3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN

Similar Messages

• Cisco APs not joining WLC

  Hi guys,
  I am in the process of configuring a WLC and got stuck due to APs are not joining the WLC.
  I have configure DHCP server on the Gateway router and the WLC management interface is pointing to the Gateway as DHCP Server.
  I have multiple Dynamic interfaces configured on the WLC and Interface group has been configured and mapped to Management Interface.
  For each WLAN, a separate DHCP pool has been created on the router.
  LAG has been configured and working fine. Connectivity works fine in the network and I can ping all devices and vlans from WLC.
  Now, the APs are not joining the WLC. The error I am getting
  " 44:03:a7:f1:b4:40 Received a Discovery Request from 44:03:A7:F1:B4:40 via IP broadcast address but the source IP address (10.xx.xx.xx) is not in any of the configured subnets. Dropping it "
  Some one help me troubleshooting this issue with DHCP IP Assignment.
  Thanks,
  CJ

  If you are using Broadcast method to discover WLC to AP then you need to ensure following is correctly configured.
  1. Unders the switch SVI defined for AP-management (10.38.11.x) you have to configure "ip helper-address "
  2. In switch global config "ip forward-protocol udp 5246"
  Refer this for more detail
  http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
  There are other methods available as well (static, DNS, DHCP option 43) for the WLC discovery purpose. To verify there is no configuration issues at WLC end, you can simply configure the WLC details on AP statically & check wether AP get register to WLC. To do this you can enter following CLI commands on AP console priviledge mode.
  debug capwap console cli
  capwap ap ip address 10.38.11.x 255.255.255.x
  capwap ap ip default-gateway 10.38.11.y
  capwap ap controller ip address
  In this way your AP should get registered to WLC (if no config issue at WLC end). Refer this for more detail
  http://mrncciew.com/2013/03/17/ap-registration/
  If you have so many APs, then as Steve pointed configuring DHCP-Option 43 would be a good option
  Regards
  Rasika
  **** Pls rate all useful responses ****

• APs not joining WLC

  Hello community,
  I hope you can help me with my problem.
  I have a vWLC Firmware version: 7.4.121.0, I have also Aironet 1700Aps
  I have successfully configured wlc with service and management interface. In the management network I can ping the vWLC managenemt interface as well the APs in this network. The firewall is also the DHCP Server for the management network. (It is working because APs get an IP address) The problem is the APs are not joining the vWLC. This is my first time I use WLC and APs. So they are completely new and not used before.
  Here is the debug output of vWLC:
  ApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa580 for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
  *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.004: 84:80:2d:bd:fa:1e DTLS connection not found, creating new connection for 192:168:200:10 (57250) 192:168:200:3 (5246)
  *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e DTLS Session established server (192.168.200.3:5246), client (192.168.200.10:57250)
  *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e Starting wait join timer for AP: 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Join Request from 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:1e Deleting AP entry 192.168.200.10:57250 from temporary database.
  *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa720 for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
  *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
  *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
  *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
  *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
  *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
  *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Received LWAPP DISCOVERY REQUEST to 40:4a:03:79:d7:20 on port '1'
  *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Discarding discovery request in LWAPP from AP supporting CAPWAP
  Sadly I don`t have a debuging cable for the APs. Therefore I have no debuging output of the APs. (It is ordered ;-) )
  But I hope the output of the APs is right now not important to solve this problem.
  Thank you
  //EDIT
  On the firewall are no ports blocked

  Okay I upgraded the vWLC to 8.0.110.0.
  I looked in the event log of the vWLC. It was successfully discovered and also the new image version was send to the AP.
  Sadly the Ap does not join to the vWLC.
