{"id":956,"date":"2017-09-26T16:22:08","date_gmt":"2017-09-26T08:22:08","guid":{"rendered":"http:\/\/blog.wallaceho.com\/?p=956"},"modified":"2020-05-27T10:45:41","modified_gmt":"2020-05-27T02:45:41","slug":"capwap-controller-discovery-process","status":"publish","type":"post","link":"https:\/\/blog.wallaceho.com\/?p=956","title":{"rendered":"CAPWAP Controller Discovery Process"},"content":{"rendered":"

In a controller-based architecture, CAPWAP access points are dependent on a wireless controller to provide the software image, configuration, and centralized control and optionally data forwarding functions. Therefore, it is necessary for the access point to find a list of available controllers with which it can associate.<\/p>\n

The following layer 3 CAPWAP discovery options are supported:<\/p>\n

    \n
  1. Broadcast on the local subnet<\/li>\n
  2. Local NVRAM list of the previously joined controller, previous mobility group members, and administrator primed controller through the console port<\/li>\n
  3. Over the Air Provisioning (OTAP) (subsequently removed in version 6.0.170.0 code<\/em>)<\/li>\n
  4. DHCP Option 43 returned from the DHCP server<\/li>\n
  5. DNS lookup for “CISCO-CAPWAP-CONTROLLER.localdomain<\/em>“<\/li>\n<\/ol>\n

    Broadcast<\/strong><\/b><\/p>\n

    The CAPWAP AP sends broadcast discovery requests on the local subnet. Controllers with management interfaces on the same subnet receive the discovery request and send a discovery reply back to the CAPWAP AP.<\/p>\n

    If no controllers are on the local subnet, broadcasts may be forwarded to the controller management interface by the local router using the Cisco \u201cforward-protocol\u201d and \u201cip helper-address\u201d features. Use these commands to configure the router:<\/p>\n

    ip forward-protocol udp 12223<\/strong><\/b><\/p>\n

    ip forward-protocol udp 5246<\/strong><\/b><\/p>\n

    interface\u00a0<\/strong><\/b>interface-name<\/em><\/p>\n

    ip helper-address\u00a0<\/strong><\/b>wlc-management-ip-address<\/em><\/p>\n

    When using the forward-protocol, the default gateway modifies the CAPWAP discovery packet that is broadcast on the local subnet by replacing the broadcast destination IP address 255.255.255.255 with the WLC management IP address configured as an IP helper-address, then routes the packet to the controller. The downside to this approach is that the WLC will also receive all other forwarded protocols such as DHCP discovery packets. Also, other configured IP helpers will receive the CAPWAP discovery packets. Since this behavior is likely undesired, be sure to use the forward-protocol method only temporarily.<\/p>\n

    Local NVRAM<\/strong><\/b><\/p>\n

    The local NVRAM of the access point stores a list of controllers, gathered from the following sources:<\/p>\n

      \n
    • Primary, Secondary, and Tertiary controller preferences previously configured for the APIf the access point was previously associated to a controller, the IP addresses of the primary, secondary, and tertiary controllers are stored in the access point\u2019s non-volatile memory. This process of storing controller IP addresses on access points for later deployment is called\u00a0priming the access point<\/em>.To verify locally stored controller preferences:show ap config general\u00a0<\/strong><\/b>ap_name<\/em>\n

      Primary Cisco Switch Name…………………… WLC001
      \nPrimary Cisco Switch IP Address……………… Not Configured
      \nSecondary Cisco Switch Name…………………. WLC002
      \nSecondary Cisco Switch IP Address……………. Not Configured
      \nTertiary Cisco Switch Name………………….. BACKUP-WLC
      \nTertiary Cisco Switch IP Address……………..\u00a0Not Configured<\/li>\n<\/ul>\n

