Common Causes and Troubleshooting Methods for APs' Failures to Go Online
- Recommended Troubleshooting Roadmap for APs' Failures to Go Online
- An AP Fails to Start
- The Network Between the AP and AC Fails
- An Error Occurs in Configuring a Static IP Address for an AP
- No IP Address Is Allocated to an AP
- The AC's IP Address Is Not or Incorrectly Specified on an AP
- The CAPWAP Source Interface or Address Is Not Configured on the AC
- An AP Is Not Working in Fit Mode
- The Number of APs Connected to the AC Exceeds the Maximum
- DTLS Negotiation Failed
- The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP
- An AP Is Blacklisted
- The Versions of the AP and AC Do Not Match
- The AP Upgrade Fails
- An AP Fails to Initialize the Configuration
Recommended Troubleshooting Roadmap for APs' Failures to Go Online
Checking AP Information
CLI: display ap { all | ap-group ap-group }
Function: This command is used to query the IP address and status of an AP. Pay attention to whether the AP can obtain an IP address and whether the AP status is normal.
AP State |
Description |
Handling Suggestion |
---|---|---|
commit-failed (cmtfa) |
WLAN service configurations fail to be delivered to an AP after the AP goes online on an AC. After the AP goes online on the AC, WLAN service configurations are performed for the AP. If the link between the AP and AC fails or the peer end has no response, the AC will fail to deliver WLAN service configurations to the AP. |
Check network connectivity between the AC and AP. For details, see The Network Between the AP and AC Fails. |
committing (cmt) |
WLAN service configurations are being delivered to an AP after the AP goes online on an AC. After the AP goes online on the AC, WLAN service configurations are being delivered to the AP. During this process, the AP is in committing state. |
This is a normal state, and no action is required. |
config (cfg) |
WLAN service configurations are being delivered to an AP when the AP is going online on an AC. After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. During this process, the AP is in config state. |
This is a normal state, and no action is required. |
config-failed (cfgfa) |
WLAN service configurations fail to be delivered to an AP when the AP is going online on an AC. After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. If the configuration delivery fails due to various reasons (such as link failure), the AP enters the config-failed state. |
If the AC fails to deliver the initial configuration, rectify the fault by referring to An AP Fails to Initialize the Configuration. |
download (dload) |
An AP is in upgrade state. When the AP is performing an upgrade, it enters the download state. |
When the AP upgrade is complete, check the AP state. If the upgrade fails, rectify the fault by referring to The AP Upgrade Fails. |
fault |
An AP fails to go online. |
Check the reason for the AP's failure to go online. For details, see Checking Reasons for APs' Failures to Go Online. |
idle |
It is the initialization state of an AP before it establishes a link with the AC for the first time. |
The possible causes and the corresponding handling methods for this state are as follows:
|
name-conflicted (namec) |
The name of an AP conflicts with that of an existing AP. The name of an AP conflicts with the name of another AP on the same AC. |
Run the ap-rename ap-id ap-id new-name ap-new-name command to change the AP name. |
normal (nor) |
An AP is working properly. The AP successfully goes online on the AC. |
This is a normal state, and no action is required. |
standby (stdby) |
An AP is in normal state on the standby AC. In the HSB, dual-link cold backup, or N+1 backup scenario, if the link between the active and standby ACs is established properly, the AP is in standby state on the standby AC and in normal state on the active AC. |
This is a normal state, and no action is required. |
ver-mismatch (vmiss) |
The versions of the AP and AC do not match. |
|
countryCode-mismatch (cmiss) |
The country codes of the AP and AC do not match. The AP does not support the country code configured on the AC. |
The AP does not support the country code. Upgrade the AP or modify the country code configuration on the AC. |
type-mismatch (tmiss) |
The AP type does not match that configured on the AC. The AP type configured on the AC does not match the actual AP type. |
Change the AP type configured on the AC. |
unauth |
An AP fails to be authenticated. |
Run the display ap unauthorized record command to query APs that fail to be authenticated. Run the ap-confirm command to confirm these APs and allow them to go online. |
Checking Reasons for APs' Failures to Go Online
CLI: display ap online-fail record
Function: This command is used to query the reason for AP's failures to go online so that you can take measures accordingly.
Table 19-9 lists some reasons for AP's failures to go online.
