No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Common Causes and Troubleshooting Methods for APs' Failures to Go Online

Common Causes and Troubleshooting Methods for APs' Failures to Go Online

Recommended Troubleshooting Roadmap for APs' Failures to Go Online

Checking AP Information

CLI: display ap { all | ap-group ap-group }

Function: This command is used to query the IP address and status of an AP. Pay attention to whether the AP can obtain an IP address and whether the AP status is normal.

Table 19-8 lists the AP states.
Table 19-8 AP state list

AP State

Description

Handling Suggestion

commit-failed (cmtfa)

WLAN service configurations fail to be delivered to an AP after the AP goes online on an AC.

After the AP goes online on the AC, WLAN service configurations are performed for the AP. If the link between the AP and AC fails or the peer end has no response, the AC will fail to deliver WLAN service configurations to the AP.

Check network connectivity between the AC and AP. For details, see The Network Between the AP and AC Fails.

committing (cmt)

WLAN service configurations are being delivered to an AP after the AP goes online on an AC.

After the AP goes online on the AC, WLAN service configurations are being delivered to the AP. During this process, the AP is in committing state.

This is a normal state, and no action is required.

config (cfg)

WLAN service configurations are being delivered to an AP when the AP is going online on an AC.

After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. During this process, the AP is in config state.

This is a normal state, and no action is required.

config-failed (cfgfa)

WLAN service configurations fail to be delivered to an AP when the AP is going online on an AC.

After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. If the configuration delivery fails due to various reasons (such as link failure), the AP enters the config-failed state.

If the AC fails to deliver the initial configuration, rectify the fault by referring to An AP Fails to Initialize the Configuration.

download (dload)

An AP is in upgrade state.

When the AP is performing an upgrade, it enters the download state.

When the AP upgrade is complete, check the AP state. If the upgrade fails, rectify the fault by referring to The AP Upgrade Fails.

fault

An AP fails to go online.

Check the reason for the AP's failure to go online. For details, see Checking Reasons for APs' Failures to Go Online.

idle

It is the initialization state of an AP before it establishes a link with the AC for the first time.

The possible causes and the corresponding handling methods for this state are as follows:

name-conflicted (namec)

The name of an AP conflicts with that of an existing AP.

The name of an AP conflicts with the name of another AP on the same AC.

Run the ap-rename ap-id ap-id new-name ap-new-name command to change the AP name.

normal (nor)

An AP is working properly.

The AP successfully goes online on the AC.

This is a normal state, and no action is required.

standby (stdby)

An AP is in normal state on the standby AC.

In the HSB, dual-link cold backup, or N+1 backup scenario, if the link between the active and standby ACs is established properly, the AP is in standby state on the standby AC and in normal state on the active AC.

This is a normal state, and no action is required.

ver-mismatch (vmiss)

The versions of the AP and AC do not match.

See The Versions of the AP and AC Do Not Match.

countryCode-mismatch (cmiss)

The country codes of the AP and AC do not match.

The AP does not support the country code configured on the AC.

The AP does not support the country code. Upgrade the AP or modify the country code configuration on the AC.

type-mismatch (tmiss)

The AP type does not match that configured on the AC.

The AP type configured on the AC does not match the actual AP type.

Change the AP type configured on the AC.

unauth

An AP fails to be authenticated.

Run the display ap unauthorized record command to query APs that fail to be authenticated.

Run the ap-confirm command to confirm these APs and allow them to go online.

Checking Reasons for APs' Failures to Go Online

CLI: display ap online-fail record

Function: This command is used to query the reason for AP's failures to go online so that you can take measures accordingly.

Table 19-9 lists some reasons for AP's failures to go online.

Table 19-9 Reasons for AP's failures to go online

Reason Why an AP Fails to Go Online

Handling Suggestion

Insufficient license resources.

See The Number of APs Connected to the AC Exceeds the Maximum.

The AP is not in the SN whitelist.

Run the ap whitelist sn ap-sn1 [ to ap-sn2 ] command to add the AP to the SN whitelist or run the ap-confirm command to enable the AP to pass authentication.

The AP is not in the MAC whitelist.

Run the ap whitelist mac ap-mac1 [ to ap-mac2 ] command to add the AP to the MAC whitelist or run the ap-confirm command to enable the AP to pass authentication.

The AP is added to the AP blacklist.

See An AP Is Blacklisted.

The MAC address and SN of the AP do not match.

See The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP.

DTLS negotiation for CAPWAP tunnel setup fails.

See DTLS Negotiation Failed.

