AP Join Process

WLAN Troubleshooting Guide

About This Document
Using eDesk Pro for Network Inspection and Troubleshooting
Using Troubleshooting Insights
Risky Operations
- Hardware-Related Risky Operations
- Software-Related Risky Operations
Routine Maintenance
- Routine Maintenance Overview
- Before You Start
- Checking the Device Environment
  - Checking the Equipment Room Environment
  - Checking the Cable Status
- Checking Basic Device Information
  - Checking the Indicator Status
  - Checking for Critical or Major Alarms on an AC
- Checking the Device Running Status
- Checking Interface Information
- Checking Services
  - Checking the User Status
- Fault Information Collection and Feedback
Troubleshooting: Hardware
- Hardware Overview
- Troubleshooting Guidelines for Hardware
- Troubleshooting Cases for Hardware Faults
- Hardware FAQs
Troubleshooting: STA Experience Faults
- Troubleshooting Guidelines for STA Experience Faults
- Troubleshooting Cases for STA Experience Issues
- STA Experience FAQs
Troubleshooting: AP Joining Faults
- Troubleshooting Guidelines for AP Joining Faults
  - An AP Fails to Go Online on the AC
  - An AP Goes Offline Unexpectedly
- Troubleshooting Cases for AP Onboarding Issues
- AP Onboarding FAQs
Troubleshooting: STA Onboarding Faults
- Troubleshooting Guidelines for STA Onboarding Faults
- Troubleshooting Cases for STA Onboarding Issues
- STA Onboarding FAQs
Troubleshooting: Wireless Access Authentication Issues
- 802.1X Authentication Failures
- HTTP-based External Portal Authentication Failures
- Failures in External Portal Authentication Using the Portal Protocol
- Portal Redirection Failures
- Built-in Portal LDAP or AD Authentication Failures
- Failure to Access the Built-in Portal Page
  - Key Configuration Check
  - Common Built-in Portal Page Access Failures
- Troubleshooting Cases for STA Authentication Failures
- WLAN Authentication FAQs
Troubleshooting: Device Login Faults
- Troubleshooting Guidelines for Device Login Faults
- Device Login FAQs
Troubleshooting: Device Upgrade Faults
- Troubleshooting Guidelines for Device Upgrade Faults
- Troubleshooting Cases for Device Upgrade Failures
  - Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server
  - Case Study: AP5030DN Upgrade and Mode Switching Are Abnormal Because the AP5030DN Enters the Assistant Package Mode
- Device Upgrade FAQs
Troubleshooting: Device Management Faults
- Troubleshooting Guidelines for Device Management Faults
- Device Management FAQs
Troubleshooting: Reliability Faults
- Troubleshooting Guidelines for Reliability Faults
- Troubleshooting Cases for Reliability Issues
- Reliability FAQs
Troubleshooting: Wireless Bridge Service Faults
- Troubleshooting Guidelines for Wireless Bridge Service Faults
- Wireless Bridge FAQs
Troubleshooting: Radio Management Service Faults
- Troubleshooting Guidelines for Radio Management Service Faults
  - Radio Calibration Does Not Take Effect
  - AI Roaming Does Not Take Effect
- Radio Management FAQs
Troubleshooting: Cloud Management Faults
- Troubleshooting Guidelines for Cloud Management Faults
- Troubleshooting Cases for Cloud Management Faults
  - Case Study: Fit APs Managed by a Cloud AC Fail to Go Online Due to Insufficient License Resources on the Cloud Management Platform
  - Case Study: In a VRRP Backup Scenario, a Loop Occurs on the Network When ACs Connect to the Cloud in PnP Auto-Negotiation Mode
Troubleshooting: CPE Service Faults
- Troubleshooting Guidelines for CPE Service Faults
- Troubleshooting Cases for CPE Service Faults
  - Case Study: When a CPE Roams Repeatedly, Terminals Connected to the CPE Are Intermittently Disconnected
  - Case Study: An Exception Occurs on a CPE Tunnel Due to EoGRE Configuration Changes
- CPE Service FAQs
  - How Can I Know the CPE Connected to a Wired Terminal and Its Uplink AP?
  - How Do I Collect CPE Fault Information by One Click?
Troubleshooting: Others
- Troubleshooting Guidelines for Other WLAN Service Faults
  - User Rate Limiting Does Not Take Effect
- Troubleshooting Cases for Other WLAN Service Issues
  - Case Study: Two STAs Connected to the Same SSID on the Same AP Cannot Communicate with Each Other Because the traffic-optimize bcmc deny all Command Is Executed on the Device
- FAQs About Other WLAN Services
TechNotes
- WLAN Network Optimization
- How an AP Joins an AC and Troubleshooting Any Join Failures
- How to Log In to WLAN ACs and APs
- Troubleshooting WLAN Password Issues
- AP Mode Switching - Overview, Configuration Examples, and Troubleshooting
- TechNotes: Mapping Between WACs and APs
- TechNotes: Wireless Packet Obtaining
- VLAN Deployment Guide for WLAN
- WLAN Performance Test Guide
- How to Configure Option 43 When Huawei APs Are Connected to DHCP Servers of Different Vendors
- Common WLAN Configuration Errors
Appendix: Common Information Collection and Fault Diagnostic Commands
- Information Collection
- Typical Fault Information Collection
- System Maintenance Methods
- Common Fault Diagnostic Commands
Appendix: Indicators
Contacting Huawei Technical Support

