AP States
From the time it powers up until it offers a fully functional basic service set (BSS), an LAP operates in a variety of states. Each of the possible states are well defined in the Control and Provisioning of Wireless Access Points (CAPWAP) RFC, but are simplified here for clarity. The AP enters each state in a specific order; the sequence of states is called state machine. You should become familiar with the AP state machine so that you can understand how an AP forms a working relationship with a WLC. If an AP cannot form that relationship for some reason, your knowledge of the state machine can help you troubleshoot the problem.
The sequence of the most common states is as follows:
1. AP boots: Once an AP receives power, it boots on a small IOS image so that it can work through the remaining states and communicate over its network connection. The AP must also receive an IP address from either a Dynamic Host Configuration Protocol (DHCP) server or a static configuration so that it can communicate over the network.
2. WLC discovery: The AP goes through a series of steps to find one or more controllers that it might join.
3. CAPWAP tunnel: The AP attempts to build a CAPWAP tunnel with one or more controllers. The tunnel will provide a secure Datagram Transport Layer Security (DTLS) channel for subsequent AP-WLC control messages. The AP and WLC authenticate each other through an exchange of digital certificates.
4. WLC join: The AP selects a WLC from a list of candidates, and then sends a CAPWAP Join Request message to it. The WLC replies with a CAPWAP Join Response message. The next section explains how an AP selects a WLC to join.
5. Download image: The WLC informs the AP of its software release. If the AP's own software is a different release, the AP will download a matching image from the controller, reboot to apply the new image, and then return to step 1. If the two are running identical releases, no download is needed.
6. Download config: The AP pulls configuration parameters down from the WLC and can update existing values with those sent from the controller. Settings include RF, service set identifier (SSID), security, and quality of service (QoS) parameters.
7. Run state: Once the AP is fully initialized, the WLC places it in the "run" state. The AP and WLC then begin providing a BSS and begin accepting wireless clients.
8. Reset: If an AP is reset by the WLC, it tears down existing client associations and any CAPWAP tunnels to WLCs. The AP then reboots and starts through the entire state machine again.
You could design a WLC 2504 to use redundant uplinks (for remote management) on separate adjacent switches. In my wireless lab, WLC port 1 (active) is connected to Sw1 and WLC port 2 (backup) to Sw2. WLC ports 3 and 4 are PoE ports and could be used for directly connecting an AP.
To configure management backup port, go to Controller > Interfaces > management.
Under Physical Information type 2 (port 2) on Backup Port field > Apply > Save Configuration.
You can verify this via CLI using the show interface summary and show interface detailed management commands.
(Cisco Controller) >show interface ?
summary Display a summary of the local interfaces.
detailed Display detailed interface information.
group Display a summary of the local interface groups.
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 2
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 1 untagged 192.168.1.4 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >show interface detailed ?
<interface-name> Enter interface name.
management Display the management interface.
virtual Display the virtual gateway interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 10:f3:11:a5:49:80
IP Address....................................... 192.168.1.4
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::12f3:11ff:fea5:4980/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. 2
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 192.168.1.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
I've disconnected Sw1 port 1 and did a continuous ping to WLC's management IP address 192.168.1.4 from my PC. There was a short downtime even though spanning-tree portfast trunk was enabled on the switch port.
SW1#show run interface fastethernet0/1
Building configuration...
Current configuration : 81 bytes
!
interface FastEthernet0/1
description ### WLC port 1 ###
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
end
I've used the same show commands to verify WLC backup port 2 was activated when port 1 has failed.
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 2
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 2 untagged 192.168.1.4 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 10:f3:11:a5:49:80
IP Address....................................... 192.168.1.4
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::12f3:11ff:fea5:4980/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 2
Primary Physical Port............................ 1
Backup Physical Port............................. 2
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 192.168.1.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
There wasn't any downtime or ping timed out when I connected WLC port 1 back to Sw1.
