How an AP Joins an AC and Troubleshooting Any Join Failures

How an AP Joins an AC and Troubleshooting Any Join Failures

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Overview
Before You Start
AP Join Process
Configuring an AP to Go Online
- Configuring an AP to Go Online in Static Mode
- Configuring an AP to Go Online in DHCP Mode
Common Causes and Troubleshooting Methods for APs' Failures to Go Online
Further Information: How to Configure Basic WLAN Services After APs Go Online

Overview

In the AC + Fit AP networking architecture, an AC centrally configures and manages Fit APs, and the Control And Provisioning of Wireless Access Points (CAPWAP) protocol is used for communication between the AC and APs. This technote describes the procedure for an AP to discover and connect to an AC, the configuration for the AP to go online, and methods for troubleshooting common AP join failures.

Before You Start

You are required to know the basic networking architecture of AC + Fit AP and the basic knowledge about CAPWAP.

The CAPWAP tunnel establishment process is described using Huawei's WLAN devices as an example, which is slightly different from the standard CAPWAP protocol.

This technote uses WLAN devices running V200R010 to describe the join process of APs and troubleshooting methods, which are basically the same in other versions.

AP Join Process

Figure 1-1 shows message exchange in the AP join process, which typically involves:

IP address allocation for an AP (using DHCP as an example)
AC discovery
AP access control
AC configuration delivery
CAPWAP tunnel maintenance
Configuration update

Figure 1-1 Message exchange in the AP join process
Click to enlarge

This figure also shows some CAPWAP states of the AP, which are described as follows:

Discovery: The AP discovers an AC.
DTLS connect: A DTLS connection is established between the AP and AC.
Join: The AP joins the AC.
Image data: The AP downloads the system software package from the AC for an upgrade.
Configure: The AP obtains the initialization configuration from the AC.
Data check: The AP and AC exchange information to verify the configurations.
Run: The CAPWAP link is properly established.
Config: The AP obtains the configuration delivered from the AC.

The general AP join process can be outlined based on the changes of the CAPWAP states:

Idle (not marked in the figure)
The AP is started properly. After the initialization is complete, the AP starts the CAPWAP state machine.
Idle -> Discovery
After obtaining an IP address, the AP switches from the Idle state to the Discovery state and sends a Discovery Request message to discover an AC.
Discovery -> DTLS connect
After the AP selects an AC, the AP sets up a DTLS connection based on the AC configuration. The AP switches from the Discovery state to the DTLS connect state. In fact, the DTLS session setup and DTLS authentication states are also involved, which are not detailed here.
DTLS connect -> Join
After the DTLS connection is set up, the AP switches from the DTLS connect state to the Join state and sends a Join Request message to request to join the AC.
Join -> Image data
The AC sends a Join Response message carrying the expected AP software version to the AP. If the current AP software version is different from the expected one, the AP state changes from Join to Image data, and the online upgrade starts. After the upgrade is complete, the AP restarts and repeats the preceding steps.
Join -> Configure
After the AC allows the AP to join, the AP state changes from Join to Configure and sends a Configuration Status Request message to the AC, requesting the AC to deliver the initialization configuration.
Configure -> Data check
After the AC delivers the initialization configuration, the AP state changes from Configure to Data check and starts to exchange information with the AC to verify the configuration.
Data check -> Run
After the initialization configuration is verified, the AC sends a Change State Event Response message to the AP. Upon receiving this message, the AP state changes from data check to Run, indicating that the CAPWAP link is established. In this phase, the AP and AC periodically send Keepalive and Echo messages to check the connectivity of the CAPWAP data tunnel and control tunnel.

IP Address Allocation for an AP

An AP can obtain an IP address in static, DHCP, or stateless address autoconfiguration (SLAAC) mode.

Log in to the AP and configure a static IP address for it.
Configure a DHCP server so that the AP serves as a DHCP client and requests an IP address from the DHCP server. DHCP is the most common method for APs to obtain IP addresses.
Figure 1-2 Message exchange between the AP and DHCP server for IP address allocation

The following figure shows an example of the exchanged messages.
1. The AP broadcasts a DHCP Discover message carrying its own MAC address, requested parameters, and broadcast flag bit.
2. A DHCP server selects an address pool on the same network segment as the IP address of the interface receiving the DHCP Discover message, and from the address pool selects an idle IP address. Then the DHCP server sends a DHCP Offer message carrying the allocated IP address to the AP.
3. The AP broadcasts a DHCP Request message to notify all the DHCP servers that it has selected the IP address offered by a DHCP server. Then the other servers can allocate IP addresses to other clients.
4. After receiving the DHCP Request packet, the DHCP server replies with a DHCP ACK message, indicating that the IP address carried in the DHCP Request message is allocated to the AP.
SLAAC mode: The AP obtains an IP address in SLAAC mode, which supports only IPv6.
In SLAAC mode, the prefix of a network address is obtained from a Router Advertisement (RA) message, and then an interface ID is automatically generated. The prefix and the generated interface ID form an IPv6 address.

The following figure shows an example of the exchanged messages.

The following table lists common problems that may occur when an AP attempts to obtain an IP address:

Problem	Possible Cause	Handling Suggestion
An error occurs in configuring a static IP address for an AP.	The static IP address of the AP is not unique and conflicts with that of another device on the network. In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC. In Layer 3 networking, the egress gateway is not configured for the AP. The AP is not restarted to make the configured static IP address take effect.	An Error Occurs in Configuring a Static IP Address for an AP
No IP address is allocated to the AP in DHCP mode.	The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example). The DHCP configuration is incorrect. No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.	The Network Between the AP and AC Fails No IP Address Is Allocated to an AP

Problem

Possible Cause

Handling Suggestion

An error occurs in configuring a static IP address for an AP.

The static IP address of the AP is not unique and conflicts with that of another device on the network.
In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC.
In Layer 3 networking, the egress gateway is not configured for the AP.
The AP is not restarted to make the configured static IP address take effect.

An Error Occurs in Configuring a Static IP Address for an AP

No IP address is allocated to the AP in DHCP mode.

The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example).
The DHCP configuration is incorrect.
No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.

The Network Between the AP and AC Fails

No IP Address Is Allocated to an AP

AC Discovery

Figure 1-3 shows message exchange in the AC discovery phase.

Figure 1-3 Message exchange in the AC discovery phase

The following figures show examples of the exchanged messages:

Discovery (An AP discovers an AC.)

Click to enlarge

DTLS connect (The AP establishes a DTLS connection with the AC.)

Click to enlarge

The AC discovery mechanism allows an AP to discover available ACs and selects an optimal one to set up a CAPWAP link.

After obtaining an IP address, the AP sends a Discovery Request message carrying its own version and mode (Fit or Fat) to discover available ACs on the network. After the AP initiates the AC discovery process, the CAPWAP state of the AP changes from Idle to Discovery.
After receiving the Discovery Request message, the AC determines whether to allow the AP to access the AC based on the configured IP version, AP blacklist and whitelist, AP authentication mode (MAC address authentication, SN authentication, or no authentication), and license resource restrictions, and records the determination result. If AP access is permitted, the AC unicasts a Discovery Response message carrying the AC name, AC version, CAPWAP source address, and DTLS status to the AP. If AP access is denied, the AC does not respond with a Discovery Response message.
If the AP receives Discovery Response messages from multiple ACs, it selects an AC based on AC priorities and loads (number of APs connected to the AC).

The AP then needs to obtain the AC's IP address in static or dynamic mode.

On a Layer 2 network, the AP can discover the AC in broadcast mode, without the need to manually specify the AC's IP address. On a Layer 3 network, you must specify the AC's IP address; otherwise, the AP cannot discover the AC in broadcast mode.

If no AC's IP address is specified, the AP broadcasts a Discovery Request message to discover an AC. If the AC's IP address is specified, the AP unicasts a Discovery Request message to the specified AC.

Static mode: The IP addresses of ACs are specified on the AP.
Dynamic mode: The AP can dynamically obtain the AC's IP address in DHCP or DNS mode. When the AP obtains an IP address from the DHCP server, the DHCP server embeds an option carrying the AC's IP address (DHCP) or domain name (DNS) in the DHCP Response message destined for the AP. The options are described as follows:
- Option 43: carries the list of ACs' IPv4 addresses.
- Option 52: carries the list of ACs' IPv6 addresses.
- Option 15: carries the ACs' IPv4 domain names.
- Option 24: carries the ACs' IPv6 domain names.
The following figure shows an example of a DHCP Response message carrying Option 43.

If DTLS is enabled on the AC, the AC informs the AP of the DTLS status through the Discovery Response message. The AP then starts DTLS negotiation to establish a DTLS connection with the AC. After the DTLS connection is set up, packets transmitted between the AP and AC will be encrypted. CAPWAP data packets and control packets transmitted over CAPWAP tunnels can be DTLS-encrypted separately.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The network between the AP and AC fails.	The management VLAN is not created. The intermediate network does not allow packets from the management VLAN to pass through. The VLAN tag configuration is incorrect. A loop exists on the intermediate network.	The Network Between the AP and AC Fails
The AC's IP address is not or incorrectly specified on the AP.	The AC and AP are connected at Layer 3, but the AC's IP address is not specified on the AP. In AC VRRP networking, the virtual IP address of the ACs is not specified on the AP.	The AC's IP Address Is Not or Incorrectly Specified on an AP
The CAPWAP source interface or address is incorrectly or not configured on the AC.	The CAPWAP source interface or address is incorrectly or not configured on the AC.	The CAPWAP Source Interface or Address Is Not Configured on the AC
The AP is not working in Fit mode.	The AP does not support the Fit mode. The AP is switched to the Fat or cloud mode.	An AP Is Not Working in Fit Mode
License resources are insufficient, or the number of APs exceeds the AC specifications.	License resources are insufficient. The number of APs connected to the AC exceeds the specifications.	The Number of APs Connected to the AC Exceeds the Maximum
DTLS negotiation of a CAPWAP link fails.	The AC and AP have different DTLS PSKs.	DTLS Negotiation Failed
The MAC address and SN of the AP added offline on the AC are inconsistent with those of the AP.	The MAC address and SN of the AP added offline are inconsistent with those of the AP.	The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP
The AP is blacklisted.	The AP is added to the blacklist by mistake.	An AP Is Blacklisted

AP Access Control

Figure 1-4 shows message exchange in the AP access control phase.

Figure 1-4 Message exchange in the AP access control phase

The following figure shows an example of the exchanged messages.

Click to enlarge

After a DTLS connection is set up between the AP and AC, the AP sends a Join Request message to the AC selected in the previous phase to apply for joining the AC. The AP then enters the Join state.
The AC determines whether to allow the AP access. If this operation has been performed in the Discovery phase, the AC directly uses the determination result buffered in that phase, without the need for repeated determination. If no result is buffered, the AC goes through the process shown in Figure 1-5 to determine whether to allow the AP access. Based on the determination result, the AC sends a Join Response message containing the expected AP version to the AP.
Figure 1-5 AP access control process
After receiving the Join Response message, the AP checks whether the current system software version is the same as that expected by the AC. If not, the AP enters the Image data state and starts to download the upgrade file and upgrade its software version in AC, FTP, or SFTP mode. After the upgrade is complete, the AP restarts and repeats the preceding phases. If the upgrade fails, the AP restarts and repeats the previous phases. Therefore, if the AP upgrade configuration is incorrect, the AP may continuously repeat the preceding phases until the AP software version is upgraded correctly.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The versions of the AP and AC do not match.	The AC does not support the current AP model. The versions of the AP and AC do not match.	The Versions of the AP and AC Do Not Match
The AP upgrade fails.	The AP upgrade is configured on the AC, but the AP software package is not correctly uploaded or an incorrect software package is uploaded. The network between the AP and the FTP/SFTP server fails.	The AP Upgrade Fails

AC Configuration Delivery

When the AP version is consistent with the AC version, the AC starts to deliver configurations to the AP.

Figure 1-6 shows message exchange in the AC configuration delivery phase.

Figure 1-6 Message exchange process in the AC configuration delivery phase

The following figure shows an example of the exchanged messages.

Configure

Click to enlarge

Data check

Click to enlarge

After receiving a Join Response message from the AC, the AP checks whether the AC allows its access and whether the running software version is the same as the expected one. If so, the AP sends a Configuration Status Request message containing multiple Radio Administrative State message elements to the AC to report its current configuration and then enters the Configure state.
After receiving the Configuration Status Request message, the AC sends a Configuration Status Response message to the AP and delivers the initialization configuration to the AP. In this phase, the AC does not deliver service configurations. Instead, it delivers service configurations only after the CAPWAP link is established.
After receiving the Configuration Status Response message, the AP enters the data check state and performs the initialization configuration based on the message content.
After the initialization configuration is complete, the AP sends a Change State Event Request message carrying the radio status and configuration execution result to the AC.
After receiving the Change State Event Request message, the AC sends a Change State Event Response message to the AP and updates AP information as required.

The following table lists common problems that may occur in this phase.

Problem	Possible Cause	Handling Suggestion
The AP fails to initialize the configuration.	The MTU of the intermediate network between the AP and AC is incorrectly configured. Packet loss occurs on the wired side.	An AP Fails to Initialize the Configuration

CAPWAP Tunnel Maintenance

Figure 1-6 shows message exchange in the CAPWAP tunnel maintenance phase.

Figure 1-7 Message exchange in the CAPWAP tunnel maintenance phase

The following figure shows an example of the exchanged messages.

Click to enlarge

After the preceding phases, the AP has gone online on the AC. Then we need to maintain the CAPWAP tunnel between the AC and AP.

The AP and AC detect the connectivity of the CAPWAP data tunnel by exchanging Keepalive messages and detect the connectivity of the CAPWAP control tunnel by exchanging Echo messages.

The AP starts a timer to send Keepalive and Echo messages and starts a tunnel detection timeout timer. If the AP receives Keepalive and Echo messages within a specified period, it resets the timeout timer; otherwise, it determines a message timeout.

Configuration Update

Figure 1-6 shows message exchange in the configuration update phase.

Figure 1-8 Message exchange process in the configuration update phase

After the AP goes online on the AC, the AC sends a Configuration Update Request message to the AP to deliver configurations.
After receiving the Configuration Update Request message, the AP changes from the Run state to the Config state to complete the configuration delivery.
After all configurations delivered by the AC are received, the AP sends a Configuration Update Response message to the AC, notifying the AC of the configuration delivery result.

The following table lists common problems that may occur in this phase.

Problem	Description	Handling Suggestion
WLAN service configurations fail to be delivered to an AP after the AP goes online on an AC.	After an AP goes online on the AC, WLAN service configurations are performed for the AP. If the link between the AP and AC fails or the peer end has no response, the AC will fail to deliver WLAN service configurations to the AP.	The Network Between the AP and AC Fails

Configuring an AP to Go Online

Configuring an AP to Go Online in Static Mode

Networking Requirements

As shown in Figure 1-9, the AC and AP are connected through a Layer 2 network, and the AP needs to go online in static mode.

Figure 1-9 Networking diagram for configuring an AP to go online in static mode

Procedure

Configure the switch.

# Add GE0/0/1 and GE0/0/2 on the switch to VLAN 100, and set the default VLAN of GE0/0/1 to VLAN 100.

<HUAWEI> system-view 
[HUAWEI] sysname Switch 
[Switch] vlan batch 100 
[Switch] interface gigabitethernet 0/0/1 
[Switch-GigabitEthernet0/0/1] port link-type trunk 
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 100 
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 
[Switch-GigabitEthernet0/0/1] port-isolate enable 
[Switch-GigabitEthernet0/0/1] quit 
[Switch] interface gigabitethernet 0/0/2 
[Switch-GigabitEthernet0/0/2] port link-type trunk 
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 
[Switch-GigabitEthernet0/0/2] quit

Configure the AC to communicate with other devices on the network.

If the AC and AP are directly connected, set the default VLAN of the AC's interface connected to the AP to the management VLAN (VLAN 100 in this example).

# Add GE0/0/1 on the AC to VLAN 100, create VLANIF 100, and set the IP address of VLANIF 100 to 10.23.100.1/24.

<HUAWEI> system-view 
[HUAWEI] sysname AC 
[AC] vlan batch 100 
[AC] interface gigabitethernet 0/0/1 
[AC-GigabitEthernet0/0/1] port link-type trunk 
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 
[AC-GigabitEthernet0/0/1] quit 
[AC] interface vlanif 100 
[AC-Vlanif100] ip address 10.23.100.1 24 
[AC-Vlanif100] quit

Configure a static IP address for the AP.