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

AP Join Process

Figure 19-11 shows message exchange in the AP join process, which typically involves:

IP address allocation for an AP (using DHCP as an example)
AC discovery
AP access control
AC configuration delivery
CAPWAP tunnel maintenance
Configuration update

Figure 19-11 Message exchange in the AP join process
Click to enlarge

This figure also shows some CAPWAP states of the AP, which are described as follows:

Discovery: The AP discovers an AC.
DTLS connect: A DTLS connection is established between the AP and AC.
Join: The AP joins the AC.
Image data: The AP downloads the system software package from the AC for an upgrade.
Configure: The AP obtains the initialization configuration from the AC.
Data check: The AP and AC exchange information to verify the configurations.
Run: The CAPWAP link is properly established.
Config: The AP obtains the configuration delivered from the AC.

The general AP join process can be outlined based on the changes of the CAPWAP states:

Idle (not marked in the figure)
The AP is started properly. After the initialization is complete, the AP starts the CAPWAP state machine.
Idle -> Discovery
After obtaining an IP address, the AP switches from the Idle state to the Discovery state and sends a Discovery Request message to discover an AC.
Discovery -> DTLS connect
After the AP selects an AC, the AP sets up a DTLS connection based on the AC configuration. The AP switches from the Discovery state to the DTLS connect state. In fact, the DTLS session setup and DTLS authentication states are also involved, which are not detailed here.
DTLS connect -> Join
After the DTLS connection is set up, the AP switches from the DTLS connect state to the Join state and sends a Join Request message to request to join the AC.
Join -> Image data
The AC sends a Join Response message carrying the expected AP software version to the AP. If the current AP software version is different from the expected one, the AP state changes from Join to Image data, and the online upgrade starts. After the upgrade is complete, the AP restarts and repeats the preceding steps.
Join -> Configure
After the AC allows the AP to join, the AP state changes from Join to Configure and sends a Configuration Status Request message to the AC, requesting the AC to deliver the initialization configuration.
Configure -> Data check
After the AC delivers the initialization configuration, the AP state changes from Configure to Data check and starts to exchange information with the AC to verify the configuration.
Data check -> Run
After the initialization configuration is verified, the AC sends a Change State Event Response message to the AP. Upon receiving this message, the AP state changes from data check to Run, indicating that the CAPWAP link is established. In this phase, the AP and AC periodically send Keepalive and Echo messages to check the connectivity of the CAPWAP data tunnel and control tunnel.

