Cisco Cisco 2000 Series Wireless LAN Controller Guia De Informação
Q. I see the
"[SECURITY] apf_foreignap.c 763: STA
[00:0A:E4:36:1F:9B] Received a packet on port 1 but no
Foreign AP configured for this port."
error message in one of
my controllers. What does this error mean and what steps should I take
to resolve it?
to resolve it?
A. This message is seen when the controller receives a DHCP request for a MAC address for
which it does not have a state machine. This is often seen from a bridge or a system that runs
a virtual machine like VMWare. The controller listens to DHCP requests because it performs
DHCP snooping so it knows which addresses are associated with clients that are attached to
its access points (APs). All traffic for the wireless clients pass through the controller. When
the destination of a packet is a wireless client, it goes to the controller and then passes through
the Lightweight Access Point Protocol (LWAPP) tunnel to the AP and off to the client. One
thing that can be done to help mitigate this message is to only allow the VLANs that are used
on the controller onto the trunk that goes to the controller with the switchport vlan allow
command on the switch.
which it does not have a state machine. This is often seen from a bridge or a system that runs
a virtual machine like VMWare. The controller listens to DHCP requests because it performs
DHCP snooping so it knows which addresses are associated with clients that are attached to
its access points (APs). All traffic for the wireless clients pass through the controller. When
the destination of a packet is a wireless client, it goes to the controller and then passes through
the Lightweight Access Point Protocol (LWAPP) tunnel to the AP and off to the client. One
thing that can be done to help mitigate this message is to only allow the VLANs that are used
on the controller onto the trunk that goes to the controller with the switchport vlan allow
command on the switch.
Q. Why do I see this error message on the console:
Msg 'Set Default
Gateway' of System Table failed, Id = 0x0050b986 error
value = 0xfffffffc
?
A. This can be due to high CPU load. When the controller CPU is heavily loaded such as
when it does file copies or other tasks, it does not have time to process all of the ACKs that
the NPU sends in response to configuration messages. When this occurs, the CPU generates
error messages. However, the error messages do not impact service or functionality.
when it does file copies or other tasks, it does not have time to process all of the ACKs that
the NPU sends in response to configuration messages. When this occurs, the CPU generates
error messages. However, the error messages do not impact service or functionality.
This is documented in the Heavily Loaded Controller CPU section of the Release Notes for
Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.116.21.
Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.116.21.
Q. I receive these Wired Equivalent Privacy (WEP) key error messages
on my wireless control system (WCS):
on my wireless control system (WCS):
The WEP Key configured at
the station may be wrong. Station MAC Address is
'xx:xx:xx:xx:xx:xx', AP base radio MAC is
'xx:xx:xx:xx:xx:xx' and Slot ID is '1'
. However, I do not use
WEP as the security parameter in my network. I only use Wi−Fi Protected
Access (WPA). Why do I receive these WEP error messages?
Access (WPA). Why do I receive these WEP error messages?
A. If all your security related configurations are perfect, the messages you receive right now
are because of bugs. There are some known bugs in the controller. Refer to Cisco bug IDs
CSCse17260 (
are because of bugs. There are some known bugs in the controller. Refer to Cisco bug IDs
CSCse17260 (
registered customers only
) and CSCse11202 (
registered customers only
) , which state
"The WEP Key configured at the station may be wrong with WPA and TKIP clients
respectively". Actually, CSCse17260 is a duplicate of CSCse11202. The fix for
CSCse11202 is already available with WLC release 3.2.171.5.
respectively". Actually, CSCse17260 is a duplicate of CSCse11202. The fix for
CSCse11202 is already available with WLC release 3.2.171.5.
Note: The latest WLC releases has a fix for these bugs.
Q. We use an external RADIUS server to authenticate wireless clients
through the controller. The controller sends this error message
regularly:
through the controller. The controller sends this error message
regularly:
no radius servers are responding
. Why do we see these