DTLS negotiation failed, because of negotiation timeout or inconsistent PSKs on two ends.

See DTLS Negotiation Failed.

CAPWAP tunnel negotiation fails.

For details, see The Network Between the AP and AC Fails.

APs cannot go online during data backup.

Wait until the backup is complete.

The upgrade fails.

For details, see The AP Upgrade Fails.

The CAPWAP tunnel fails to be established.

For details, see The Network Between the AP and AC Fails.

The configuration fails to be delivered.

The AC will attempt to deliver the configurations again. If the failure persists, rectify the fault by referring to The Network Between the AP and AC Fails.

The versions of the AP and AC do not match.

See The Versions of the AP and AC Do Not Match.

The AC does not support the AP type.

Replace the AP with one supported by the AC or change the AC version to one that supports the AP.

Unsupported AP type, AC version may need to be upgraded.

The AP name conflicts.

Run the ap-rename command to change the AP name.

The number of central APs reaches the upper limit.

See The Number of APs Connected to the AC Exceeds the Maximum.

The number of common APs reaches the upper limit.

See The Number of APs Connected to the AC Exceeds the Maximum.

The CAPWAP sensitive-info PSK is different on the two ends of the CAPWAP tunnel.

See DTLS Negotiation Failed.

The CAPWAP integrity-check PSK is different on the two ends of the CAPWAP tunnel.

See DTLS Negotiation Failed.

The AC license is not active.

Activate the AC license.

Too many APs go online concurrently, leading to a failure to create sufficient DBSS interfaces.

No action is required. The AP will attempt to go online again.

The country codes of the AP and AC are inconsistent, and the country code of the AP is locked.

The country code of some AP models cannot be modified. For example, an AP model with the suffix -US is used only in the United States, and its country code is fixed as US. Configure the country code on the AC to be the same as that on the AP.

Reset for the AC mode switching.

No action is required.

Full-Process Tracing

CLI: trace enable brief and trace object mac-address ap-mac-address

Function: These commands are used to diagnose the service process of the AP. Pay attention to whether there are exceptions in the printed information.

The process for an AP to go online involves various phases, including IP address allocation, discovery, join, configuration delivery, and configuration update. If the AP fails to go online, you can locate the fault through full-process tracing. By comparing the printed information with the normal process, you can determine the phase when the fault occurs and then troubleshoot the fault accordingly.

[AC] trace enable brief
[AC] trace object mac-address acf9-703e-90a0
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP DISCOVER message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP DISCOVER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:0.0.0.0 yiaddr:0.0.0.0 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:DHCP Server is enable.(interface:Vlanif400).
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Gateway=192.168.1.1, mask=255.255.255.0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:New session hash node(mac:acf9-703e-90a0 Xid=376261347)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Discover session create(Xid=376261347 mac:acf9-703e-90a0)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Proc Request IP ACK.(MsgType = 773, MsgType = 1, usPool = 0, ERRcode = 10, IPAlloc = 192.168.1.176, SessionStatus = 0)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP OFFER packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176).
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP OFFER message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP OFFER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP REQUEST message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP REQUEST bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:192.168.1.176 giaddr:0.0.0.0
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP ACK packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176).
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP ACK message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP ACK bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Process discovery request message.
[BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Send discovery response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Create Link Success, Link[3] Sip[192.168.1.176] SrcUdpPort[58138] Vpn[-1].
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process join request message. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send join response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process config status request message. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send configuation state response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process change state event request message and status id CONFIGURE. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send change state event response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] FSM DataLinkEnterinRun, Dlink[3] CLink[3] Mac[acf9-703e-90a0] DevId[1]
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] CtrlLink[3] enterin run. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-0 Func-0xacb8accc TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG notify next phase result-0x0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-1 Func-0xabf7f150 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-2 Func-0xac0d570c TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG pass phase3 Ret 0x0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-4 Func-0xabc66570 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit start response, begin to config ap tree.
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] WMP cfg success over
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-0 Func-0xabc5c168 Ret 0x0 TimeOut 60000
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-0 notify cmt success
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-1 Func-0xabc5c1b0 Ret 0x0 TimeOut 30000
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-1 notify cmt success
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt commit over
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[Process:2]RTRecePktProc Link[3]Type[0]Msg[514828]Que[1]SN[50]Len[4]Ret[0]Mac[acf9-703e-90a0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit-end response

An AP Fails to Start

Possible Cause

  • The PSE does not support the PoE function or is faulty.
  • The PSE does not support the power supply mode required by the AP.
  • The output power of the PSE is insufficient.
  • The PSE is incorrectly configured, for example, the PoE function is disabled or the PoE power-off time range is incorrectly set.
  • The Ethernet cable or power cable is damaged or not securely connected.
  • The AP is faulty.