IP Address Allocation for an AP

An AP can obtain an IP address in static, DHCP, or stateless address autoconfiguration (SLAAC) mode.

Log in to the AP and configure a static IP address for it.
Configure a DHCP server so that the AP serves as a DHCP client and requests an IP address from the DHCP server. DHCP is the most common method for APs to obtain IP addresses.
Figure 19-12 Message exchange between the AP and DHCP server for IP address allocation

The following figure shows an example of the exchanged messages.
1. The AP broadcasts a DHCP Discover message carrying its own MAC address, requested parameters, and broadcast flag bit.
2. A DHCP server selects an address pool on the same network segment as the IP address of the interface receiving the DHCP Discover message, and from the address pool selects an idle IP address. Then the DHCP server sends a DHCP Offer message carrying the allocated IP address to the AP.
3. The AP broadcasts a DHCP Request message to notify all the DHCP servers that it has selected the IP address offered by a DHCP server. Then the other servers can allocate IP addresses to other clients.
4. After receiving the DHCP Request packet, the DHCP server replies with a DHCP ACK message, indicating that the IP address carried in the DHCP Request message is allocated to the AP.
SLAAC mode: The AP obtains an IP address in SLAAC mode, which supports only IPv6.
In SLAAC mode, the prefix of a network address is obtained from a Router Advertisement (RA) message, and then an interface ID is automatically generated. The prefix and the generated interface ID form an IPv6 address.

The following figure shows an example of the exchanged messages.

The following table lists common problems that may occur when an AP attempts to obtain an IP address:

Problem	Possible Cause	Handling Suggestion
An error occurs in configuring a static IP address for an AP.	The static IP address of the AP is not unique and conflicts with that of another device on the network. In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC. In Layer 3 networking, the egress gateway is not configured for the AP. The AP is not restarted to make the configured static IP address take effect.	An Error Occurs in Configuring a Static IP Address for an AP
No IP address is allocated to the AP in DHCP mode.	The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example). The DHCP configuration is incorrect. No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.	The Network Between the AP and AC Fails No IP Address Is Allocated to an AP

Problem

Possible Cause

Handling Suggestion

An error occurs in configuring a static IP address for an AP.

The static IP address of the AP is not unique and conflicts with that of another device on the network.
In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC.
In Layer 3 networking, the egress gateway is not configured for the AP.
The AP is not restarted to make the configured static IP address take effect.

An Error Occurs in Configuring a Static IP Address for an AP

No IP address is allocated to the AP in DHCP mode.

The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example).
The DHCP configuration is incorrect.
No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.

The Network Between the AP and AC Fails

No IP Address Is Allocated to an AP

AC Discovery

Figure 19-13 shows message exchange in the AC discovery phase.

Figure 19-13 Message exchange in the AC discovery phase

The following figures show examples of the exchanged messages:

Discovery (An AP discovers an AC.)

Click to enlarge

DTLS connect (The AP establishes a DTLS connection with the AC.)

Click to enlarge

The AC discovery mechanism allows an AP to discover available ACs and selects an optimal one to set up a CAPWAP link.

After obtaining an IP address, the AP sends a Discovery Request message carrying its own version and mode (Fit or Fat) to discover available ACs on the network. After the AP initiates the AC discovery process, the CAPWAP state of the AP changes from Idle to Discovery.
After receiving the Discovery Request message, the AC determines whether to allow the AP to access the AC based on the configured IP version, AP blacklist and whitelist, AP authentication mode (MAC address authentication, SN authentication, or no authentication), and license resource restrictions, and records the determination result. If AP access is permitted, the AC unicasts a Discovery Response message carrying the AC name, AC version, CAPWAP source address, and DTLS status to the AP. If AP access is denied, the AC does not respond with a Discovery Response message.
If the AP receives Discovery Response messages from multiple ACs, it selects an AC based on AC priorities and loads (number of APs connected to the AC).

The AP then needs to obtain the AC's IP address in static or dynamic mode.

