My Home NW Lab

逸般の誤家庭のネットワーク

Catalyst 9800 & 9100における無線APのCAPWAPプロセスのリスタート

Catalyst Wireless Catalyst 9800

Catalyst 9800 (WLC) & 9100 (無線AP)の環境下において「無線APのCAPWAPプロセスをリスタート」する場合の手順を記載します。

⚠️ 注記: CAPWAPプロセスのリスタートであって、無線APの再起動ではありません。

想定されるユースケースの一例としては、N+1のAct-Act構成で無線APの帰属先WLCの設定を変更したので、Join処理を速やかに再始動したいケースが想定されます。

無線APのCAPWAPプロセスをリスタートするユースケース

無線APとWLC間のCAPWAPトンネルを切断するためサービス影響がある点に留意してください。

検証時の環境は C9800-CL Version 17.15.3 と CW9162-I です。

実行コマンド

無線APとWLCでコマンドが異なります。

Catalyst 9800 & 9100における無線APのCAPWAPプロセスのリスタート

無線APからの実行

  • 無線APの特権モードでコマンドを実行します。
capwap ap restart
  • 下記のように確認プロンプトが出るため、問題がなければEnterを押下します。
AP# capwap ap restart
Warning: This CLI resets connection with WLC.
Do you want to continue? [confirm]

備考: SSHで無線APに接続してコマンドを実行しても、SSHセッションは基本的に切れません。

WLCからの実行

  • WLCでは無線AP名を指定する必要があるため、無線APの一覧を事前で確認します。
show ap summary

下記は実行結果の参考例です。

WLC# show ap summary
Number of APs: 1

CC = Country Code
RD = Regulatory Domain

AP Name                          Slots AP Model             Ethernet MAC   Radio MAC      CC   RD   IP Address                                State        Location
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
AP                               3     CW9162I-Q            ****.****.**** ****.****.**** J4   -Q   198.51.100.11                             Registered   default location                

WLC#
  • <AP-Name> の部分を対象の無線AP名に置き換えて、特権モードでコマンドを実行します。「capwap」の引数を忘れないでください。
ap name <AP-Name> reset capwap

capwap」の引数を忘れると、無線APのOSレベルの再起動になってしまいます。

コマンドの引数の有無に注意

作業後の帰属先のチェック

CAPWAPプロセスのリスタート後は、「無線APが意図したWLCに帰属しているか」の確認を忘れないようにします。

無線AP側での確認の場合は show capwap client rcbMwarApMgrIpMwarName でJoin先を確認できます。

AP# show capwap client rcb
AdminState                         : ADMIN_ENABLED
OperationState                     : UP
Name                               : AP
SwVer                              : 17.15.3.28
HwVer                              : 1.0.0.0
MwarApMgrIp                        : 198.51.100.241
MwarName                           : WLC
<snip>

実行時のログのサンプル

下記はFlexConnect modeの無線APでCAPWAPプロセスをリスタートした際の例です。

特記事項としてはCAPWAPのプロセスがリスタートしてJoin処理が走ってはいますが、無線AP自体の再起動はされていない点です。

AP# capwap ap restart
Warning: This CLI resets connection with WLC.
AP#[*06/22/2025 02:36:09.5748] rm]
[*06/22/2025 02:36:09.5748] Going to restart CAPWAP (reason : IPC_CLI_CAPWAP_RESTART_COMMAND)...
[*06/22/2025 02:36:09.5748]
[*06/22/2025 02:36:09.5750] Restarting CAPWAP State Machine.
[*06/22/2025 02:36:09.6222] Flexconnect Switching to Standalone Mode!
[*06/22/2025 02:36:09.6664] wlan: [0:I:CMN_MLME] mlme_ext_vap_down: VAP (apr0v1) is down
[*06/22/2025 02:36:09.6908] wlan: [0:I:CMN_MLME] mlme_ext_vap_down: VAP (apr1v1) is down
[*06/22/2025 02:36:10.0706]
[*06/22/2025 02:36:10.0706] CAPWAP State: DTLS Teardown
[*06/22/2025 02:36:10.1627] CLEANAIR: Slot 0 CAPWAP down
[*06/22/2025 02:36:10.1636] CLEANAIR: Slot 1 CAPWAP down
[*06/22/2025 02:36:10.4223] status 'upgrade.sh: Script called with args:[CANCEL]'
[*06/22/2025 02:36:10.4904] do CANCEL, part2 is active part
[*06/22/2025 02:36:10.5408] status 'upgrade.sh: Cleanup tmp files ...'
[*06/22/2025 02:36:10.6155] Directory /tmp/ntevents not found.
[*06/22/2025 02:36:10.6170] Dropping dtls packet since session is not established. Peer 198.51.100.241-5246, Local 198.51.100.11-5272, conn (nil)
[*06/22/2025 02:36:15.2710] dtls_queue_first: Nothing to extract!
[*06/22/2025 02:36:15.2710]
[*06/22/2025 02:36:15.3506] Discovery Response from 198.51.100.241
[*06/22/2025 02:36:15.3509] Found Configured MWAR 'WLC' (respIdx 0).
[*06/22/2025 02:36:15.0000] Started wait dtls timer (60 sec)
[*06/22/2025 02:36:15.0218]
[*06/22/2025 02:36:15.0218] CAPWAP State: DTLS Setup
[*06/22/2025 02:36:15.0251] Invalid event 2 & state 3 combination.
[*06/22/2025 02:36:15.0252] CAPWAP SM handler: Failed to process message type 2 state 3.
[*06/22/2025 02:36:15.0252] Failed to handle capwap control message from controller - status 1
[*06/22/2025 02:36:15.0252] Failed to process unencrypted capwap packet 0x55764b6000 from 198.51.100.241
[*06/22/2025 02:36:15.0252] Failed to send message to CAPWAP state machine, msgId 0
[*06/22/2025 02:36:15.0253] Failed to send capwap message 0 to the state machine. Packet already freed.
[*06/22/2025 02:36:15.0253] IPv4 wtpProcessPacketFromSocket returned 1
[*06/22/2025 02:36:15.0253] Invalid event 2 & state 3 combination.
[*06/22/2025 02:36:15.0253] CAPWAP SM handler: Failed to process message type 2 state 3.
[*06/22/2025 02:36:15.0254] Failed to handle capwap control message from controller - status 1
[*06/22/2025 02:36:15.0254] Failed to process unencrypted capwap packet 0x5576697000 from 198.51.100.241
[*06/22/2025 02:36:15.0254] Failed to send message to CAPWAP state machine, msgId 0
[*06/22/2025 02:36:15.0254] Failed to send capwap message 0 to the state machine. Packet already freed.
[*06/22/2025 02:36:15.0254] IPv4 wtpProcessPacketFromSocket returned 1
[*06/22/2025 02:36:15.0255] Invalid event 2 & state 3 combination.
[*06/22/2025 02:36:15.0255] CAPWAP SM handler: Failed to process message type 2 state 3.
[*06/22/2025 02:36:15.0255] Failed to handle capwap control message from controller - status 1
[*06/22/2025 02:36:15.0255] Failed to process unencrypted capwap packet 0x557669d000 from 198.51.100.243
[*06/22/2025 02:36:15.0256] Failed to send message to CAPWAP state machine, msgId 0
[*06/22/2025 02:36:15.0256] Failed to send capwap message 0 to the state machine. Packet already freed.
[*06/22/2025 02:36:15.0256] IPv4 wtpProcessPacketFromSocket returned 1
[*06/22/2025 02:36:15.0256] Invalid event 2 & state 3 combination.
[*06/22/2025 02:36:15.0257] CAPWAP SM handler: Failed to process message type 2 state 3.
[*06/22/2025 02:36:15.0257] Failed to handle capwap control message from controller - status 1
[*06/22/2025 02:36:15.0257] Failed to process unencrypted capwap packet 0x55764b4000 from 198.51.100.242
[*06/22/2025 02:36:15.0257] Failed to send message to CAPWAP state machine, msgId 0
[*06/22/2025 02:36:15.0257] Failed to send capwap message 0 to the state machine. Packet already freed.
[*06/22/2025 02:36:15.0257] IPv4 wtpProcessPacketFromSocket returned 1
[*06/22/2025 02:36:15.0697] First connect to vWLC, accept vWLC by default
[*06/22/2025 02:36:15.0697]
[*06/22/2025 02:36:15.0801] dtls_verify_server_cert: vWLC is using SSC, returning 1
[*06/22/2025 02:36:15.8716]
[*06/22/2025 02:36:15.8716] CAPWAP State: Join