Troubleshooting Procedure

Check whether the power indicator and network cable indicator of the AP blink normally. For details about indicators, see WLAN Hardware Installation and Maintenance Guide.

If not, perform the following operations:

  1. If the AP is powered in PoE mode, check whether the PSE supports the PoE function and whether the PSE is faulty.
  2. Check whether the output power mode of the PSE is the same as the power supply mode required by the AP.
  3. Check whether the output power of the PSE can support the maximum power consumption of the AP.
  4. Check whether the PSE is configured incorrectly, for example, the PoE function is disabled or the power-off time range is set correctly.
  5. Check whether the Ethernet cable and power cable are connected properly. Replace the Ethernet cable with a high-quality 8-core Ethernet cable and perform the test again.
  6. If the fault persists, the AP may be faulty. In this case, contact technical support personnel or the agent to replace the AP with a new one.

The Network Between the AP and AC Fails

If the network between the AP and AC fails, the AP and AC cannot exchange packets. As a result, the AP fails to go online on the AC.

Check network connectivity between the AP and AC as follows:

  1. Run the ping command on the AC and AP to check whether they can ping each other.

    • If the ping operation fails, check whether the IP address expires, whether the links on the intermediate network are normal, and whether the links are configured correctly.
    • If a long delay or packet loss occurs during the ping operation, check the statistics about each interface to determine whether a loop occurs on the intermediate network.
    • If no packet is lost and the delay is normal, go to the next step.

  2. During the deployment, if an AP fails to go online, the AC or devices on the intermediate network devices are incorrectly configured.

    The following configuration is for your reference:
    • Typically, one management VLAN, and one or more service VLANs need to be configured during the WLAN service configuration.
    • Packets sent by an AP do not contain VLAN tags by default, including IP address allocation packets exchanged with the DHCP server and CAPWAP control packets exchanged with the AC. The packets are tagged with the management VLAN ID on the switch interface directly connected to the AP. Then, these packets are sent to the DHCP server or the AC based on the VLAN and routing information on the network.
    • In direct forwarding mode, ensure that packets from the service VLANs are allowed from the AP's uplink interface to the user gateway. Configure the interface as a hybrid or trunk interface, not as an access interface, and allow packets from the service and management VLANs to pass through. The VLAN configuration must be supported on the switch connected to APs. Do not connect APs to a switch that does not support the VLAN configuration.

      In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.

      <Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20

      Or:

      <Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 20
    • In tunnel forwarding mode, the AP's uplink interface only allows packets from the management VLAN to pass through, because the service packets are encapsulated through CAPWAP. The interface can be configured as an access, trunk, or hybrid interface.

      In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.

      <Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default-vlan 10

      Or:

      <Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10

      Or:

      <Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
    • In a WDS scenario, after changing the WDS mode (root, middle, or leaf) of an AP, restart it for the configuration to take effect. Otherwise, the AP may fail to go online.
    • Check whether the switch and AP are connected through an Eth-Trunk.
      • In V200R008 and earlier versions, you need to configure an Eth-Trunk before connecting physical cables. Otherwise, a loop may occur on the network, causing the AP's failure to go online.
      • In V200R009 and later versions, you can connect physical cables and then configure an Eth-Trunk.

  3. Check whether the management VLAN is configured on the AP.

    Log in to the AP, and run the display system-information command to check whether the management VLAN is valid on the AP.

    <AP> display system-information 
System Information                             
===============================================
......
System Name              : AP
Country Code             : CN                  
MAC Address              : 10:47:80:af:fb:c0   
Radio 0 MAC Address      : 10:47:80:af:fb:c0   
Radio 1 MAC Address      : 10:47:80:af:fb:d0   
IP Address               : 10.1.15.254         
Subnet Mask              : 255.255.240.0       
Default Gateway          : 0.0.0.0             
IPv6 IP Address          :                     
IPv6 Default Gateway     :                     
Management VLAN ID(AP)   : 1219
IP MODE                  : static              
......            
===============================================

    If the management VLAN is incorrectly configured, run the undo management-vlan command in the AP system view to delete the management VLAN and restart the AP.

    If the management VLAN needs to be configured, check the intermediate network to ensure that the management VLAN is allowed and that the AC and AP can ping each other.

    If the AP cannot go online due to incorrect management VLAN configuration, remove the VLAN tag from the interface on the access switch. After the AP goes online, restore the configuration.

