排除AP未加入控制器的故障
背景信息在控制器版本4.2.61.0中,控制器现在跟踪向其发送发现请求的所有AP以及向哪些AP发送发现应答。它还跟踪尝试加入控制器的AP,以及它们是否成功。控制器上有2个新的CLI(控制台或SSH)命令,可帮助排除AP无法加入控制器的原因:
Show ap join stats summary Show ap join stats detailed AP_Mac_Address故障排除算法
使用show ap join stats summary all命令查看哪些AP未加入控制器。一旦控制器收到发现请求,AP即会插入到show ap join stats列表中。
注意:在控制器重新启动之前,控制器从不会从show ap join stats列表中删除AP。在某些情况下,故障AP已尝试加入超过一天或完全离线。使用show ap join stats detail命令查找从AP发送的最后发现请求和最后加入请求的时间,以确定AP是否已失去与控制器的连接或是否已移动到另一个控制器。
输出提供控制器从中接收发现请求的AP总数,然后列出这些AP当前是否已加入控制器。
(Cisco Controller) >show ap join stats summary allNumber of APs................................. 300:0b:85:1b:7c:b0............................. Joined00:12:44:bb:25:d0............................. Joined00:13:19:31:9c:e0............................. Not joined一旦您拥有未加入的AP的MAC地址,请使用show ap join stats summary <mac addr>发现最后加入和失败原因。
(Cisco Controller) >show ap join stats summary 00:14:f2:63:12:50Is the AP currently connected to controller............. YesTime at which the AP joined this controller last time... Jan 24 12:21:32.414Type of error that occurred last........................ AP got or has been disconnectedReason for error that occurred last..................... Timed out while waiting for ECHO response from the APTime at which the last join error occurred.............. Jan 24 12:21:14.751如果要获取有关发现请求、加入请求和配置请求的详细信息,请使用命令show ap join stats detail <mac-address>。此命令还指示控制器是否仅看到来自AP的发现请求,但看不到加入请求。
(Cisco Controller) >show ap join stats detail 00:14:f2:63:12:50Discovery phase statistics- Discovery requests received........................... 2- Successful discovery responses sent................... 2- Unsuccessful discovery request processing............. 0- Reason for last unsuccessful discovery attempt........ Not applicable- Time at last successful discovery attempt............. Jan 24 12:21:20.547- Time at last unsuccessful discovery attempt........... Not applicableJoin phase statistics- Join requests received................................ 2- Successful join responses sent........................ 2- Unsuccessful join request processing.................. 0- Reason for last unsuccessful join attempt............. Not applicable- Time at last successful join attempt.................. Jan 24 12:21:30.669- Time at last unsuccessful join attempt................ Not applicableConfiguration phase statistics- Configuration requests received....................... 2- Successful configuration responses sent............... 2- Unsuccessful configuration request processing......... 0- Reason for last unsuccessful configuration attempt.... Not applicable- Successful configuration attempt...................... Jan 24 12:21:32.414- Time at last unsuccessful configuration attempt....... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............ Not applicableLast AP disconnect details- Reason for last AP connection failure................. Timed out while waiting for ECHO response from the APLast join error summary- Type of error that occurred last...................... AP got or has been disconnected- Reason for error that occurred last................... Timed out while waiting for ECHO response from the AP- Time at which the last join error occurred............ Jan 24 12:21:14.751示例 1
在这种情况下,控制器上的时间不正确。错误表示AP证书负载无效。发生此错误是因为控制器上的时间超出证书有效时间间隔。确保show time命令指示正确的时间。请注意以下输出中的1993年3月6日时间值。这是控制器的时钟启动位置,但未配置NTP。
AP加入报告统计信息的三个阶段是发现、加入和配置阶段。检查AP无法加入或断开原因的最后错误摘要。
(Cisco Controller) >show ap join stats detailed 00:14:1b:5a:40:10Discovery phase statistics- Discovery requests received........................... 2- Successful discovery responses sent................... 1- Unsuccessful discovery request processing............. 2113123- Reason for last unsuccessful discovery attempt........ Discovery request received on unsupported VLAN- Time at last successful discovery attempt............. Mar 06 19:03:50.779- Time at last unsuccessful discovery attempt........... Mar 06 19:03:50.782Join phase statistics- Join requests received................................ 1- Successful join responses sent........................ 0- Unsuccessful join request processing.................. 1- Reason for last unsuccessful join attempt............. Certificate payload in join request contains invalid certificate- Time at last successful join attempt.................. Not applicable- Time at last unsuccessful join attempt................ Mar 06 19:04:00.810Configuration phase statistics- Configuration requests received....................... 0- Successful configuration responses sent............... 0- Unsuccessful configuration request processing......... 0- Reason for last unsuccessful configuration attempt.... Not applicable- Time at last successful configuration attempt......... Not applicable- Time at last unsuccessful configuration attempt....... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............ Not applicableLast AP disconnect details- Reason for last AP connection failure................. Not applicableLast join error summary- Type of error that occurred last...................... Lwapp join request rejected- Reason for error that occurred last................... Certificate payload in join request contains invalid certificate- Time at which the last join error occurred............ Mar 06 19:04:00.810 示例 2