Reason Why an AP Fails to Go Online |
Handling Suggestion |
---|---|
Insufficient license resources. |
See The Number of APs Connected to the AC Exceeds the Maximum. |
The AP is not in the SN whitelist. |
Run the ap whitelist sn ap-sn1 [ to ap-sn2 ] command to add the AP to the SN whitelist or run the ap-confirm command to enable the AP to pass authentication. |
The AP is not in the MAC whitelist. |
Run the ap whitelist mac ap-mac1 [ to ap-mac2 ] command to add the AP to the MAC whitelist or run the ap-confirm command to enable the AP to pass authentication. |
The AP is added to the AP blacklist. |
See An AP Is Blacklisted. |
The MAC address and SN of the AP do not match. |
See The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP. |
DTLS negotiation for CAPWAP tunnel setup fails. |
|
DTLS negotiation failed, because of negotiation timeout or inconsistent PSKs on two ends. |
|
CAPWAP tunnel negotiation fails. |
For details, see The Network Between the AP and AC Fails. |
APs cannot go online during data backup. |
Wait until the backup is complete. |
The upgrade fails. |
For details, see The AP Upgrade Fails. |
The CAPWAP tunnel fails to be established. |
For details, see The Network Between the AP and AC Fails. |
The configuration fails to be delivered. |
The AC will attempt to deliver the configurations again. If the failure persists, rectify the fault by referring to The Network Between the AP and AC Fails. |
The versions of the AP and AC do not match. |
|
The AC does not support the AP type. |
Replace the AP with one supported by the AC or change the AC version to one that supports the AP. |
Unsupported AP type, AC version may need to be upgraded. |
|
The AP name conflicts. |
Run the ap-rename command to change the AP name. |
The number of central APs reaches the upper limit. |
See The Number of APs Connected to the AC Exceeds the Maximum. |
The number of common APs reaches the upper limit. |
See The Number of APs Connected to the AC Exceeds the Maximum. |
The CAPWAP sensitive-info PSK is different on the two ends of the CAPWAP tunnel. |
|
The CAPWAP integrity-check PSK is different on the two ends of the CAPWAP tunnel. |
|
The AC license is not active. |
Activate the AC license. |
Too many APs go online concurrently, leading to a failure to create sufficient DBSS interfaces. |
No action is required. The AP will attempt to go online again. |
The country codes of the AP and AC are inconsistent, and the country code of the AP is locked. |
The country code of some AP models cannot be modified. For example, an AP model with the suffix -US is used only in the United States, and its country code is fixed as US. Configure the country code on the AC to be the same as that on the AP. |
Reset for the AC mode switching. |
No action is required. |
Full-Process Tracing
CLI: trace enable brief and trace object mac-address ap-mac-address
Function: These commands are used to diagnose the service process of the AP. Pay attention to whether there are exceptions in the printed information.
The process for an AP to go online involves various phases, including IP address allocation, discovery, join, configuration delivery, and configuration update. If the AP fails to go online, you can locate the fault through full-process tracing. By comparing the printed information with the normal process, you can determine the phase when the fault occurs and then troubleshoot the fault accordingly.
[AC] trace enable brief [AC] trace object mac-address acf9-703e-90a0 [BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP DISCOVER message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP DISCOVER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:0.0.0.0 yiaddr:0.0.0.0 xid:0x166d4ae3 [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:DHCP Server is enable.(interface:Vlanif400). [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Gateway=192.168.1.1, mask=255.255.255.0. [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0. [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:New session hash node(mac:acf9-703e-90a0 Xid=376261347) [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Discover session create(Xid=376261347 mac:acf9-703e-90a0) [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0. [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Proc Request IP ACK.(MsgType = 773, MsgType = 1, usPool = 0, ERRcode = 10, IPAlloc = 192.168.1.176, SessionStatus = 0) [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP OFFER packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176). [BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP OFFER message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP OFFER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3 [BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP REQUEST message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP REQUEST bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:192.168.1.176 giaddr:0.0.0.0 [BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP ACK packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176). [BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP ACK message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP ACK bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3 [BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Process discovery request message. [BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Send discovery response successfully. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Create Link Success, Link[3] Sip[192.168.1.176] SrcUdpPort[58138] Vpn[-1]. [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process join request message. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send join response successfully. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process config status request message. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send configuation state response successfully. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process change state event request message and status id CONFIGURE. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send change state event response successfully. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] FSM DataLinkEnterinRun, Dlink[3] CLink[3] Mac[acf9-703e-90a0] DevId[1] [BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] CtrlLink[3] enterin run. MAC: acf9-703e-90a0 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-0 Func-0xacb8accc TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-0 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG notify next phase result-0x0 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-1 Func-0xabf7f150 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-2 Func-0xac0d570c TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG pass phase3 Ret 0x0 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-4 Func-0xabc66570 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit start response, begin to config ap tree. [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ac Ret 0x0 CfgFlag 1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ac Ret 0x0 CfgFlag 1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ac Ret 0x0 CfgFlag 1 [BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ap ret ok ProcRet 0 [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ap ret ok ProcRet 0 [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ap ret ok ProcRet 0 [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] WMP cfg success over [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-0 Func-0xabc5c168 Ret 0x0 TimeOut 60000 [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0] [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-0 notify cmt success [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-1 Func-0xabc5c1b0 Ret 0x0 TimeOut 30000 [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0] [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-1 notify cmt success [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt commit over [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[Process:2]RTRecePktProc Link[3]Type[0]Msg[514828]Que[1]SN[50]Len[4]Ret[0]Mac[acf9-703e-90a0] [BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit-end response
An AP Fails to Start
Possible Cause
- The PSE does not support the PoE function or is faulty.