An Error Occurs in Configuring a Static IP Address for an AP

Possible Cause

  • The static IP address of the AP is not unique and conflicts with that of another device on the network.
  • In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC.
  • In Layer 3 networking, the egress gateway is not configured for the AP.
  • The AP is not restarted to make the configured static IP address take effect.

Troubleshooting Procedure

A CAPWAP tunnel can be established between an AP and an AC only after the AP has obtained an IP address. If the AP fails to go online after being configured with a static IP address, perform the following steps:

  1. Log in to the AP, and run the display ap-address-info command to check the IP address of the AP.

    <AP> display ap-address-info
==============================================================
Active AP Address Info
  AP Mode     : static  //The AP goes online using a static IP address.
  Ip Address  : 10.1.1.100  //Static IP address of the AP
  Ip Version  : 4
  Mask        : 255.255.255.0  //Subnet mask of the AP's IP address
  Gateway     : 10.1.1.1  //Gateway of the AP
  AC 0 ip     : 10.1.2.111  //AC's IP address
  AC 1 ip     : -
  AC 2 ip     : -
  AC 3 ip     : -
--------------------------------------------------------------
......

  2. Check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.

    • The IP address of an AP must be unique and cannot conflict with that of another device on the network.
    • In Layer 2 networking, the static IP address configured on the AP must be in the same network segment as that of the AC.
    • In Layer 3 networking, the egress gateway for the AP must be configured to ensure an available route between the AP's IP address and the AC source address.

  3. If the IP address is incorrectly configured, use either of the following methods to rectify the fault:

    • Run the ap-address mode dhcp command in the system view to change the IP address obtaining mode to DHCP. Then restart the AP to make the configuration take effect.
      [AP] ap-address mode dhcp                          
Info: The configuration takes effect after the AP is restarted.
    • Run the ap-address static ip-address ip-address subnet-mask command in the system view to change the static IP address of the AP. Then restart the AP to make the configuration take effect.
      [AP] ap-address static ip-address 10.1.2.253 255.255.255.0
Info: The configuration takes effect after the AP is restarted.

No IP Address Is Allocated to an AP

Possible Cause

  • The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example).
  • The DHCP configuration is incorrect.
  • No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.

Troubleshooting Procedure

# Run commands on the DHCP server to check whether the AP is assigned an IP address. In this example, the AC functions as a DHCP server.

  1. Check whether the link between the AP and AC is normal. For details, see The Network Between the AP and AC Fails.
  2. If a DHCP relay agent is deployed, perform a ping operation using the IP address of the DHCP server as the source IP address and that of the DHCP relay agent as the destination IP address. If the ping operation fails, an error occurs in the route configuration. Check the route configuration.
  3. Run the display ip pool { interface interface-pool-name | name ip-pool-name } used command to check IP address allocation. Check whether the AP has obtained an IP address based on the MAC address. Check whether available IP addresses in the address pool are abundant.

    [AC] display ip pool interface Vlanif1219 used
  Pool-name      : Vlanif1219
  Pool-No        : 4 
  Lease          : 1 Days 0 Hours 0 Minutes
  Domain-name    : -
  DNS-server0    : -
  NBNS-server0   : -
  Netbios-type   : -
  Position       : Interface       Status           : Unlocked
  Gateway-0      : 10.1.1.2
  Network        : 10.1.0.0
  Mask           : 255.255.240.0
  VPN instance   : --
  Conflicted address recycle interval: -

 -----------------------------------------------------------------------------
         Start           End     Total  Used  Idle(Expired)  Conflict  Disable
 -----------------------------------------------------------------------------
        10.1.0.1     10.1.15.254  4093     4       4084(0)         5        0
 -----------------------------------------------------------------------------
 
  Network section :
  -----------------------------------------------------------------------
  Index              IP               MAC      Lease   Status
  -----------------------------------------------------------------------
   4085     10.1.15.246    dcd2-fc9a-c800       7375   Used
   4086     10.1.15.247    1047-80af-fbc0       7369   Used
   4087     10.1.15.248    dcd2-fcf4-6420       7929   Used
   4090     10.1.15.251    dcd2-fc22-d880       9368   Used
  -----------------------------------------------------------------------

    If the address pool resources on the DHCP server are insufficient, you can increase the number of IP addresses or reduce the IP address lease.

  4. Run the display arp command to view all ARP mapping entries. Check whether the AP has obtained an IP address based on the MAC address. If so, run the ping command to ping the obtained IP address.

    [AC] display arp
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                          VLAN/CEVLAN PVC
------------------------------------------------------------------------------
......
10.1.1.2        0200-0000-0017            I -         Vlanif1219
10.1.15.251     dcd2-fc22-d880  2         D-0         GE0/0/1
                                          1219/-
10.1.15.247     1047-80af-fbc0  16        D-0         GE0/0/1
                                          1219/-
10.1.15.246     dcd2-fc9a-c800  15        D-0         GE0/0/1
                                          1219/-
10.1.15.248     dcd2-fcf4-6420  6         D-0         GE0/0/1
                                          1219/-
10.1.1.219      4c1f-cc6b-c248  16        D-0         GE0/0/1
    Ping the IP address mapping the MAC address. If the ping operation succeeds, the AP has obtained an IP address. Otherwise, the IP address obtained by the AP has expired or the AP fails to obtain an IP address.
    [AC] ping 10.1.15.251
  PING 10.1.15.251: 56  data bytes, press CTRL_C to break
    Reply from 10.1.15.251: bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 10.1.15.251 ping statistics ---
    5 packet(s) transmitted 
    5 packet(s) received
    0.00% packet loss 
    round-trip min/avg/max = 1/1/1 ms

  5. Check whether the DHCP configuration is correct. For details about how to configure DHCP, see Configuring an AP to Go Online in DHCP Mode.

The AC's IP Address Is Not or Incorrectly Specified on an AP

Possible Cause

  • The AC and AP are connected at Layer 3, but the AC's IP address is not specified on the AP.
  • In AC VRRP networking, the virtual IP address of the ACs is not specified on the AP.

Troubleshooting Procedure

  1. Check whether the AC's IP address is correctly specified on the AP.

    On a Layer 2 network, the AP can discover the AC in broadcast mode, without the need to manually specify the AC's IP address. On a Layer 3 network, you must specify the AC's IP address; otherwise, the AP cannot discover the AC in broadcast mode.
    • AP going online using a static IP address
      If the AP is configured to go online using a static IP address, perform the following operations to troubleshoot the fault:
      1. Log in to the AP, and run the display ap-address-info command to check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
        <AP> display ap-address-info
==============================================================
Active AP Address Info
  AP Mode     : static  //The AP goes online using a static IP address.
  Ip Address  : 20.1.1.100  //Static IP address of the AP
  Ip Version  : 4
  Mask        : 255.255.255.0  //Subnet mask of the AP's IP address
  Gateway     : 20.1.1.1  //Gateway of the AP
  AC 0 ip     : 10.1.1.111  //AC's IP address
  AC 1 ip     : -
  AC 2 ip     : -
  AC 3 ip     : -
--------------------------------------------------------------.
      2. If the AC's IP address is not or incorrectly specified, perform either of the following operations:
        Run the ap-address static ac-list ip-address &<1-4> command in the system view to specify the AC's IP address for the AP. Then restart the AP to make the configuration take effect.
        [AP] ap-address static ac-list 10.23.200.1
    • AP going online in DHCP mode
      When the AP and AC are connected at Layer 3, you are advised to run the option 43 sub-option 2 ip-address ip-address &<1-8> command to configure Option 43 field in the IP address pool. In VRRP HSB scenarios, specify the virtual IP address as the CAPWAP source address on the ACs in the Option 43 field.
      • option 43 hex hex-string
      • option 43 sub-option 3 ascii ascii-string
      • option 43 sub-option 2 ip-address ip-address &<1-8>
      • option 43 sub-option 1 hex hex-string

      For the three commands with the sub-option configuration, it is recommended that only of them be configured. If you run two or three of them, only the last one takes effect.

      The configuration example is as follows.
      • Run the option 43 hex 031D3139322e3136382e3139342e35302c3139322e3136382e3139342e3534 command to configure the device to specify the ACs' IP addresses 192.168.194.50 and 192.168.194.54 for APs. In this command, 03 is a fixed value; 1D indicates that the length of IP addresses (192.168.194.50,192.168.194.54) including dots (.) and the comma (,) is 29, and multiple IP addresses are separated by the comma (,); 3139322e3136382e3139342e3530 indicates the ASCII value of 192.168.194.50; 2C indicates the ASCII value of the comma (,); and 3139322e3136382e3139342e3534 indicates the ASCII value of 192.168.194.54.
      • Run the option 43 sub-option 1 hex C0A80001C0A80002 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs. In the command, C0A80001 indicates the hexadecimal format of 192.168.0.1, and C0A80002 indicates the hexadecimal format of 192.168.0.2.
      • Run the option 43 sub-option 2 ip-address 192.168.0.1 192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.
      • Run the option 43 sub-option 3 ascii 192.168.0.1,192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.