On a Layer 2 network, the AP can discover the AC in broadcast mode, without the need to manually specify the AC's IP address. On a Layer 3 network, you must specify the AC's IP address; otherwise, the AP cannot discover the AC in broadcast mode.

If no AC's IP address is specified, the AP broadcasts a Discovery Request message to discover an AC. If the AC's IP address is specified, the AP unicasts a Discovery Request message to the specified AC.

Static mode: The IP addresses of ACs are specified on the AP.
Dynamic mode: The AP can dynamically obtain the AC's IP address in DHCP or DNS mode. When the AP obtains an IP address from the DHCP server, the DHCP server embeds an option carrying the AC's IP address (DHCP) or domain name (DNS) in the DHCP Response message destined for the AP. The options are described as follows:
- Option 43: carries the list of ACs' IPv4 addresses.
- Option 52: carries the list of ACs' IPv6 addresses.
- Option 15: carries the ACs' IPv4 domain names.
- Option 24: carries the ACs' IPv6 domain names.
The following figure shows an example of a DHCP Response message carrying Option 43.

If DTLS is enabled on the AC, the AC informs the AP of the DTLS status through the Discovery Response message. The AP then starts DTLS negotiation to establish a DTLS connection with the AC. After the DTLS connection is set up, packets transmitted between the AP and AC will be encrypted. CAPWAP data packets and control packets transmitted over CAPWAP tunnels can be DTLS-encrypted separately.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The network between the AP and AC fails.	The management VLAN is not created. The intermediate network does not allow packets from the management VLAN to pass through. The VLAN tag configuration is incorrect. A loop exists on the intermediate network.	The Network Between the AP and AC Fails
The AC's IP address is not or incorrectly specified on the AP.	The AC and AP are connected at Layer 3, but the AC's IP address is not specified on the AP. In AC VRRP networking, the virtual IP address of the ACs is not specified on the AP.	The AC's IP Address Is Not or Incorrectly Specified on an AP
The CAPWAP source interface or address is incorrectly or not configured on the AC.	The CAPWAP source interface or address is incorrectly or not configured on the AC.	The CAPWAP Source Interface or Address Is Not Configured on the AC
The AP is not working in Fit mode.	The AP does not support the Fit mode. The AP is switched to the Fat or cloud mode.	An AP Is Not Working in Fit Mode
License resources are insufficient, or the number of APs exceeds the AC specifications.	License resources are insufficient. The number of APs connected to the AC exceeds the specifications.	The Number of APs Connected to the AC Exceeds the Maximum
DTLS negotiation of a CAPWAP link fails.	The AC and AP have different DTLS PSKs.	DTLS Negotiation Failed
The MAC address and SN of the AP added offline on the AC are inconsistent with those of the AP.	The MAC address and SN of the AP added offline are inconsistent with those of the AP.	The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP
The AP is blacklisted.	The AP is added to the blacklist by mistake.	An AP Is Blacklisted

AP Access Control

Figure 19-14 shows message exchange in the AP access control phase.

Figure 19-14 Message exchange in the AP access control phase

The following figure shows an example of the exchanged messages.

Click to enlarge

After a DTLS connection is set up between the AP and AC, the AP sends a Join Request message to the AC selected in the previous phase to apply for joining the AC. The AP then enters the Join state.
The AC determines whether to allow the AP access. If this operation has been performed in the Discovery phase, the AC directly uses the determination result buffered in that phase, without the need for repeated determination. If no result is buffered, the AC goes through the process shown in Figure 19-15 to determine whether to allow the AP access. Based on the determination result, the AC sends a Join Response message containing the expected AP version to the AP.
Figure 19-15 AP access control process
After receiving the Join Response message, the AP checks whether the current system software version is the same as that expected by the AC. If not, the AP enters the Image data state and starts to download the upgrade file and upgrade its software version in AC, FTP, or SFTP mode. After the upgrade is complete, the AP restarts and repeats the preceding phases. If the upgrade fails, the AP restarts and repeats the previous phases. Therefore, if the AP upgrade configuration is incorrect, the AP may continuously repeat the preceding phases until the AP software version is upgraded correctly.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The versions of the AP and AC do not match.	The AC does not support the current AP model. The versions of the AP and AC do not match.	The Versions of the AP and AC Do Not Match
The AP upgrade fails.	The AP upgrade is configured on the AC, but the AP software package is not correctly uploaded or an incorrect software package is uploaded. The network between the AP and the FTP/SFTP server fails.	The AP Upgrade Fails

AC Configuration Delivery

When the AP version is consistent with the AC version, the AC starts to deliver configurations to the AP.