  *apfReceiveTask: Feb 12 09:53:35.640: WARP IEs: (12)
  *apfReceiveTask: Feb 12 09:53:35.640:      [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
  *apfReceiveTask: Feb 12 09:53:35.640: Wlan Feature status 0 for  AP:84:80:2d:45:75:e0 (slotID 1)
  *apfReceiveTask: Feb 12 09:53:35.640: Split tunnel status (Disabled) encoded in the vap payload for WLAN(1), AP:84:80:2d:45:75:e0 (slotID 1)
  *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Configuration Status from 192.168.200.10:57251
  *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 CAPWAP State: Configure
  *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP info for AP 84:80:2d:45:75:e0 -- static 0, 192.168.200.10/255.255.255.0, gtw 192.168.200.3
  *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP 192.168.200.10 ===> 192.168.200.10 for AP 84:80:2d:45:75:e0
  *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Invalid length (9) countedlen 6 sizeUserPayload 277 for vendor-specific element 0x00409600-unknown (185) from AP  84:80:2D:45:75:E0
  *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Setting MTU to 1485
  *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Finding DTLS connection to delete for AP (192:168:200:10/57251)
  *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Disconnecting DTLS Capwap-Ctrl session 0xb947000 for AP (192:168:200:10/57251)
  *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 CAPWAP State: Dtls tear down
  *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 DTLS connection closed event receivedserver (192.168.200.3/5246) client (192.168.200.10/57251)
  *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 Entry exists for AP (192.168.200.10/57251)
  *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
  *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
  *spamApTask5: Feb 12 09:53:35.791: update ap status:84:80:2d:45:75:e0 ,index:60
  *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 No AP entry exist in temporary database for 192.168.200.10:57251
  *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
  *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
  *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
  *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
  *spamApTask4: Feb 12 09:53:35.918: apModel: AIR-CAP702I-C-K9
  *spamApTask4: Feb 12 09:53:35.918: apType = 45 apModel: AIR-CAP702I-C-K9
  *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
  *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
  *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
  *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
  *spamApTask4: Feb 12 09:53:35.919: apModel: AIR-CAP702I-C-K9
  *spamApTask4: Feb 12 09:53:35.919: apType = 45 apModel: AIR-CAP702I-C-K9
  *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
  *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
  Sadly I don`t understand what this debugging log says :-(
  Maybe you can help me again
  Thank you
  //SOLUTION -----------------------------------------------------------------------------------------------------------------------------------------------------------
  I found something on the internet, but for all people having also this problem here is the solution:
  Change the country of your vWLC. Right now I am in China, so I changed it and then it was working flawlessly :-)
  Step 1  
  Disable the 802.11 networks as follows:
  Choose Wireless > 802.11a/n > Network.
  Unselect the 802.11a Network Status check box.
  Click Apply.
  Choose Wireless > 802.11a/n > Network.
  Unselect the 802.11b/g Network Status check box.
  Click Apply.
  Step 2  
  Choose Wireless > Country to open the Country page.
  Thank you all for your help :-)
  Paul

• AP do not join WLC

  Hi , i have the problem that one AP in one location doesnt join the WLC.
  i checked DHCP scope options , time on WLC and AP etc.
  I also check all this issues:
  http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml
  I only see an DTLS error
  debug AP
  *Oct 24 08:23:02.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Oct 24 08:23:02.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Oct 24 08:23:10.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X:X peer_port: 5246
  *Oct 24 08:23:10.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Oct 24 08:23:40.198: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!
  *Oct 24 08:23:40.198: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.X.X:X is reached.
  *Oct 24 08:24:10.051: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.X.X.X:5246
  debug:
  *spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 DTLS connection closed event receivedserver (10.X:X:X/5246) client (10.X:X:X/4270)
  *spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 No entry exists for AP (10.X:X:X/4270)
  *spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 No AP entry exist in temporary database for 10.X:X:X:4270
  *spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Discovery Request from 10.X:X:X:4271
  *spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =1
  *spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Discovery Response sent to 10.X:X:X:4271
  *spamReceiveTask: Oct 24 08:55:03.378: 0c:85:25:30:14:20 DTLS connection not found, creating new connection for 10.X:X:X (4271) 10.X:X:X (5246)
  *spamReceiveTask: Oct 24 08:55:03.378: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
  I wanne find out if, for this location it is an provider problem (WAN)
  Have someone else such a problem ?
  best regards

  But it is only with this location though, that's why I think is related to something in the carrier side, althgouth I can't understand what could it be. Here is what it comes down to:
  Debug of a working AP:
  *Jan 31 16:36:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.143.254.254 peer_port: 5246
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_inc_ref_count: Secret reference count= 2
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_delete: Secret not deleted, reference count = 1
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
  *Jan 31 16:36:09.000: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
  *Jan 31 16:36:09.187: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  06738EA0:                   16FEFF00 00000000          .~......
  06738EB0: 00000000 2F030000 23000000 00000000  ..../...#.......
  06738EC0: 23FEFF20 0A00DECB 7EAA1234 56789ABC  #~. ..^K~*.4Vx.<
  06738ED0: 930E45B2 C60AB26E 9F96C225 0F0726E9  ..E2F.2n..B%..&i
  06738EE0: AD8A6517                             -.e.           
  *Jan 31 16:36:09.188: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing...
  *Jan 31 16:36:09.188: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
  *Jan 31 16:36:09.189: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
  *Jan 31 16:36:09.189: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
  *Jan 31 16:36:09.189: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
  *Jan 31 16:36:09.189: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
  *Jan 31 16:36:09.189: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:36:09.261: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  06704AF0:                            16FEFF00              .~..
  06704B00: 00000000 00000100 52020000 46000100  ........R...F...
  06704B10: 00000000 46FEFF51 0A9DBF76 DA0F0B66  ....F~.Q..?vZ..f
  06704B20: 72B28A8A A5B29EF1 B66E8A24 FB5539C3  r2..%2.q6n.${U9C
  06704B30: 2F267366 2D02AC20 7B40A093 2488AC76  /&sf-., {@ .$.,v
  06704B40: D0D694A9 2661230B CBA7A413 E010474D  PV.)&a#.K'$.`.GM
  06704B50: 0A494E66 EE0BE4EE 002F00             .INfn.dn./.    
  *Jan 31 16:36:09.262: DTLS_CLIENT_EVENT: dtls_process_ServerHello: Processing...
  *Jan 31 16:36:09.262: DTLS_CLIENT_EVENT: dtls_connection_set_cipher: Setting cipher to TLS_RSA_WITH_AES_128_CBC_SHA
  *Jan 31 16:36:09.262: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_pki_init: Called...
  *Jan 31 16:36:09.262: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Attempting to extract next record....
  *Jan 31 16:36:09.262: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  06704B50:                         16 FEFF0000             .~...
  06704B60: 00000000 000201B4 0B00047F 00020000  .......4........
  06704B70: 000001A8 00047C00 04793082 04753082  ...(..|..y0..u0.
  06704B80: 035DA003 02010202 0A5021F6 ED000000  .] ......P!vm...
  06704B90: 2EB59930 0D06092A 864886F7 0D010105  .5.0...*.H.w....
  06704BA0: 05003039 31163014 06035504 0A130D43  ..091.0...U....C
  06704BB0: 6973636F 20537973 74656D73 311F301D  isco Systems1.0.
  06704BC0: 06035504 03131643 6973636F 204D616E  ..U....Cisco Man
  06704BD0: 75666163 74757269 6E672043 41301E17  ufacturing CA0..
  06704BE0: 0D313030 36313131 39323731 315A170D  .100611192711Z..
  06704BF0: 32303036 31313139 33373131 5A308194  200611193711Z0..
  06704C00: 310B3009 06035504 06130255 53311330  1.0...U....US1.0
  06704C10: 11060355 0408130A 43616C69 666F726E  ...U....Californ
  06704C20: 69613111 300F0603 55040713 0853616E  ia1.0...U....San
  06704C30: 204A6F73 65311630 14060355 040A130D   Jose1.0...U....
  06704C40: 43697363 6F205379 7374656D 73312330  Cisco Systems1#0
  06704C50: 21060355 0403131A 4149522D 43543535  !..U....AIR-CT55
  06704C60: 30382D4B 392D3638 65666264 39333833  08-K9-68efbd9383
  06704C70: 32303120 301E0609 2A864886 F70D0109  201 0...*.H.w...
  06704C80: 01161173 7570706F 72744063 6973636F  ...support@cisco
  06704C90: 2E636F6D 30820122 300D0609 2A864886  .com0.."0...*.H.
  06704CA0: F70D0101 01050003 82010F00 3082010A  w...........0...
  06704CB0: 02820101 00DE519C EBD5DE04 BBE84810  .....^Q.kU^.;hH.
  06704CC0: B796C26A 19B3C0C4 039F5946 8C5BA9D5  [email protected].[)U
  06704CD0: 6C3FFD50 E95163DA A4ADB7DB 280198D7  l?}PiQcZ$-7[(..W
  06704CE0: E5606E5A FA165D1C FD97E8A7 3259FED7  e`nZz.].}.h'2Y~W
  06704CF0: C043DEBC 6653727D D2B514E3 C6ABDCB8  @C^
  06704D00: 848C65F2 4A96A5A7 11881F0C 90A3CB03  ..erJ.%'.....#K.