在这种情况下,AP会在管理IP地址VLAN以外的VLAN上发送发现请求。控制器拒绝管理接口子网上未收到的所有发现请求。
(Cisco Controller) >show ap join stats detailed 00:14:1b:5a:40:10Discovery phase statistics- Discovery requests received........................... 10- Successful discovery responses sent................... 5- Unsuccessful discovery request processing............. 2113123- Reason for last unsuccessful discovery attempt........ Discovery request received on unsupported VLAN- Time at last successful discovery attempt............. Jan 30 14:30:12.284- Time at last unsuccessful discovery attempt........... Jan 30 14:30:12.288Join phase statistics- Join requests received................................ 4- Successful join responses sent........................ 0- Unsuccessful join request processing.................. 4- Reason for last unsuccessful join attempt............. Certificate payload in join request contains invalid certificate- Time at last successful join attempt.................. Not applicable- Time at last unsuccessful join attempt................ Mar 06 19:19:03.345Configuration phase statistics- Configuration requests received....................... 0- Successful configuration responses sent............... 0- Unsuccessful configuration request processing......... 0- Reason for last unsuccessful configuration attempt.... Not applicable- Time at last successful configuration attempt......... Not applicable- Time at last unsuccessful configuration attempt....... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............ Not applicableLast AP disconnect details- Reason for last AP connection failure................. Not applicableLast join error summary- Type of error that occurred last...................... Failed to send Lwapp discovery response- Reason for error that occurred last................... Discovery request received on unsupported VLAN- Time at which the last join error occurred............ Jan 30 14:30:12.288(Cisco Controller) >示例 3
在这种情况下,AP从此控制器移动到其主控制器。
注意:可能由于多种原因生成错误,其中一种原因是网络中断。
(Cisco Controller) >show ap join stats detailed 00:14:1b:5a:40:10Discovery phase statistics- Discovery requests received........................... 23- Successful discovery responses sent................... 23- Unsuccessful discovery request processing............. 0- Reason for last unsuccessful discovery attempt........ Not applicable- Time at last successful discovery attempt............. Jan 30 14:39:38.526- Time at last unsuccessful discovery attempt........... Not applicableJoin phase statistics- Join requests received................................ 21- Successful join responses sent........................ 21- Unsuccessful join request processing.................. 0- Reason for last unsuccessful join attempt............. Not applicable- Time at last successful join attempt.................. Jan 30 14:39:07.085- Time at last unsuccessful join attempt................ Not applicableConfiguration phase statistics- Configuration requests received....................... 21- Successful configuration responses sent............... 21- Unsuccessful configuration request processing......... 0- Reason for last unsuccessful configuration attempt.... Not applicable- Time at last successful configuration attempt......... Jan 30 14:39:09.481- Time at last unsuccessful configuration attempt....... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............ Not applicableLast AP disconnect details- Reason for last AP connection failure................. Timed out while waiting for ECHO response from the APLast join error summary- Type of error that occurred last...................... AP got or has been disconnected- Reason for error that occurred last................... Timed out while waiting for ECHO response from the AP- Time at which the last join error occurred............ Jan 30 14:40:15.451示例 4
在这种情况下,控制器上AP的自签名证书(SSC)不正确。控制器在将请求转发到定义的RADIUS服务器之前始终检查其本地数据库。因此,当控制器在本地找不到SSC时,RADIUS授权挂起以执行AP错误。
