0184] Join Response from 192.168.100.182, packet size 1397 [*12/24/2024 11:24:05.0184] AC accepted previous sent request with result code: 0 [*12/24/2024 11:24:05.0184] Received wlcType 0, timer 30 [*12/24/2024 11:24:05.0684] nss_capwapmgr_enable_tunnel[1682]:c5b68000: tunnel 0 is already enabled [*12/24/2024 11:24:05.1284] [*12/24/2024 11:24:05.1284] CAPWAP State: Image Data [*12/24/2024 11:24:05.1284] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107 [*12/24/2024 11:24:05.1284] Version is the same, do not need update. [*12/24/2024 11:24:05.1884] status 'upgrade.sh: Script called with args:[NO_UPGRADE]' [*12/24/2024 11:24:05.2384] do NO_UPGRADE, part2 is active part [*12/24/2024 11:24:05.2584] [*12/24/2024 11:24:05.2584] CAPWAP State: Configure [*12/24/2024 11:24:05.2584] Telnet is not supported by AP, should not encode this payload [*12/24/2024 11:24:05.4683] Radio [2] Administrative state DISABLED change to ENABLED [*12/24/2024 11:24:05.4683] Radio [1] Administrative state DISABLED change to ENABLED [*12/24/2024 11:24:05.4683] Radio [0] Administrative state DISABLED change to ENABLED [*12/24/2024 11:24:05.4783] DOT11_CFG[1]: Starting radio 1 [*12/24/2024 11:24:05.4783] DOT11_DRV[1]: Start Radio1 - Begin [*12/24/2024 11:24:05.4783] DOT11_DRV[1]: Start Radio1 - End [*12/24/2024 11:24:05.4783] DOT11_CFG[0]: Starting radio 0 [*12/24/2024 11:24:05.4783] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 11:24:05.4883] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 11:24:05.9681] Radio Authority: no country code [*12/24/2024 11:24:05.9881] Cannot open CDUMP_COUNT! [*12/24/2024 11:24:06.1081] [*12/24/2024 11:24:06.1081] CAPWAP State: Run [*12/24/2024 11:24:06.1881] AP has joined controller WLC01 [*12/24/2024 11:24:06.2980] Previous AP mode is 0, change to 2 [*12/24/2024 11:24:06.3080] DOT11_CFG[0] Radio Mode is changed from Local to FlexConnect [*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Stop Radio0 - Begin [*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Stop Radio0 - End [*12/24/2024 11:24:06.3080] DOT11_CFG[0]: Starting radio 0 [*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 11:24:06.3080] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 11:24:06.3180] DOT11_CFG[1] Radio Mode is changed from Local to FlexConnect [*12/24/2024 11:24:06.3180] DOT11_DRV[1]: Stop Radio1 - Begin [*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Stop Radio1 - End [*12/24/2024 11:24:06.3280] DOT11_CFG[1]: Starting radio 1 [*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Start Radio1 - Begin [*12/24/2024 11:24:06.3280] DOT11_DRV[1]: Start Radio1 - End [*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Stop Radio0 - Begin [*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Stop Radio0 - End [*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 11:24:06.4980] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 11:24:06.8778] USB Device Disconnected from the AP [*12/24/2024 11:24:07.0678] syslog level is being set to 70 [*12/24/2024 11:24:07.0678] [*12/24/2024 11:24:07.1078] Previous AP mode is 2, change to 2 [*12/24/2024 11:24:07.1378] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 11:24:07.1378] [*12/24/2024 11:24:07.3577] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 11:24:07.3577] [*12/24/2024 11:24:07.3777] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 11:24:07.3777] [*12/24/2024 11:24:07.4377] chpasswd: password for user changed [*12/24/2024 11:24:07.4877] chpasswd: password for user changed [*12/24/2024 11:24:07.6476] [*12/24/2024 11:24:07.6476] Same LSC mode, no action needed [*12/24/2024 11:24:07.6476] Cannot open CDUMP_COUNT! [*12/24/2024 11:24:07.9275] Same value is already set. [*12/24/2024 11:24:08.3674] Got WSA Server config TLVs [*12/24/2024 11:24:09.5470] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10 [*12/24/2024 11:24:11.2565] SD AVC only supports 802.11ax AP [*12/24/2024 11:24:11.7963] AP tag change to default-policy-tag [*12/24/2024 11:24:32.6698] ip6_port srcr2, ip6local fe80::ca84:a1ff:fecc:2f48, ip6 ::, plen 0, gw6 ::, gw6_mac 00:00:00:00:00:00, mtu 1500, vid 0, mode6 2(slaac) [*12/24/2024 11:24:34.6392] netlink socket init done, pnl->spectral_fd=4 [*12/24/2024 11:24:34.6392] CLEANAIR: Slot 0 admin disabled [*12/24/2024 11:24:36.6385] CLEANAIR: Slot 1 admin disabled