        \n
      • Mobility Group Members from the previous controller connectionThe AP also maintains previously learned WLC IP addresses locally in NVRAM. The AP sends a unicast CAPWAP Discovery Request to each of these WLC IP addresses. These WLC IP addresses are learned by the AP from previously joined controllers. The stored WLC IP addresses include all of the WLCs in previously joined controller mobility groups.To verify locally stored controllers learned through mobility groups, console into the access point and enter the following command:show capwap client config<\/strong><\/b>\n

        mwarName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CCIETEST
        \nmwarName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0backupwlc
        \nmwarName
        \nnumOfSlots\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a02
        \nspamRebootOnAssert\u00a0\u00a0\u00a0\u00a0\u00a0\u00a01
        \nspamStatTimer\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0180
        \nrandSeed\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00x9640
        \ntransport\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SPAM_TRANSPORT_L3(2)
        \ntransportCfg\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SPAM_TRANSPORT_DEFAULT(0)
        \ninitialisation\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SPAM_PRODUCTION_DISCOVERY(1)
        \nApMode\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Local
        \nDiscovery Timer\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a010 secs
        \nHeart Beat Timer\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a030 secs
        \nLed State Enabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a01
        \nAP ILP Pre-Standard Switch Support Enabled
        \nAP Power Injector Disabled
        \nInfrastructure MFP validation Enabled
        \nConfigured Switch 1 Addr 10.127.78.5
        \nConfigured Switch 2 Addr 10.108.50.20<\/p>\n

        Note\u00a0<\/em><\/strong><\/b>\u2013 mwarName entries are the controller preference settings (primary, secondary, tertiary). Configured Switch entries are the learned mobility group members.<\/em><\/li>\n<\/ul>\n

          \n
        • Manually primed controller IP address through the consoleManual configuration can be used to \u201cprime\u201d the CAPWAP if network services for address assignment and WLC discovery do not exist. If the CAPWAP has previously joined a controller, or is currently joined to a controller, these commands will be disabled.To stage an access point, use the commands:
          \ncapwap ap controller ip address\u00a0<\/strong><\/b>wlc-mgmt-ip<\/em>
          \nshow capwap ip config<\/strong><\/b><\/li>\n<\/ul>\n

          OTAP<\/strong><\/b><\/p>\n

          If this feature is enabled on the controller, all associated access points transmit wireless RRM neighbor messages, and un-joined access points can receive the controller IP address from these messages. This feature is disabled by default and should only be enabled when necessary for AP deployment.<\/p>\n

          Note<\/em><\/strong><\/b>\u00a0\u2013 OTAP does not work with default APs out of the box or upgraded using the Upgrade Tool because the radios are disabled from the manufacturer.\u00a0<\/em><\/p>\n

          Configure OTAP:<\/p>\n

          config network otap-mode\u00a0<\/strong><\/b>{ enable | disable }
          \nshow network summary<\/strong><\/b><\/p>\n

          Note\u00a0<\/em><\/strong><\/b>– OTAP was removed from the wireless controller feature set in code version 6.0.170.0 due to a vulnerability.<\/em><\/p>\n

          DHCP Option 43<\/strong><\/b><\/p>\n

          The IP address that should be configured as DHCP option 43 is the address of the controller Managament interface.<\/p>\n

          Cisco 1000 series access points use a string format for option 43.
          \nCisco Aironet access points use the type-length-value (TLV) format for option 43.<\/p>\n

          DHCP servers must be programmed to return the option based on the access point\u2019s DHCP Vendor Class Identifier (VCI) string (DHCP option 60).<\/p>\n

          The format of the Option 43 TLV block is:<\/p>\n

          \u00a0\u00a0\u00a0\u00a0\u00a0Type<\/strong><\/b>: 0xf1 (decimal 241)
          \nLength<\/strong><\/b>: Number of controller IP addresses * 4
          \nValue<\/strong><\/b>: List of WLC management interfaces<\/p>\n

