Dec 29, 2014

Layer 2 Technologies - Managing Mac address table

Hi everyone

There are three purposes for the ethernet switch.
 1.  Learning addresses 
 2.  Forward/filter decision
 3.  Loop avoidance.

Learning address is like this



You can use "show  mac-address-table" to check cam table. By using "show mac-address-table aging-time " checks the lift time of mac address.


See you next time and Good Luck!


Reference

Configuring the MAC Address Table
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/MACAddress.html

Posted by at No comments:

Wireless LAN feature -- 1 open wlan

Hello everyone

We had finished AP joining process on 2014/12/26. From today, We go to our second part -- Wireless LAN feature, which the contents are:

   1  open wlan
  2  wep wlan
  3  leap wlan
  4  eap-fast wlan
  5. ccmp wlan
  6. advanced wlan 
      6.a  AP group
      6.b  DHCP option 82

 The sound looks not very bad :).   OK, let us go to today's topic open wlan.    
In the real CCIE lab exam or customer's network, it does not have request for setting open wlan. But it is good to test basic connectivity.

1. Go to WLANs, create a new Main1 profile and SSID



2. Enable the Wlan.



3. Click Security and set layer 2 security to None




It looks very simple !
See you next time and Good Luck !!
Posted by at No comments:

Dec 26, 2014

AP joining process (1.c) -- How to troubleshoot

Hello everyone

In this post, I will introduce how to troubleshoot AP joining process. I think it is very tough, but I will try to do my best.
(I have listed some references which are good resources to understand AP joining process, if you have time please read them. )


When you troubleshoot AP joining process you meet the first question that is "Where do I start or how do I begin" (Maybe this question is not just for troubleshooting this issue, possibility, for all of  troubleshooting issues. :) )

The answer is that you need to have a plan and always modify your plan if the parameters of  the problem change while you are troubleshooting.


// The plan of troubleshooting AP joining process //

1.
Understand the AP join process

 If you understand it, you job will be much easier !!.  Know the correct sequence of AP join process. See. What is Capwap? .
(After you collectl logs or packet capture, comparing with the correct sequence to identify where is the problem. )


2. 
Understand your topology and Gathering logs

When your network has more than one AP and WLC, you should know which AP cannot join which WLC from topology. Once you identity that,  you can start to gather logs from WLC and AP
  • On WLC side
    config paging disable
    show time
    show run-config
    show run-config commands
    show msglog
    show trap
    show ap join stats summary all
    show ap join stats detail AP_Mac_address
    show ap eventlog

  
  • On AP side
    show version
    show cdp neighbors
    ping
    ping
    show tech-support

    "show run-config" and "show tech-support" are very important things, since you will understand the setting on WLC and AP.


    ///  options for complicate issues ///
   For the difficult issue, you need to use the magic tool -- debug and packet capture.  I will introduce some basic debugs, but remember modify your plan if the parameters of  the problem change.
 
  *  WLC debug *
  (WLC) > debug capwap events enable
  (WLC) > debug capwap errors enable

  *  AP debug *
  ( AP )# debug capwap client event
  ( AP )# debug capwap client error


 
3. 
Analyzing data collected 

   If you find that ping is failure, it means your network readability has the problem. It is better to check your infrastructure.

   "show ap join stats detail AP_Mac_address" is also very useful, since it can give you some hits about the last discovery request and last join request were sent from AP.  See detail from the reference 5

  See the reference 6 , there are some examples about debug commands. Again, It is better to get packet capture. (Hit: compare your debug log and packet capture to identify whether the problem happens on AP discovery process or AP join Process.)



See you and Good luck !!



Reference
1.
Deploy and Troubleshooting Cisco Wireless LAN Controllers

2.
"AP fails to join controller" - Lightweight Access Point (LAP) fails to join Wireless LAN controller (WLC)
https://supportforums.cisco.com/document/69341/ap-fails-join-controller-lightweight-access-point-lap-fails-join-wireless-lan

3. 
Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/69719-wlc-lwap-config.html

4
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/70333-lap-registration.html

5.
Troubleshooting Why an AP Does Not Join a Controller
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/100731-ap-not-join-con.html

6.
Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller 
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99948-lap-notjoin-wlc-tshoot.html
Posted by at No comments:

Dec 25, 2014

AP joining process (1.b) -- What is Discovery mechanism - 4?

Hello everyone

 In this post, I will explain that How to use Capwap discovery request and response to find out WLC  --- Discovery by DHCP

 ** Topology **
AP  ----   SW3750   ----   SWCat6K  ----   WLC5508

AP IP addr: 172.33.68.234
WLC5508 IP addr: 172.33.67.10

AP is in the Vlan 368 and WLC5508 is the Vlan 367
****  

Before to start, you need give the following commands on SW3750 and SWCat6K.