6. WLC GUI에서 AP 등록 되었는지 확인 합니다.
별도 설정이 없으면, AP가 WLC에 붙으면 Policy Tag, Site Tag, RF Tag, Location이 Default로 설정 됩니다.
지금까지 [C9800CL][#5]-AP Join Process - DHCP option 43 글을 읽어주셔서 감사합니다.
capwap ap ip 192.168.200.200 255.255.255.0 192.168.200.181
IP주소를 입력하면 CAPWAP discovery 패킷을 Broadcase를 사용 해서 전송 하고 있습니다.
하지만 AP랑 WLC가 같은 L2도메인 안에 없기 때문에, WLC 찾을수 없습니다.
[*12/24/2024 10:37:43.9513] Check whether client_ip_table entry need to be cleared 0 [*12/24/2024 10:37:43.9613] Clearing client entry [*12/24/2024 10:37:46.6105] AP IPv4 Address updated from 0.0.0.0 to 192.168.200.200 [*12/24/2024 10:37:46.6305] send CAPWAP ctrl msg to the socket: Socket operation on non-socket [*12/24/2024 10:37:46.6305] dtls_init: Use MIC certificate [*12/24/2024 10:37:46.9404] [*12/24/2024 10:37:46.9404] CAPWAP State: Init [*12/24/2024 10:38:02.6655] PNP:Server not reachable, Start CAPWAP Discovery [*12/24/2024 10:38:02.6855] [*12/24/2024 10:38:02.6855] CAPWAP State: Discovery [*12/24/2024 10:38:02.8954] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*12/24/2024 10:38:02.9054] [*12/24/2024 10:38:02.9054] CAPWAP State: Discovery
2. AP Hostname를 변경하고 WLC주소를 입력합니다.
APC884.A1CC.2F48#capwap ap hostname AP01 APC884.A1CC.2F48#capwap ap primary-base WLC01 192.168.100.182
아래처럼 WLC가 Discovery Response 패킷을 전송하였습니다.
그리고 Found Confirued WLC01 이후 DTLS setup 시작 합니다.
[*12/24/2024 10:40:01.2284] CAPWAP State: Discovery [*12/24/2024 10:40:01.4283] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1) [*12/24/2024 10:40:01.6383] Discovery Request sent to 192.168.100.182, discovery type STATIC_CONFIG(1) [*12/24/2024 10:40:01.8382] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*12/24/2024 10:40:01.8482] Discovery Response from 192.168.100.182 [*12/24/2024 10:40:01.8482] Found Configured MWAR 'WLC01' (respIdx 0). [*12/24/2024 10:41:34.0000] Started wait dtls timer (60 sec) [*12/24/2024 10:41:34.0000] [*12/24/2024 10:41:34.0000] CAPWAP State: DTLS Setup [*12/24/2024 10:41:34.0399] Invalid event 2 & state 3 combination. [*12/24/2024 10:41:34.0399] CAPWAP SM handler: Failed to process message type 2 state 3. [*12/24/2024 10:41:34.0399] Failed to handle capwap control message from controller - status 1 [*12/24/2024 10:41:34.0399] Failed to process unencrypted capwap packet 0x2c1ab000 from 192.168.100.182 [*12/24/2024 10:41:34.0399] Failed to send capwap message 0 to the state machine. Packet already freed. [*12/24/2024 10:41:34.0999] First connect to vWLC, accept vWLC by default [*12/24/2024 10:41:34.0999] [*12/24/2024 10:41:34.1399] dtls_verify_server_cert: vWLC is using SSC, returning 1 [*12/24/2024 10:41:34.2099] [*12/24/2024 10:41:34.2099] CAPWAP State: Join [*12/24/2024 10:41:34.3699] Sending Join request to 192.168.100.182 through port 5248, packet size 1376 [*12/24/2024 10:41:39.0884] Sending Join request to 192.168.100.182 through port 5248, packet size 1376 [*12/24/2024 10:41:39.1784] Join Response from 192.168.100.182, packet size 1397 [*12/24/2024 10:41:39.1784] AC accepted previous sent request with result code: 0 [*12/24/2024 10:41:39.1784] Received wlcType 0, timer 30 [*12/24/2024 10:41:39.2284] nss_capwapmgr_enable_tunnel[1682]:ef30c000: tunnel 0 is already enabled [*12/24/2024 10:41:39.3183] [*12/24/2024 10:41:39.3183] CAPWAP State: Image Data [*12/24/2024 