  2. In AC VRRP networking, check whether the specified AC's IP address is the VRRP virtual IP address. If not, specify the VRRP virtual IP address as the AC's IP address.

The CAPWAP Source Interface or Address Is Not Configured on the AC

Each AC requires the configuration of at least one or two IP addresses, VLANIF interfaces, or loopback interfaces. In this manner, APs managed by the AC can learn the specified IP address or the IP address of the specified interface to set up a CAPWAP tunnel with the AC. This specified IP address or interface is called the source address or interface.

Troubleshooting Procedure

  1. Run the display capwap configuration command on the AC to check whether the CAPWAP source address or interface is configured.

    <AC> display capwap configuration
  ---------------------------------------------------------------
  Source interface IPv4                            : vlanif100
  Source interface IPv6                            : -
  Source IPv4 address                              : -
  Source IPv6 address                              : -
  ...
  ...

  2. If the source interface is configured, check whether an IP address is correctly configured for the interface.

    <AC> system-view
[AC] interface vlanif 100
[AC] display this
#
interface Vlanif100
 ip address 10.100.1.2 255.255.255.0
#

  3. If neither the CAPWAP source interface nor CAPWAP source interface is configured, run the capwap source interface or capwap source { ip-address | ipv6-address } command to configure one.

    The following uses the CAPWAP source interface as an example:

    <AC> system-view 
[AC] interface vlanif 100 
[AC-Vlanif100] ip address 192.168.10.1 24 
[AC-Vlanif100] quit 
[AC] capwap source interface vlanif 100

An AP Is Not Working in Fit Mode

Possible Cause

  • The AP does not support the Fit mode.
  • The AP is switched to the Fat or cloud mode.

Troubleshooting Procedure

Check whether the AP is a Fit AP.

# Log in to the AP and run the display image command in the diagnostic view to check the activated software version.
[AP-diagnose] display image 
ImageStatusVersion 
============================================================== 
Image A(Active)AP8030DNV200R006C10SPC300B031(FAT) 
Image B(Backup)AP8030DNV200R003C00SPCc00B100(FAT) 
==============================================================

If it is working in Fat or cloud mode, see AP Mode Switching to switch the AP to the Fit mode.

The Number of APs Connected to the AC Exceeds the Maximum

Possible Cause

  • License resources are insufficient.
  • The number of APs connected to the AC exceeds the specifications.

Troubleshooting Procedure

The number of APs that can be connected to an AC depends on the following factors:
  • License resource items: The total number of common APs and central APs cannot exceed the number of license resource items. RUs do not occupy license resources.
  • Maximum number of APs that can be managed by an AC:
    • The total number of common APs and RUs cannot exceed the maximum number that can be managed by an AC.
    • The total number of central APs does not exceed the maximum number that can be managed by an AC.
  1. Run the display license resource usage command to check the license resource usage. If the current resource usage reaches the specifications authorized in the license file, new APs cannot go online.

    <AC> display license resource usage
Activated License: flash:/LIC92680232*****_*****5396810CB000006.dat
FeatureName    | ConfigureItemName       | ResourceUsage
CRFEA1            LH85WLANAP01                0/256

    If the number of resources exceeds the authorized value, apply for and load a new license file.

  2. If the number of resources does not exceed the authorized value, run the display ap all command to check whether the number of APs in normal state exceeds the maximum number of APs supported by the AC.

    For details about the AP specifications supported by each AP model, visit Info-Finder.

    If the number of APs managed by the AC exceeds the specifications, replan the network properly based on the maximum number of APs that can be managed by the AC.

DTLS Negotiation Failed

Possible Cause

  • The network between the AC and AP is abnormal.
  • The AC and AP have different DTLS PSKs.

Troubleshooting Procedure

When an AP attempts to establish a DTLS connection with an AC, they perform DTLS negotiation. If their PSKs are different, DTLS negotiation fails.

  1. Check whether the PSKs of the AC and AP are the same. If not, change them to the same or run the capwap dtls psk-mandatory-match enable command to enable the AP to establish a DTLS session with the AC using the default PSK.
  2. Ping the AC from the AP. If the ping operation fails, the network is abnormal during DTLS negotiation, resulting in negotiation timeout. In this case, check the network by referring to The Network Between the AP and AC Fails.

The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP

Possible Cause

The MAC address and SN of an AP added offline on the AC are inconsistent with those of the AP.