# Log in to the AP and configure static IP address allocation for it (default: DHCP mode).

<AP> system-view
[AP] ap-address mode static

# Configure the IP address and gateway address for the AP to go online in static mode.

[AP] ap-address static ip-address 10.23.100.100 24 10.23.100.1 
[AP] ap-address static ac-list 10.23.100.1  // A maximum of four contiguous IP addresses of ACs can be configured in this list, which are separated by spaces.
[AP] quit

# Verify the configuration.

<AP> display ap-address-info
==============================================================
Active AP Address Info
  AP Mode     : dhcp
  Ip Address  : -
  Ip Version  : -
  Mask        : -
  Gateway     : -
  AC 0 ip     : -
  AC 1 ip     : -
  AC 2 ip     : -
  AC 3 ip     : -
--------------------------------------------------------------
Reboot Active AP Address Info  //Address information after the AP is restarted
  AP Mode     : static
  Ip Address  : 10.23.100.100
  Ip Version  : 4
  Mask        : 24
  Gateway     : 10.23.100.1
  AC 0 ip     : 10.23.100.1
  AC 1 ip     : -
  AC 2 ip     : -
  AC 3 ip     : -
==============================================================

If the AC and AP are connected at Layer 3, configure a route on the gateway of the AP to ensure connectivity between the AP's IP address and the AC's source address.

# Confirm the configuration and restart the AP to make the configuration take effect. (If the AP and AC are connected at Layer 3, restarting the AP is recommended after the AC's IP address is specified.)

<AP> reboot
System will reboot! Continue ? [y/n]:y

Configure the AP to go online.
1. Create an AP group to which APs with the same configuration can be added.
```
[AC-wlan-view] ap-group name ap-group1 
[AC-wlan-ap-group-ap-group1] quit
```
2. Configure the AC's source interface.
```
[AC] capwap source interface vlanif 100
```
3. Import the AP offline on the AC and add the AP to the AP group ap-group1. Assume that the AP's MAC address is 60de-4476-e360. Configure a name for the AP based on the AP's deployment location, so that you can know where the AP is deployed from its name. For example, name the AP area_1 if it is deployed in Area 1.
  
  The ap auth-mode command sets the AP authentication mode to MAC address authentication by default. If the default settings are retained, you do not need to run the ap auth-mode mac-auth command.
  
  In this example, the AP5030DN is used and has two radios: radio 0 and radio 1. Radio 0 of the AP5030DN works on the 2.4 GHz frequency band and radio 1 works on the 5 GHz frequency band.
```
[AC] wlan 
[AC-wlan-view] ap auth-mode mac-auth 
[AC-wlan-view] ap-id 0 ap-mac 60de-4476-e360 
[AC-wlan-ap-0] ap-name area_1 
Warning: This operation may cause AP reset. Continue? [Y/N]:y   
[AC-wlan-ap-0] ap-group ap-group1 
Warning: This operation may cause AP reset. If the country code changes, it will clear channel, power and antenna gain configuration s of the radio, Whether to continue? [Y/N]:y   
[AC-wlan-ap-0] quit
```

Verifying the Configuration

# Run the display ap all command to check the AP state. If the State field displays nor, the AP has gone online.

[AC-wlan-view] display ap all
Total AP information:nor  : normal          [1]
Extra information:
P  : insufficient power supply
--------------------------------------------------------------------------------------------------
ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------
0    60de-4476-e360 area_1 ap-group1 10.23.10.254  AP5030DN        nor   0   10S         -
--------------------------------------------------------------------------------------------------
Total: 1

Configuring an AP to Go Online in DHCP Mode

Networking Requirements

As shown in Figure 1-10, the AC and APs are connected at Layer 3, and the AC functions as a DHCP server to allocate IP addresses to APs.

Figure 1-10 Networking diagram for configuring an AP to go online in DHCP mode

Procedure

Configure the switch.

# Add GE0/0/1 and GE0/0/2 on the switch to VLAN 100, and set the default VLAN of GE0/0/1 to VLAN 100.

<HUAWEI> system-view 
[HUAWEI] sysname Switch 
[Switch] vlan batch 100 
[Switch] interface gigabitethernet 0/0/1 
[Switch-GigabitEthernet0/0/1] port link-type trunk 
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 100 
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 
[Switch-GigabitEthernet0/0/1] port-isolate enable 
[Switch-GigabitEthernet0/0/1] quit 
[Switch] interface gigabitethernet 0/0/2 
[Switch-GigabitEthernet0/0/2] port link-type trunk 
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 
[Switch-GigabitEthernet0/0/2] quit

Configure the AC to communicate with other devices on the network.

If the AC and AP are directly connected, set the default VLAN of the AC's interface connected to the AP to the management VLAN (VLAN 100 in this example).

# Add GE0/0/1 on the AC to VLAN 100, create VLANIF 100, and set the IP address of VLANIF 100 to 10.23.100.1/24.

<HUAWEI> system-view 
[HUAWEI] sysname AC 
[AC] vlan batch 100 
[AC] interface gigabitethernet 0/0/1 
[AC-GigabitEthernet0/0/1] port link-type trunk 
[AC-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 
[AC-GigabitEthernet0/0/1] quit 
[AC] interface vlanif 100 
[AC-Vlanif100] ip address 10.23.100.1 24 
[AC-Vlanif100] quit

Configure a DHCP server to assign IP addresses to APs.

In this example, the AC functions as a DHCP server. It can allocate IP addresses to APs using either of the following address pools:

Global address pool: is created in the system view on the DHCP server. The server is configured in the interface view to allocate IP addresses, gateway addresses, and DNS server addresses to clients based on the global address pool.
Interface address pool: is created in the interface view on the DHCP server. The server is configured to allocate IP addresses, gateway addresses, and DNS server addresses to clients based on the interface address pool.

The difference is that the global address pool mode supports the DHCP relay scenario, but the interface address pool mode does not.

The following provides an example for configuring a DHCP server to allocate IP addresses based on a global address pool:

# On the AC, create a global IP address pool to allocate IP addresses to APs.

<AC> system-view
[AC] dhcp enable  //Enable DHCP globally.
AC] ip pool huawei  //Create a global address pool.
[AC-ip-pool-huawei] network 10.23.10.0 mask 24  //Specify the range of IP addresses that can be dynamically allocated from the global address pool.
[AC-ip-pool-huawei] gateway-list 10.23.10.1  //Configure a gateway IP address for APs.
[AC-ip-pool-huawei] option 43 sub-option 2 ip-address 10.23.100.1  //Configure DHCP messages to carry Option 43 to specify the AC's IP address for APs.
[AC-ip-pool-huawei] quit
[AC] interface vlanif 100
[AC-Vlanif100] dhcp select global  //Enable the interface to use the global address pool.
[AC-Vlanif100] quit

Configure the DHCP relay function on the switch to forward DHCP packets between the AC and APs.

<Switch> system-view
[Switch] dhcp enable  //Enable DHCP.
[Switch] interface vlanif 10
[Switch-Vlanif10] ip address 10.23.10.1 24
[Switch-Vlanif10] dhcp select relay  //Enable the DHCP relay function.
[Switch-Vlanif10] dhcp relay server-ip 10.23.100.1  //Specify the DHCP server's IP address on the DHCP relay agent.
[Switch-Vlanif10] quit

The following provides an example for configuring a DHCP server to allocate IP addresses based on an interface address pool:

Enable the DHCP function.
```
<AC> system-view 
[AC] dhcp enable
```

Enable the DHCP server function on VLANIF 100 and configure the server to use the interface address pool.

[AC] interface vlanif 100
[AC-Vlanif10] ip address 10.23.100.1 255.255.255.0 //Configure an IP address for the interface.
[AC-Vlanif10] dhcp select interface //Configure the DHCP server to allocate IP addresses based on the interface address pool.
[AC-Vlanif10] quit

Configure the AP to go online.
1. Create an AP group to which APs with the same configuration can be added.
```
[AC] wlan 
[AC-wlan-view] ap-group name ap-group1 
[AC-wlan-ap-group-ap-group1] quit
[AC-wlan-view] quit
```
2. Configure the AC's source interface.
```
[AC] capwap source interface vlanif 100
```
3. Add the AP on the AC.
  You can add APs by manual configuration, automatic discovery, and manual confirmation.
  - Manual configuration (importing APs when they are offline): The APs' MAC addresses and SNs are configured on an AC before they go online. The AC automatically starts to set up a connection with an AP if its MAC address or SN matches the configured ones.
```
<AC> system-view
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth  //Set the AP authentication mode to MAC authentication.
[AC-wlan-view] ap-id 1 type-id 115 ap-mac 0025-9e07-8270  //Add an AP before it goes online.
```
  - Automatic discovery (configuring the AC to automatically discover an AP): When the AP authentication mode is set to no authentication, or the AP authentication mode is set to MAC or SN authentication and the AP's MAC address or SN is whitelisted, the AC automatically discovers the AP as long as the AP connects to it and allows the AP to go online.
    - Set the AS authentication mode to no authentication.
```
<AC> system-view
[AC] wlan
[AC-wlan-view] ap auth-mode no-auth
```
    - Set the AP authentication mode to MAC authentication and whitelist the AP.
```
<AC> system-view
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth  //Set the AP authentication mode to MAC authentication.
[AC-wlan-view] ap whitelist mac 0025-9e07-8270  //Add the AP to the whitelist.
```
    - Set the AP authentication mode to SN authentication and whitelist the AP.
```
<AC> system-view
[AC] wlan
[AC-wlan-view] ap auth-mode sn-auth  //Set the AP authentication mode to SN authentication.
[AC-wlan-view] ap whitelist sn 08PE56430071  //Add the AP to the whitelist.
```
  - Manual confirmation (manually confirming APs in the list of unauthorized APs): The AP authentication mode is set to MAC or SN authentication, and the AP whitelist is configured on the AC. When an AP out of the whitelist connects to the AC, the AC adds the AP to the list of unauthorized APs. The AP can go online only after its identity is manually confirmed.
```
<AC> system-view
[AC] wlan
[AC-wlan-view] ap auth-mode mac-auth  //Set the AP authentication mode to MAC authentication.
[AC-wlan-view] display ap unauthorized record
[AC-wlan-view] ap-confirm mac 0025-9e07-8270  //Manually confirm the AP that fails to be authenticated and allows it to go online.
```