On SW3750, I use interface Gi3/0/4 to connect AP,
=====
interface GigabitEthernet3/0/4
 switchport access vlan 368
 switchport mode access
 spanning-tree portfast
====

I make dhcp pool on SWCat6k
=====
ip dhcp pool vlan368
   network 172.33.68.0 255.255.255.0
   default-router 172.33.68.254 
   option 43 hex f104.ac21.4310
=====

"option 43 hex f104.ac1f.fe37" is the point.  The option 43 is the hexadecimal string. Its sub-option is Type + Lenght + Value. Type is always the code 0xf1. Lenght is the number of controller management IP addresses times 4 in hex. Value is the ip address of the controller listed sequentially in hex.

For example in here, there is only one controller with WLC's management interface IP address is 172.33.67.10. then type is 0xf1. then length is 1 x 4 = 4 = 0x04. The IP address of wlc translates to ac.21.43.10(172.133.67.10) in hex.  So the command is  "option 43 hex f104.ac1f.fe37"

From the figure, you can see Discovery Type is DHCP(2) in Capwap discovery request. 




If you give "debug capwap client event" on AP,  you will see the similar messages. 

*Time: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.33.67.10 obtained through DHCP
*Time: CAPWAP Control mesg Sent to 172.33.67.10, Port 5246
*Time: Msg Type   : CAPWAP_DISCOVERY_REQUEST
*Time: Msg Length : 99
*Time: Msg SeqNum : 0
*Time: %CAPWAP-3-EVENTLOG: Discovery Request sent to 172.33.67.10 with discovery type set to 2
*Time: CAPWAP Control mesg Recd from 172.33.67.10, Port 5246
*Time: HLEN 2,   Radio ID 0,    WBID 1
*Time: Msg Type   : CAPWAP_DISCOVERY_RESPONSE
*Time: Msg Length : 117
*Time: Msg SeqNum : 0
*Time: %CAPWAP-3-EVENTLOG: Discovery Response from 172.33.67.10


Our "What is Discovery mechanism" has finished. In next post, I will introduce some troubleshooting skill on "AP disjoins WLC""


See you next time and Good Luck!!


Reference 
1.
DHCP option 43 for lightweight cisco aironet access pints configuration
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html
Posted by at No comments:

AP joining process (1.b) -- What is Discovery mechanism - 3?

Hello everyone

In this post, I will explain that How to use Capwap discovery request and response to find out WLC  --- Discovery by static configuration

Before to do that, you need give the following commands on your AP.

 AP# capwap ap ip address 172.33.67.231 255.255.255.0
AP# capwap ap ip default-gateway 172.33.67.254
AP# capwap ap ip primary-base CT5508 172.33.68.10

AP#show capwap ip config                                           
LWAPP Static IP Configuration
IP Address         172.33.67.231    
IP netmask         255.255.255.0    
Default Gateway    172.33.67.254  
Primary Controller 172.33.68.10

 By using "capwap ap ip primary-base CT5508 172.33.68.10",  AP can join its primary Controller whose name is CT5508 and its address 172.33.68.10

 ** Topology **
AP  ----   SW3750   ----   SWCat6K  ----   WLC5508

AP IP addr: 172.33.67.231
WLC5508 IP addr: 172.33.68.10

AP is in the Vlan 367 and WLC5508 is the Vlan 368
****  

As you can see the following packet capture, AP directly touches to WLC 172.33.68.10 by using Capwap discovery request, saying I want to join you. Then WLC responses AP by Capwap discovery response message, saying Yes, you can.
(Notice, comparing to discovery by broadcast, destination address is 172.33.68.10 instead of 255.255.255.255)

Also we can see the inside of Capwap discovery request,  the value == 01 and Discover type is static Configuration (1)

See you next time and Good luck!!

Posted by at No comments:

AP joining process (1.b) -- What is Discovery mechanism - 2?

Hello everyone

In this post, I will explain that How to use Capwap discovery request and response to find out WLC  --- Discovery by broadcast. 

 Before to explain that, It is better to understand the structure of Capwap packet.
Capawap Control Packet (Discover Request / Response)
+ -------------------------------------------------------------------------------+
|IP Hdr | UDP Hdr | CAPWAP Hdr | Control Hdr| Message Element(S)|
+ -------------------------------------------------------------------------------+

As shown in this picture, you can see that there are five parts in the Capwap Control Packet and We will focus on Message Elements.

In Message Elements, it has one element called "Discovery Type" which is 8 bits.

Discovery Type:  The following enumerated values are supported:

0 -     Unknown
1 -     Static Configure
2 -     DHCP
3 -     DNS
4 -     AC Preferral .

In the cisco AP and WLC, Discovery Type 0 is "Discovery by broadcast".


** Topology **
AP  ----   SW3750   ----   SWCat6K  ----   WLC5508

AP IP addr: 172.33.67.231
WLC5508 IP addr: 172.33.67.10

AP and WLC 5508 are in the same Vlan 367
****
I get packet capture of AP port. As shown in the following figure.

In Seq. No. 89,  AP broadcasts a Capwap discovery request (255.255.255.255) in vlan 367 and asks who in the WLC in the vlan 367's room.  Since WLC (172.33.67.10) can listen this discovery request and say to the AP "Hi, guy. I am here". WLC answers to AP as unicast message --- Capwap discovery response  in Seq. No. 90  

Also you can see that the value of discovery type is 0 which means discovery by broadcast.


