★ A classic case where VPN-instance configuration on a converged AC causes APs to fail coming online

Converged AC (S6805-56HF-G) → Access SW → AP

1. Layer 2 registration. After configuring the VPN-instance under the VLAN interface and DHCP, the AP can obtain an address, and the AC can ping the AP, but the AP cannot go online.

2. Directly specifying the AC IP address on the AP (wlan ac ip xx) does not work.

3. Removing the VPN-instance-related configuration (VPN-instance) allows the AP to go online normally.

1. Debugging wlan capwap all on the AP shows that the AP has sent discovery packets normally.

2. No echo was found when debugging on the converged AC.

3. Printing the actual received packets on the converged AC reveals that they can be received. Therefore, it is suspected that the apmgr module of the converged AC is abnormal.

Subsequent communication and acknowledgment indicate that the conventional AC does not support configuring VPN-instance. Therefore, the apmgr module of the AC does not include VPN-instance-related content in the process of sending and receiving CAPWAP packets. However, when a switch or router serves as a converged AC, it inherently supports configuring VPN-instance, but CAPWAP has not been adapted for this.

1. If there are no special requirements, simply remove the VPN-instance.

2. If VPN-instance configuration is required, make the changes on the downstream or upstream SW, and do not configure it on the AC.