  06704D10: 3FA69851 1112E7EF FF173971           ?&.Q..go..9q   
  *Jan 31 16:36:09.264: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (424) <  length (1151)
  *Jan 31 16:36:09.264: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:36:09.264: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
  *Jan 31 16:36:09.264: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
  *Jan 31 16:36:09.265: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:36:09.266: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  067000F0: 16FEFF00 00000000 00000302 130B0004  .~..............
  06700100: 7F000200 01A80002 07198FBE E5CB79E6  .....(.....>eKyf
  06700110: 2ED9EF2F 0F66C568 73D72351 54BB111F  .Yo/.fEhsW#QT;..
  06700120: 40A7B3BD 2294943F 61ADAD6C 54C95FFC  @'3="..?a--lTI_|
  06700130: 6E0DA143 004C0C1D 200A17DC 0E61D224  n.!C.L.. ..\.aR$
  06700140: EF6DDBB9 72DAF726 001AC973 1E228D8D  om[9rZw&..Is."..
  06700150: A745158B F13D646E 1CCDF808 AEA47A7D  'E..q=dn.Mx..$z}
  06700160: 10DBF88A 2FB02F5F 15A71982 BF458124  .[x./0/_.'..?E.$
  06700170: 3159A9CD 6EC72B43 D5541C04 291B83F4  1Y)MnG+CUT..)..t
  06700180: F6A667D9 6125AB38 74C55671 9CC46CC4  v&gYa%+8tEVq.DlD
  06700190: C78146FA B4FB10B5 620E9C03 3FDE0261  G.Fz4{.5b...?^.a
  067001A0: 17530203 010001A3 82012130 82011D30  .S.....#..!0...0
  067001B0: 0B060355 1D0F0404 030205A0 301D0603  ...U....... 0...
  067001C0: 551D0E04 1604148F 93BB23DE B485C5F2  U........;#^4.Er
  067001D0: 3553F941 3ED2A81F CD53AA30 1F060355  5SyA>R(.MS*0...U
  067001E0: 1D230418 30168014 D0C52226 AB4F4660  .#..0...PE"&+OF`
  067001F0: ECAE0591 C7DC5AD1 B047F76C 303F0603  l...G\ZQ0Gwl0?..
  06700200: 551D1F04 38303630 34A032A0 30862E68  U...80604 2 0..h
  06700210: 7474703A 2F2F7777 772E6369 73636F2E  ttp://www.cisco.
  06700220: 636F6D2F 73656375 72697479 2F706B69  com/security/pki
  06700230: 2F63726C 2F636D63 612E6372 6C304C06  /crl/cmca.crl0L.
  06700240: 082B0601 05050701 01044030 3E303C06  .+........@0>0<.
  06700250: 082B0601 05050730 02863068 7474703A  .+.....0..0http:
  06700260: 2F2F7777 772E6369 73636F2E 636F6D2F  //www.cisco.com/
  06700270: 73656375 72697479 2F706B69 2F636572  security/pki/cer
  06700280: 74732F63 6D63612E 63657230 3F06092B  ts/cmca.cer0?..+
  06700290: 06010401 82371402 04321E30 00490050  .....7...2.0.I.P
  067002A0: 00530045 00430049 006E0074 00650072  .S.E.C.I.n.t.e.r
  067002B0: 006D0065 00640069 00610074 0065004F  .m.e.d.i.a.t.e.O
  067002C0: 00660066 006C0069 006E0065 300D0609  .f.f.l.i.n.e0...
  067002D0: 2A864886 F70D0101 05050003 82010100  *.H.w...........
  067002E0: 2134BFC4 607F0AC1 4E74DE75 ABC95334  !4?D`..ANt^u+IS4
  067002F0: 68B4CA08 E6774486 03367B24 4DFAE43E  h4J.fwD..6{$Mzd>
  06700300: 8D74380C 581C4242 949D7E4B 235E3B5E  .t8.X.BB..~K#^;^
  06700310:                                                     
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (519) <  length (1151)
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:36:09.269: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  06775BD0:                   16FEFF00 00000000          .~......