Verifying the Configuration

# Run the display ap all command to check the AP state. If the State field displays nor, the AP has gone online.

[AC-wlan-view] display ap all
Total AP information:nor  : normal          [1]
Extra information:
P  : insufficient power supply
--------------------------------------------------------------------------------------------------
ID   MAC            Name   Group     IP            Type            State STA Uptime      ExtraInfo
--------------------------------------------------------------------------------------------------
0    60de-4476-e360 area_1 ap-group1 10.23.10.254  AP5030DN        nor   0   10S         -
--------------------------------------------------------------------------------------------------
Total: 1

Common Causes and Troubleshooting Methods for APs' Failures to Go Online

Recommended Troubleshooting Roadmap for APs' Failures to Go Online

Click to enlarge

Checking AP Information

CLI: display ap { all | ap-group ap-group }

Function: This command is used to query the IP address and status of an AP. Pay attention to whether the AP can obtain an IP address and whether the AP status is normal.

Table 1-1 lists the AP states.

Table 1-1 AP state list

AP State	Description	Handling Suggestion
commit-failed (cmtfa)	WLAN service configurations fail to be delivered to an AP after the AP goes online on an AC. After the AP goes online on the AC, WLAN service configurations are performed for the AP. If the link between the AP and AC fails or the peer end has no response, the AC will fail to deliver WLAN service configurations to the AP.	Check network connectivity between the AC and AP. For details, see The Network Between the AP and AC Fails.
committing (cmt)	WLAN service configurations are being delivered to an AP after the AP goes online on an AC. After the AP goes online on the AC, WLAN service configurations are being delivered to the AP. During this process, the AP is in committing state.	This is a normal state, and no action is required.
config (cfg)	WLAN service configurations are being delivered to an AP when the AP is going online on an AC. After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. During this process, the AP is in config state.	This is a normal state, and no action is required.
config-failed (cfgfa)	WLAN service configurations fail to be delivered to an AP when the AP is going online on an AC. After the AP establishes a link with the AC, WLAN service configurations are delivered to the AP. If the configuration delivery fails due to various reasons (such as link failure), the AP enters the config-failed state.	If the AC fails to deliver the initial configuration, rectify the fault by referring to An AP Fails to Initialize the Configuration.
download (dload)	An AP is in upgrade state. When the AP is performing an upgrade, it enters the download state.	When the AP upgrade is complete, check the AP state. If the upgrade fails, rectify the fault by referring to The AP Upgrade Fails.
fault	An AP fails to go online.	Check the reason for the AP's failure to go online. For details, see Checking Reasons for APs' Failures to Go Online.
idle	It is the initialization state of an AP before it establishes a link with the AC for the first time.	The possible causes and the corresponding handling methods for this state are as follows: The AP has never set up a CAPWAP link with the AC. This is a normal state, and no action is required. The CAPWAP source interface or address is not configured on the AC. For troubleshooting, see The CAPWAP Source Interface or Address Is Not Configured on the AC. The MAC address or SN of the AP added offline is inconsistent with that of the AP. For troubleshooting, see The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP. The AC cannot manage APs due to insufficient license resources. For troubleshooting, see The Number of APs Connected to the AC Exceeds the Maximum.
name-conflicted (namec)	The name of an AP conflicts with that of an existing AP. The name of an AP conflicts with the name of another AP on the same AC.	Run the ap-rename ap-id ap-id new-name ap-new-name command to change the AP name.
normal (nor)	An AP is working properly. The AP successfully goes online on the AC.	This is a normal state, and no action is required.
standby (stdby)	An AP is in normal state on the standby AC. In the HSB, dual-link cold backup, or N+1 backup scenario, if the link between the active and standby ACs is established properly, the AP is in standby state on the standby AC and in normal state on the active AC.	This is a normal state, and no action is required.
ver-mismatch (vmiss)	The versions of the AP and AC do not match.	See The Versions of the AP and AC Do Not Match.
countryCode-mismatch (cmiss)	The country codes of the AP and AC do not match. The AP does not support the country code configured on the AC.	The AP does not support the country code. Upgrade the AP or modify the country code configuration on the AC.
type-mismatch (tmiss)	The AP type does not match that configured on the AC. The AP type configured on the AC does not match the actual AP type.	Change the AP type configured on the AC.
unauth	An AP fails to be authenticated.	Run the display ap unauthorized record command to query APs that fail to be authenticated. Run the ap-confirm command to confirm these APs and allow them to go online.

Checking Reasons for APs' Failures to Go Online

CLI: display ap online-fail record

Function: This command is used to query the reason for AP's failures to go online so that you can take measures accordingly.

Table 1-2 lists some reasons for AP's failures to go online.

Table 1-2 Reasons for AP's failures to go online

Reason Why an AP Fails to Go Online	Handling Suggestion
Insufficient license resources.	See The Number of APs Connected to the AC Exceeds the Maximum.
The AP is not in the SN whitelist.	Run the ap whitelist sn ap-sn1 [ to ap-sn2 ] command to add the AP to the SN whitelist or run the ap-confirm command to enable the AP to pass authentication.
The AP is not in the MAC whitelist.	Run the ap whitelist mac ap-mac1 [ to ap-mac2 ] command to add the AP to the MAC whitelist or run the ap-confirm command to enable the AP to pass authentication.
The AP is added to the AP blacklist.	See An AP Is Blacklisted.
The MAC address and SN of the AP do not match.	See The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP.
DTLS negotiation for CAPWAP tunnel setup fails.	See DTLS Negotiation Failed.
DTLS negotiation failed, because of negotiation timeout or inconsistent PSKs on two ends.	See DTLS Negotiation Failed.
CAPWAP tunnel negotiation fails.	For details, see The Network Between the AP and AC Fails.
APs cannot go online during data backup.	Wait until the backup is complete.
The upgrade fails.	For details, see The AP Upgrade Fails.
The CAPWAP tunnel fails to be established.	For details, see The Network Between the AP and AC Fails.
The configuration fails to be delivered.	The AC will attempt to deliver the configurations again. If the failure persists, rectify the fault by referring to The Network Between the AP and AC Fails.
The versions of the AP and AC do not match.	See The Versions of the AP and AC Do Not Match.
The AC does not support the AP type.	Replace the AP with one supported by the AC or change the AC version to one that supports the AP.
Unsupported AP type, AC version may need to be upgraded.
The AP name conflicts.	Run the ap-rename command to change the AP name.
The number of central APs reaches the upper limit.	See The Number of APs Connected to the AC Exceeds the Maximum.
The number of common APs reaches the upper limit.	See The Number of APs Connected to the AC Exceeds the Maximum.
The CAPWAP sensitive-info PSK is different on the two ends of the CAPWAP tunnel.	See DTLS Negotiation Failed.
The CAPWAP integrity-check PSK is different on the two ends of the CAPWAP tunnel.	See DTLS Negotiation Failed.
The AC license is not active.	Activate the AC license.
Too many APs go online concurrently, leading to a failure to create sufficient DBSS interfaces.	No action is required. The AP will attempt to go online again.
The country codes of the AP and AC are inconsistent, and the country code of the AP is locked.	The country code of some AP models cannot be modified. For example, an AP model with the suffix -US is used only in the United States, and its country code is fixed as US. Configure the country code on the AC to be the same as that on the AP.
Reset for the AC mode switching.	No action is required.