[*06/22/2025 02:36:16.9911] DOT11_CFG[0]: Sending TLV_DOT11_RADIO_TXRX_CAPABILITY slotid 0 radioFraEnabled 1, radioSubType 0, serviceType 0, radioType 1, bandId 0, bssidScheme 0
[*06/22/2025 02:36:16.9924] DOT11_CFG[1]: Sending TLV_DOT11_RADIO_TXRX_CAPABILITY slotid 1 radioFraEnabled 1, radioSubType 0, serviceType 0, radioType 2, bandId 1, bssidScheme 0
[*06/22/2025 02:36:16.9939] DOT11_CFG[2]: Sending TLV_DOT11_RADIO_TXRX_CAPABILITY slotid 2 radioFraEnabled 1, radioSubType 0, serviceType 0, radioType 16, bandId 2, bssidScheme 3
[*06/22/2025 02:36:16.9960] Encoding TLV_AP_FEATURE_CAPABILITY_PAYLOAD value=0xbb
[*06/22/2025 02:36:16.9960] Encoding TLV_AP_EXTENDED_FEATURE_CAPABILITY  value=0x2b
[*06/22/2025 02:36:16.9961] Encoding TLV_AP_UL_CAPABILITY_PAYLOAD is_ul_capable_ap: 0 compliance state: 0  nonCompReason: 0
[*06/22/2025 02:36:16.9962] Sending Join request to 198.51.100.241 through port 5272, packet size 1376
[*06/22/2025 02:36:17.0034] Join Response from 198.51.100.241, packet size 1397
[*06/22/2025 02:36:17.0035] AC accepted previous sent request with result code: 0
[*06/22/2025 02:36:17.0035] Received wlcType 0, timer 30
[*06/22/2025 02:36:17.0755] nssmgrctl | setup_tunnel: Replace existing tunnel 0
[*06/22/2025 02:36:17.1206]
[*06/22/2025 02:36:17.1206] CAPWAP State: Image Data
[*06/22/2025 02:36:17.1217] AP image version 17.15.3.28 backup 17.9.3.50, Controller 17.15.3.28
[*06/22/2025 02:36:17.1219] Version is the same, do not need update.
[*06/22/2025 02:36:17.2224] status 'upgrade.sh: Script called with args:[NO_UPGRADE]'
[*06/22/2025 02:36:17.2921] do NO_UPGRADE, part2 is active part
[*06/22/2025 02:36:17.3237]
[*06/22/2025 02:36:17.3237] CAPWAP State: Configure
[*06/22/2025 02:36:18.7952] KDUMP is not supported for this model AP
[*06/22/2025 02:36:19.0485]
[*06/22/2025 02:36:19.0485] CAPWAP State: Run
[*06/22/2025 02:36:19.2513] AP has joined controller WLC
[*06/22/2025 02:36:19.2528] Flexconnect Switching to Connected Mode!
[*06/22/2025 02:36:19.8857] wlan: [7856:E:ANY] wlan_set_param: Bcast Probe response is already disabled
[*06/22/2025 02:36:19.8859] DOT11_DRV[2]: Discovery frame type is set to 'NONE'. Setting discfrm_6g_clear_usr_override to 1
[*06/22/2025 02:36:19.8862] cfg80211tool wifi2 rnr_unsolicited_prb_resp_en 0;
[*06/22/2025 02:36:20.0897] Previous AP mode is 2, change to 2
[*06/22/2025 02:36:20.1354] Current session mode: ssh, Configured: Telnet-No, SSH-Yes, Console-Yes
[*06/22/2025 02:36:20.1354]
[*06/22/2025 02:36:20.1618] Current session mode: telnet, Configured: Telnet-No, SSH-Yes, Console-Yes
[*06/22/2025 02:36:20.1618]
[*06/22/2025 02:36:20.1891] Current session mode: console, Configured: Telnet-No, SSH-Yes, Console-Yes
[*06/22/2025 02:36:20.1891]
[*06/22/2025 02:36:20.2911] chpasswd: password for user changed
[*06/22/2025 02:36:20.3337] chpasswd: password for user changed
[*06/22/2025 02:36:20.3831]
[*06/22/2025 02:36:20.3831] Same LSC mode, no action needed
[*06/22/2025 02:36:20.3899] KDUMP is not supported for this model AP
[*06/22/2025 02:36:20.8824] Same value is already set.
[*06/22/2025 02:36:21.1294] BLE admin config command. ignoring config command
[*06/22/2025 02:36:21.1294] BLE admin config command. ignoring config command
[*06/22/2025 02:36:21.1315] BLE Scan req config command. ignoring config command
[*06/22/2025 02:36:21.5044] Got WSA Server config TLVs
[*06/22/2025 02:36:24.5594] hostapd:eap_id_req_timeout 30 eap_id_req_maxretries 2 eap_req_timeout 30 eap_req_maxretries 2
[*06/22/2025 02:36:24.5599] hostapd:eap_id_req_timeout 30 eap_id_req_maxretries 2 eap_req_timeout 30 eap_req_maxretries 2
[*06/22/2025 02:36:24.5608] hostapd:eap_id_req_timeout 30 eap_id_req_maxretries 2 eap_req_timeout 30 eap_req_maxretries 2
[*06/22/2025 02:36:25.1464] wlan: [0:I:CMN_MLME] mlme_ext_vap_down: VAP (mon0) is down
[*06/22/2025 02:36:25.1476] wlan: [0:E:ANY] mlme_ext_vap_up: VAP (apr0v1) is up, vdev_id:1 pdev_id:1 psoc_id:0
[*06/22/2025 02:36:25.1499] wlan: [0:E:ANY] mlme_ext_vap_up: VAP (mon0) is up, vdev_id:16 pdev_id:1 psoc_id:0
[*06/22/2025 02:36:25.9043] wlan: [0:I:CMN_MLME] mlme_ext_vap_down: VAP (mon1) is down
[*06/22/2025 02:36:25.9050] wlan: [0:D:dfs] Skip cac as there are running vaps
[*06/22/2025 02:36:25.9054] wlan: [0:E:ANY] mlme_ext_vap_up: VAP (apr1v1) is up, vdev_id:18 pdev_id:0 psoc_id:0
[*06/22/2025 02:36:25.9247] wlan: [0:E:ANY] mlme_ext_vap_up: VAP (mon1) is up, vdev_id:33 pdev_id:0 psoc_id:0
[*06/22/2025 02:36:26.6475] AP tag  change to PolTag_Common

