CAPWAP Question
Hello,
I have some questions regarding the Flexconnect CAPWAP tunnel for Flexconnect APs with local switching.
1. If I have 10 Flexconnect APs at my branch, would that create 10 CAPWAP tunnels to the WLC located in HQ.
2. How often the flexconnect AP will send the CAPWAP to WLC?
3. What is the size of flexconnect CAPWAP tunnel keepalives?
4. By default, is CAPWAP tunnel (regardless local or flexconnec) encrypted?
5. The DMZ firewall, what ports should be allowed for the guest traffic (anchor WLC)? Is it just 5246 or 5246 and 5247?
6. Is EoIP encrypted or clear text?
I remember reading something like instead of using EoIP for mobility anchor or foreign wlc, CAPWAP can also be used. I am not sure if this is true or not.
Thanks
1. If I have 10 Flexconnect APs at my branch, would that create 10 CAPWAP tunnels to the WLC located in HQ.
> You might be getting confuesd with mobility tunnels. The AP can support the max it is licensed for
2. How often the flexconnect AP will send the CAPWAP to WLC?
>
AP Heartbeat Timeout—AP Heartbeat timeout value that you can enter. The valid range is 10 to 30 for the Cisco 7500 Series Controller and 1 to 30 for other platforms.
Local Mode AP Fast Heartbeat Timer State—Fast heartbeat timer that you can enable or disable for access points in local mode. The default is disable.
3. What is the size of flexconnect CAPWAP tunnel keepalives?
> Look at the previous question
4. By default, is CAPWAP tunnel (regardless local or flexconnec) encrypted?
> Only if you enable Data Encryption, by default this is not enabled. Typically use only on OfficeExtend
5. The DMZ firewall, what ports should be allowed for the guest traffic (anchor WLC)? Is it just 5246 or 5246 and 5247?
>This doesn't matter since guest traffic would be central switching and you would have a mobility anchor to the guest anchor WLC
6. Is EoIP encrypted or clear text?
> Data is not encrypted unless you enable Data Encryption with the DTLS license.
Some links:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080901caa.shtml
http://www.cisco.com/en/US/products/ps11635/products_tech_note09186a0080b7f141.shtml#ft
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Similar Messages
-
Hello all,
I have a question about the capwap. Here http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70ovrv.html#wp1069102
I read, that 'CAPWAP communications between the controller and lightweight access points are conducted at Layer 3. Layer 2 mode does not support CAPWAP' and also 'The requirement for Layer 3 CAPWAP communications across subnets is that the controller and lightweight access points are connected through Layer 3 devices'. I cannot understand what's meaning the Layer 3 for CAPWAP? Maybe that the controller and capwap AP must be on the different subnets and connected across the subnets? But, now my controller and APs are on the same subnet and all are working. Example, if I connect a controller and capwap APs to Catalyst 2960s, and all are in same VLAN, I think that it also will work? I see the guide deploy 2500 controller and some scenarios there, where controller and APs are connected to Catalyst 3560 and Catalyst 3560 have only switchport trunk or switcport access settings. I can do this on the Catalyst 2960S too. Where is difference?
Thanks a lot.Layer 3 CAPWAP has nothing to do with AP being able on the same subnet of the WLC or not. AP and WLC can be on the same subent and operate at Layer 3.
When we say L2 LWAPP it means that it operates with native L2 ethernet frames.
The LWAPP Control and Data messages are encapsulated in Ethernet
frames using Ethertype "0xBBBB". In Layer 2 LWAPP mode, although the access points may get an IP
address via DHCP, all LWAPP communications between the access point and WLC are in Ethernet
encapsulated frames, not IP packets. The access points must be on the same Ethernet network as the
WLC. For this reason, Layer 2 LWAPP mode may not be suitable for scalability purposes in most
deployments. Furthermore, Layer 2 mode is supported only by the Cisco 410x and 440x series of WLCs
and the Cisco 1000 series access points. Layer 2 LWAPP is not supported by lightweight Cisco Aironet
1200, 1130AG, or 1240AG access points, or the Cisco 2006, WiSM, or WLCM series WLCs and ofcourse the new stuff.