- The PSE does not support the power supply mode required by the AP.
- The output power of the PSE is insufficient.
- The PSE is incorrectly configured, for example, the PoE function is disabled or the PoE power-off time range is incorrectly set.
- The Ethernet cable or power cable is damaged or not securely connected.
- The AP is faulty.
Troubleshooting Procedure
Check whether the power indicator and network cable indicator of the AP blink normally. For details about indicators, see WLAN Hardware Installation and Maintenance Guide.
If not, perform the following operations:
- If the AP is powered in PoE mode, check whether the PSE supports the PoE function and whether the PSE is faulty.
- Check whether the output power mode of the PSE is the same as the power supply mode required by the AP.
- Check whether the output power of the PSE can support the maximum power consumption of the AP.
- Check whether the PSE is configured incorrectly, for example, the PoE function is disabled or the power-off time range is set correctly.
- Check whether the Ethernet cable and power cable are connected properly. Replace the Ethernet cable with a high-quality 8-core Ethernet cable and perform the test again.
- If the fault persists, the AP may be faulty. In this case, contact technical support personnel or the agent to replace the AP with a new one.
The Network Between the AP and AC Fails
If the network between the AP and AC fails, the AP and AC cannot exchange packets. As a result, the AP fails to go online on the AC.
Check network connectivity between the AP and AC as follows:
- Run the ping command on the AC and AP to check whether they can ping each other.
- If the ping operation fails, check whether the IP address expires, whether the links on the intermediate network are normal, and whether the links are configured correctly.
- If a long delay or packet loss occurs during the ping operation, check the statistics about each interface to determine whether a loop occurs on the intermediate network.
- If no packet is lost and the delay is normal, go to the next step.
- During the deployment, if an AP fails to go online, the AC or devices on the intermediate network devices are incorrectly configured.The following configuration is for your reference:
- Typically, one management VLAN, and one or more service VLANs need to be configured during the WLAN service configuration.
- Packets sent by an AP do not contain VLAN tags by default, including IP address allocation packets exchanged with the DHCP server and CAPWAP control packets exchanged with the AC. The packets are tagged with the management VLAN ID on the switch interface directly connected to the AP. Then, these packets are sent to the DHCP server or the AC based on the VLAN and routing information on the network.
- In direct forwarding mode, ensure that packets from the service VLANs are allowed from the AP's uplink interface to the user gateway. Configure the interface as a hybrid or trunk interface, not as an access interface, and allow packets from the service and management VLANs to pass through. The VLAN configuration must be supported on the switch connected to APs. Do not connect APs to a switch that does not support the VLAN configuration.
In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.
<Switch> system-view [Switch] interface gigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10 [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
Or:
<Switch> system-view [Switch] interface gigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type hybrid [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10 [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10 [Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 20
- In tunnel forwarding mode, the AP's uplink interface only allows packets from the management VLAN to pass through, because the service packets are encapsulated through CAPWAP. The interface can be configured as an access, trunk, or hybrid interface.
In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.
<Switch> system-view [Switch] interface gigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type access [Switch-GigabitEthernet0/0/1] port default-vlan 10
Or:
<Switch> system-view [Switch] interface gigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10 [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
Or:
<Switch> system-view [Switch] interface gigabitEthernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type hybrid [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10 [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
- In a WDS scenario, after changing the WDS mode (root, middle, or leaf) of an AP, restart it for the configuration to take effect. Otherwise, the AP may fail to go online.
- Check whether the switch and AP are connected through an Eth-Trunk.
- In V200R008 and earlier versions, you need to configure an Eth-Trunk before connecting physical cables. Otherwise, a loop may occur on the network, causing the AP's failure to go online.
- In V200R009 and later versions, you can connect physical cables and then configure an Eth-Trunk.
- Check whether the management VLAN is configured on the AP.
Log in to the AP, and run the display system-information command to check whether the management VLAN is valid on the AP.