If you give "debug capwap client event" on AP,  you will see the similar messages.
*Time: CAPWAP Control mesg Sent to 255.255.255.255, Port 5246
*Time: Msg Type   : CAPWAP_PRIMARY_DISCOVERY_REQUEST
*Time: Msg Length : 96
*Time: Msg SeqNum : 0
*Time: %CAPWAP-3-EVENTLOG: Primary Discovery Request sent to 255.255.255.255
*Time: CAPWAP Control mesg Recd from 172.33.67.10, Port 5246
*Time: HLEN 2,   Radio ID 0,    WBID 1
*Time: Msg Type   : CAPWAP_PRIMARY_DISCOVERY_RESPONSE
*Time: Msg Length : 117
*Time: Msg SeqNum : 0
*Time: %CAPWAP-3-EVENTLOG: Primary Discovery Response from 172.33.67.10

Maybe, you will ask what Port 5246 is. Actually, Capwap protocol uses UDP port 5246 to transmit control messages, like here Discovery Request/Response, and uses UDP port 5247 to transmit data messages.


See you next time and Good luck!!
Posted by at No comments:

AP joining process (1.b) -- What is Discovery mechanism - 1?

Hello everyone.

In this post, I will introduce that what discovery mechanism is. Well, this is a long story. It is hard to explain in one post. I will separate it into several different posts. They are

1.b.1 :  basic concept
1.b.2 :  discovery by broadcast
1.b.3:   discovery by Static configuration
1.b.4:   discovery by DHCP and others

OK, Let us go to the basic concept of discovery mechanism. There are two steps in AP->WLC discovery mechanism

/Step 1/
Assign one IP address on AP.

/Step 2/
Find out WLC by using Capwap discovery request and Capwap discover response



// How to assign one IP address on AP//
Basically, there are also two ways, like your PC, one is assigning one static IP.  The other is assigning through DHCP server.


///  Assigning the static IP on AP  ///
You can use the following commands on AP

AP# capwap ap ip address 172.33.68.191 255.255.255.0
AP# capwap ap ip default-gateway 172.33.68.254

 You can use the following command to confirm your setting

AP#show capwap ip config                                           
LWAPP Static IP Configuration
IP Address         172.33.68.191    
IP netmask         255.255.255.0    
Default Gateway    172.33.68.254  
Primary Controller 172.33.68.10



/// Assigning IP address from DHCP server ///

** Topology **
AP  ----   SW3750   ----   SWCat6K  ----   WLC5508
                                   
I make dhcp pool on SWCat6k
=====
ip dhcp excluded-address 172.33.67.1 172.33.67.220

 ip dhcp pool vlan367
   network 172.33.67.0 255.255.255.0
   default-router 172.33.67.254 
=====

On SW3750, I use interface Gi3/0/4 to connect AP,
=====
interface GigabitEthernet3/0/4
 switchport access vlan 367
 switchport mode access
 spanning-tree portfast
====

And I make packet capture on SWCat6k to see how it work.



As you can see from the picture, DHCP server gives 172.33.67.231to AP in DHCP four-way handshake.
Of course, you can use "show capwap ip config" to check it.



// How to use  Capwap discovery request and response to find out WLC.  //
I will explain that in the next three posts,


See you next time and Good luck !!



Posted by at No comments:

Dec 22, 2014

AP joining process (1.a) -- What is capwap?

Hello everyone

I want to introduce AP joining process as the following three parts.

(1.a)  What is capwap ?
(1.b)  Discovery mechanism
(1.c)  How to troubleshoot


OK,  Let us go to (1.a)  What is capwap ?

Control and Provisioning of Wireless Access Points (CAPWAP) is a standard and interoperable protocol that enables a Wireless LAN Controller (WLC) to manage access points (AP).

As shown in this picture, CAPWAP makes a channel between WLC and AP.  By using this "this capwap channel",  WLC and AP can talk to each other.




One of important purposes for CAPWAP is that builds AP joining process. The overview of this process:
Step 1:  Discovery request
Step 2:  Discovery response
Step 3:  DTLS session establishment
Step 4:  Join request
Step 5:  Join response
Step 6:  Configuration status request 
Step 7:  Configuration status response
Step 8:  Run state

The sequence of AP joining process will be like this.
 

As I had told you, the best way to study CCIE wireless is using magic tool "debug and packet capture".

If you give "debug capwap event enable" on WLC, you will see
Aug 6 : xx.xx.xx.xx.xx.xx CAPWAP State: Join
Aug 6 : xx.xx.xx.xx.xx.xx CAPWAP State: Configure
Aug 6 : xx.xx.xx.xx.xx.xx CAPWAP State: Run


Meanwhile,If you make wireshark packet capture between WLC and AP, you will the following result.
















As the summary,  CAPWAP is a very basic thing for Cisco Wireless LAN Controller.
I high recommend to read the following RFC documents about CAPWAP
1.  RFC 4546
2.  RFC 5415
3.  RFC 5415



Good Luck !!
Posted by at No comments:
Subscribe to: Posts (Atom)