(Cisco Controller) >show ap join stats detailed 00:13:5f:fa:88:50Discovery phase statistics- Discovery requests received........................... 2- Successful discovery responses sent................... 1- Unsuccessful discovery request processing............. 2113123- Reason for last unsuccessful discovery attempt........ Discovery request received on unsupported VLAN- Time at last successful discovery attempt............. Jan 30 14:58:58.070- Time at last unsuccessful discovery attempt........... Jan 30 14:58:58.071Join phase statistics- Join requests received................................ 1- Successful join responses sent........................ 0- Unsuccessful join request processing.................. 1- Reason for last unsuccessful join attempt............. RADIUS authorization is pending for the AP- Time at last successful join attempt.................. Not applicable- Time at last unsuccessful join attempt................ Jan 30 14:59:13.111Configuration phase statistics- Configuration requests received....................... 0- Successful configuration responses sent............... 0- Unsuccessful configuration request processing......... 0- Reason for last unsuccessful configuration attempt.... Not applicable- Time at last successful configuration attempt......... Not applicable- Time at last unsuccessful configuration attempt....... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............ Not applicableLast AP disconnect details- Reason for last AP connection failure................. Radius authorization of the AP has failedLast join error summary- Type of error that occurred last...................... AP got or has been disconnected- Reason for error that occurred last................... Radius authorization of the AP has failed- Time at which the last join error occurred............ Jan 30 14:59:13.117(Cisco Controller) >示例 5
(Cisco Controller) >show ap join stats detailed 0026cb8168c0Discovery phase statistics- Discovery requests received.............................. 202- Successful discovery responses sent...................... 0- Unsuccessful discovery request processing................ 0- Reason for last unsuccessful discovery attempt........... Not applicable- Time at last successful discovery attempt................ Not applicable- Time at last unsuccessful discovery attempt.............. Not applicableJoin phase statistics- Join requests received................................... 122- Successful join responses sent........................... 0- Unsuccessful join request processing..................... 0- Reason for last unsuccessful join attempt................ Not applicable- Time at last successful join attempt..................... Not applicable- Time at last unsuccessful join attempt................... Not applicableConfiguration phase statistics- Configuration requests received.......................... 115- Successful configuration responses sent.................. 0- Unsuccessful configuration request processing............ 0- Reason for last unsuccessful configuration attempt....... Not applicable--More-- or (q)uit- Time at last successful configuration attempt............ Not applicable- Time at last unsuccessful configuration attempt.......... Not applicableLast AP message decryption failure details- Reason for last message decryption failure............... Not applicableLast AP disconnect details- Reason for last AP connection failure.................... Image data request received from an unsupported APLast join error summary- Type of error that occurred last......................... AP got or has been disconnected- Reason for error that occurred last...................... Image data request received from an unsupported AP- Time at which the last join error occurred............... Feb 16 00:50:16.841Discovery phase statistics- Discovery requests received.............................. 44- Successful discovery responses sent...................... 44- Unsuccessful discovery request processing................ 0- Reason for last unsuccessful discovery attempt........... Not applicable- Time at last successful discovery attempt................ Feb 26 18:36:24.098- Time at last unsuccessful discovery attempt.............. Not applicableJoin phase statistics- Join requests received................................... 44- Successful join responses sent........................... 0- Unsuccessful join request processing..................... 44- Reason for last unsuccessful join attempt................ Join request received from an unsupported AP- Time at last successful join attempt..................... Not applicable- Time at last unsuccessful join attempt................... Feb 26 18:36:39.497Configuration phase statistics- Configuration requests received.......................... 0- Successful configuration responses sent.................. 0- Unsuccessful configuration request processing............ 0- Reason for last unsuccessful configuration attempt....... Not applicable- Time at last successful configuration attemp--More-- or (q)uitt............ Not applicable- Time at last unsuccessful configuration attempt.......... Not applicableLast AP message decrytion failure details- Reason for last message decryption failure............... Not applicableLast AP disconnect details- Reason for last AP connection failure.................... Not applicableLast join error summary- Type of error that occurred last......................... Lwapp join request rejected- Reason for error that occurred last...................... Join request received from an unsupported AP- Time at which the last join error occurred............... Feb 26 18:36:39.497
页:
[1]