<AP> display system-information System Information =============================================== ...... System Name : AP Country Code : CN MAC Address : 10:47:80:af:fb:c0 Radio 0 MAC Address : 10:47:80:af:fb:c0 Radio 1 MAC Address : 10:47:80:af:fb:d0 IP Address : 10.1.15.254 Subnet Mask : 255.255.240.0 Default Gateway : 0.0.0.0 IPv6 IP Address : IPv6 Default Gateway : Management VLAN ID(AP) : 1219 IP MODE : static ...... ===============================================
If the management VLAN is incorrectly configured, run the undo management-vlan command in the AP system view to delete the management VLAN and restart the AP.
If the management VLAN needs to be configured, check the intermediate network to ensure that the management VLAN is allowed and that the AC and AP can ping each other.
If the AP cannot go online due to incorrect management VLAN configuration, remove the VLAN tag from the interface on the access switch. After the AP goes online, restore the configuration.
An Error Occurs in Configuring a Static IP Address for an AP
Possible Cause
- The static IP address of the AP is not unique and conflicts with that of another device on the network.
- In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC.
- In Layer 3 networking, the egress gateway is not configured for the AP.
- The AP is not restarted to make the configured static IP address take effect.
Troubleshooting Procedure
A CAPWAP tunnel can be established between an AP and an AC only after the AP has obtained an IP address. If the AP fails to go online after being configured with a static IP address, perform the following steps:
- Log in to the AP, and run the display ap-address-info command to check the IP address of the AP.
<AP> display ap-address-info ============================================================== Active AP Address Info AP Mode : static //The AP goes online using a static IP address. Ip Address : 10.1.1.100 //Static IP address of the AP Ip Version : 4 Mask : 255.255.255.0 //Subnet mask of the AP's IP address Gateway : 10.1.1.1 //Gateway of the AP AC 0 ip : 10.1.2.111 //AC's IP address AC 1 ip : - AC 2 ip : - AC 3 ip : - -------------------------------------------------------------- ......
- Check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
- The IP address of an AP must be unique and cannot conflict with that of another device on the network.
- In Layer 2 networking, the static IP address configured on the AP must be in the same network segment as that of the AC.
- In Layer 3 networking, the egress gateway for the AP must be configured to ensure an available route between the AP's IP address and the AC source address.
- If the IP address is incorrectly configured, use either of the following methods to rectify the fault:
- Run the ap-address mode dhcp command in the system view to change the IP address obtaining mode to DHCP. Then restart the AP to make the configuration take effect.
[AP] ap-address mode dhcp Info: The configuration takes effect after the AP is restarted.
- Run the ap-address static ip-address ip-address subnet-mask command in the system view to change the static IP address of the AP. Then restart the AP to make the configuration take effect.
[AP] ap-address static ip-address 10.1.2.253 255.255.255.0 Info: The configuration takes effect after the AP is restarted.
- Run the ap-address mode dhcp command in the system view to change the IP address obtaining mode to DHCP. Then restart the AP to make the configuration take effect.
No IP Address Is Allocated to an AP
Possible Cause
- The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example).
- The DHCP configuration is incorrect.
- No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.
Troubleshooting Procedure
# Run commands on the DHCP server to check whether the AP is assigned an IP address. In this example, the AC functions as a DHCP server.
- Check whether the link between the AP and AC is normal. For details, see The Network Between the AP and AC Fails.
- If a DHCP relay agent is deployed, perform a ping operation using the IP address of the DHCP server as the source IP address and that of the DHCP relay agent as the destination IP address. If the ping operation fails, an error occurs in the route configuration. Check the route configuration.
- Run the display ip pool { interface interface-pool-name | name ip-pool-name } used command to check IP address allocation. Check whether the AP has obtained an IP address based on the MAC address. Check whether available IP addresses in the address pool are abundant.
[AC] display ip pool interface Vlanif1219 used Pool-name : Vlanif1219 Pool-No : 4 Lease : 1 Days 0 Hours 0 Minutes Domain-name : - DNS-server0 : - NBNS-server0 : - Netbios-type : - Position : Interface Status : Unlocked Gateway-0 : 10.1.1.2 Network : 10.1.0.0 Mask : 255.255.240.0 VPN instance : -- Conflicted address recycle interval: - ----------------------------------------------------------------------------- Start End Total Used Idle(Expired) Conflict Disable ----------------------------------------------------------------------------- 10.1.0.1 10.1.15.254 4093 4 4084(0) 5 0 ----------------------------------------------------------------------------- Network section : ----------------------------------------------------------------------- Index IP MAC Lease Status ----------------------------------------------------------------------- 4085 10.1.15.246 dcd2-fc9a-c800 7375 Used 4086 10.1.15.247 1047-80af-fbc0 7369 Used 4087 10.1.15.248 dcd2-fcf4-6420 7929 Used 4090 10.1.15.251 dcd2-fc22-d880 9368 Used -----------------------------------------------------------------------
If the address pool resources on the DHCP server are insufficient, you can increase the number of IP addresses or reduce the IP address lease.
- Run the display arp command to view all ARP mapping entries. Check whether the AP has obtained an IP address based on the MAC address. If so, run the ping command to ping the obtained IP address.
[AC] display arp IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE VLAN/CEVLAN PVC ------------------------------------------------------------------------------ ...... 10.1.1.2 0200-0000-0017 I - Vlanif1219 10.1.15.251 dcd2-fc22-d880 2 D-0 GE0/0/1 1219/- 10.1.15.247 1047-80af-fbc0 16 D-0 GE0/0/1 1219/- 10.1.15.246 dcd2-fc9a-c800 15 D-0 GE0/0/1 1219/- 10.1.15.248 dcd2-fcf4-6420 6 D-0 GE0/0/1 1219/- 10.1.1.219 4c1f-cc6b-c248 16 D-0 GE0/0/1
Ping the IP address mapping the MAC address. If the ping operation succeeds, the AP has obtained an IP address. Otherwise, the IP address obtained by the AP has expired or the AP fails to obtain an IP address.[AC] ping 10.1.15.251 PING 10.1.15.251: 56 data bytes, press CTRL_C to break Reply from 10.1.15.251: bytes=56 Sequence=1 ttl=255 time=1 ms Reply from 10.1.15.251: bytes=56 Sequence=2 ttl=255 time=1 ms Reply from 10.1.15.251: bytes=56 Sequence=3 ttl=255 time=1 ms Reply from 10.1.15.251: bytes=56 Sequence=4 ttl=255 time=1 ms Reply from 10.1.15.251: bytes=56 Sequence=5 ttl=255 time=1 ms --- 10.1.15.251 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
- Check whether the DHCP configuration is correct. For details about how to configure DHCP, see Configuring an AP to Go Online in DHCP Mode.
The AC's IP Address Is Not or Incorrectly Specified on an AP
Possible Cause
- The AC and AP are connected at Layer 3, but the AC's IP address is not specified on the AP.
- In AC VRRP networking, the virtual IP address of the ACs is not specified on the AP.
Troubleshooting Procedure
- Check whether the AC's IP address is correctly specified on the AP.On a Layer 2 network, the AP can discover the AC in broadcast mode, without the need to manually specify the AC's IP address. On a Layer 3 network, you must specify the AC's IP address; otherwise, the AP cannot discover the AC in broadcast mode.
- AP going online using a static IP addressIf the AP is configured to go online using a static IP address, perform the following operations to troubleshoot the fault:
- Log in to the AP, and run the display ap-address-info command to check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
<AP> display ap-address-info ============================================================== Active AP Address Info AP Mode : static //The AP goes online using a static IP address. Ip Address : 20.1.1.100 //Static IP address of the AP Ip Version : 4 Mask : 255.255.255.0 //Subnet mask of the AP's IP address Gateway : 20.1.1.1 //Gateway of the AP AC 0 ip : 10.1.1.111 //AC's IP address AC 1 ip : - AC 2 ip : - AC 3 ip : - --------------------------------------------------------------.
- If the AC's IP address is not or incorrectly specified, perform either of the following operations:Run the ap-address static ac-list ip-address &<1-4> command in the system view to specify the AC's IP address for the AP. Then restart the AP to make the configuration take effect.
[AP] ap-address static ac-list 10.23.200.1
- Log in to the AP, and run the display ap-address-info command to check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
- AP going online in DHCP modeWhen the AP and AC are connected at Layer 3, you are advised to run the option 43 sub-option 2 ip-address ip-address &<1-8> command to configure Option 43 field in the IP address pool. In VRRP HSB scenarios, specify the virtual IP address as the CAPWAP source address on the ACs in the Option 43 field.
- option 43 hex hex-string
- option 43 sub-option 3 ascii ascii-string
- option 43 sub-option 2 ip-address ip-address &<1-8>
- option 43 sub-option 1 hex hex-string
For the three commands with the sub-option configuration, it is recommended that only of them be configured. If you run two or three of them, only the last one takes effect.
The configuration example is as follows.- Run the option 43 hex 031D3139322e3136382e3139342e35302c3139322e3136382e3139342e3534 command to configure the device to specify the ACs' IP addresses 192.168.194.50 and 192.168.194.54 for APs. In this command, 03 is a fixed value; 1D indicates that the length of IP addresses (192.168.194.50,192.168.194.54) including dots (.) and the comma (,) is 29, and multiple IP addresses are separated by the comma (,); 3139322e3136382e3139342e3530 indicates the ASCII value of 192.168.194.50; 2C indicates the ASCII value of the comma (,); and 3139322e3136382e3139342e3534 indicates the ASCII value of 192.168.194.54.
