Two controllers are deployed in the same L2 subnet, Controller 1 and controller2. Controller 1 is the one that has the Mesh AP license installed and the Gateway/Wireless APs are configured. The wireless AP is not associating to the correct controller (controller1) where the Gateway AP is configured. It associates to the controller2 and the AP comes online as “Wireless” AP with the parent AP ID set to 0 (can be verified from #show ap <ap id> output) using the single demo Mesh license available in the controller2.
KB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: Controller, AP, mesh
RELATED SOFTWARE VERSIONS:
KEYWORDS: controller, AP, mesh
A. Verify the ap-topology table from controller1 where the
Gateway AP is associated.
wlan-controller# sh
ap-topology
Controller
|_AP-123 (wds 00:0c:e6:05:5b:08
ch 165) (Gateway)
|_|_(AP-124)(wds 00:0c:e6:05:5a:39 ch 165)
(Wireless)
B. Verify the wbs configuration in the Wireless
AP(AP124) to double check the Parent AP’s MAC by connecting to
the AP from the controller 2 where the AP is in the Enabled Online with
the parent AP ID set to 0.
#connect ap <ap
id>
ap -1> wbs show config
WBS
parent-mac is 00:0c:e6:05:5b:08
WBS channel is 165
WBS
country-code is 840
WBS encryption is on
WBS role is
wireless.
STEP
2: If the configurations on the controller and the Mesh APs
were correct, then you can add the AP’s
“A” radio MAC address in the controller2 in order to
avoid the wireless AP to join the controller 2 instead of the
controller 1.
The Wireless AP once joining the meru-backhaul
SSID sends the L2 discovery via the Gateway AP and whichever controller
hears the discovery packet will respond to the AP, making the Wireless
AP to associate to the controller. Here, as the controller2 was
responding to the discovery messages of the wireless AP, we can resolve
this by creating an AP-redirect entry for the Wireless AP with its
“A” radio MAC in the controller 2 as the APs use
it’s “A“ radio to associate to the Gateway
AP via the meru-backhaul SSID.
STEP 3: Make a note
of the Wireless AP’s “A” radio MAC from
the syntax #show ap-topology from controller1.
wlan-controller#
sh ap-topology
Controller
|_AP-123 (wds
00:0c:e6:05:5b:08 ch 165)
|_|_(AP-124)(wds 00:0c:e6:05:5a:39 ch
165)
STEP 4: Add the AP124’s
“A” radio MAC in the redirect by MAC list in the
controller2.
a. Go to “Configuration ”
>> Devices (Redirect).
b. Click on “AP
assignment by MAC”.
c. Click on the
“Add” button.
d. Enter the
“A” radio’s MAC address of the AP124 to
redirect to controller1, in the “AP MAC address”
field.
e. Enter the IP address or the hostname of the
controller1 to which you want to redirect this AP to, in the
“Destination Controller” field.
f. Click on
the “Add” button at the bottom of the screen to
make the redirects for this AP to work.
STEP 5:
Reboot the Wireless AP associated in the controller2. After the AP
reboot, when the AP tries to join the controller2, it will be redirected
to controller1 where the Gateway Ap is associated and will come up as
Wireless AP with the correct parent AP ID updated in the #show ap
<ap id>
output.
RESOLUTION: Adding the “A” radio’s MAC address of the wireless AP in the AP redirect by MAC will resolve the issue by making the Wireless AP to associate to the correct controller.
ROOT CAUSE: Though the configurations on the controller and the Mesh APs were correct, once the wireless AP joins the meru-backhaul SSID of the Gateway AP, it sends the L2 discovery via the Gateway AP and whichever controller hears the discovery packet will respond to the AP, making the Wireless AP to associate to the controller. Here, as the controller2 was responding to the discovery messages of the wireless AP, create an AP-redirect entry for the Wireless AP with its “A” radio MAC in the controller 2 as the APs use it’s “A“radio to associate to the Gateway AP via the meru-backhaul SSID.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.