Cisco WiFI Notes

Lightweight access points (LAP) zero-tech registration steps

LWAPP begins WLC discover / join. APs send LWAPP discovery req msgs to WLCs

Any WLC receiving LWAPP discovery req responds with LWAPP discovery response msg

AP proceeds to recieve discovery responses. Selects a WLC to join

AP sends LWAPP join req, expecting LWAPP join response

WLC validates AP and then sends an LWAPP join response. AP validates the WLC to complete discovery and join process. Validation on both is mutual auth mechanism. Encryption key derivation proc is initiated. Encryption key secures future LWAPP msgs`

Debugging

show ap summary - lists APs registered with AP

debug LWAPP events enable - provides debug info no LWAP events

debug LWAPP error enable

debug pem state enable - provides debug info on policy mgr state machine

debug pem events enable - provides debug info on policy mgr events

debug pem pki enable - shows debug of cert msgs passwed betw AP and WLC. Goid for tshoot of join issues with converted APs that utilze self-signed certs

debug dhcp packet enable

debug dhcp message enable

debug capwap events {enable | disable}

debug capwap errors {enable | disable}

debug capwap detail {enable | disable}

debug capwap info {enable | disable}

debug capwap packet {enable | disable}

debug capwap payload {enable | disable}

debug capwap hexdump {enable | disable}

debug capwap ? (on controller)

debug capwap client ? (on AP)

debug IP packet (on AP)

WLC analyzer app works with show run-config from any WLC

mping - ping across port 16666 (used for mobility)

eping - ping across port protocol 97 (used for mobility stuff)

from Deploying and Troubleshooting Cisco Wireless LAN Controllers: A Practical Guide to working with the Cisco Unified Wireless Solution

Enable ap connectivity and debugging

config ap ssh enable usboswap101 (from WLC) debug client mac_address (on AP - lots of info...log it) debug dot11 ? debug dot11 aaa authticator all

Online wireless debug analyzer

debug client

Configuring DHCP to connect Cisco AP to WLC

ip dhcp excluded-address 10.6.6.1 10.6.6.10 ip dhcp excluded-address 10.6.6.254 ip dhcp pool wifi1 network 10.6.6.0 255.255.255.0 domain-name dalab.com dns-server 10.6.6.1 default-router 10.6.6.254 option 43 hex f108.0a04.0102.0a04.0103 (10.4.1.2 and 10.4.1.30) option 60 ascii "Cisco AP c3500" interface GigabitEthernet0/10 description connection to 3500e AP switchport access vlan 6 switchport mode access interface vlan 60 description AP 3500 VLAN 6 ip address 10.6.6.1 255.255.255.0 (don't forget to extend vlan over trunk back towards WLC) show ip dhcp binding

When DHCP servers are programmed to offer WLAN Controller IP addresses as Option 43 for Cisco 1000 Series APs the sub-option TLV block is defined in this way:

Type - 0x66 (decimal 102).
Length: - A count of the characters of the ASCII string in the Value field. Length must include the commas if there is more than one controller specified, but not a zero-terminator.
Value: - A non-zero terminated ASCII string that is a comma-separated list of controllers. No spaces should be embedded in the list.

When DHCP servers are programmed to offer WLAN Controller IP addresses as Option 43 for other Cisco Aironet LAPs, the sub-option TLV block is defined in this way:

Type - 0xf1 (decimal 241).
Length - Number of controller IP addresses * 4.
Value - List of the WLC management interfaces, typically translated to hexadecimal values.

RFC 2132 defines two DHCP Options that are relevant to vendor specific options. They are Option 60 and Option 43. DHCP Option 60 is the Vendor Class Identifier (VCI). The VCI is a text string that uniquely identifies a type of vendor device. This table lists the VCIs used by Cisco APs:

Access Point	Vendor Class Identifier (VCI)
Cisco Aironet 1000 Series	Airespace.AP1200
Cisco Aironet 1040 Series	Cisco AP c1040
Cisco Aironet 1100 Series	Cisco AP c1100
Cisco Aironet 1130 Series	Cisco AP c1130
Cisco Aironet 1140 Series	Cisco AP c1140
Cisco Aironet 1200 Series	Cisco AP c1200
Cisco Aironet 1230 Series	Cisco AP c1200
Cisco Aironet 1240 Series	Cisco AP c1240
Cisco Aironet 1250 Series	Cisco AP c1250
Cisco Aironet 1260 Series	Cisco AP c1260
Cisco Aironet 1300 Series	Cisco AP c1310
Cisco Aironet 1500 Series	Cisco AP c1500¹ Cisco AP.OAP1500² Cisco AP.LAP1505³ Cisco AP.LAP1510⁴ Airespace.AP1200⁵
Cisco Aironet 1520 Series	Cisco AP c1520
Cisco Aironet 1550 Series	Cisco AP c1550
Cisco 3201 Lightweight Access Point	Cisco Bridge/AP/WGB c3201
Cisco 521 Wireless Express Access Point	Cisco AP c520
AP801 (embedded in 86x/88x Series ISRs	Cisco AP801
Cisco Aironet 3500 Series	Cisco AP c3500
Cisco Aironet 3600 Series	Cisco AP c3600
AP802 (embedded in 88x Series ISRs	Cisco AP802
Cisco Aironet 2700 Series	Cisco AP c2700⁶
Cisco Aironet 3700 Series	Cisco AP c3700⁷
Cisco Aironet 700 Series	Cisco AP c700⁶
Cisco Aironet 1530 Series	Cisco AP c1530⁶

¹Any 1500 Series AP that runs 4.1 software

²1500 OAP AP that runs 4.0 software

³1505 Model AP that runs 4.0 software

⁴1510 Model AP that runs 4.0 software

⁵Any 1500 Series AP that runs 3.2 software

⁶Any 2700/700/1530 Series AP that runs 7.6.120.0 or later software

⁷Any 3700 Series AP that runs 7.6 or later software

Configuring WLC to support new AP and dhcp settings

Cisco WiFi Notes

Switchport cfg that connects to WLC

Switchport cfg of switch conn to AP

Switchport cfg of port to AP

L3 discovery mechanism

Lightweight access points (LAP) zero-tech registration steps

AP Discovery and AP Join

Debugging

Enable ap connectivity and debugging

Configuring DHCP to connect Cisco AP to WLC

Configuring WLC to support new AP and dhcp settings