Troubleshooting Procedure

  1. Run the display wlan wdev ap-information ap-id ap-id command in the diagnostic view of the AC to check the MAC address and SN of the AP.

    [AC-diagnose] display wlan wdev ap-information ap-id 4
 Ap profile Info:
    aucName: dcd2-fc22-d880
    APID_AVL: 4
    APID: 4
    aucSn:  210235555310D1000067  //AP's SN configured on the AC
    group name: default
    aucMac: dcd2-fc22-d860  //AP's MAC address configured on the AC
......

  2. If the configured AP information is different from the actual AP information, run the undo ap ap-id ap-id command in the WLAN view to delete the AP, and then run the ap-id ap-id ap-mac mac-address ap-sn ap-sn command to add an AP again before it goes online.

    <AC> system-view
[AC] wlan 
[AC-wlan-view] undo ap ap-id 4 //Delete the AP.
[AC-wlan-view] ap-id 4 ap-mac dcd2-fc22-d880  //Add an AP before it goes online.

An AP Is Blacklisted

Possible Cause

The AP is added to the blacklist by mistake.

Troubleshooting Procedure

If the MAC address of an AP is blacklisted, the AP cannot go online. If the AP whitelist and blacklist are all configured, the system first checks whether an AP is blacklisted.

  1. Check the AP blacklist.

    <AC> display ap blacklist
-----------------------------------
ID     MAC                         
-----------------------------------
0      0001-0002-0001
-----------------------------------
Total: 1

  2. If an AP is added to the blacklist by mistake, delete the AP from the blacklist.

    <AC> system-view
[AC] wlan
[AC-wlan-view] undo ap blacklist mac 0001-0002-0001

The Versions of the AP and AC Do Not Match

Possible Cause

  • The AC does not support the current AP model.
  • The versions of the AP and AC do not match.

Troubleshooting Procedure

The AP can go online on the AC only when their versions match. If the versions of the AC and AP do not match, the following problems may occur:

  • The AC does not support the current AP model. For example, the AC running V200R008C10 does not support the AP model whose source version is V200R010C00.

    SOHO series ACs can manage only SOHO series APs. Other series ACs cannot manage SOHO series APs.

  • The AP status displayed on the AC is ver-mismatch or vmiss.

For details about the version mapping between ACs and APs, see Quick Reference for WLAN AP Version Mapping and Models.

  1. Run the display ap-type all command to check whether the AC supports the current AP model.

    If the AP model is not in the list, the AC of the current version does not support the AP model. In this case, upgrade the AC by referring to the corresponding upgrade guide.

  2. Run the display ap all command to check whether APs in ver-mismatch or vmiss state exist in the AP list.

    If so, upgrade the AP or AC by referring to the upgrade guide to ensure that the versions of the AP and AC match.

The AP Upgrade Fails

Possible Cause

  • The AP upgrade is configured on the AC, but the AP software package is not correctly uploaded or an incorrect software package is uploaded.
  • The network between the AP and the FTP/SFTP server fails.

Troubleshooting Procedure

  1. Check whether the AP upgrade file exists and whether the file name is correct.

    Before upgrading an AP, ensure that the upgrade file is stored in the corresponding directory of the file server and can be read. The name and size of the AP upgrade file must be the same as those of the source file and cannot be changed. If the upgrade file does not exist or the file name or size is incorrect, obtain the correct upgrade file at http://support.huawei.com/enterprise and upload it to the AC or file server.

    • If the AP is upgraded in AC mode or SFTP/FTP mode (the AC functions as an SFTP or FTP server), save the AP upgrade file to the default storage path on the AC.
      <AC> dir flash:/*.bin
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-     12,815,616  May 23 2016 19:09:45   FitAP5X30XN_V200R006C10SPC300.bin

206,324 KB total (89,768 KB free)
    • If another device functions as the SFTP/FTP server, ensure that the upgrade file is stored in the SFTP/FTP directory and can be read, and that the file name and size are the same as those of the source file.

  2. Check whether the AP upgrade file matches the AP model.

    The AP upgrade file must match the AP model, and upgrade files of different AP models cannot be used interchangeably.

  3. Check whether the AP and file server can ping each other and whether the network quality is good.

    Assume that a PC functions as the file server. When upgrading an AP, use the PC as the file server and upload the AP's upgrade file through FTP, TFTP, or SFTP. In addition, ensure that the network port on the PC is directly connected to that on the AP and that the PC can communicate with the AP.