  06775BE0: 00000400 D00B0004 7F000200 03AF0000  ....P......../..
  06775BF0: C47FE7D0 6D49F7D3 955B2084 6C8E2701  D.gPmIwS.[ .l.'.
  06775C00: 024858B8 B23679B2 D4DFE94B E3524454  .HX826y2T_iKcRDT
  06775C10: 3F1C7F89 8916D838 CCECEA24 34C3E68A  ?.....X8Llj$4Cf.
  06775C20: 427B83DE 6F02FB0D 8FDE45A1 04274B95  B{.^o.{..^E!.'K.
  06775C30: 9FDBD8A5 7DC5C94B 030613C6 047F0937  .[X%}EIK...F...7
  06775C40: 6F24F619 9C7B93B2 4BA2E768 5A4ABA58  o$v..{.2K"ghZJ:X
  06775C50: 2EEECD3D B1BFAD3B D6184F9A 6034BDF0  .nM=1?-;V.O.`4=p
  06775C60: 981D6FEE E044918C 81ED9BD8 4D01B350  ..on`D...m.XM.3P
  06775C70: FBCDF285 8007C7BE 90C885FD 821ED93E  {Mr...G>.H.}..Y>
  06775C80: B07FFF2C 67FDA948 78B816A2 029498DE  0..,g})Hx8."...^
  06775C90: FB4C21B2 E8095673 C9A590E0 E16F5499  {L!2h.VsI%.`aoT.
  06775CA0: E4639F34 E48479C7 D3E7EFE7 61DFAF48  dc.4d.yGSgoga_/H
  06775CB0: 19E5563B 2D                          .eV;-          
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (196) <  length (1151)
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Attempting to extract next record....
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x026C9F00
  06775CB0:            16FEFF 00000000 00000005       .~.........
  06775CC0: 00180B00 047F0002 00047300 000C3D27  ..........s...='
  06775CD0: 3B623688 29C8CA64 2167               ;b6.)HJd!g     
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (12) <  length (1151)
  *Jan 31 16:36:09.271: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:36:09.272: DTLS_CLIENT_EVENT_DETAIL: local_reassembly_check: Handshake sequence 2 is ready for assembly
  *Jan 31 16:36:09.272: DTLS_CLIENT_EVENT_DETAIL: local_reassemble: Message assembled
  Debug of failed AP:
  *Jan 31 16:52:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.143.254.254 peer_port: 5246
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_inc_ref_count: Secret reference count= 2
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_delete: Secret not deleted, reference count = 1
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
  *Jan 31 16:52:51.000: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
  *Jan 31 16:52:51.001: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
  *Jan 31 16:52:51.235: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x0278009C
  067E02E0:                            16FEFF00              .~..
  067E02F0: 00000000 00000000 2F030000 23000000  ......../...#...
  067E0300: 00000000 23FEFF20 0A00E9CD 5AC11234  ....#~. ..iMZA.4
  067E0310: 56789ABC 49623895 65565B89 4FC53D11  Vx.
  067E0320: 2340A364 B6970C60                    #@#d6..`       
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
  *Jan 31 16:52:51.236: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x0278009C
  06803E20:          16FEFF00 00000000 00000100      .~..........
  06803E30: 52020000 46000100 00000000 46FEFF51  R...F.......F~.Q
  06803E40: 0AA1E669 386F805D F3907CEB C6212A7C  .!fi8o.]s.|kF!*|
  06803E50: 7D0DAB83 0B8079F3 380B43C0 2DCDCD20  }.+...ys8.C@-MM
  06803E60: 729501D9 456FE544 3CADEE74 690F27C7  r..YEoeD<-nti.'G
  06803E70: 47AE362C 3E274CB2 6C5DDE4E CDC5FC10  G.6,>'L2l]^NME|.
  06803E80: 002F00                               ./.            
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT: dtls_process_ServerHello: Processing...
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT: dtls_connection_set_cipher: Setting cipher to TLS_RSA_WITH_AES_128_CBC_SHA
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_pki_init: Called...
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Attempting to extract next record....
  *Jan 31 16:52:51.360: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x0278009C
  06803E80:       16 FEFF0000 00000000 000201B4     .~..........4
  06803E90: 0B00047F 00020000 000001A8 00047C00  ...........(..|.