          Configuration of option 43 will vary by DHCP server platform. Here is an example configuration using the built-in Cisco IOS DHCP server:<\/p>\n

          ip dhcp excluded-address\u00a0<\/strong><\/b>start-ip end-ip<\/em>
          \nip dhcp pool\u00a0<\/strong><\/b>pool-name
          \n<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0network\u00a0<\/strong><\/b>ip-address netmask
          \n<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0default-router\u00a0<\/strong><\/b>ip-address
          \n<\/em>dns-server\u00a0<\/strong><\/b>ip-address \u2026 ip-address
          \n<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0domain-name\u00a0<\/strong><\/b>domain
          \n<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0lease\u00a0<\/strong><\/b>days hours<\/em><\/p>\n

          \u00a0\u00a0 \u00a0\u00a0<\/em>option 60 ascii\u00a0\u201c<\/em><\/strong><\/b>VCI string\u201d<\/strong><\/b><\/em><\/p>\n

          option 43 hex\u00a0<\/strong><\/b>hex-value<\/em><\/p>\n

          An example of a finished IOS DHCP server configuration will look similar to this:<\/p>\n

          interface Vlan192<\/p>\n

          ip address 192.168.1.1 255.255.255.0<\/p>\n

          ip dhcp excluded-address 192.168.1.1 192.168.1.10<\/p>\n

          ip dhcp pool lwapp<\/p>\n

          network 192.168.1.0 255.255.255.0<\/p>\n

          default-router 192.168.1.1<\/p>\n

          dns-server 192.168.1.2<\/p>\n

          domain-name test.lab<\/p>\n

          lease 7<\/p>\n

          option 60 ascii “Cisco AP c1240”<\/p>\n

          option 43 hex f108.0a6c.3214.0a6c.3212<\/p>\n

          In this example, the hex value is obtained from these TLV values:<\/p>\n

          Type = 241 (0xf1)<\/p>\n

          Length = 2 IP addresses * 4 bytes each = 8 bytes (0x08)<\/p>\n

          Value = 10.108.50.20 (0x0a6c3214) and 10.108.50.18 (0x0a6c3212)<\/p>\n

          Note \u2013\u00a0<\/em><\/strong><\/b>Periods are added automatically to the hex value by Cisco IOS and should not be entered by the administrator when entering configuration commands.<\/em><\/p>\n

          DNS<\/strong><\/b><\/p>\n

          The AP will attempt to resolve the DNS name \u201cCISCO-CAPWAP-CONTROLLER.localdomain<\/em>\u201d. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast CAPWAP Discovery Request to the resolved IP address(es). The DNS entries can be either an A (address) or CNAME (alias) records.<\/p>\n

          If the AP received a DHCP address, ensure the DHCP server is configured to return valid DNS servers and a valid domain name suffix to the AP.<\/p>\n

          If the AP is using a static IP address, configure the domain name and DNS name servers from the controller. WLC version 4.2 requires configuration from the CLI, whereas 6.0 and later allow configuration from the GUI. Once applied, the AP will disconnect and re-join the controller.<\/p>\n

          config ap static-IP\u00a0<\/strong><\/b>{ enable | disable }\u00a0ap_name ip_address netmask gateway<\/em>
          \nconfig ap static-IP\u00a0<\/strong><\/b>{ add | delete }\u00a0domain\u00a0<\/strong><\/b>{ all |\u00a0ap_name\u00a0<\/em>}\u00a0domain_suffix
          \n<\/em>config ap static-IP\u00a0<\/strong><\/b>{ add | delete }\u00a0nameserver\u00a0<\/strong><\/b>{ all |\u00a0ap_name\u00a0<\/em>}\u00a0dns_server_ip_address<\/em><\/p>\n

          Verify the configuration of the AP:<\/p>\n

          (Cisco Controller) > show ap config general ccielwap<\/p>\n

          IP Address Configuration……………………. Static IP assigned<\/p>\n

          IP Address………………………………… 10.108.51.54<\/p>\n

          IP NetMask………………………………… 255.255.254.0<\/p>\n

          Gateway IP Addr……………………………. 10.108.50.1<\/p>\n

          Domain……………………………………. ccietest.com<\/p>\n

          Name Server……………………………….. 10.10.10.25<\/p>\n

          Verification of Method Used<\/strong><\/b><\/p>\n

          To view the method used by an AP to discover the controller, view the console output of the AP as it searches, or issue the following command from a controller that receives the discovery request and search for IE 58 from the AP which indicates the discovery method used to resolve the controller IP address:<\/p>\n