10:41:39.3183] AP image version 17.13.0.107 backup 17.8.0.144, Controller 17.13.0.107 [*12/24/2024 10:41:39.3183] Version is the same, do not need update. [*12/24/2024 10:41:39.3883] status 'upgrade.sh: Script called with args:[NO_UPGRADE]' [*12/24/2024 10:41:39.4383] do NO_UPGRADE, part2 is active part [*12/24/2024 10:41:39.4483] [*12/24/2024 10:41:39.4483] CAPWAP State: Configure [*12/24/2024 10:41:39.6682] Radio [2] Administrative state DISABLED change to ENABLED [*12/24/2024 10:41:39.6782] Radio [1] Administrative state DISABLED change to ENABLED [*12/24/2024 10:41:39.6782] Radio [0] Administrative state DISABLED change to ENABLED [*12/24/2024 10:41:39.6782] DOT11_CFG[1]: Starting radio 1 [*12/24/2024 10:41:39.6782] DOT11_DRV[1]: Start Radio1 - Begin [*12/24/2024 10:41:39.6782] DOT11_DRV[1]: Start Radio1 - End [*12/24/2024 10:41:39.6782] DOT11_CFG[0]: Starting radio 0 [*12/24/2024 10:41:39.6782] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 10:41:39.6882] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 10:41:40.1481] Radio Authority: no country code [*12/24/2024 10:41:40.1581] Cannot open CDUMP_COUNT! [*12/24/2024 10:41:40.2680] [*12/24/2024 10:41:40.2680] CAPWAP State: Run [*12/24/2024 10:41:40.3480] AP has joined controller WLC01 [*12/24/2024 10:41:40.3980] Previous AP mode is 0, change to 2 [*12/24/2024 10:41:40.4080] DOT11_CFG[0] Radio Mode is changed from Local to FlexConnect [*12/24/2024 10:41:40.4280] DOT11_DRV[0]: Stop Radio0 - Begin [*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Stop Radio0 - End [*12/24/2024 10:41:40.4380] DOT11_CFG[0]: Starting radio 0 [*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 10:41:40.4380] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 10:41:40.4380] DOT11_CFG[1] Radio Mode is changed from Local to FlexConnect [*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Stop Radio1 - Begin [*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Stop Radio1 - End [*12/24/2024 10:41:40.4480] DOT11_CFG[1]: Starting radio 1 [*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Start Radio1 - Begin [*12/24/2024 10:41:40.4480] DOT11_DRV[1]: Start Radio1 - End [*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Stop Radio0 - Begin [*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Stop Radio0 - End [*12/24/2024 10:41:40.5779] DOT11_DRV[0]: Start Radio0 - Begin [*12/24/2024 10:41:40.5879] DOT11_DRV[0]: Start Radio0 - End [*12/24/2024 10:41:41.1178] syslog level is being set to 70 [*12/24/2024 10:41:41.1178] [*12/24/2024 10:41:41.1578] Previous AP mode is 2, change to 2 [*12/24/2024 10:41:41.1678] Current session mode: ssh, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 10:41:41.1678] [*12/24/2024 10:41:41.3977] Current session mode: telnet, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 10:41:41.3977] [*12/24/2024 10:41:41.4177] Current session mode: console, Configured: Telnet-No, SSH-No, Console-Yes [*12/24/2024 10:41:41.4177] [*12/24/2024 10:41:41.4777] chpasswd: password for user changed [*12/24/2024 10:41:41.4977] USB Device Disconnected from the AP [*12/24/2024 10:41:41.5376] chpasswd: password for user changed [*12/24/2024 10:41:41.7176] [*12/24/2024 10:41:41.7176] Same LSC mode, no action needed [*12/24/2024 10:41:41.7176] Cannot open