In L3 mode LWAPP/CAPWAP are encapsulated in UDP packets instead of ethernet frames.
Please make sure to rate correct answers -
CAPWAP Primary/Secondary/Tertiary Question
After going to the High Availability Tab in the WLC GUI and setting the primary, secondary, and tertiary, how do you see that in the CLI in the AP?
I tried using show capwap ip config, it doesn't show any entries at all?
And also, is there a command to do that in the CLI in the AP? to set the primary, secondary, and tertiary?
Thank you."ou need to run th config ap... from a WLC. You have autonomous AP's so you need to convert them to LWAPP and you also need a WLC to do this."
It's been converted to LWAPP, but haven't joined a WLC yet.
What I wanted to do was configure a primary, secondary before joining it to a WLC.
Because what I would of done is first have it join a controller, then go into the GUI and change the HA (High Availablilty) and add the primary/secondary controllers.
Thought if I could skip the first step and try to configure it from the AP. -
Hi,
I've got a question concerning the configuration of multiple AP manager interfaces on -for example- a cisco WLC 2504. I've read the configuration guide but I'm not sure whether this is the way the protocol works. Say I want to distribute AP's (and traffic) across various AP Manager interfaces on the WLC. I would configure the following:
Create one management interface (which will automatically also be an AP-Manager interface)
Configure 1 (or more) Seperate ap-manager interfaces, assign them to a port number, and select "Enable dynamic AP Management". VLAN ID's will be the same.
Create a WLAN and configure it's interface to "management"
Is it correct if I state that the LWAPP protocol takes care of the discovery from the Access Point and sends information about the available AP-manager interfaces back to the AP and the AP knows which ap-manager interfaces are available, connecting to the least loaded one?
Thanks in advance for your time.The AP manager communicates with the AP's using CAPWAP. The use for multiple AP managers to me doesn't make sense to do especially since its a 2504. I have always just used the management interface for AP management and assign a primary and backup port. You can do it the way you have stated, but what is the benefit. I have seen 5508's deployed using only one gigabit port and over 250 AP's and they had no problem.
Thanks,
Scott Fella
Sent from my iPhone -
Downgrade 3600 Capwap AP to Autonomous 3600 AP
Hello!
I have to prepare an 3600 Capwap AP for autonomous functionality!
The following image was downloaded:
ap3g2-k9w7-tar.152-2.JA
The release notes say:
Site-Survey Only Mode for 3600, 3500, and 1550 Access Points
You can install Cisco IOS Release 15.2(2)JA on Cisco Aironet 3600 and 3500 Series access points and on 1550 series outdoor access points to perform site surveys. This release runs on these access points with limited functionality. You can manually adjust these settings on the site-survey access points:
• Channel on each radio
• Transmit power on each radio
• Enable and disable the radios
• Manually set basic and supported transmit rates
• Enable advertised cell power in beacons to client to enable DTPC for doing active surveys
• Enable and disable SSID broadcast in beacons
• Enable open authentication
My Question is:
Where can i find a instruction for downgrading an AIR-CAP3602i to Autonomous 3600 AP?
Is it complicate to get the AP running, or what do i need for "downgrading"?
thx 4 help
Richardthe methos to convert is..
download TFTPd32 from google and install it on ur PC.. point the image that you have downloaded in the TFTP server..
connect a ethernet cable between ur laptop and AP.. let both be in the same subnet.. and connect a console cable and get the hyperterminal console access and issue the command.. make sure you are able to ping the PC and the AP and vice versa!!
AP>en
AP#debug capwap console cli
AP#config t
AP(confg)int gi 0
AP(confg-if)ip addr (same subnet as that of the laptop)
AP(confg-if)end
AP#archieve download-sw /force-reload /overwrite tftp:///
AP#archieve download-sw /force-reload /overwrite tftp://<10.0.0.5>/ap3g2-k9w7-tar.152-2.JA
you can skip the ip config part if ap getting ip from dhcp. -
High CAPWAP traffic when locally switched
Hello all,
We're seeing an ongoing issue where several APs accross multiple sites log the error, "%CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST., 12)", then disassociates from the controller, and reassociates almost immediately. The issue is the users get disassociated from the AP and call the helpdesk.
A counter measure at one site was to add the CAPWAP traffic (udp ports 5246 & 5247) to the controller in our QOS Platinum policy (setting the DSCP bit to 'ef'), but that doesn't seem to help.
We're using Flexconnect with central authentication, local switching.
A couple of questions:
1) The Platinum queue on the QOS is showing over 500 kbps when the only thing put in that queue is the CAPWAP traffic - there aren't any phones. Why so much bandwidth for authentication and control traffic?
2) What is happening with the APs that they can't talk to the controller that causes the issue in the first place? Bandwidth doesn't seem to be an issue.
Below are some config and outputs:
AP-1242#show capwap reap status
AP Mode: REAP, Connected
Radar detected on:
AP-1242#show capwap reap association
REAP Data Switching: Local
2960#show int fa0/22
Hardware is Fast Ethernet
Full-duplex, 100Mb/s, media type is 10/100BaseTX
Last input 00:00:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 23000 bits/sec, 13 packets/sec
5 minute output rate 208000 bits/sec, 48 packets/sec
37478173 packets input, 13839718021 bytes, 0 no buffer
Received 2818773 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 502342 multicast, 0 pause input
0 input packets with dribble condition detected
118634332 packets output, 36491262361 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
2811#show policy-map interface multilink 1
Service-policy output: MPLS-QOS
queue stats for all priority classes:
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 300637/46124112
Class-map: PLATINUM (match-any)
300637 packets, 46124112 bytes
30 second offered rate 28000 bps, drop rate 0 bps
Match: ip dscp ef (46)
300637 packets, 46124112 bytes
30 second rate 28000 bps
Priority: 18% (552 kbps), burst bytes 13800, b/w exceed drops: -16
Any help is appreciated.Hi Jeff,
I think you are hitting a bug (CSCse92856) specific to 1242 AP. Solution given is "Enable Proxy ARP on the default-gateway device of your AP". You can try that & see.
Even I cannot view detail of this bug as of insufficient access permission.Therefore I do not know more details about this bug fix & which software version affected,etc. Better you contact Cisco TAC & get more information.
I found this infomration here
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008081103d.shtml
One other reason that H-REAP APs do not join WLCs is if the Proxy ARP is disabled on the gateway for the H-REAP APs. From the AP console, this message is logged:
*Jul 29 14:04:10.897: LWAPP_CLIENT_ERROR_DEBUG:
Retransmission count for packet exceeded more than max(CHANGE_STATE_EVENT , 1)
This can be caused by Cisco bug ID CSCse92856. This problem applies only to AP1130 and AP1240. This problem does not apply to AP1000s, AP1100, or AP1200.
This problem occurs when these conditions are met:
HREAP mode is used in the WLAN. Local mode is not affected by this issue. Native VLAN mapping is required.
The APs have to be on a different IP subnet than the AP Manager of the WLCs.
Proxy ARP is disabled on the default gateway for the AP.
The H-REAP AP gets the default gateway from a DHCP server.
In order to resolve this issue, enable Proxy ARP on the default gateway router of the AP
HTH
Rasika
*** Pls rate all useful responses **** -
Some questions about WLC 2504 architecture.
Good Morning,
I am in the process of implementing a 2504 with 14 LWAP's... The LWAP's are 1252 and 1262's but this should not matter in reference to my questions.
Right now i have a test WLAN and Interface set up.
XXXXWIRLESS2 and the same for the interface.
Both of these are set up on VLAN 8 for test purposes. My question revolves around the actually switching and routing of the information between the AP's and the controller.
I understand that cisco moved to FlexConnect in replacement of HREAP. Why is this not a default? it seems to me that the Gig port on the WLC would be a bottleneck for you if all traffic comes back over the CAPWAP tunnel. Maybe i am not understanding the architecture of the device, but what positive benefit does this serve by sending all traffic back to the WLC instead of out the switches/router to its intended destination?
