Wireless

DHCP

Internal DHCP Server

The device contains an internal DHCP server. This server is typically used in branch offices that do not have a DHCP server.
The internal server provides DHCP addresses to wireless clients, direct-connect APs, and DHCP requests that are relayed from APs. Only lightweight APs are supported. If you want to use the internal DHCP server, ensure that you configure SVI for the client VLAN, and set the IP address as DHCP server IP address.
DHCP option 43 is not supported on the internal server. Therefore, the APs must use an alternative method to locate the management interface IP address of the device, such as local subnet broadcast, Domain Name System (DNS), or priming.
When clients use the internal DHCP server of the device, IP addresses are not preserved across reboots. As a result, multiple clients can be assigned to the same IP address. To resolve any IP address conflicts, clients must release their existing IP address and request a new one.
Note:
- VRF is not supported in the internal DHCP servers.
- DHCPv6 is not supported in the internal DHCP servers.

General Guidelines

Internal DHCP server serves both wireless client and wired client (wired client includes AP).
To serve wireless client with internal DHCP server, an unicast DHCP server IP address must be configured for wireless clien. Internal DHCP server IP address must be configured under the server facing interface, which can be loopback interface, Sinterface, or L3 physical interface.
To use internal DHCP server for both wireless and wired client VLAN, an IP address must be configured under client VLAN Sinterface.
For wireless client, in DHCP helper address configuration, the IP address of the internal DHCP server must be different from addreof wireless client VLAN SVI interface.
For wireless client with internal DHCP server support, the internal DHCP server can be configured using global configuraticommand, under the client VLAN SVI interface or under the wireless policy profile.
An internal DHCP server pool can also serve clients of other controllers .

Commands

Access Point

View AP parameters: show ap dot11 {dual-band | 5ghz | 24ghz} summary
View AP status: show ap status

Client

View Active Client: show wireless client summary
View details about specific client with MAC: show wireless client mac-address $macaddress detail

IOSXE 9800 WLC

View Information about AP

View list of AP: show ap summary
View AP Uptime: Show ap uptime

View Information about Clients

View list of clients of specific channel: show wireless client ap dot11 5ghz
View WLAN: show wlan summary
Show details about specific client by MAC address: show wireless client mac-address $MACAddress detail | section [IP|Authen|VLAN|Device]
Viewing Client Mobility History: show wireless client mac-address $MACAddress mobility history
View Client Mobility History Events: show wireless client mac-address $MACAddress mobility history events
Reset AP to factory default: clear ap config $APName

Click OS - 5520 WLC

Reset AP configuration Commands on AP: capwap ap erase all From controller 5520: clear ap config $APName Reset the CAPWAP Configuration on IOS and ClickOS APs - Cisco

View list of joined Aps: show ap join stats summary all View Aps: show ap summary $keyword View Inventory: show ap inventory $APName View client details: show client detail $MACAddress View client ap summary: show client ap summary $APName

Resetting Access Point

Manually Configure the AP

For Cisco IOS-based APs

AP#capwap ap ip address
AP#capwap ap ip default-gateway
AP#capwap ap primary-base
AP#capwap ap secondary-base (optional)
AP#capwap ap hostname (optional)

For ClickOS-based APs

AP#capwap ap ip [ ]
AP#capwap ap primary-base
AP#capwap ap hostname (optional)

Reset AP through the AireOS or Catalyst WLC

Use the clear ap config keep-ip-config command in order to clear all of the AP configurations to default, except for the AP static IP configuration.
Use the clear ap config command in order to clear all of the AP configurations to default, which includes the AP static IP configuration.

Reset AP through CLI

For Cisco IOS-based APs

AP#clear capwap ap ? 
    all-config <-- if you need to reset AP to factory default (this command causes system)
    controller <-- if you need to clear static configuration for WLC IP address (this command may cause termination session to WLC and new DTLS handshake)
    dot1x  <-- if you need to reset dot1x credentials for AP authentication
    hostname <-- if you need to reset AP host name config 
    ip <-- if you need to remove static IP configuration on AP. (this command may cause termination session to WLC and new DTLS handshake)

For ClickOS-based APs

AP#capwap ap erase ?
  all <-- Erase all AP config (this commands causes AP to reboot)
  static-ip  <-- Erase static IP/DNS config (this command causes termination session to WLC and new DTLS handshake)

Reset AP with the Reset Button

In order to use this method, you must have physical access to the AP. The process is the same for both Cisco IOS and ClickOS APs.