- Run the option 43 sub-option 1 hex C0A80001C0A80002 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs. In the command, C0A80001 indicates the hexadecimal format of 192.168.0.1, and C0A80002 indicates the hexadecimal format of 192.168.0.2.
- Run the option 43 sub-option 2 ip-address 192.168.0.1 192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.
- Run the option 43 sub-option 3 ascii 192.168.0.1,192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.
- AP going online using a static IP address
- In AC VRRP networking, check whether the specified AC's IP address is the VRRP virtual IP address. If not, specify the VRRP virtual IP address as the AC's IP address.
The CAPWAP Source Interface or Address Is Not Configured on the AC
Each AC requires the configuration of at least one or two IP addresses, VLANIF interfaces, or loopback interfaces. In this manner, APs managed by the AC can learn the specified IP address or the IP address of the specified interface to set up a CAPWAP tunnel with the AC. This specified IP address or interface is called the source address or interface.
Troubleshooting Procedure
- Run the display capwap configuration command on the AC to check whether the CAPWAP source address or interface is configured.
<AC> display capwap configuration --------------------------------------------------------------- Source interface IPv4 : vlanif100 Source interface IPv6 : - Source IPv4 address : - Source IPv6 address : - ... ...
- If the source interface is configured, check whether an IP address is correctly configured for the interface.
<AC> system-view [AC] interface vlanif 100 [AC] display this # interface Vlanif100 ip address 10.100.1.2 255.255.255.0 #
- If neither the CAPWAP source interface nor CAPWAP source interface is configured, run the capwap source interface or capwap source { ip-address | ipv6-address } command to configure one.
The following uses the CAPWAP source interface as an example:
<AC> system-view [AC] interface vlanif 100 [AC-Vlanif100] ip address 192.168.10.1 24 [AC-Vlanif100] quit [AC] capwap source interface vlanif 100
An AP Is Not Working in Fit Mode
Possible Cause
- The AP does not support the Fit mode.
- The AP is switched to the Fat or cloud mode.
Troubleshooting Procedure
Check whether the AP is a Fit AP.
[AP-diagnose] display image ImageStatusVersion ============================================================== Image A(Active)AP8030DNV200R006C10SPC300B031(FAT) Image B(Backup)AP8030DNV200R003C00SPCc00B100(FAT) ==============================================================
If it is working in Fat or cloud mode, see AP Mode Switching to switch the AP to the Fit mode.
The Number of APs Connected to the AC Exceeds the Maximum
Possible Cause
- License resources are insufficient.
- The number of APs connected to the AC exceeds the specifications.
Troubleshooting Procedure
- License resource items: The total number of common APs and central APs cannot exceed the number of license resource items. RUs do not occupy license resources.
- Maximum number of APs that can be managed by an AC:
- The total number of common APs and RUs cannot exceed the maximum number that can be managed by an AC.
- The total number of central APs does not exceed the maximum number that can be managed by an AC.
- Run the display license resource usage command to check the license resource usage. If the current resource usage reaches the specifications authorized in the license file, new APs cannot go online.
<AC> display license resource usage Activated License: flash:/LIC92680232*****_*****5396810CB000006.dat FeatureName | ConfigureItemName | ResourceUsage CRFEA1 LH85WLANAP01 0/256
If the number of resources exceeds the authorized value, apply for and load a new license file.
- If the number of resources does not exceed the authorized value, run the display ap all command to check whether the number of APs in normal state exceeds the maximum number of APs supported by the AC.
For details about the AP specifications supported by each AP model, visit Info-Finder.
If the number of APs managed by the AC exceeds the specifications, replan the network properly based on the maximum number of APs that can be managed by the AC.
DTLS Negotiation Failed
Possible Cause
- The network between the AC and AP is abnormal.
- The AC and AP have different DTLS PSKs.
Troubleshooting Procedure
When an AP attempts to establish a DTLS connection with an AC, they perform DTLS negotiation. If their PSKs are different, DTLS negotiation fails.
- Check whether the PSKs of the AC and AP are the same. If not, change them to the same or run the capwap dtls psk-mandatory-match enable command to enable the AP to establish a DTLS session with the AC using the default PSK.
- Ping the AC from the AP. If the ping operation fails, the network is abnormal during DTLS negotiation, resulting in negotiation timeout. In this case, check the network by referring to The Network Between the AP and AC Fails.
The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP
Possible Cause
The MAC address and SN of an AP added offline on the AC are inconsistent with those of the AP.
Troubleshooting Procedure
- Run the display wlan wdev ap-information ap-id ap-id command in the diagnostic view of the AC to check the MAC address and SN of the AP.