From the time it powers up until it offers a fully functional basic service set (BSS), an LAP operates in a variety of states. Each of the possible states are well defined in the Control and Provisioning of Wireless Access Points (CAPWAP) RFC, but are simplified here for clarity. The AP enters each state in a specific order; the sequence of states is called state machine. You should become familiar with the AP state machine so that you can understand how an AP forms a working relationship with a WLC. If an AP cannot form that relationship for some reason, your knowledge of the state machine can help you troubleshoot the problem.
The sequence of the most common states is as follows:
1. AP boots: Once an AP receives power, it boots on a small IOS image so that it can work through the remaining states and communicate over its network connection. The AP must also receive an IP address from either a Dynamic Host Configuration Protocol (DHCP) server or a static configuration so that it can communicate over the network.
2. WLC discovery: The AP goes through a series of steps to find one or more controllers that it might join.
3. CAPWAP tunnel: The AP attempts to build a CAPWAP tunnel with one or more controllers. The tunnel will provide a secure Datagram Transport Layer Security (DTLS) channel for subsequent AP-WLC control messages. The AP and WLC authenticate each other through an exchange of digital certificates.
4. WLC join: The AP selects a WLC from a list of candidates, and then sends a CAPWAP Join Request message to it. The WLC replies with a CAPWAP Join Response message. The next section explains how an AP selects a WLC to join.
5. Download image: The WLC informs the AP of its software release. If the AP's own software is a different release, the AP will download a matching image from the controller, reboot to apply the new image, and then return to step 1. If the two are running identical releases, no download is needed.
6. Download config: The AP pulls configuration parameters down from the WLC and can update existing values with those sent from the controller. Settings include RF, service set identifier (SSID), security, and quality of service (QoS) parameters.
7. Run state: Once the AP is fully initialized, the WLC places it in the "run" state. The AP and WLC then begin providing a BSS and begin accepting wireless clients.
8. Reset: If an AP is reset by the WLC, it tears down existing client associations and any CAPWAP tunnels to WLCs. The AP then reboots and starts through the entire state machine again.
You could design a WLC 2504 to use redundant uplinks (for remote management) on separate adjacent switches. In my wireless lab, WLC port 1 (active) is connected to Sw1 and WLC port 2 (backup) to Sw2. WLC ports 3 and 4 are PoE ports and could be used for directly connecting an AP.
To configure management backup port, go to Controller > Interfaces > management.
Under Physical Information type 2 (port 2) on Backup Port field > Apply > Save Configuration.
You can verify this via CLI using the show interface summary and show interface detailed management commands.
(Cisco Controller) >show interface ?
summary Display a summary of the local interfaces.
detailed Display detailed interface information.
group Display a summary of the local interface groups.
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 2
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 1 untagged 192.168.1.4 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >show interface detailed ?
<interface-name> Enter interface name.
management Display the management interface.
virtual Display the virtual gateway interface.
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 10:f3:11:a5:49:80
IP Address....................................... 192.168.1.4
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::12f3:11ff:fea5:4980/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. 2
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 192.168.1.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
I've disconnected Sw1 port 1 and did a continuous ping to WLC's management IP address 192.168.1.4 from my PC. There was a short downtime even though spanning-tree portfast trunk was enabled on the switch port.
SW1#show run interface fastethernet0/1
Building configuration...
Current configuration : 81 bytes
!
interface FastEthernet0/1
description ### WLC port 1 ###
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
end
I've used the same show commands to verify WLC backup port 2 was activated when port 1 has failed.
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 2
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 2 untagged 192.168.1.4 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 10:f3:11:a5:49:80
IP Address....................................... 192.168.1.4
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::12f3:11ff:fea5:4980/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 2
Primary Physical Port............................ 1
Backup Physical Port............................. 2
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 192.168.1.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
There wasn't any downtime or ping timed out when I connected WLC port 1 back to Sw1.
No comments:
Post a Comment