I am under the impression that FlexConnect should do all local switching, instead of sending traffic back over the CAPWAP tunnel. To me this makes more sense and eliminates bottlenecks in the network.
Hopefully someone can enlighten me.
Thank you,"Local" mode is the default mode for all the WLC, as the 5508 and WiSM2 have the ability to have greater than 1G connectivity to the LAN. This is also partially a holdover from the Airespace days when all of the AP's actually directly connected to the WLC.
Now for the 2504, I agree that if you have more than ~5 AP you should run in FlexConnect mode, especially if you have a lot of clients that are capapble of 'N' rates. But it is not necessarily the way that all implementations will go.
but again, that is IMHO.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
CAPWAP APs drop off the 7500 controller
I have a multiple 7500 flex controller deployed with over 2000 APs each on them and I notice that APs occasionally drop off. When I find these APs I am able to telnet to them and I have found a fix for getting them back on the controller, but I want to know why this happens and if there is a way to avoid the problem.
Observed:
The APs have telnet enabled so I can get to the CLI. Once in I do a dir command and see that there is little to no memory available (512 bytes to 0 bytes) in the flash memory. I see that there are 5 large log files, file names are in the commands below. When I do a show logging command I see the following over and over again
*Oct 3 20:31:44.102: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Oct 3 20:31:44.102: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Oct 3 20:31:44.102: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.128.5.5:5246
*Oct 3 20:31:44.102: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.128.5.5:5246
*Oct 3 20:31:44.103: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Oct 3 20:32:48.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'tc-cl-wlc01'(index 0).
*Oct 3 20:32:48.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 3 20:31:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.128.5.5 peer_port: 5246
*Oct 3 20:31:44.125: CRYPTO_PKI: New CRL Not Valid - expired (router time not synched to CA?)
*Oct 3 20:31:44.125: CRL expires: 05:29:39 UTC Mar 3 2012
*Oct 3 20:31:44.125: Router time: 20:31:44 UTC Oct 3 2013
*Oct 3 20:31:44.125: %PKI-4-CRLINSERTFAIL: Trustpoint "Trustpool2" unknown (error 1804:E_VALIDITY : validity period start later than end)Peer certificate verification failed 0059
To resolve:
The working theory is that the flash gets filled up with log files and is unable to download the certificate from the controller during the join process. I delete the logs with the commands below and then do a wr mem and a copy run start and then reload. This will fix the problem every time.
delete /force flash:ap_log_r0_0.log
delete /force flash:ap_log_r1_0.log
delete /force flash:ap_log_r0_1.log
delete /force flash:ap_log_r0_2.log
delete /force flash:ap_log_r1_1.log
delete /force flash:ap_log_r1_2.log
Other info
- currently running an engineering code of 7.3.113.12 on one 7500 and 7.4.110 on another, both seem to be having this issue. I do not have this issue on a 5508 running 7.5 code. Currently getting 7.4 vetted for deployment.
Good luck with this oneI have seen this issue, but only with older model access points and it doesn't have to be flexconnect and it doesn't matter what WLC code version your running. Problamatic access points, I always check the flash to verify if there are logs or not, and do delete them in order to get the AP back up. Again, I have only seen this with older non-802.11n access points.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
CAPWAP messages WISM2 7.5.102
Hi.
I have a question about a CAPWAP messages in my trap logs after upgrading my WISM2 to 7.5.102.
AP "xxxxxx", MAC: 34...... disassoiated previously due to Link Failure Uptime 4 days , 10 h... Reason: Capwap WTP Event request
My AP environment is 1142N attached thru WS-2960S switches. This message was not in my traplogs before upgarding to 7.5.102.
The switch and WAN environment is the same as before upgarding.
Thanks for any tips.
Regards
Johan LindstrandHi,
Thanks for you reply. I´m not sure if my radio stuck, what looks for me that AP lose conectivity for a brief moment with WLC and then recovery connectivity (flapping).
I have APs(same model) at same site without issues, and APs (same model) in others site with same behavior.
