AP Disconnect. Reason:Idle in JOIN State,Model:WAX510D

PeterUK

USG 60W V4.62 as controller 

WAX510D V6.20

After rebooting my USG60W I'm getting “AP Disconnect. MAC:,Name:AP-,Reason:Idle in JOIN State,Model:WAX510D”

I think the problem has to do with the firmware of the AP odd thing is the wifi works but the AP is going amber and green all the time on the LED.

Workaround unplug the AP from power and plug back in

Zyxel_Bella

Hi @PeterUK

 

LED flashes in amber and green stands for AP is finding controller.

When AP had problem connecting with controller then the log will show as you mentioned if the CAPWAP packet somehow lost during process.

This command also can help you monitor the stage on AP:

Router> show capwap ap info

We used the model and firmware version as yours but can’t reproduce the symptom so can you provide related files for us to check?

The necessary files are diaginfo of USG60W, WAX510D, packets captured while issue happening.

Thank you.

 

Regards,

Bella

PeterUK

With show capwap ap info I get:

Router# show capwap ap info

Online mgnt ap: 1

Offline mgnt ap: 1

Un-mgnt ap: 0

Station : 0

I send you diaginfo by PM

Zyxel_Bella

Hi @PeterUK

 

The command can also be operated on AP to check CAPWAP status.

There are some clues in the files you provided, the CAPWAP request packets broadcast by AP but USG response to another MAC address.

Then we searched the ARP packets found two devices response the IP that AP is using.

Please check and exclude IP issue first. Provide the topology to us if the problem still not resolve.

 

Regards,

Bella

PeterUK

This maybe a topology problem but like I said the Workaround of unplug the AP from power and plug back in the AP will register with the USG. The problem only happens when you reboot the USG but not the AP.

I did a reconfigure of the USG for how it connects to the network and did not have this problem I then reconfigure back to how it was and the problem came back I then did a over night test with it going amber and green but wifi working to see if it fixes its self and it did so I'm now doing a timed test to see how long it takes, but I still think this is a problem and needs to be fixed so I will post up a topology of this network for you to test your end at some point.

PeterUK

Ok here is the topology that has the problem
https://us.v-cdn.net/6029482/uploads/editor/gi/qfmqvhpegsl3.png
 

PeterUK

Found the problem it was proxy ARP and not allowing the CAPWAP-Control from OPT to OPT on zywall 110 so the proxy arp made sending the response of 192.168.252.4 to MAC1 on the Zywall 110 for 192.168.252.5 but was blocked by the firewall allowing it the Zwall 110 would arp who has 192.168.252.5 and then the CAPWAP response would be sent to the WAX510D.

Zyxel_Bella

Hi @PeterUK

 

Exactly, the devices are assigned in the same subnet so the packet trace might have problem when you enable Proxy ARP on Zywall 110 in this topology. Are there any specific applications why you need to enable the feature on Zywall 110?

 

Normally the Proxy ARP is suggested to enable only on DHCP server which is VPN300 in your topology or use VLAN to prevent such situation.

 

How clear the topology and configurations it is, thanks for sharing!

 

Regards,

Bella

PeterUK

Proxy ARP needed to be enabled on the Zywall 110 as it was the gateway not VPN300.

I have however redone the network using Proxy arp in VLAN on the USG60W going from VLAN to WAN2 no SNAT to Zywall 110 OTP with static route I no longer need the VPN300 to do DHCP.