[AC-diagnose] display wlan wdev ap-information ap-id 4 Ap profile Info: aucName: dcd2-fc22-d880 APID_AVL: 4 APID: 4 aucSn: 210235555310D1000067 //AP's SN configured on the AC group name: default aucMac: dcd2-fc22-d860 //AP's MAC address configured on the AC ......
- If the configured AP information is different from the actual AP information, run the undo ap ap-id ap-id command in the WLAN view to delete the AP, and then run the ap-id ap-id ap-mac mac-address ap-sn ap-sn command to add an AP again before it goes online.
<AC> system-view [AC] wlan [AC-wlan-view] undo ap ap-id 4 //Delete the AP. [AC-wlan-view] ap-id 4 ap-mac dcd2-fc22-d880 //Add an AP before it goes online.
An AP Is Blacklisted
Possible Cause
The AP is added to the blacklist by mistake.
Troubleshooting Procedure
If the MAC address of an AP is blacklisted, the AP cannot go online. If the AP whitelist and blacklist are all configured, the system first checks whether an AP is blacklisted.
- Check the AP blacklist.
<AC> display ap blacklist ----------------------------------- ID MAC ----------------------------------- 0 0001-0002-0001 ----------------------------------- Total: 1
- If an AP is added to the blacklist by mistake, delete the AP from the blacklist.
<AC> system-view [AC] wlan [AC-wlan-view] undo ap blacklist mac 0001-0002-0001
The Versions of the AP and AC Do Not Match
Possible Cause
- The AC does not support the current AP model.
- The versions of the AP and AC do not match.
Troubleshooting Procedure
The AP can go online on the AC only when their versions match. If the versions of the AC and AP do not match, the following problems may occur:
- The AC does not support the current AP model. For example, the AC running V200R008C10 does not support the AP model whose source version is V200R010C00.
SOHO series ACs can manage only SOHO series APs. Other series ACs cannot manage SOHO series APs.
- The AP status displayed on the AC is ver-mismatch or vmiss.
For details about the version mapping between ACs and APs, see Quick Reference for WLAN AP Version Mapping and Models.
- Run the display ap-type all command to check whether the AC supports the current AP model.
If the AP model is not in the list, the AC of the current version does not support the AP model. In this case, upgrade the AC by referring to the corresponding upgrade guide.
- Run the display ap all command to check whether APs in ver-mismatch or vmiss state exist in the AP list.
If so, upgrade the AP or AC by referring to the upgrade guide to ensure that the versions of the AP and AC match.
The AP Upgrade Fails
Possible Cause
- The AP upgrade is configured on the AC, but the AP software package is not correctly uploaded or an incorrect software package is uploaded.
- The network between the AP and the FTP/SFTP server fails.
Troubleshooting Procedure
- Check whether the AP upgrade file exists and whether the file name is correct.
Before upgrading an AP, ensure that the upgrade file is stored in the corresponding directory of the file server and can be read. The name and size of the AP upgrade file must be the same as those of the source file and cannot be changed. If the upgrade file does not exist or the file name or size is incorrect, obtain the correct upgrade file at http://support.huawei.com/enterprise and upload it to the AC or file server.
- If the AP is upgraded in AC mode or SFTP/FTP mode (the AC functions as an SFTP or FTP server), save the AP upgrade file to the default storage path on the AC.
<AC> dir flash:/*.bin Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 12,815,616 May 23 2016 19:09:45 FitAP5X30XN_V200R006C10SPC300.bin 206,324 KB total (89,768 KB free)
- If another device functions as the SFTP/FTP server, ensure that the upgrade file is stored in the SFTP/FTP directory and can be read, and that the file name and size are the same as those of the source file.
- If the AP is upgraded in AC mode or SFTP/FTP mode (the AC functions as an SFTP or FTP server), save the AP upgrade file to the default storage path on the AC.
- Check whether the AP upgrade file matches the AP model.
The AP upgrade file must match the AP model, and upgrade files of different AP models cannot be used interchangeably.
- Check whether the AP and file server can ping each other and whether the network quality is good.
Assume that a PC functions as the file server. When upgrading an AP, use the PC as the file server and upload the AP's upgrade file through FTP, TFTP, or SFTP. In addition, ensure that the network port on the PC is directly connected to that on the AP and that the PC can communicate with the AP.
- Open the Windows Command Prompt on your PC, and run the ping command to check whether the PC can successfully ping the AP.
If the message "Request time out" is displayed, the target device is unreachable.
- If the PC fails to ping the AP, change the IP address of the PC to ensure that it is on the same network segment as the IP address of the AP.
The default IP address of the Fit AP is 169.254.1.1. The IP address of the PC must be on the network segment 169.254.1.0 (excluding the IP address 169.254.1.1), with the subnet mask 255.255.255.0. The IP address 169.254.1.100 is recommended.