AP model LAP1141N
Below logs are from AP reboot process... however joining erros occurs several times during the day... and association time with controller keeps reseting (example: AP up time 1d / association time 15 min).
That instability to AP association creates WLAN instability, because my authentication is central.
*Mar 1 00:12:38.693: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC01'(index 0).
*Mar 1 00:12:38.693: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 20 14:16:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1 peer_port: 5246
*Dec 20 14:16:42.776: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.1 peer_port: 5246
*Dec 20 14:16:42.777: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.1
*Dec 20 14:16:42.786: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 20 14:16:42.786: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 20 14:16:42.787: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 20 14:16:42.787: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 192.168.1.1
*Dec 20 14:16:42.897: Starting Ethernet promiscuous mode
*Dec 20 14:16:43.202: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Dec 20 14:16:43.294: ac_first_hop_mac - IP:10.8.2.136 Hop IP:10.8.2.136 IDB:BVI1
*Dec 20 14:16:44.555: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC01 -
Performance with encrypted CAPWAP?
Does anyone have experience with encrypting CAPWAP tunnels on between your AP's and WLC's?
According to:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60lwap.html#wp1508163
"Encryption limits throughput at both the controller and the access point, and maximum throughput is desired for most enterprise networks."
My question is- has anyone enabled encryption and seen if there is actually degradation in throughput? We are considering enabling encryption on a couple hundred APs and dont want this extra overhead to bog things down on the controllers or APs.
ThanksHi Chad,
No we dont have large number of APs in our enviournment.
But my recommandation is: Enable only when you need like for mesh or office extends AP(to add security).
I will not recommand to enable on local mode APs.
As per cisco:
Encryption limits throughput at both the controller and the access point, and maximum throughput is desired for most enterprise networks.
Regards
Dont forget to rate helpful posts -
I want to use the Cisco 3850 switches to manage my AP's at our remote locations. Most of the remote locations will use less then 50 AP's so I would only need one MC at each location. There will be a few locations that will have about 75 AP's each. So I am better off using a different controller or using 2 3850's setup as MC each?
Currently I have two 5508's in our core in a centralized configuration and plan to move then into the DMZ to be anchor controllers. I have two data centers each with an internet connection in a disaster recovery configuration. So one controller will be in each location. I thought that maybe I could but another controller at put that in the data center as an MC but was not sure if that would be best or stick with the MC's at the remote sites instead.
Thank you for the input.the current release for the 3850 is 3.3, and it does not support the 3700 series of AP, so the 3850 would not be able to terminate the CAPWAP tunnel
http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3se/release_notes/OL_30562_01.html#wp149415
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Matching IOS capwap flash image file with Wlc image file
Hello to all Wireless Expert
My question will perhaps seems a little bit obvious for some of you, but here it is :)
I'd like to understand the relation between the Capwap IOS image file that I can see while typing 'dir flash' on an AP, and the version a WLC gives to that AP when joining it. My wlc is running 7.4.100 and on the AP's flash (2602i):
MYCAPWAPAP#dir flash:
Directory of flash:/
2 -rwx 75095 Oct 23 2014 07:54:43 +00:00 event.log
3 -rwx 280 Oct 23 2014 07:57:35 +00:00 lwapp_officeextend.cfg
4 -rwx 49372 Oct 23 2014 09:37:14 +00:00 lwapp_non_apspecific_reap.cfg
5 -rwx 95008 Oct 23 2014 07:54:34 +00:00 lwapp_reap.cfg.bak
10 drwx 2048 Oct 23 2014 07:54:33 +00:00 ap3g2-k9w8-mx.152-4.JB6
51 drwx 128 Oct 23 2014 07:57:38 +00:00 configs
52 -rwx 64 Oct 23 2014 07:54:34 +00:00 sensord_CSPRNG0
53 -rwx 64 Oct 23 2014 07:54:34 +00:00 sensord_CSPRNG1
77 -rwx 95008 Oct 23 2014 07:57:55 +00:00 lwapp_reap.cfg
7 -rwx 7192 Oct 23 2014 09:36:56 +00:00 private-multiple-fs
56 -rwx 0 Mar 26 2014 14:37:17 +00:00 ce
13 drwx 448 Nov 9 2013 19:06:17 +00:00 ap3g2-rcvk9w8-mx
8 -rwx 75303 Oct 22 2014 16:30:26 +00:00 event.capwap
76 -rwx 230 Oct 23 2014 07:57:34 +00:00 env_vars
31739904 bytes total (10376704 bytes free)
Does it mean that the 7.4.100 image file is included in the ap3g2 file? In other word, where is stored the wlc firmware image on the AP? As an AP has a primary image and a backup one, it must be stored somewhere on it, or maybe I'm missing something here!
