a hurry? Perhaps you didn't configure DHCP Option 43 b/c you have a
gizillion scopes, or the DNS name b/c of a common suffix across
multiple sites. Try this...
On the default gateway device (router or L3 switch) issue these
commands:
ip forward-protocol udp 12223
ip forward-protocol udp 5246
interface GigabitEthernet0/0
! Define the helper address for the DHCP
! server so APs can obtain an IP address
ip helper-address 192.168.1.10
! Define the helper address for the WLC
! to forwarded LWAPP/CAPWAP discovery broadcasts
ip helper-address 192.168.2.20
Configure the interface attached to the subnet the AP is connected to,
and use the controller's management interface as the helper address.
These commands tell the router to forward LWAPP and CAPWAP control
broadcast frames, including discovery requests, to configured ip
helpers which now includes the controller!
You should see the AP discover and join the controller within seconds
as if they were on the same subnet.
Cheers,
Andrew
Wouldn't the capwap equivalent to lwapp 12223 be 5247?
ReplyDeleteNo, the port order was reversed from LWAPP to CAPWAP.
ReplyDeleteLWAPP data port = 12222
LWAPP control port = 12223 (used during discovery)
CAPWAP control port = 5246 (used during discovery)
CAPWAP data port = 5247
Andrew
In this scenario, would the DHCP server be the WLC?
ReplyDeleteThe DHCP server can be any valid server on the network, it does not need to be the WLC.
ReplyDeleteHow can that be if you have a helper on the interface pointing to the DHCP server, how would the layer 3 LWAPP controller discovery broadcast reach the controller? Or am i mixing apples with oranges here?
ReplyDeleteThat's why I asked if the WLC would be the DHCP server in this scenario.
Sorry for the confusion. There would likely be another ip helper on the interface pointing to a DHCP server, or the router could be configured with DHCP pools to provide addresses to clients.
ReplyDeleteCisco routers forward certain broadcast packets to configured helper addresses. This includes BOOTP / DHCP by default, along with several other protocols. See here:
Cisco Command Reference - IP Forward Protocol
By issuing the command to forward the LWAPP/CAPWAP ports, you're just telling the router to also forward broadcast packets using those ports in addition to the default.
What would end up happening is that the broadcasts for both DHCP and LWAPP/CAPWAP would be forwarded to all ip helpers.
The DHCP servers will understand the DHCP requests and respond, while the WLC will ignore those (it only serves DHCP, if configured, for wireless clients coming through the LWAPP/CAPWAP tunnel, or for lightweight APs on the same management subnet).
Likewise, the LWAPP/CAPWAP broadcasts will be forwarded to all ip helpers. The WLC will understand the LWAPP Discovery Request and respond appropriately, while the DHCP server will not and discard the packet.
Since some of this traffic forwarding to ip helpers that don't understand the traffic is not ideal, it is recommended that this method only be used temporarily and not be left in a production configuration.
Hope this helps to clarify.
Cheers,
Andrew
PS - I'll update the post to reflect both a DHCP helper and a WLC helper address.
Thank you very much for the information.
ReplyDeleteAndrew,
ReplyDeleteOther than CISCO do other AP vendors use CAPWAP? I want a list of AP vendors who support CAPWAP in their products.
Thanks in advance.
Jay
Yes, other vendors support CAPWAP. But APs and controllers from different vendors are still not interoperable. And vendors use CAPWAP for different purposes too.
DeleteCisco uses CAPWAP for management, control, and data plane operations with their APs.
Aerohive uses CAPWAP only for management plane functions, since control plane and data plane functions are distributed and function directly between APs (and other devices, like the HiveOS Virtual Appliance which can terminate tunneled traffic).
Andrew