If the Fit AP's IP address has been changed, run the display ap all command on the AC to check the AP's IP address.
- Run the ping command again on the PC to check whether the PC can successfully ping the AP.
- If large network delay or packet loss occurs between the AP and file server, the AP fails to download the upgrade file due to timeout. In this case, check the intermediate network.
- Open the Windows Command Prompt on your PC, and run the ping command to check whether the PC can successfully ping the AP.
- Check whether the user name or password of the FTP/SFTP server is correct.
An incorrect user name or password of the server will lead to a failure to download the AP upgrade file.
- Run the display ap update configuration command to check the AP upgrade configuration.
[AC-wlan-view] display ap update configuration ------------------------------------------------------------------ AP update mode : ftp-mode FTP configuration FTP IP : 192.168.0.11 FTP username : ftp FTP password : ****** FTP max number : 50 SFTP configuration SFTP IP : - SFTP username : anonymous SFTP password : ****** SFTP max number : 50 ------------------------------------------------------------------
- Check whether the user name and password for logging in to the server are correct. If not, run the following commands to reconfigure them:
- Set the upgrade mode to SFTP and configure the SFTP server.
<AC> system-view [AC] wlan [AC-wlan-view] ap update mode sftp-mode [AC-wlan-view] ap update sftp-server ip-address 192.168.10.11 sftp-username xxx sftp-password cipher yyy ///xxx and yyy indicate the user name and password for logging in to the SFTP server.
- Set the upgrade mode to FTP and configure the FTP server.
<Huawei> system-view [Huawei] wlan [Huawei-wlan-view] ap update mode ftp-mode [Huawei-wlan-view] ap update ftp-server ip-address 192.168.10.11 ftp-username xxx ftp-password cipher yyy //xxx and yyy indicate the user name and password for logging in to the FTP server.
- Set the upgrade mode to SFTP and configure the SFTP server.
- Run the display ap update configuration command to check the AP upgrade configuration.
- Check whether the FTP/SFTP service is enabled on the AC.
- When the AC is configured as the FTP server, run the display ftp-server command to check whether the FTP service is enabled.
<AC> display ftp-server FTP server is running Max user number 50 User count 0 Timeout value(in minute) 30 Listening port 21 Acl number 0 FTP server's source address 0.0.0.0
If the FTP service is disabled, run the ftp server enable command in the system view to enable it.
- When the AC is configured as the SFTP server, run the display ssh server status command to check whether the SFTP service is enabled.
<AC> display ssh server status SSH version :2.0 SSH connection timeout :60 seconds SSH server key generating interval :0 hours SSH Authentication retries :3 times SFTP Server :Enable Stelnet server :Enable
If the SFTP service is disabled, run the sftp server enable command in the system view to enable it on the SSH server.
- When the AC is configured as the FTP server, run the display ftp-server command to check whether the FTP service is enabled.
An AP Fails to Initialize the Configuration
Possible Cause
- The MTU of the intermediate network between the AP and AC is incorrectly configured.
- Packet loss occurs on the wired side.
Troubleshooting Procedure
In the configuration delivery phase, the AC delivers the initial configuration to the AP. If packet loss occurs during transmission, the AP fails to initialize the configuration.
- Configure the AC and AP to ping each other using packets longer than 1600 bytes and check whether packet loss occurs.
- If packet loss occurs, check whether the MTU of the intermediate network is properly configured. If not, packets cannot be transmitted properly. As a result, the AP cannot go online.
When the network between the AC and AP involves a small MTU value, such as an SD-WAN tunnel or a carrier network, you need to change the MTU of the CAPWAP tunnel on the AC to a smaller value so that the AP can go online.
In V200R021C10 and earlier versions, The minimum MTU of a CAPWAP tunnel on the native AC is 1500. In V200R022C00 and later versions, this value is 1000.
<AC> system-view [AC] wlan [AC-wlan-view] ap-system-profile name ap-system1 [AC-wlan-ap-system-prof-ap-system1] mtu 1200
- If NAT traversal is configured on the intermediate network, check whether NAT communication is normal.
- Recommended Troubleshooting Roadmap for APs' Failures to Go Online
- An AP Fails to Start
- The Network Between the AP and AC Fails
- An Error Occurs in Configuring a Static IP Address for an AP
- No IP Address Is Allocated to an AP
- The AC's IP Address Is Not or Incorrectly Specified on an AP
- The CAPWAP Source Interface or Address Is Not Configured on the AC
- An AP Is Not Working in Fit Mode
- The Number of APs Connected to the AC Exceeds the Maximum
- DTLS Negotiation Failed
- The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP
- An AP Is Blacklisted
- The Versions of the AP and AC Do Not Match
- The AP Upgrade Fails
- An AP Fails to Initialize the Configuration