Thanks,
TheoHi Theo,
If you read this post you will understand the ap3g2 represent the AP platform.
https://supportforums.cisco.com/document/77131/understanding-access-point-ios-images
platform-featureset-tar.version.tar
ap1g1 - 700 series (702w beginning with 15.2(4)JB5)
ap1g2 - 1600 series
ap1g3 - 1530 series
ap3g2 - 3700/3600/2700/2600 series (3700 supported beginning with 15.2(4)JB; 2700 beginning with 15.2(4)JB5)
ap3g1 - 3500/1260 series
In lightweight mode, there is Recovery Imange & Full-image. (Recovery image has min files to boot the AP & discover a WLC, then WLC will push the full image according to the software code running on WLC.
ap3g2-k9w8-mx.152-4.JB6
ap3g2-rcvk9w8-mx
In this case you can see some directories with the above name on your AP. So corresponding image should be within these sub-directories.
HTH
Rasika
**** Pls rate all useful responses **** -
I recently had a number of CAPWAP access points lose IP connectivity, but were still up at L2 and seen by CDP. Resetting them via PoE port shutdown recovered them, but no AP crash log or useful log info on the WLC. The AP also had no local logging info after the reset.
Does anyone know a way to get the AP to log locally to NVRAM? Or why this isn't enabled/possible?
I assume that syslog to a server will be of little benefit...
Thanks in advance.
RobHi Amjad,
No console available I'm afraid. TAC advised the following when asked the question about local AP logging:
Yes you can use syslog from the WLC, “and I would recommend the following”:
WLC > config session timeout 0
WLC >config ap syslog host global x.x.x.x
but also, I would like to have the AP it self, so you run the telnet for the AP on “AP > advance tap”, and to open session for it “make sure you configure session timeout to zero on WLC and to configure the putty to not expire.
So basically, AP logging isn't helpful if the AP loses IP connectivity you need a console cable to find out why. You may see something from AP syslog before the IP connectivity loss.
Still wondering why the logging to NVRAM can't at least be optionally enabled, if its considered a security risk.
Cheers
Rob -
Cisco 1040 IOS to CAPWAP possible?
I´m looking to a project where we want to start using Autonomous AP with possibility to change to controller based on near future.
Will Cisco Aironet 1040 Series Access Points allow us to change from IOS to CAPWAP when needed? I read some posts about the oposite process (CAPWAP to IOS) so I think it´s possible on both way. Can some one confirm this to me?Hi,
Here is the way we convert the AP from LWAPP to IOS (make sure you are using the right image), example is for 1142 AP..
The image that is on the device is LWAPP one, not the autonomous.. if you want to use the AP in autonomous mode then the image should be W7.. that is..
c1140-k9w7-tar.124-21a.JY.tar not c1140-rcvk9w8-tar.124-23c.JA.tar
I request you to do download any image from the below link and perform the conversion from LWAPP image to autonomous..
http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=IOS+Software&mdfid=282439881&treeName=Wireless&mdfLevel=Model&url=null&modelName=Cisco+Aironet+1140+Access+Point&isPlatform=N&treeMdfId=278875243&modifmdfid=null&imname=&hybrid=Y&imst=N
the methos to convert is..
download TFTPd32 from google and install it on ur PC.. point the image that you have downloaded in the TFTP server..
connect a ethernet cable between ur laptop and AP.. both should be in the same subnet.. and connect a console cable and get the hyperterminal console access and issue the command.. make sure you are able to ping the PC and the AP and vice versa!!
