Cisco AP not in bound state and will not join controller

At a customers a new SAP2702I would not join the controller and was stuck in a loop of translating cisco-capwap-controller and renew its IP address.

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.1.120) S Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Not in Bound state. *Mar 1 00:03:37.059: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.20, mask 255.255.255.0, hostname AP0035.2074.17fb Not in Bound state. *Mar 1 00:04:19.495: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP. *Mar 1 00:04:22.567: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.20.20, mask 255.255.255.0, hostname AP0035.2074.17fb Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.1.120)

The problem turned out to be a DNS-related issue. By issuing a few ping commands from the access point, we would see that it was able to get the needed connectivity, but were unable to resolve “cisco-capwap-controller”.

Ping towards the Internet worked fine:

AP0035.2074.17fb#debug capwap client detail CAPWAP Client DETAIL display debugging is on AP0035.2074.17fb#ping vg.no Translating "vg.no"...domain server (172.16.1.120) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 195.88.54.16, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/16 ms

Ping (and resolution) of WLC did not work:

AP0035.2074.17fb#ping cisco-capwap-controller % Unrecognized host or address, or protocol not running.

Ping and resolution of the FQDN of the WLC worked:

AP0035.2074.17fb#ping cisco-capwap-controller.omit.local Translating "cisco-capwap-controller.omit.local"...domain server (172.16.1.120) *Mar 1 00:14:21.227: CAPWAP_DETAIL: Dtls Event = 40 Capwap State = 2. [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.32.11, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms AP0035.2074.17fb#

Definitely a DNS issue then.
I could also find a problem when issuing the command “show ip dns view” through the console port of the access point, we would see something is missing.

AP0035.2074.17fb#show ip dns view DNS View default parameters: Logging is off DNS Resolver settings: Domain lookup is enabled Default domain name: Domain search list: Lookup timeout: 3 seconds Lookup retries: 2 Domain name-servers: 172.16.1.120 DNS Server settings: Forwarding of queries is enabled Forwarder timeout: 3 seconds Forwarder retries: 2 Forwarder addresses:

So my adding option 15 in MS DNS, “DNS Domain Name” – or as it would look in a Windows ipconfig-output: DNS-suffix.
dns-wlc

AP0035.2074.17fb#show ip dns view DNS View default parameters: Logging is off DNS Resolver settings: Domain lookup is enabled Default domain name: omit.local Domain search list: Lookup timeout: 3 seconds Lookup retries: 2 Domain name-servers: 172.16.1.120 DNS Server settings: Forwarding of queries is enabled Forwarder timeout: 3 seconds Forwarder retries: 2 Forwarder addresses:

Now, this DNS option had been missing since forever, so my guess was that something changed within the DNS-server itself. I would imagine that previously the DNS-server automatically assumed omit.local as DNS suffix if missing from the DNS-request.
Anyway, hopefully this will assist someone who might be experiencing the same issue.

0.00 avg. rating (0% score) - 0 votes

Leave a Reply

Your email address will not be published. Required fields are marked *