Disconnect power from AP.
Press and hold the Mode button on AP and provide power to AP.
Keep holding the mode button for 20 seconds or more.

On Cisco IOS-based APs:
IOS Bootloader - Starting system. 
flash is writable
Tide XL MB - 40MB of flash 
...
button pressed for 22 seconds
On ClickOS-based APs:
AP#Button is pressed. Configuration reset activated.. 
Keep the button pressed for > 20 seconds for full reset 

Wait for the button to be released .... 
Button pressed for 22 seconds

How to Disable the Reset Button on the AP Registered to the Controller

In order to disable the reset button on the AP registered to the controller, use this CLI command: (Cisco Controller) >config ap rst-button disable

Troubleshooting

You can use this debug command on a LAP with a console port in order to troubleshoot problems related to IP address assignment:

On Cisco IOS-based APs

debug ip udp

On ClickOS-based APs

debug dhcp events
debug dhcp errors
debug dhcp packets
Note: If the AP has no console port, it is necessary to take a wired sniffer trace of the port that the LAP is plugged into to see what packets are received by and transmitted to the LAP.

Monitor the discovery process through the WLC CLI:

On Cisco IOS and ClickOS-based APs:

debug capwap client events
debug capwap client errors
debug capwap client detail

Mobility Tunnel

This is a feature normally used for Guest access scenarios, to terminate all traffic from clients into a single L3 exit point, even if the clients come from different controllers and physical locations. The mobility tunnel provides a mechanism to keep the traffic isolated, as it transverses the network.
For mobility guest scenarios, there are two main controller roles:
- Foreign controller: This WLC owns layer 2 or the wireless side. It has access points connected to it. All client traffic for the anchored WLANs is encapsulated into the mobility tunnel to be sent to the anchor. It does not exit locally.
- Anchor controller: This is the layer 3 exit point. It receives the mobility tunnels from the foreign controllers and decapsulates or terminates the client traffic into the exit point (VLAN). This is the point where the clients are seen in the network, thus the anchor name.
Access points on the foreign WLC broadcast the WLAN SSIDs and have a policy tag assigned that links the WLAN profile with the appropriate policy profile. When a wireless client connects to this SSID, the foreign controller sends both, the SSID name and Policy Profile as part of the client information to the anchor WLC. Upon receipt, the anchor WLC checks its own configuration to match the SSID name as well as the Policy Profile name. Once anchor WLC finds a match, it applies the configuration that corresponds to it and an exit point to the wireless client. Therefore, it is mandatory that WLAN and Policy Profile names and configurations match on both foreign 9800 WLC and anchor 9800 WLC with the exception of VLAN under the Policy Profile.

Reference

https://mrncciew.com/2023/01/21/9800-flexconnect-basics/
https://wifininjas.net/2019/08/15/wn-blog-10-cisco-c9800-configuration-central-switching/
https://mrncciew.com/2013/05/16/wlan-config-via-cli-part-1/
What is Peer 2 Peer blocking in Cicso WLC: https://www.kareemccie.com/2018/06/what-is-peer-2-peer-blocking-in-cisco.html
WLAN Peer-to-Peer Blocking :: Demystified: http://www.theansweris101010.network/wlan-peer-to-peer-blocking-demystified/
DHCP for WLANs on WLC 9800: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/dhcp-for-wlans.html
Reset the CAPWAP Configuration on Cisco IOS and ClickOS APs
Cisco IOS Configuration Guide for Autonomous Cisco Aironet Access Points - Release 15.3(3)JE and later
Configure WLAN Anchor Mobility Feature on Catalyst 9800
Configure 9800 Wireless LAN Controller Mobility Tunnel with NAT
Configure Mobility Topologies on Catalyst 9800 WLCs

PreviousThousandEyes NextCisco IOS-XE

Last updated 1 year ago