CDUMP_COUNT! [*12/24/2024 10:41:41.8975] Same value is already set. [*12/24/2024 10:41:42.3374] Got WSA Server config TLVs [*12/24/2024 10:41:43.6270] Socket: Valid Element: wcp/wcp_db Handler: set_vlan_name_map Data: null Length: 10 [*12/24/2024 10:41:45.3265] SD AVC only supports 802.11ax AP [*12/24/2024 10:41:45.8563] AP tag change to default-policy-tag [*12/24/2024 10:42:08.7391] netlink socket init done, pnl->spectral_fd=4 [*12/24/2024 10:42:08.7391] CLEANAIR: Slot 0 admin disabled [*12/24/2024 10:42:10.7385] CLEANAIR: Slot 1 admin disabled
AP01#[*12/24/2024 10:42:36.8903] Warning: Stopping dbg_day0_bundle.service, but it can still be activated by: [*12/24/2024 10:42:36.8903] dbg_day0_bundle.timer
AP01#
3. 이번에는 WLC GUI에 접속해서 AP를 확인해보겠습니다.
Monitoring ->Wireless ->AP statistics 클릭 합니다.
아래 사진처럼 AP01이 WLC에 등록이 되었고 Admin Status를 표시면 초록색으로 정상적입니다.
테스트를 위해서 WLC GUI에서 AP를 Reset 합니다.
AP를 더블클릭 합니다.
지금까지 [C9800CL][#3]-AP Join Process - Manual Method 글을 읽어주셔서 감사합니다.
다음글은 DHCP option43를 이용해서 AP를 WLC에 등록 하는 글을 다루겠습니다.
만약에 WLC에 다른 지역에 있는 상황이라면 Note: As per RFC 5415, CAPWAP uses the UDP Ports 5246 (for CAPWAP Control) and 5247 (for CAPWAP Data).
위에 포트는 방화벽에서 허용 되어야 합니다.
Session Establishment Process.
Access Point sends aDiscovery Request. See the WLC Discovery Methods section for more information on this
WLC sends aDiscovery Response
DTLS session establishment. After this, all messages after this are encrypted and are shown as DTLS application data packets in any packet analysis tool.
Access Point sends aJoin Request
WLC sends aJoin Response
AP performs an image check. If it has the same image version as the WLC, then it proceeds with the next step. If it does not, then it downloads the image from the WLC and reboots to load the new image. In such case, it repeats the process from step 1.
Access Point sends aConfiguration Status Request.
WLC sends aConfiguration Status Response
Access Point goes toRUNState
During theRUNstate,CAPWAP Tunnel Maintenanceis pefrormed in two ways:
Keepalivesare exchanged to mantain theCAPWAP Datatunnel
APsends anEcho Requestto theWLC, which has to be answered with its respectiveEcho Response. This is to mantain theCAPWAP Controltunnel.
Wireless LAN Controller Discovery Methods
There are several options to let the Access Points know of the existance of one WLC in the network:
DHCP Option 43:This option provides the APs the IPv4 address of the WLC to join. This process is convenient for large deployments in which the APs and the WLC are in different sites.
DNS Discovery: APs queries the domain nameCISCO-CAPWAP-CONTROLLER.localdomain.You must configure your DNS server to resolve either the IPv4 or IPv6 address of the WLC tto join. This option is convenient for deployments in which the WLCs are stored in the same site as the APs.
Layer 3 Broadcast: The APs automatically send a broadcast message to 255.255.255.255. Any WLC within the same subnet as the AP is expected to respond to this discovery request.
Static configuration:You can use thecapwap ap primary-base <wlc-hostname> <wlc-IP-address>command to configure a static entry for a WLC in the AP.
Mobility Discovery: If the AP was previously joined to a WLC that was part of a mobility group, the AP also saves a record of the WLCs present in that mobility group.