Figure 19-16 shows message exchange in the AC configuration delivery phase.

Figure 19-16 Message exchange process in the AC configuration delivery phase

The following figure shows an example of the exchanged messages.

Configure

Click to enlarge

Data check

Click to enlarge

After receiving a Join Response message from the AC, the AP checks whether the AC allows its access and whether the running software version is the same as the expected one. If so, the AP sends a Configuration Status Request message containing multiple Radio Administrative State message elements to the AC to report its current configuration and then enters the Configure state.
After receiving the Configuration Status Request message, the AC sends a Configuration Status Response message to the AP and delivers the initialization configuration to the AP. In this phase, the AC does not deliver service configurations. Instead, it delivers service configurations only after the CAPWAP link is established.
After receiving the Configuration Status Response message, the AP enters the data check state and performs the initialization configuration based on the message content.
After the initialization configuration is complete, the AP sends a Change State Event Request message carrying the radio status and configuration execution result to the AC.
After receiving the Change State Event Request message, the AC sends a Change State Event Response message to the AP and updates AP information as required.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The AP fails to initialize the configuration.	The MTU of the intermediate network between the AP and AC is incorrectly configured. Packet loss occurs on the wired side.	An AP Fails to Initialize the Configuration

CAPWAP Tunnel Maintenance

Figure 19-16 shows message exchange in the CAPWAP tunnel maintenance phase.

Figure 19-17 Message exchange in the CAPWAP tunnel maintenance phase

The following figure shows an example of the exchanged messages.

Click to enlarge

After the preceding phases, the AP has gone online on the AC. Then we need to maintain the CAPWAP tunnel between the AC and AP.

The AP and AC detect the connectivity of the CAPWAP data tunnel by exchanging Keepalive messages and detect the connectivity of the CAPWAP control tunnel by exchanging Echo messages.

The AP starts a timer to send Keepalive and Echo messages and starts a tunnel detection timeout timer. If the AP receives Keepalive and Echo messages within a specified period, it resets the timeout timer; otherwise, it determines a message timeout.

Configuration Update

Figure 19-16 shows message exchange in the configuration update phase.

Figure 19-18 Message exchange process in the configuration update phase

After the AP goes online on the AC, the AC sends a Configuration Update Request message to the AP to deliver configurations.
After receiving the Configuration Update Request message, the AP changes from the Run state to the Config state to complete the configuration delivery.
After all configurations delivered by the AC are received, the AP sends a Configuration Update Response message to the AC, notifying the AC of the configuration delivery result.

The following table lists common problems that may occur in this phase.

Problem	Description	Handling Suggestion
WLAN service configurations fail to be delivered to an AP after the AP goes online on an AC.	After an AP goes online on the AC, WLAN service configurations are performed for the AP. If the link between the AP and AC fails or the peer end has no response, the AC will fail to deliver WLAN service configurations to the AP.	The Network Between the AP and AC Fails

IP Address Allocation for an AP
AC Discovery
AP Access Control
AC Configuration Delivery
CAPWAP Tunnel Maintenance
Configuration Update

Translation

简体中文

Download

Updated: 2023-06-02

Document ID: EDOC1000060368

Downloads: 5810

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

IP Address Allocation for an AP

AC Discovery

AP Access Control

AC Configuration Delivery

CAPWAP Tunnel Maintenance

Configuration Update

Related Version

Related Documents

Digital Signature File