Troubleshooting

Using the Mode Button

Using the Mode button (see CW9166I Top View with Connectors and Ports), you can reset the AP to factory default or clear the AP's internal storage.

To reset the AP to the default factory-shipped configuration, perform the following steps:

  1. Press, and continue to press the Mode button on the access point during the AP boot cycle.

  2. Press until the AP console shows a seconds counter.

    When the counter indicates the number of seconds for which the Mode button is pressed, the AP status LED changes to blinking red.

  3. Press the Mode button for less than 20 seconds to reset the AP to the default factory-shipped configuration.

The AP configuration files are cleared.

To clear the AP's internal storage, including all the configuration files, perform the following steps:

  1. Press, and continue to press the Mode button on the access point during the AP boot cycle.

  2. Press until the AP console shows a seconds counter.

    When the counter indicates the number of seconds for which the Mode button is pressed, the AP status LED changes to blinking red.

  3. Press the Mode button for more than 20 seconds, but less than 60 seconds to clear the AP internal storage, including all the configuration files.

This resets all the configuration settings to factory defaults, including passwords, the IP address, and the SSID.


Note


  • If the Mode button is pressed for more than 30 seconds, but less than 60 seconds, the FIPS mode flag is also cleared during the full factory reset of the AP. If the FIPS flag is set, the console access is disabled.

  • The AP status LED changes from blue to red, and all the files in the AP storage directory are cleared.

  • If you keep the Mode button pressed for more than 60 seconds, the button is assumed as being faulty and no changes are made.


Troubleshooting the Access Point to Cisco Controller Join Process


Note


As specified in the Cisco Wireless Solutions Software Compatibility Matrix, ensure that your controller is running Cisco IOS XE Cupertino 17.9.1 or a later release to support the Cisco CW9166I AP.

Access points can fail to join a controller for many reasons—a RADIUS authorization is pending, self-signed certificates are not enabled on the controller, the access point and the controller regulatory domains do not match, and so on.

Controller software enables you to configure the access points to send all CAPWAP-related errors to a syslog server. All the CAPWAP error messages can be viewed from the syslog server itself.

When the ordered AP is a CW9166I-MR model, or the AP is in Meraki Management mode, it will not attempt to join the Cisco 9800 Wireless Controller. Contact the Meraki support team to perform the migration procedure on the AP.

The state of the access point is not maintained on the controller. It can be difficult to determine why the discovery request from a certain access point was rejected. In order to troubleshoot such joining problems, we recommend that you run traces commands on the Cisco Catalyst 9800 Wireless Controller.

The controller collects all the join-related information for each access point that sends a CAPWAP discovery request to the controller. Collection begins with the first discovery message received from the access point and ends with the last configuration payload sent from the controller to the access point.

When the controller is maintaining join-related information for the maximum number of access points, it does not collect information for any more access points.

An access point sends all the syslog messages to the IP address 255.255.255.255 by default.

You can also configure a DHCP server to return a syslog server IP address to the access point using Option 7 on the server. The access point then starts sending all the syslog messages to this IP address.

When the access point joins a controller for the first time, the controller sends the global syslog server IP address (the default is 255.255.255.255) to the access point.

The access point send all the syslog messages to this IP address until it is overridden by the following configuration:

  • The access point is still connected to the same controller, and the global syslog server IP address configuration on the controller has been changed using the syslog host <ip address> command. In this case, the controller sends the new global syslog server IP address to the access point.

    To configure the global syslog server IP address, run these commands:

    1. configure terminal

    2. ap profile ap-profile-name

    3. syslog host syslog IP address

    4. exit

  • The access point is disconnected from the controller and joins another controller. In this case, the new controller sends its global syslog server IP address to the access point.

  • Whenever a new syslog server IP address overrides the existing syslog server IP address, the old address is erased from persistent storage, and the new address is stored in its place. The access point also starts sending all the syslog messages to the new IP address, provided the access point can reach the syslog server IP address.


Note


You can configure the syslog server for access points and view the access point join information only from the controller CLI.

Important Information for Controller-Based Deployments

Keep these guidelines in mind when you use Cisco CW9166I APs:

  • The AP can only communicate with Cisco wireless controllers.

  • The AP does not support Wireless Domain Services (WDS) and cannot communicate with WDS devices. However, the controller provides functionality equivalent to WDS when the AP joins it.

  • CAPWAP does not support Layer 2. The AP must get an IP address and discover the controller using Layer 3, DHCP, DNS, or IP subnet broadcast.

  • The AP console port is enabled for monitoring and debug purposes.

  • All the configuration commands are disabled when the AP is connected to a controller.

Configuring DHCP Option 43

You can use DHCP Option 43 to provide a list of controller IP addresses to the access points, enabling them to find and join a controller.

The following is a DHCP Option 43 configuration example on a Windows 2003 Enterprise DHCP server for use with Cisco Catalyst lightweight access points. For other DHCP server implementations, see the product documentation for configuring DHCP Option 43. In Option 43, you should use the IP address of the controller management interface.


Note


DHCP Option 43 is limited to one access point type per DHCP pool. You must configure a separate DHCP pool for each access point type.

The Cisco CW9166I access point uses the type-length-value (TLV) format for DHCP Option 43. DHCP servers must be programmed to return the option based on the access point DHCP Vendor Class Identifier (VCI) string (DHCP Option 43). The VCI string for the Cisco CW9166I access point is:

Cisco AP CW9166

The following is the format of the TLV block:

  • Type: 0xf1 (decimal 241)

  • Length: Number of controller IP addresses x 4

  • Value: IP addresses of the wireless controller management interfaces listed sequentially in Hex code.

To configure DHCP Option 43 in the embedded Cisco IOS DHCP server, follow these steps:

Procedure


Step 1

Enter the configuration mode

Step 2

Create the DHCP pool, including the necessary parameters, such as default router and name server. A DHCP scope example is as follows:


ip dhcp pool <pool name> 
network <IP Network> <Netmask> 
default-router <Default router> 
dns-server <DNS Server> 

Here:

<pool name> is the name of the DHCP pool, such as AP9166I.

<IP Network> is the network IP address where the controller resides, such as 10.0.15.1.

<Netmask> is the subnet mask, such as 255.255.255.0.

<Default router> is the IP address of the default router, such as 10.0.0.1.

<DNS Server> is the IP address of the DNS server, such as 10.0.10.2.

Step 3

Add the Option 43 line using the following syntax:


option 43 hex <hex string> 

The hex string is assembled by concatenating the following TLV values:

Type + Length + Value

For example, if there are two controllers with management interface IP addresses, 10.126.126.2 and 10.127.127.2, the type is f1(hex), the length is 2 * 4 = 8 = 08 (hex), and the IP addresses translate to 0a7e7e02 and 0a7f7f02. Assembling the string then yields f1080a7e7e020a7f7f02. The resulting Cisco IOS command added to the DHCP scope is option 43 hex f1080a7e7e020a7f7f02.