Full-Process Tracing

CLI: trace enable brief and trace object mac-address ap-mac-address

Function: These commands are used to diagnose the service process of the AP. Pay attention to whether there are exceptions in the printed information.

The process for an AP to go online involves various phases, including IP address allocation, discovery, join, configuration delivery, and configuration update. If the AP fails to go online, you can locate the fault through full-process tracing. By comparing the printed information with the normal process, you can determine the phase when the fault occurs and then troubleshoot the fault accordingly.

[AC] trace enable brief
[AC] trace object mac-address acf9-703e-90a0
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP DISCOVER message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP DISCOVER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:0.0.0.0 yiaddr:0.0.0.0 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:DHCP Server is enable.(interface:Vlanif400).
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Gateway=192.168.1.1, mask=255.255.255.0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:New session hash node(mac:acf9-703e-90a0 Xid=376261347)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Discover session create(Xid=376261347 mac:acf9-703e-90a0)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Get pool Vlanif400 by gateway 192.168.1.1 and vrf 0.
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Proc Request IP ACK.(MsgType = 773, MsgType = 1, usPool = 0, ERRcode = 10, IPAlloc = 192.168.1.176, SessionStatus = 0)
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP OFFER packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176).
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP OFFER message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP OFFER bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP REQUEST message.orgif:GE0/0/3 srcif:Vlanif400 L3if:Vlanif400 DstIf:GE0/0/3 srcmac:acf9-703e-90a0 dstmac:ffff-ffff-ffff vsi:- vlan:400/0 srcip:0.0.0.0 dstip:255.255.255.255 VPN:- src-port:68 dst-port:67 msgtype:BOOT-REQUEST dhcp msgtype:DHCP REQUEST bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:192.168.1.176 giaddr:0.0.0.0
[BTRACE][2020/03/12 15:36:01][768][DHCPS][acf9-703e-90a0]:Send DHCP ACK packet.(Chaddr=acf9-703e-90a0, Offer IP=192.168.1.176).
[BTRACE][2020/03/12 15:36:01][768][DHCPPRO][acf9-703e-90a0]:Receive DHCP ACK message.orgif: srcif: L3if: DstIf:GE0/0/3 srcmac:084f-0a6d-0df2 dstmac:acf9-703e-90a0 vsi:- vlan:400/0 srcip:192.168.1.1 dstip:192.168.1.176 VPN:- src-port:67 dst-port:68 msgtype:BOOT-REPLY dhcp msgtype:DHCP ACK bflag:uc chaddr:acf9-703e-90a0 ciaddr:0.0.0.0 reqip:0.0.0.0 giaddr:0.0.0.0 serverid:192.168.1.1 yiaddr:192.168.1.176 xid:0x166d4ae3
[BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Process discovery request message.
[BTRACE][2020/03/12 15:36:12][256][WLAN_AC][acf9-703e-90a0]:[Process:1][CAPWAP] Send discovery response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Create Link Success, Link[3] Sip[192.168.1.176] SrcUdpPort[58138] Vpn[-1].
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process join request message. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send join response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process config status request message. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send configuation state response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Process change state event request message and status id CONFIGURE. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] Send change state event response successfully. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] FSM DataLinkEnterinRun, Dlink[3] CLink[3] Mac[acf9-703e-90a0] DevId[1]
[BTRACE][2020/03/12 15:36:17][512][WLAN_AC][acf9-703e-90a0]:[Process:2][CAPWAP] CtrlLink[3] enterin run. MAC: acf9-703e-90a0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-0 Func-0xacb8accc TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG notify next phase result-0x0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-1 Func-0xabf7f150 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-2 Func-0xac0d570c TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG pass phase3 Ret 0x0
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WDEV] AP:1 CONFIG phase-4 Func-0xabc66570 TimeOut-300000 IsDAp-0 Ret-0x0 IsNeedCfg-1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit start response, begin to config ap tree.
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ac Ret 0x0 CfgFlag 1
[BTRACE][2020/03/12 15:36:18][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET AP object 0x0001ffff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000100ff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] SET Radio object 0x000101ff ap ret ok ProcRet 0
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] WMP cfg success over
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-0 Func-0xabc5c168 Ret 0x0 TimeOut 60000
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-0 notify cmt success
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt-cfg-phase-1 Func-0xabc5c1b0 Ret 0x0 TimeOut 30000
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP:1 cmt result 0 [Cur 0 - Notify 0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt phase-1 notify cmt success
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] pdt commit over
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[Process:2]RTRecePktProc Link[3]Type[0]Msg[514828]Que[1]SN[50]Len[4]Ret[0]Mac[acf9-703e-90a0]
[BTRACE][2020/03/12 15:36:19][512][WLAN_AC][acf9-703e-90a0]:[WCFG] AP[1] receive commit-end response

An AP Fails to Start

Possible Cause

The PSE does not support the PoE function or is faulty.
The PSE does not support the power supply mode required by the AP.
The output power of the PSE is insufficient.
The PSE is incorrectly configured, for example, the PoE function is disabled or the PoE power-off time range is incorrectly set.
The Ethernet cable or power cable is damaged or not securely connected.
The AP is faulty.

Troubleshooting Procedure

Check whether the power indicator and network cable indicator of the AP blink normally. For details about indicators, see WLAN Hardware Installation and Maintenance Guide.

If not, perform the following operations:

If the AP is powered in PoE mode, check whether the PSE supports the PoE function and whether the PSE is faulty.
Check whether the output power mode of the PSE is the same as the power supply mode required by the AP.
Check whether the output power of the PSE can support the maximum power consumption of the AP.
Check whether the PSE is configured incorrectly, for example, the PoE function is disabled or the power-off time range is set correctly.
Check whether the Ethernet cable and power cable are connected properly. Replace the Ethernet cable with a high-quality 8-core Ethernet cable and perform the test again.
If the fault persists, the AP may be faulty. In this case, contact technical support personnel or the agent to replace the AP with a new one.

The Network Between the AP and AC Fails

If the network between the AP and AC fails, the AP and AC cannot exchange packets. As a result, the AP fails to go online on the AC.

Check network connectivity between the AP and AC as follows:

Run the ping command on the AC and AP to check whether they can ping each other.
- If the ping operation fails, check whether the IP address expires, whether the links on the intermediate network are normal, and whether the links are configured correctly.
- If a long delay or packet loss occurs during the ping operation, check the statistics about each interface to determine whether a loop occurs on the intermediate network.
- If no packet is lost and the delay is normal, go to the next step.
During the deployment, if an AP fails to go online, the AC or devices on the intermediate network devices are incorrectly configured.
The following configuration is for your reference:
- Typically, one management VLAN, and one or more service VLANs need to be configured during the WLAN service configuration.
- Packets sent by an AP do not contain VLAN tags by default, including IP address allocation packets exchanged with the DHCP server and CAPWAP control packets exchanged with the AC. The packets are tagged with the management VLAN ID on the switch interface directly connected to the AP. Then, these packets are sent to the DHCP server or the AC based on the VLAN and routing information on the network.
- In direct forwarding mode, ensure that packets from the service VLANs are allowed from the AP's uplink interface to the user gateway. Configure the interface as a hybrid or trunk interface, not as an access interface, and allow packets from the service and management VLANs to pass through. The VLAN configuration must be supported on the switch connected to APs. Do not connect APs to a switch that does not support the VLAN configuration.
  In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.
```
<Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
```
  Or:
```
<Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 20
```
- In tunnel forwarding mode, the AP's uplink interface only allows packets from the management VLAN to pass through, because the service packets are encapsulated through CAPWAP. The interface can be configured as an access, trunk, or hybrid interface.
  In the following example, VLAN 10 and VLAN 20 are configured as the management VLAN and service VLAN, respectively, on the switch interface directly connected to the AP.
```
<Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type access
[Switch-GigabitEthernet0/0/1] port default-vlan 10
```
  Or:
```
<Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk pvid vlan 10
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
```
  Or:
```
<Switch> system-view
[Switch] interface gigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
```
- In a WDS scenario, after changing the WDS mode (root, middle, or leaf) of an AP, restart it for the configuration to take effect. Otherwise, the AP may fail to go online.
- Check whether the switch and AP are connected through an Eth-Trunk.
  - In V200R008 and earlier versions, you need to configure an Eth-Trunk before connecting physical cables. Otherwise, a loop may occur on the network, causing the AP's failure to go online.
  - In V200R009 and later versions, you can connect physical cables and then configure an Eth-Trunk.

Check whether the management VLAN is configured on the AP.

Log in to the AP, and run the display system-information command to check whether the management VLAN is valid on the AP.