AP>en
AP#debug lwapp console cli or debug capwap console cli
AP#config t
AP(confg)int fa 0
AP(confg-if)ip addr (same subnet as that of the laptop)
AP(confg-if)end
AP#archieve download-sw /force-reload /overwrite tftp:///
AP#archieve download-sw /force-reload /overwrite tftp://<10.0.0.5>/c1140-k9w7-tar.124-21a.JY.tar
The above command will do it for you!!
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull -
Capability to Downgrade AP 1042 from CAPWAP to autonomous
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
I would like to confirm if it is possible to downgrade AP 1042 from CAPWAP to autonomous?
I want to buy the AP model AIR-LAP1042N-A-K9. But i don't sure if in the future it could support this feature.
Thanks in advance.
Regards
JOSE LUISHi Jose,
here is the step by step procedure to convert CAPWAP to IOS
>> I request you to follow the below steb by step procedure to resolve the issue that we are facing..
- Initially console in to the LAP using the console cable and issue the Command ' debug lwap console cli' from the AP# prompt . (This give us capability enter the config mode of AP and use it like Autonomous )
Ap>en
Ap#debug lwapp console cli OR Ap#debug capwap console cli
- Now assign an IP address to Fast Ethernet interface of the AP which can be reach from the LAPTOP/DESKTOP . (Basically in the same range or able to ping and telnet)
AP#config t
Ap(config)#int fa 0
Ap(config-if)ip address
Ap(config-if)#no shut
Ap(config-if)#end
- Download the IOS image: www.cisco.com downloads for 1042 AP series.
Cisco.com --- Click on the Support tab in top--- Then click Download software------ Choose Wireless --- Then select AP from product list-Then choose the AP model - choose IOS image..
http://www.cisco.com/cisco/software/release.html?mdfid=283445229&flowid=17961&softwareid=280805680&release=12.4.25d-JA&rellifecycle=ED&relind=AVAILABLE&reltype=latest
- Open the TFTP server (We used TFTP D32 ) (make sure that the TAR file's name is shown as in the web site, because sometimes it gets renamed to "Download .tar" and if that happens you need to rename). Browse the TAR file and select it and click ok.
- Go to enable mode of AP and enter the command:
- archive download-sw /overwrite /force-reload tftp:///
That is..
If the laptop Ehternet interface is assigned the ip addess 10.0.0.4 with the mask of 255.255.255.0 and the AP fa interface is assigned the ip address 10.0.0.1 255.255.255.0 and if we are running TFTPd32 on the local laptop.. the nthe server ip address will be 10.0.0.4.. finally the command will be..
AP# archive download-sw /overwrite /force-reload tftp://10.0.0.4/ 1140-k9w7-tar.124-25d.JA.tar
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull
Maybe you are looking for
-
Can I use the same sync cord for my 1st Gen and 2nd Gen iPod?
I have to replace my sync cord (house fire) and I wondered if I could buy just one cord to sync both my iPods? I have a 1st Gen and a 2nd Gen.
-
How is it possible that the Aperture 3 MobileMe library section when it starts syncing with the Gallery suddenly removes several pictures from a gallery album and replaces them with several copies of one and the same other picture? I had made some ad
-
Freight Payment Booking in INR in MIRO for Import Process
Hi Friends To Make payment to local vendors (e.g. transportation vendor) in import pricing i am maintaining this freight condition in INR only. Secondly while booking liability in MIRO for planned delivery cost i tried to maintain currency as INR to
-
HT4962 how to install ios 5 in ipod 3rd generation
i cant actualize my ipod 3rd generation to IOS 5 with a windows xp (i have the last version of itunes)
-
AppleCare question. Please help, by answering
I'm eligible for AppleCare until August 11. My mid 2009 2.53GHz 15-inch MacBook Pro has a small indent on the left, top of the display. It works fine. I bought it from my brother earlier this month and he has always had an incase hardshell on it. He