AP#

ちなみにWLCから実行した場合のログ出力ですが、

  • 無線APのCLIからの実行を示唆する「Going to restart CAPWAP (reason : IPC_CLI_CAPWAP_RESTART_COMMAND)...」の部分が
  • WLCから指示があったのを示唆する「Going to restart CAPWAP (reason : Payload received to restart CAPWAP)...」になります。

関連ドキュメント

無線AP関連のドキュメント

Cisco Catalyst 9100 Series Wi-Fi6/6E Access Point Command Reference, IOS-XE Releases - capwap Commands [Cisco Catalyst 9100 Access Points] - Cisco
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/ios-xe/command-reference/b-cisco-cat-ap-iosxe-cr/capwap_commands.html#capwap-ap-restart

Cisco Catalyst 9100 シリーズ Wi-Fi6/6E アクセスポイント(IOS-XE リリース)コマンドリファレンス - capwap コマンド [Cisco Catalyst 9100 Access Points] - Cisco
https://www.cisco.com/c/ja_jp/td/docs/wireless/access_point/ios-xe/command-reference/b-cisco-cat-ap-iosxe-cr/capwap_commands.html#capwap-ap-restart

WLC関連のドキュメント

WLCに関してはCisco Liveの資料にコマンドが掲載されていました。

Catalyst Wireless - How to Successfully Migrate to Catalyst 9800 – BRKEWN-2338
https://www.ciscolive.com/on-demand/on-demand-library.html#/session/1686177779287001VObt

PDFの直接リンク: https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2023/pdf/BRKEWN-2338.pdf

スライド: 112 / 142 にて、EEM (Embedded Event Manager)での処理内容の一部としてコマンドの情報が載っています。

関連記事

myhomenwlab.hatenablog.com