Wednesday, 13 June 2012

Lightweight AP Controller Discovery

Cisco's lightweight Access Points (AP) support discovering the Wireless LAN Controller (WLC) management IP address via several methods, including:

DNS Resolution
The AP tries to resolve CISCO-LWAPP-CONTROLLER or CISCO-CAPWAP-CONTROLLER using the DNS server configured by DHCP. However you may not have DNS A records for these, especially in small deployments with no DNS server onsite.

DHCP Option 43
The AP uses IP addresses provisioned via DHCP option 43. This consists of a hexadecimal string starting with F1, the number of WLCs multiplied by 4 & the IP addresses of these WLCs in hex. For example one WLC with IP address

1 x 4 = 04 (must be padded to 2 hex digits if less) = 0A238005  (must be padded to 8 hex digits if less)
Resultant hex: F1040A238005

Adding a 2nd WLC with IP address would result in F1080A2380050A238006.

If the WLC is in the same broadcast domain & has Master Controller Mode enabled the AP can discover it by sending out broadcasts. This won't work in large deployments where APs are spread across multiple networks & is considered bad practice.

Over The Air Provisioning
The AP listens to Radio Resource Management (RRM) messages transmitted by neighbouring APs & learns the WLC IP address from these. However this is considered insecure & usually disabled.

You can connect a console cable to the AP & manually configure with the WLC's IP address using the lwapp ap controller ip address command. This only works on APs that haven't yet associated with a WLC, but is useful if you have an AP that's refusing to associate via the other methods.

No comments:

Post a Comment