    1. Open the Windows Command Prompt on your PC, and run the ping command to check whether the PC can successfully ping the AP.

      If the message "Request time out" is displayed, the target device is unreachable.

    2. If the PC fails to ping the AP, change the IP address of the PC to ensure that it is on the same network segment as the IP address of the AP.

      The default IP address of the Fit AP is 169.254.1.1. The IP address of the PC must be on the network segment 169.254.1.0 (excluding the IP address 169.254.1.1), with the subnet mask 255.255.255.0. The IP address 169.254.1.100 is recommended.

      If the Fit AP's IP address has been changed, run the display ap all command on the AC to check the AP's IP address.

    3. Run the ping command again on the PC to check whether the PC can successfully ping the AP.
    4. If large network delay or packet loss occurs between the AP and file server, the AP fails to download the upgrade file due to timeout. In this case, check the intermediate network.

  4. Check whether the user name or password of the FTP/SFTP server is correct.

    An incorrect user name or password of the server will lead to a failure to download the AP upgrade file.

    1. Run the display ap update configuration command to check the AP upgrade configuration.
      [AC-wlan-view] display ap update configuration
------------------------------------------------------------------
AP update mode         : ftp-mode
FTP configuration
 FTP IP                : 192.168.0.11
 FTP username          : ftp
 FTP password          : ******
 FTP max number        : 50
SFTP configuration
 SFTP IP               : -
 SFTP username         : anonymous
 SFTP password         : ******
 SFTP max number       : 50
------------------------------------------------------------------
    2. Check whether the user name and password for logging in to the server are correct. If not, run the following commands to reconfigure them:
      • Set the upgrade mode to SFTP and configure the SFTP server.
        <AC> system-view
[AC] wlan 
[AC-wlan-view] ap update mode sftp-mode
[AC-wlan-view] ap update sftp-server ip-address 192.168.10.11 sftp-username xxx sftp-password cipher yyy  ///xxx and yyy indicate the user name and password for logging in to the SFTP server.
      • Set the upgrade mode to FTP and configure the FTP server.
        <Huawei> system-view
[Huawei] wlan 
[Huawei-wlan-view] ap update mode ftp-mode
[Huawei-wlan-view] ap update ftp-server ip-address 192.168.10.11 ftp-username xxx ftp-password cipher yyy   //xxx and yyy indicate the user name and password for logging in to the FTP server.

  5. Check whether the FTP/SFTP service is enabled on the AC.

    • When the AC is configured as the FTP server, run the display ftp-server command to check whether the FTP service is enabled.
      <AC> display ftp-server
   FTP server is running
   Max user number                 50
   User count                      0
   Timeout value(in minute)        30
   Listening port                  21
   Acl number                      0
   FTP server's source address     0.0.0.0

      If the FTP service is disabled, run the ftp server enable command in the system view to enable it.

    • When the AC is configured as the SFTP server, run the display ssh server status command to check whether the SFTP service is enabled.
      <AC> display ssh server status
 SSH version                         :2.0
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times
 SFTP Server                         :Enable
 Stelnet server                      :Enable

      If the SFTP service is disabled, run the sftp server enable command in the system view to enable it on the SSH server.

An AP Fails to Initialize the Configuration

Possible Cause

  • The MTU of the intermediate network between the AP and AC is incorrectly configured.
  • Packet loss occurs on the wired side.

Troubleshooting Procedure

In the configuration delivery phase, the AC delivers the initial configuration to the AP. If packet loss occurs during transmission, the AP fails to initialize the configuration.

  1. Configure the AC and AP to ping each other using packets longer than 1600 bytes and check whether packet loss occurs.
  2. If packet loss occurs, check whether the MTU of the intermediate network is properly configured. If not, packets cannot be transmitted properly. As a result, the AP cannot go online.

    When the network between the AC and AP involves a small MTU value, such as an SD-WAN tunnel or a carrier network, you need to change the MTU of the CAPWAP tunnel on the AC to a smaller value so that the AP can go online.

    In V200R021C10 and earlier versions, The minimum MTU of a CAPWAP tunnel on the native AC is 1500. In V200R022C00 and later versions, this value is 1000.

    <AC> system-view 
[AC] wlan  
[AC-wlan-view] ap-system-profile name ap-system1 
[AC-wlan-ap-system-prof-ap-system1] mtu 1200

  3. If NAT traversal is configured on the intermediate network, check whether NAT communication is normal.
Translation
简体中文
Download
Updated: 2023-06-02

Document ID: EDOC1000060368

Views: 1821249

Downloads: 5808

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :