Access point (AP) registration consists of a discovery and join process. Registration is the first step in getting your wireless network up and running. If you understand how the discovery and join process works, your job will be much easier when you have to troubleshoot it. One of the major selling points of the AP and Controller design product is its scalability. You can take an AP out of the box and literally plug it into any port on your network and the AP will join the controller. This only happens if you have everything configured correctly. The point is that the port that you plug the AP into might be thousands of miles of away from the controller that it is supposed to join. What does this mean in terms of troubleshooting? It is vital that you understand the discovery process because there could be multiple networks—large complex networks at that.

The world of wireless just became much more complex because of the Lightweight Access Point Protocol (LWAPP) and Control and Provisioning of Wireless Access Points (CAPWAP) protocols. Scalability has a price.

The introduction of CAPWAP in Version 5.2 added another way for the AP to join the WLC. This is not a big issue, but it does complicate the process because it is now necessary to talk about both discovery and join processes for LWAPP and CAPWAP.

AP registration is really two parts: the discovery and join phases, as seen in Figure 8-1. The discovery is just that—the AP discovering and validating that it is indeed talking to a controller. The join process is essentially the AP joining the Wireless LAN Controller (WLC) and the building of the encrypted tunnel between the AP-Manager and the AP. The discovery and join process do differ between LWAPP and CAPWAP. This topic takes a look at LWAPP first.


Cisco APs use a process called discovery to join a WLC. Both of the wireless devices use LWAPP to communicate with each other. The LWAPP APs and the WLC are known for their scalability. Regardless of the physical or logical location in the network, they can be plugged in anywhere. A new AP, right from the box, can be plugged in anywhere regardless of the subnet. After it is plugged in, it finds the WLC. The AP then receives the WLC version of code and configuration. After this is sent to the AP, it is ready to start serving clients.

Lightweight access points (LAP) are “zero-touch” deployed. The steps in this process are as follows:

Step 1. LWAPP begins with a WLC discovery and join phase. The APs send LWAPP discovery request messages to WLCs.

Step 2. Any WLC receiving the LWAPP discovery request responds with an LWAPP discovery response message.

Step 3. From the LWAPP, the AP proceeds to step discovery responses received. Then an AP selects a WLC to join.

Step 4. The AP sends an LWAPP join request to the WLC, expecting an LWAPP join response.

Step 5. The WLC validates the AP and then sends an LWAPP join response to the AP. The AP validates the WLC to complete the discovery and join process. The validation on both the AP and WLC is a mutual authentication mechanism. An encryption key derivation process is subsequently initiated. The encryption key secures future LWAPP messages.

The first problem, though, is how to determine where to send the LWAPP discovery request messages. The Cisco implementation defines an AP controller hunting process and discovery algorithm. The AP builds a list of WLCs using the search and discovery process, and then it selects a controller to join from the list.

The search process is as follows:

Step 1. The AP issues a Dynamic Host Configuration Protocol (DHCP) discover request to get an IP address, unless it has previously had a static IP address configured.

Step 2. If the AP supports Layer 2 LWAPP mode, it broadcasts an LWAPP discovery message in a Layer 2 LWAPP frame. Any WLC connected to the network that is configured to operate in Layer 2 LWAPP mode responds with a Layer 2 LWAPP discovery response. If Layer 2 LWAPP mode is not supported by the AP or the AP fails to receive an LWAPP discovery response to the Layer 2 LWAPP discovery message broadcast, the AP proceeds to Step 3.

Step 3. If Step 1 fails or if the AP does not support Layer 2 LWAPP mode, attempt a Layer 3 LWAPP WLC discovery.

Step 4. If Step 3 fails, reset and return to Step 1.

The controller search process repeats until at least one WLC is found and joined.

The AP goes through this process on startup:

  1. The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  2. The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
    1. DHCP option 43 (good for global companies where offices and controllers are on different continents)
    2. DNS entry for cisco-capwap-controller (good for local businesses – can also be used to find where brand new APs join)Note: If you use CAPWAP, make sure that there is a DNS entry for cisco-capwap-controller.
    3. Management IP addresses of controllers the LAP remembers previously
    4. A Layer 3 broadcast on the subnet
    5. Statically configured information
    6. Controllers present in the mobility group of the WLC the AP last joined