Sunday 23 November 2014

Cisco AIR-CAP1602I-E-K9 (CAPWAP) booting process

Case 1: AP - and WLC in separete L3 networks

AP want to get IP addresss from DHCP server. In DHCP discover packet AP is requesting also 43 option - Vendor-Specyfic Information. It should be IP address of WLC



But the DHCP server didn't serve this option.


We can see in console  on AP, that AP didn't get WLC IP address from DHCP server.

*Mar  1 00:01:05.147: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.33.115, mask 255.255.255.0, hostname APf8c2.8841.2afc
*Mar  1 00:01:09.975: Logging LWAPP message to 255.255.255.255.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar  1 00:01:21.863: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
...
AP is trying to use DNS request to resolve CISCO-CAPWAP-CONTROLLER name to IP address.

*Mar  1 00:01:31.155: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
...

Next AP is sendig CAPWAP-Control - Discovery Request broadcast packet on Broadcast in L2/L3  and destiantion 5246 UDP port.

After few Discovery Request, when AP is not geting IP address it gives up and renew IP address, releasing old one.


And repeats process of renewing IP address and searching for WLC
*Mar  1 00:02:26.654: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar  1 00:02:36.018: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar  1 00:02:36.706: %CAPWAP-3-ERRORLOG: Invalid event 40 & state 2 combination.
*Mar  1 00:02:36.770: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.33.116, mask 255.255.255.0, hostname APf8c2.8841.2afc
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar  1 00:02:47.654: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

...

This process repeats endlessly.

If we add option 43 to DHCP server, AP will get it and join controller via CAPWAP. 
We can find below DHCP offer from server with option 43.



*Mar  1 00:01:37.027: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.6.1.70 obtained through DHCP
*Mar  1 00:01:47.714: %CAPWAP-3-ERRORLOG: Go join a capwap controller 
*Nov 23 22:22:35.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.6.1.70 peer_port: 5246
*Nov 23 22:22:37.303: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.6.1.70 peer_port: 5246
*Nov 23 22:22:37.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.6.1.70
*Nov 23 22:22:42.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.6.1.70
*Nov 23 22:22:46.463: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Nov 23 22:22:46.531: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 23 22:22:46.595: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WCL01_Cisco_a0:be:04


CAPWAP uses UDP ports 5246 (control channel) and 5247 (data channel).
By default data in control channel are encrypted witch DTLS, 



Data channel is not encrypted.

Wireless client (10.6.1.25) pings wp.pl (212.77.100.101). Traffic is tunelled via CAPWAP data channel from AP (192.168.15.46) to WLC (10.6.1.70). It is ICMP over CAPWAP data channel.



Case 2: QoS in CAPWAP Frames

CAPWAP control channel uses DSCP = 1100 00 -> Class selector = 110b = 6d. Backward-compatible with IP Precedence values. 

Whereas CAPWAP data channel use QoS from orginal IP header. It rewrites it. For example if  Best Effort QoS - DSCP = 0




If data are CAPWAP data channel use QoS DSCP i will be rewrite in CAPWAP IP header?



This is CCNP THSOOT notes. 


Posted by at No comments:
Subscribe to: Posts (Atom)