16
Troubleshooting the Access Point Join Process
Access points can fail to join a controller for many reasons: a RADIUS authorization is pending;
self-signed certificates are not enabled on the controller; the access point’s and controller’s regulatory
domains don’t match, and so on.
Controller software enables you to configure the access points to send all CAPWAP-related errors to
a syslog server. You do not need to enable any debug commands on the controller because all of the
CAPWAP error messages can be viewed from the syslog server itself.
The state of the access point is not maintained on the controller until it receives a CAPWAP join
request from the access point. Therefore, it can be difficult to determine why the CAPWAP discovery
request from a certain access point was rejected. In order to troubleshoot such joining problems
without enabling CAPWAP debug commands on the controller, the controller collects information for
all access points that send a discovery message to it and maintains information for any access points
that have successfully joined it.
The controller collects all join-related information for each access point that sends a CAPWAP
discovery request to the controller. Collection begins with the first discovery message received from
the access point and ends with the last configuration payload sent from the controller to the access
point.
You can view join-related information for the following numbers of access points:
•Up to 300 access points for 4400 series controllers, the Cisco WiSM, and the Catalyst 3750G
Integrated Wireless LAN Controller Switch
•Up to three times the maximum number of access points supported by the platform for the 2100
series controllers and the Controller Network Module within the Cisco 28/37/38xx Series
Integrated Services Routers
When the controller is maintaining join-related information for the maximum number of access points,
it does not collect information for any more access points.
An access point sends all syslog messages to IP address 255.255.255.255 by default when any of the
following conditions are met:
•An access point running software release 5.2 or later has been newly deployed.
•An existing access point running software release 5.2 or later has been reset after clearing the
configuration.
If any of these conditions are met and the access point has not yet joined a controller, you can also
configure a DHCP server to return a syslog server IP address to the access point using option 7 on the
server. The access point then starts sending all syslog messages to this IP address.
When the access point joins a controller for the first time, the controller sends the global syslog server
IP address (the default is 255.255.255.255) to the access point. After that, the access point sends all
syslog messages to this IP address until it is overridden by one of the following scenarios: