The converted APs should appear on the Security > AP Policies page under AP Authorization List (WLC web interface) otherwise they will not associate to the controller. The AP MAC address and SSC can also be entered here.
Bob Blasingame Network Engineer Xavier University [EMAIL PROTECTED] -----Original Message----- From: Earl Barfield [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 3:17 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco LWAPP > From: Justin Aharoni <[EMAIL PROTECTED]> > Subject: Re: Cisco LWAPP > > Good morning all, > > In following the recent conversation about the Lightweight AP's, > conversion and infancy bugs I didn't notice much about a problem we are > having. Our infrastructure is all Cisco products. When converting 1200 > series AP's to the Lightweight code I experience no issues what so ever. > Its after the conversion that the AP cannot associate with the > controller. Strange thing is the issue only occurs on the AP's that are > already deployed. When testing them in test setup there were zero > issues. I'm sure that its a switch configuration somewhere but I was > hoping that maybe someone had insight on another setting I should check > before converting (AP or switch). Thank you much. > > Justin I've been doing these conversions lately and I think I must have figured out, in testing, every possibly way to mess it up. I think I've got it now. How do your LWAPP APs "find" the controller after conversion? Are they on the same subnet or do the AP's have to route across subnets to get to the controller? Are your APs old enough (pre July 2005) that they do not have Manufacturer Installed Certificates? If so, then the LWAPP conversion tool generates Self-Signed certs on the APs. To tell, Look at the detailed-log that the conversion tool leaves in the C:\Program Files\Cisco Systems\Upgrade Tool\ directory. If the conversion tool is generating the SSC on the AP, then it will leave a *.csv file in the same directory. This file (eg. Config_25Sep2006_1234.csv) will contain the checksums of the certificates for each AP. You have to configure the Wireless Lan Controller(s) to accept these SSCs. You do this either by importing this csv file into WCS or by logging into each WLC and entering the commands: config auth-list ap-policy ssc enable config auth-list add ssc <MAC_addr> <SSC_hash> save config y You get the Mac address and SSC_hash from the *.csv file. If this is not the problem, then there are several debugging commands that can be enabled on the Wireless Lan Controllers such as: debug lwapp events enable debug lwapp detail enable If all that fails, then what I did was get a sniffer laptop running ethereal and plug it into a monitor port on the switch with the troublesome AP and look at the traffic. Ethereal understands and can decode the LWAPP protocol to tell you what the AP is doing. In some cases, the pre-conversion IP address on the AP was still being used. It sometimes survives in the flash:env_vars file on the AP. You mentioned switch port configs. How are your ports configured? They should be 'switchport mode access'. The LWAPP APs don't speak 802.1q so any tagged vlans on the switch port will probably confuse them. Tell us a bit more about your network layout and we can probably figure out your problem. -- Earl Barfield -- Academic & Research Technologies / Information Technology Georgia Institute of Technology, Atlanta Georgia, 30332 Internet: [EMAIL PROTECTED] [EMAIL PROTECTED] ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