          debug capwap packet enable<\/strong><\/b><\/p>\n

          CAPWAP Discovery Packet IE 58 values:<\/p>\n

          0 = Broadcast<\/p>\n

          1 = Local NVRAM<\/p>\n

          2 = OTAP<\/p>\n

          3 = DHCP<\/p>\n

          4 = DNS<\/p>\n

          Example 1 \u2013 AP Console Log indicates DHCP discovery<\/p>\n

          *Mar\u00a0\u00a01 00:00:30.287: Logging LWAPP message to 255.255.255.255.<\/p>\n

          %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.1.20, mask 255.255.255.0, hostname AP0018.7361.e702<\/p>\n

          Translating “CISCO-LWAPP-CONTROLLER.test.lab”…domain server (10.97.40.216)<\/p>\n

          %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER<\/p>\n

          %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER<\/p>\n

          %LWAPP-3-CLIENTEVENTLOG: Controller address 10.108.50.20 obtained through DHCP<\/u><\/strong><\/b><\/p>\n

          %LWAPP-5-CHANGED: LWAPP changed state to JOIN<\/p>\n

          %LWAPP-5-CHANGED: LWAPP changed state to CFG<\/p>\n

          %LWAPP-5-CHANGED: LWAPP changed state to DOWN<\/p>\n

          %LWAPP-5-CHANGED: LWAPP changed state to UP<\/p>\n

          %LWAPP-3-CLIENTEVENTLOG: AP has joined controller CCIETEST<\/p>\n

          Example 2 \u2013 WLC LWAPP Packet Debug indicates DHCP discovery<\/p>\n

          (Cisco Controller) > debug lwapp packet enable<\/p>\n

          Mon Feb 22 09:55:32 2010: Start of Packet<\/p>\n

          Mon Feb 22 09:55:32 2010: Ethernet Source MAC (LRAD): 00:17:DF:96:9F:90<\/p>\n

          Mon Feb 22 09:55:32 2010: Msg Type\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0:<\/p>\n

          Mon Feb 22 09:55:32 2010:\u00a0\u00a0\u00a0\u00a0DISCOVERY_REQUEST<\/p>\n

          Mon Feb 22 09:55:32 2010: Msg Length\u00a0\u00a0\u00a0\u00a0\u00a0:\u00a0\u00a0\u00a031<\/p>\n

          Mon Feb 22 09:55:32 2010: Msg SeqNum\u00a0\u00a0\u00a0\u00a0\u00a0:\u00a0\u00a0\u00a00<\/p>\n

          Mon Feb 22 09:55:32 2010:<\/p>\n

          IE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0:\u00a0\u00a0\u00a0UNKNOWN IE 58<\/u><\/strong><\/b><\/p>\n

          Mon Feb 22 09:55:32 2010: IE Length\u00a0\u00a0\u00a0\u00a0\u00a0:\u00a0\u00a0\u00a01<\/p>\n

          Mon Feb 22 09:55:32 2010: Decode routine not available, Printing Hex Dump<\/p>\n

          Mon Feb 22 09:55:32 2010: 00000000:\u00a003<\/u><\/strong><\/b>\u00a0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Mon Feb 22 09:55:32 2010:<\/p>\n","protected":false},"excerpt":{"rendered":"

          In a controller-based architecture, CAPWAP access points are dependent on a wireless controller to provide the software image, configuration, and centralized control and optionally data forwarding functions. Therefore, it is necessary for the access point to find a list of … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-956","post","type-post","status-publish","format-standard","hentry","category-computer"],"_links":{"self":[{"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/posts\/956","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=956"}],"version-history":[{"count":3,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/posts\/956\/revisions"}],"predecessor-version":[{"id":1079,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=\/wp\/v2\/posts\/956\/revisions\/1079"}],"wp:attachment":[{"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=956"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=956"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wallaceho.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=956"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}