Cisco Cisco 2000 Series Wireless LAN Controller Troubleshooting Guide
16666 - 16666
♦
16667 - 16667
♦
Enable UDP ports 5246 and 5247 for CAPWAP traffic.
•
TCP 161 and 162 for SNMP (for the Wireless Control System [WCS])
•
These ports are optional (depending on your requirements):
UDP 69 for TFTP
•
TCP 80 and/or 443 for HTTP or HTTPS for GUI access
•
TCP 23 and/or 22 for Telnet or SSH for CLI access
•
Problem 13: Duplicate IP address in the network
This is another common issue that is seen when the AP tries to join the WLC. You might see this error
message when the AP tries to join the controller.
message when the AP tries to join the controller.
No more AP manager IP addresses remain
One of the reasons for this error message is when there is a duplicate IP address on the network that matches
the AP manager IP address. In such a case, the LAP keeps power cycling and cannot join the controller.
the AP manager IP address. In such a case, the LAP keeps power cycling and cannot join the controller.
The debugs will show that the WLC receives LWAPP discovery requests from the APs and transmits a
LWAPP discovery response to the APs. However, WLCs do not receive LWAPP join requests from the APs.
LWAPP discovery response to the APs. However, WLCs do not receive LWAPP join requests from the APs.
In order to troubleshoot this issue, ping the AP manager from a wired host on the same IP subnet as the AP
manager. Then, check the ARP cache. If a duplicate IP address is found, remove the device with the duplicate
IP address or change the IP address on the device so that it has a unique IP address on the network.
manager. Then, check the ARP cache. If a duplicate IP address is found, remove the device with the duplicate
IP address or change the IP address on the device so that it has a unique IP address on the network.
The AP can then join the WLC.
Problem 14: LWAPP APs do not join WLC if network MTU is less than
1500 bytes
1500 bytes
This is because of Cisco bug ID CSCsd94967. LWAPP APs might fail to join a WLC. If the LWAPP join
request is larger than 1500 bytes, LWAPP must fragment the LWAPP join request. The logic for all LWAPP
APs is that the size of the first fragment is 1500 bytes (including IP and UDP header) and the second fragment
is 54 bytes (including IP and UDP header). If the network between the LWAPP APs and WLC has a MTU
size less than 1500 (as might be encountered when using a tunneling protocol such as IPsec VPN, GRE,
MPLS, etc.), WLC cannot handle the LWAPP join request.
request is larger than 1500 bytes, LWAPP must fragment the LWAPP join request. The logic for all LWAPP
APs is that the size of the first fragment is 1500 bytes (including IP and UDP header) and the second fragment
is 54 bytes (including IP and UDP header). If the network between the LWAPP APs and WLC has a MTU
size less than 1500 (as might be encountered when using a tunneling protocol such as IPsec VPN, GRE,
MPLS, etc.), WLC cannot handle the LWAPP join request.
You will encounter this problem under these conditions:
WLC that runs version 3.2 software or earlier
•
Network path MTU between the AP and WLC is less than 1500 bytes
•
In order to resolve this issue, use any one of these options:
Upgrade to WLC software 4.0, if the platform supports it. In WLC version 4.0, this problem is fixed
by allowing the LWAPP tunnel to reassemble up to 4 fragments.
by allowing the LWAPP tunnel to reassemble up to 4 fragments.
•
Increase the network path MTU to 1500 bytes.
•
Use 1030 REAPs for the locations reachable via low MTU paths. REAP LWAPP connections to 1030
APs have been modified to handle this situation by reducing the MTU used for REAP mode.
APs have been modified to handle this situation by reducing the MTU used for REAP mode.
•