Access point (AP) registration consists of a discovery and join process. Registration is the first step in getting your wireless network up and running. If you understand how the discovery and join process works, your job will be much easier when you have to trou-bleshoot it. One of the major selling points of the AP and Controller design product is its scalability. You can take an AP out of the box and literally plug it into any port on your network and the AP will join the controller. This only happens if you have everything configured correctly. The point is that the port that you plug the AP into might be thousands of miles of away from the controller that it is supposed to join. What does this mean in terms of troubleshooting? It is vital that you understand the discovery process because there could be multiple networks—large complex networks at that.
The world of wireless just became much more complex because of the Lightweight Access Point Protocol (LWAPP) and Control and Provisioning of Wireless Access Points (CAPWAP) protocols. Scalability has a price.
The introduction of CAPWAP in Version 5.2 added another way for the AP to join the WLC. This is not a big issue, but it does complicate the process because it is now necessary to talk about both discovery and join processes for LWAPP and CAPWAP.
AP registration is really two parts: the discovery and join phases, as seen in Figure 8-1. The discovery is just that—the AP discovering and validating that it is indeed talking to a controller. The join process is essentially the AP joining the Wireless LAN Controller (WLC) and the building of the encrypted tunnel between the AP-Manager and the AP. The discovery and join process do differ between LWAPP and CAPWAP. This topic takes a look at LWAPP first.
Note The Cisco 5508 wireless controller does not require AP-Manager interfaces. The Management interface in a Cisco 5508 controller can act like a dynamic AP-Manager interface.
Figure 8-1 Discovery and Join Process
This is where the management and AP-Manager functions come into play. Each interface plays a role in this procedure. The management interface handles the discovery, whereas the AP-Manager handles the join, as seen in Figure 8-2.
Figure 8-2 Discovery, Join Packets, and Interface Handling (Excluding 5500 Series)
An exception to this exists, and that exception applies to the WLC 5500 series because this platform has no AP-Manager. The management interface handles both functions on the 5500 series platform, as seen in Figure 8-3.
Figure 8-3 Discovery, Join Packets, and Interface Handling for 5500 Series
Cisco APs use a process called discovery to join a WLC. Both of the wireless devices use LWAPP to communicate with each other. The LWAPP APs and the WLC are known for their scalability. Regardless of the physical or logical location in the network, they can be plugged in anywhere. A new AP, right from the box, can be plugged in anywhere regardless of the subnet. After it is plugged in, it finds the WLC. The AP then receives the WLC version of code and configuration. After this is sent to the AP, it is ready to start serving clients.
Lightweight access points (LAP) are "zero-touch" deployed. The steps in this process are as follows:
Step 1. LWAPP begins with a WLC discovery and join phase. The APs send LWAPP discovery request messages to WLCs.
Step 2. Any WLC receiving the LWAPP discovery request responds with an LWAPP discovery response message.
Step 3. From the LWAPP, the AP proceeds to step discovery responses received. Then an AP selects a WLC to join.
Step 4. The AP sends an LWAPP join request to the WLC, expecting an LWAPP join response.
Step 5. The WLC validates the AP and then sends an LWAPP join response to the AP. The AP validates the WLC to complete the discovery and join process. The validation on both the AP and WLC is a mutual authentication mechanism. An encryption key derivation process is subsequently initiated. The encryption key secures future LWAPP messages.
The first problem, though, is how to determine where to send the LWAPP discovery request messages. The Cisco implementation defines an AP controller hunting process and discovery algorithm. The AP builds a list of WLCs using the search and discovery process, and then it selects a controller to join from the list.
The search process is as follows:
Step 1. The AP issues a Dynamic Host Configuration Protocol (DHCP) discover request to get an IP address, unless it has previously had a static IP address configured.
Step 2. If the AP supports Layer 2 LWAPP mode, it broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. Any WLC connected to the network that is configured to operate in Layer 2 LWAPP mode responds with a Layer 2 LWAPP discovery response. If Layer 2 LWAPP mode is not supported by the AP or the AP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast, the AP proceeds to Step 3.
Step 3. If Step 1 fails or if the AP does not support Layer 2 LWAPP mode, attempt a Layer 3 LWAPP WLC discovery.
Step 4. If Step 3 fails, reset and return to Step 1.
The controller search process repeats until at least one WLC is found and joined. Figure 8-4 illustrates the process using a flowchart for a different perspective.
Figure 8-4 Discovery and Join Packet Flow