<AP> display system-information 
System Information                             
===============================================
......
System Name              : AP
Country Code             : CN                  
MAC Address              : 10:47:80:af:fb:c0   
Radio 0 MAC Address      : 10:47:80:af:fb:c0   
Radio 1 MAC Address      : 10:47:80:af:fb:d0   
IP Address               : 10.1.15.254         
Subnet Mask              : 255.255.240.0       
Default Gateway          : 0.0.0.0             
IPv6 IP Address          :                     
IPv6 Default Gateway     :                     
Management VLAN ID(AP)   : 1219
IP MODE                  : static              
......            
===============================================

If the management VLAN is incorrectly configured, run the undo management-vlan command in the AP system view to delete the management VLAN and restart the AP.

If the management VLAN needs to be configured, check the intermediate network to ensure that the management VLAN is allowed and that the AC and AP can ping each other.

If the AP cannot go online due to incorrect management VLAN configuration, remove the VLAN tag from the interface on the access switch. After the AP goes online, restore the configuration.

An Error Occurs in Configuring a Static IP Address for an AP

Possible Cause

The static IP address of the AP is not unique and conflicts with that of another device on the network.
In Layer 2 networking, the static IP address of the AP is not in the same network segment as that of the AC.
In Layer 3 networking, the egress gateway is not configured for the AP.
The AP is not restarted to make the configured static IP address take effect.

Troubleshooting Procedure

A CAPWAP tunnel can be established between an AP and an AC only after the AP has obtained an IP address. If the AP fails to go online after being configured with a static IP address, perform the following steps:

<AP> display ap-address-info
==============================================================
Active AP Address Info
  AP Mode     : static  //The AP goes online using a static IP address.
  Ip Address  : 10.1.1.100  //Static IP address of the AP
  Ip Version  : 4
  Mask        : 255.255.255.0  //Subnet mask of the AP's IP address
  Gateway     : 10.1.1.1  //Gateway of the AP
  AC 0 ip     : 10.1.2.111  //AC's IP address
  AC 1 ip     : -
  AC 2 ip     : -
  AC 3 ip     : -
--------------------------------------------------------------
......

Check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
- The IP address of an AP must be unique and cannot conflict with that of another device on the network.
- In Layer 2 networking, the static IP address configured on the AP must be in the same network segment as that of the AC.
- In Layer 3 networking, the egress gateway for the AP must be configured to ensure an available route between the AP's IP address and the AC source address.
If the IP address is incorrectly configured, use either of the following methods to rectify the fault:
- Run the ap-address mode dhcp command in the system view to change the IP address obtaining mode to DHCP. Then restart the AP to make the configuration take effect.
```
[AP] ap-address mode dhcp                          
Info: The configuration takes effect after the AP is restarted.
```
- Run the ap-address static ip-address ip-address subnet-mask command in the system view to change the static IP address of the AP. Then restart the AP to make the configuration take effect.
```
[AP] ap-address static ip-address 10.1.2.253 255.255.255.0
Info: The configuration takes effect after the AP is restarted.
```

No IP Address Is Allocated to an AP

Possible Cause

The network between an AP and the DHCP server fails, which may be caused by incorrect VLAN configurations (as an example).
The DHCP configuration is incorrect.
No DHCP address pool is configured, or available IP addresses in a DHCP address pool are insufficient.

Troubleshooting Procedure

# Run commands on the DHCP server to check whether the AP is assigned an IP address. In this example, the AC functions as a DHCP server.

Check whether the link between the AP and AC is normal. For details, see The Network Between the AP and AC Fails.
If a DHCP relay agent is deployed, perform a ping operation using the IP address of the DHCP server as the source IP address and that of the DHCP relay agent as the destination IP address. If the ping operation fails, an error occurs in the route configuration. Check the route configuration.

Run the display ip pool { interface interface-pool-name | name ip-pool-name } used command to check IP address allocation. Check whether the AP has obtained an IP address based on the MAC address. Check whether available IP addresses in the address pool are abundant.

[AC] display ip pool interface Vlanif1219 used
  Pool-name      : Vlanif1219
  Pool-No        : 4 
  Lease          : 1 Days 0 Hours 0 Minutes
  Domain-name    : -
  DNS-server0    : -
  NBNS-server0   : -
  Netbios-type   : -
  Position       : Interface       Status           : Unlocked
  Gateway-0      : 10.1.1.2
  Network        : 10.1.0.0
  Mask           : 255.255.240.0
  VPN instance   : --
  Conflicted address recycle interval: -

 -----------------------------------------------------------------------------
         Start           End     Total  Used  Idle(Expired)  Conflict  Disable
 -----------------------------------------------------------------------------
        10.1.0.1     10.1.15.254  4093     4       4084(0)         5        0
 -----------------------------------------------------------------------------
 
  Network section :
  -----------------------------------------------------------------------
  Index              IP               MAC      Lease   Status
  -----------------------------------------------------------------------
   4085     10.1.15.246    dcd2-fc9a-c800       7375   Used
   4086     10.1.15.247    1047-80af-fbc0       7369   Used
   4087     10.1.15.248    dcd2-fcf4-6420       7929   Used
   4090     10.1.15.251    dcd2-fc22-d880       9368   Used
  -----------------------------------------------------------------------

If the address pool resources on the DHCP server are insufficient, you can increase the number of IP addresses or reduce the IP address lease.

Run the display arp command to view all ARP mapping entries. Check whether the AP has obtained an IP address based on the MAC address. If so, run the ping command to ping the obtained IP address.

[AC] display arp
IP ADDRESS      MAC ADDRESS     EXPIRE(M) TYPE        INTERFACE   VPN-INSTANCE
                                          VLAN/CEVLAN PVC
------------------------------------------------------------------------------
......
10.1.1.2        0200-0000-0017            I -         Vlanif1219
10.1.15.251     dcd2-fc22-d880  2         D-0         GE0/0/1
                                          1219/-
10.1.15.247     1047-80af-fbc0  16        D-0         GE0/0/1
                                          1219/-
10.1.15.246     dcd2-fc9a-c800  15        D-0         GE0/0/1
                                          1219/-
10.1.15.248     dcd2-fcf4-6420  6         D-0         GE0/0/1
                                          1219/-
10.1.1.219      4c1f-cc6b-c248  16        D-0         GE0/0/1

Ping the IP address mapping the MAC address. If the ping operation succeeds, the AP has obtained an IP address. Otherwise, the IP address obtained by the AP has expired or the AP fails to obtain an IP address.

[AC] ping 10.1.15.251
  PING 10.1.15.251: 56  data bytes, press CTRL_C to break
    Reply from 10.1.15.251: bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=3 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 10.1.15.251: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 10.1.15.251 ping statistics ---
    5 packet(s) transmitted 
    5 packet(s) received
    0.00% packet loss 
    round-trip min/avg/max = 1/1/1 ms

Check whether the DHCP configuration is correct. For details about how to configure DHCP, see Configuring an AP to Go Online in DHCP Mode.

The AC's IP Address Is Not or Incorrectly Specified on an AP

Possible Cause

The AC and AP are connected at Layer 3, but the AC's IP address is not specified on the AP.
In AC VRRP networking, the virtual IP address of the ACs is not specified on the AP.

Troubleshooting Procedure

Check whether the AC's IP address is correctly specified on the AP.
On a Layer 2 network, the AP can discover the AC in broadcast mode, without the need to manually specify the AC's IP address. On a Layer 3 network, you must specify the AC's IP address; otherwise, the AP cannot discover the AC in broadcast mode.
- AP going online using a static IP address
  If the AP is configured to go online using a static IP address, perform the following operations to troubleshoot the fault:
  1. Log in to the AP, and run the display ap-address-info command to check whether the valid static IP address information is correct, including the unique IP address of the AP, gateway address, and AC's IP address.
    <AP> display ap-address-info ============================================================== Active AP Address Info AP Mode : static //The AP goes online using a static IP address. Ip Address : 20.1.1.100 //Static IP address of the AP Ip Version : 4 Mask : 255.255.255.0 //Subnet mask of the AP's IP address Gateway : 20.1.1.1 //Gateway of the AP AC 0 ip : 10.1.1.111 //AC's IP address AC 1 ip : - AC 2 ip : - AC 3 ip : - --------------------------------------------------------------.
  2. If the AC's IP address is not or incorrectly specified, perform either of the following operations:
    Run the ap-address static ac-list ip-address &<1-4> command in the system view to specify the AC's IP address for the AP. Then restart the AP to make the configuration take effect.
    [AP] ap-address static ac-list 10.23.200.1
- AP going online in DHCP mode
  When the AP and AC are connected at Layer 3, you are advised to run the option 43 sub-option 2 ip-address ip-address &<1-8> command to configure Option 43 field in the IP address pool. In VRRP HSB scenarios, specify the virtual IP address as the CAPWAP source address on the ACs in the Option 43 field.
  - option 43 hex hex-string
  - option 43 sub-option 3 ascii ascii-string
  - option 43 sub-option 2 ip-address ip-address &<1-8>
  - option 43 sub-option 1 hex hex-string
  For the three commands with the sub-option configuration, it is recommended that only of them be configured. If you run two or three of them, only the last one takes effect.
  The configuration example is as follows.
  - Run the option 43 hex 031D3139322e3136382e3139342e35302c3139322e3136382e3139342e3534 command to configure the device to specify the ACs' IP addresses 192.168.194.50 and 192.168.194.54 for APs. In this command, 03 is a fixed value; 1D indicates that the length of IP addresses (192.168.194.50,192.168.194.54) including dots (.) and the comma (,) is 29, and multiple IP addresses are separated by the comma (,); 3139322e3136382e3139342e3530 indicates the ASCII value of 192.168.194.50; 2C indicates the ASCII value of the comma (,); and 3139322e3136382e3139342e3534 indicates the ASCII value of 192.168.194.54.
  - Run the option 43 sub-option 1 hex C0A80001C0A80002 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs. In the command, C0A80001 indicates the hexadecimal format of 192.168.0.1, and C0A80002 indicates the hexadecimal format of 192.168.0.2.
  - Run the option 43 sub-option 2 ip-address 192.168.0.1 192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.
  - Run the option 43 sub-option 3 ascii 192.168.0.1,192.168.0.2 command to configure the device to specify ACs' IP addresses 192.168.0.1 and 192.168.0.2 for APs.
In AC VRRP networking, check whether the specified AC's IP address is the VRRP virtual IP address. If not, specify the VRRP virtual IP address as the AC's IP address.

The CAPWAP Source Interface or Address Is Not Configured on the AC

Each AC requires the configuration of at least one or two IP addresses, VLANIF interfaces, or loopback interfaces. In this manner, APs managed by the AC can learn the specified IP address or the IP address of the specified interface to set up a CAPWAP tunnel with the AC. This specified IP address or interface is called the source address or interface.

Troubleshooting Procedure

Run the display capwap configuration command on the AC to check whether the CAPWAP source address or interface is configured.

<AC> display capwap configuration
  ---------------------------------------------------------------
  Source interface IPv4                            : vlanif100
  Source interface IPv6                            : -
  Source IPv4 address                              : -
  Source IPv6 address                              : -
  ...
  ...

If the source interface is configured, check whether an IP address is correctly configured for the interface.

<AC> system-view
[AC] interface vlanif 100
[AC] display this
#
interface Vlanif100
 ip address 10.100.1.2 255.255.255.0
#

If neither the CAPWAP source interface nor CAPWAP source interface is configured, run the capwap source interface or capwap source { ip-address | ipv6-address } command to configure one.
The following uses the CAPWAP source interface as an example:
```
<AC> system-view 
[AC] interface vlanif 100 
[AC-Vlanif100] ip address 192.168.10.1 24 
[AC-Vlanif100] quit 
[AC] capwap source interface vlanif 100
```

An AP Is Not Working in Fit Mode

Possible Cause

The AP does not support the Fit mode.
The AP is switched to the Fat or cloud mode.

Troubleshooting Procedure

Check whether the AP is a Fit AP.

# Log in to the AP and run the display image command in the diagnostic view to check the activated software version.

[AP-diagnose] display image 
ImageStatusVersion 
============================================================== 
Image A(Active)AP8030DNV200R006C10SPC300B031(FAT) 
Image B(Backup)AP8030DNV200R003C00SPCc00B100(FAT) 
==============================================================

If it is working in Fat or cloud mode, see AP Mode Switching to switch the AP to the Fit mode.

The Number of APs Connected to the AC Exceeds the Maximum

Possible Cause

License resources are insufficient.
The number of APs connected to the AC exceeds the specifications.

Troubleshooting Procedure

The number of APs that can be connected to an AC depends on the following factors:

License resource items: The total number of common APs and central APs cannot exceed the number of license resource items. RUs do not occupy license resources.
Maximum number of APs that can be managed by an AC:
- The total number of common APs and RUs cannot exceed the maximum number that can be managed by an AC.
- The total number of central APs does not exceed the maximum number that can be managed by an AC.

Run the display license resource usage command to check the license resource usage. If the current resource usage reaches the specifications authorized in the license file, new APs cannot go online.
```
<AC> display license resource usage
Activated License: flash:/LIC92680232*****_*****5396810CB000006.dat
FeatureName    | ConfigureItemName       | ResourceUsage
CRFEA1            LH85WLANAP01                0/256   
```
If the number of resources exceeds the authorized value, apply for and load a new license file.
If the number of resources does not exceed the authorized value, run the display ap all command to check whether the number of APs in normal state exceeds the maximum number of APs supported by the AC.
For details about the AP specifications supported by each AP model, visit Info-Finder.

If the number of APs managed by the AC exceeds the specifications, replan the network properly based on the maximum number of APs that can be managed by the AC.

DTLS Negotiation Failed

Possible Cause

The network between the AC and AP is abnormal.
The AC and AP have different DTLS PSKs.

Troubleshooting Procedure

When an AP attempts to establish a DTLS connection with an AC, they perform DTLS negotiation. If their PSKs are different, DTLS negotiation fails.

Check whether the PSKs of the AC and AP are the same. If not, change them to the same or run the capwap dtls psk-mandatory-match enable command to enable the AP to establish a DTLS session with the AC using the default PSK.
Ping the AC from the AP. If the ping operation fails, the network is abnormal during DTLS negotiation, resulting in negotiation timeout. In this case, check the network by referring to The Network Between the AP and AC Fails.

The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP

Possible Cause

The MAC address and SN of an AP added offline on the AC are inconsistent with those of the AP.

Troubleshooting Procedure

Run the display wlan wdev ap-information ap-id ap-id command in the diagnostic view of the AC to check the MAC address and SN of the AP.

[AC-diagnose] display wlan wdev ap-information ap-id 4
 Ap profile Info:
    aucName: dcd2-fc22-d880
    APID_AVL: 4
    APID: 4
    aucSn:  210235555310D1000067  //AP's SN configured on the AC
    group name: default
    aucMac: dcd2-fc22-d860  //AP's MAC address configured on the AC
......

If the configured AP information is different from the actual AP information, run the undo ap ap-id ap-id command in the WLAN view to delete the AP, and then run the ap-id ap-id ap-mac mac-address ap-sn ap-sn command to add an AP again before it goes online.
```
<AC> system-view
[AC] wlan 
[AC-wlan-view] undo ap ap-id 4 //Delete the AP.
[AC-wlan-view] ap-id 4 ap-mac dcd2-fc22-d880  //Add an AP before it goes online.
```

An AP Is Blacklisted

Possible Cause

The AP is added to the blacklist by mistake.

Troubleshooting Procedure

If the MAC address of an AP is blacklisted, the AP cannot go online. If the AP whitelist and blacklist are all configured, the system first checks whether an AP is blacklisted.

Check the AP blacklist.

<AC> display ap blacklist
-----------------------------------
ID     MAC                         
-----------------------------------
0      0001-0002-0001
-----------------------------------
Total: 1

If an AP is added to the blacklist by mistake, delete the AP from the blacklist.

<AC> system-view
[AC] wlan
[AC-wlan-view] undo ap blacklist mac 0001-0002-0001

The Versions of the AP and AC Do Not Match

Possible Cause

The AC does not support the current AP model.
The versions of the AP and AC do not match.

Troubleshooting Procedure

The AP can go online on the AC only when their versions match. If the versions of the AC and AP do not match, the following problems may occur:

The AC does not support the current AP model. For example, the AC running V200R008C10 does not support the AP model whose source version is V200R010C00.

SOHO series ACs can manage only SOHO series APs. Other series ACs cannot manage SOHO series APs.
The AP status displayed on the AC is ver-mismatch or vmiss.

For details about the version mapping between ACs and APs, see Quick Reference for WLAN AP Version Mapping and Models.

Run the display ap-type all command to check whether the AC supports the current AP model.
If the AP model is not in the list, the AC of the current version does not support the AP model. In this case, upgrade the AC by referring to the corresponding upgrade guide.
Run the display ap all command to check whether APs in ver-mismatch or vmiss state exist in the AP list.
If so, upgrade the AP or AC by referring to the upgrade guide to ensure that the versions of the AP and AC match.

The AP Upgrade Fails

Possible Cause

The AP upgrade is configured on the AC, but the AP software package is not correctly uploaded or an incorrect software package is uploaded.
The network between the AP and the FTP/SFTP server fails.

Troubleshooting Procedure

Check whether the AP upgrade file exists and whether the file name is correct.
Before upgrading an AP, ensure that the upgrade file is stored in the corresponding directory of the file server and can be read. The name and size of the AP upgrade file must be the same as those of the source file and cannot be changed. If the upgrade file does not exist or the file name or size is incorrect, obtain the correct upgrade file at http://support.huawei.com/enterprise and upload it to the AC or file server.
- If the AP is upgraded in AC mode or SFTP/FTP mode (the AC functions as an SFTP or FTP server), save the AP upgrade file to the default storage path on the AC.
```
<AC> dir flash:/*.bin
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName
    0  -rw-     12,815,616  May 23 2016 19:09:45   FitAP5X30XN_V200R006C10SPC300.bin

206,324 KB total (89,768 KB free)
```
- If another device functions as the SFTP/FTP server, ensure that the upgrade file is stored in the SFTP/FTP directory and can be read, and that the file name and size are the same as those of the source file.
Check whether the AP upgrade file matches the AP model.
The AP upgrade file must match the AP model, and upgrade files of different AP models cannot be used interchangeably.
Check whether the AP and file server can ping each other and whether the network quality is good.
Assume that a PC functions as the file server. When upgrading an AP, use the PC as the file server and upload the AP's upgrade file through FTP, TFTP, or SFTP. In addition, ensure that the network port on the PC is directly connected to that on the AP and that the PC can communicate with the AP.
1. Open the Windows Command Prompt on your PC, and run the ping command to check whether the PC can successfully ping the AP.
  If the message "Request time out" is displayed, the target device is unreachable.
2. If the PC fails to ping the AP, change the IP address of the PC to ensure that it is on the same network segment as the IP address of the AP.
  The default IP address of the Fit AP is 169.254.1.1. The IP address of the PC must be on the network segment 169.254.1.0 (excluding the IP address 169.254.1.1), with the subnet mask 255.255.255.0. The IP address 169.254.1.100 is recommended.
  
  If the Fit AP's IP address has been changed, run the display ap all command on the AC to check the AP's IP address.
3. Run the ping command again on the PC to check whether the PC can successfully ping the AP.
4. If large network delay or packet loss occurs between the AP and file server, the AP fails to download the upgrade file due to timeout. In this case, check the intermediate network.

Check whether the user name or password of the FTP/SFTP server is correct.

An incorrect user name or password of the server will lead to a failure to download the AP upgrade file.

Run the display ap update configuration command to check the AP upgrade configuration.

[AC-wlan-view] display ap update configuration
------------------------------------------------------------------
AP update mode         : ftp-mode
FTP configuration
 FTP IP                : 192.168.0.11
 FTP username          : ftp
 FTP password          : ******
 FTP max number        : 50
SFTP configuration
 SFTP IP               : -
 SFTP username         : anonymous
 SFTP password         : ******
 SFTP max number       : 50
------------------------------------------------------------------

Check whether the user name and password for logging in to the server are correct. If not, run the following commands to reconfigure them:

Set the upgrade mode to SFTP and configure the SFTP server.

<AC> system-view
[AC] wlan 
[AC-wlan-view] ap update mode sftp-mode
[AC-wlan-view] ap update sftp-server ip-address 192.168.10.11 sftp-username xxx sftp-password cipher yyy  ///xxx and yyy indicate the user name and password for logging in to the SFTP server.

Set the upgrade mode to FTP and configure the FTP server.

<Huawei> system-view
[Huawei] wlan 
[Huawei-wlan-view] ap update mode ftp-mode
[Huawei-wlan-view] ap update ftp-server ip-address 192.168.10.11 ftp-username xxx ftp-password cipher yyy   //xxx and yyy indicate the user name and password for logging in to the FTP server.

Check whether the FTP/SFTP service is enabled on the AC.

When the AC is configured as the FTP server, run the display ftp-server command to check whether the FTP service is enabled.

<AC> display ftp-server
   FTP server is running
   Max user number                 50
   User count                      0
   Timeout value(in minute)        30
   Listening port                  21
   Acl number                      0
   FTP server's source address     0.0.0.0

If the FTP service is disabled, run the ftp server enable command in the system view to enable it.

When the AC is configured as the SFTP server, run the display ssh server status command to check whether the SFTP service is enabled.

<AC> display ssh server status
 SSH version                         :2.0
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times
 SFTP Server                         :Enable
 Stelnet server                      :Enable

If the SFTP service is disabled, run the sftp server enable command in the system view to enable it on the SSH server.

An AP Fails to Initialize the Configuration

Possible Cause

The MTU of the intermediate network between the AP and AC is incorrectly configured.
Packet loss occurs on the wired side.

Troubleshooting Procedure

In the configuration delivery phase, the AC delivers the initial configuration to the AP. If packet loss occurs during transmission, the AP fails to initialize the configuration.

Configure the AC and AP to ping each other using packets longer than 1600 bytes and check whether packet loss occurs.
If packet loss occurs, check whether the MTU of the intermediate network is properly configured. If not, packets cannot be transmitted properly. As a result, the AP cannot go online.
When the network between the AC and AP involves a small MTU value, such as an SD-WAN tunnel or a carrier network, you need to change the MTU of the CAPWAP tunnel on the AC to a smaller value so that the AP can go online.

In V200R021C10 and earlier versions, The minimum MTU of a CAPWAP tunnel on the native AC is 1500. In V200R022C00 and later versions, this value is 1000.
```
<AC> system-view 
[AC] wlan  
[AC-wlan-view] ap-system-profile name ap-system1 
[AC-wlan-ap-system-prof-ap-system1] mtu 1200
```
If NAT traversal is configured on the intermediate network, check whether NAT communication is normal.

Further Information: How to Configure Basic WLAN Services After APs Go Online

Configure basic WLAN services after APs go online. For details, see the configuration videos and Wireless Access Controller (AC and Fit AP) Product Documentation.

Overview
Before You Start
AP Join Process
Configuring an AP to Go Online
- Configuring an AP to Go Online in Static Mode
- Configuring an AP to Go Online in DHCP Mode
Common Causes and Troubleshooting Methods for APs' Failures to Go Online
Further Information: How to Configure Basic WLAN Services After APs Go Online

Translation

简体中文

Download

Updated: 2023-02-14

Document ID: EDOC1100155253

Downloads: 596

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

How an AP Joins an AC and Troubleshooting Any Join Failures

Overview

Before You Start

AP Join Process

IP Address Allocation for an AP

AC Discovery

AP Access Control

AC Configuration Delivery

CAPWAP Tunnel Maintenance

Configuration Update

Configuring an AP to Go Online

Configuring an AP to Go Online in Static Mode

Networking Requirements

Procedure

Verifying the Configuration

Configuring an AP to Go Online in DHCP Mode

Networking Requirements

Procedure

Verifying the Configuration

Common Causes and Troubleshooting Methods for APs' Failures to Go Online

Recommended Troubleshooting Roadmap for APs' Failures to Go Online

Checking AP Information

Checking Reasons for APs' Failures to Go Online

Full-Process Tracing

An AP Fails to Start

Possible Cause

Troubleshooting Procedure

The Network Between the AP and AC Fails

An Error Occurs in Configuring a Static IP Address for an AP

Possible Cause

Troubleshooting Procedure

No IP Address Is Allocated to an AP

Possible Cause

Troubleshooting Procedure

The AC's IP Address Is Not or Incorrectly Specified on an AP

Possible Cause

Troubleshooting Procedure

The CAPWAP Source Interface or Address Is Not Configured on the AC

Troubleshooting Procedure

An AP Is Not Working in Fit Mode

Possible Cause

Troubleshooting Procedure

The Number of APs Connected to the AC Exceeds the Maximum

Possible Cause

Troubleshooting Procedure

DTLS Negotiation Failed

Possible Cause

Troubleshooting Procedure

The MAC Address and SN of an AP Specified on the AC Are Inconsistent with Those of the AP

Possible Cause

Troubleshooting Procedure

An AP Is Blacklisted

Possible Cause

Troubleshooting Procedure

The Versions of the AP and AC Do Not Match

Possible Cause

Troubleshooting Procedure

The AP Upgrade Fails

Possible Cause

Troubleshooting Procedure

An AP Fails to Initialize the Configuration

Possible Cause

Troubleshooting Procedure

Further Information: How to Configure Basic WLAN Services After APs Go Online

Related Version

Related Documents

Digital Signature File