  06803EA0: 04793082 04753082 035DA003 02010202  .y0..u0..] .....
  06803EB0: 0A5021F6 ED000000 2EB59930 0D06092A  .P!vm....5.0...*
  06803EC0: 864886F7 0D010105 05003039 31163014  .H.w......091.0.
  06803ED0: 06035504 0A130D43 6973636F 20537973  ..U....Cisco Sys
  06803EE0: 74656D73 311F301D 06035504 03131643  tems1.0...U....C
  06803EF0: 6973636F 204D616E 75666163 74757269  isco Manufacturi
  06803F00: 6E672043 41301E17 0D313030 36313131  ng CA0...1006111
  06803F10: 39323731 315A170D 32303036 31313139  92711Z..20061119
  06803F20: 33373131 5A308194 310B3009 06035504  3711Z0..1.0...U.
  06803F30: 06130255 53311330 11060355 0408130A  ...US1.0...U....
  06803F40: 43616C69 666F726E 69613111 300F0603  California1.0...
  06803F50: 55040713 0853616E 204A6F73 65311630  U....San Jose1.0
  06803F60: 14060355 040A130D 43697363 6F205379  ...U....Cisco Sy
  06803F70: 7374656D 73312330 21060355 0403131A  stems1#0!..U....
  06803F80: 4149522D 43543535 30382D4B 392D3638  AIR-CT5508-K9-68
  06803F90: 65666264 39333833 32303120 301E0609  efbd9383201 0...
  06803FA0: 2A864886 F70D0109 01161173 7570706F  *.H.w......suppo
  06803FB0: 72744063 6973636F 2E636F6D 30820122  [email protected].."
  06803FC0: 300D0609 2A864886 F70D0101 01050003  0...*.H.w.......
  06803FD0: 82010F00 3082010A 02820101 00DE519C  ....0........^Q.
  06803FE0: EBD5DE04 BBE84810 B796C26A 19B3C0C4  kU^.;hH.7.Bj.3@D
  06803FF0: 039F5946 8C5BA9D5 6C3FFD50 E95163DA  ..YF.[)Ul?}PiQcZ
  06804000: A4ADB7DB 280198D7 E5606E5A FA165D1C  $-7[(..We`nZz.].
  06804010: FD97E8A7 3259FED7 C043DEBC 6653727D  }.h'2Y~W@C^
  06804020: D2B514E3 C6ABDCB8 848C65F2 4A96A5A7  R5.cF+\8..erJ.%'
  06804030: 11881F0C 90A3CB03 3FA69851 1112E7EF  .....#K.?&.Q..go
  06804040: FF173971                             ..9q           
  *Jan 31 16:52:51.363: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (424) <  length (1151)
  *Jan 31 16:52:51.363: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:52:51.363: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
  *Jan 31 16:52:51.363: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
  *Jan 31 16:52:51.364: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:52:51.364: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x0278009C
  06846A80:                   16FEFF00 00000000          .~......
  06846A90: 00000302 130B0004 7F000200 01A80002  .............(..
  06846AA0: 07198FBE E5CB79E6 2ED9EF2F 0F66C568  ...>eKyf.Yo/.fEh
  06846AB0: 73D72351 54BB111F 40A7B3BD 2294943F  sW#QT;..@'3="..?
  06846AC0: 61ADAD6C 54C95FFC 6E0DA143 004C0C1D  a--lTI_|n.!C.L..
  06846AD0: 200A17DC 0E61D224 EF6DDBB9 72DAF726   ..\.aR$om[9rZw&
  06846AE0: 001AC973 1E228D8D A745158B F13D646E  ..Is."..'E..q=dn
  06846AF0: 1CCDF808 AEA47A7D 10DBF88A 2FB02F5F  .Mx..$z}.[x./0/_
  06846B00: 15A71982 BF458124 3159A9CD 6EC72B43  .'..?E.$1Y)MnG+C
  06846B10: D5541C04 291B83F4 F6A667D9 6125AB38  UT..)..tv&gYa%+8
  06846B20: 74C55671 9CC46CC4 C78146FA B4FB10B5  tEVq.DlDG.Fz4{.5
  06846B30: 620E9C03 3FDE0261 17530203 010001A3  b...?^.a.S.....#
  06846B40: 82012130 82011D30 0B060355 1D0F0404  ..!0...0...U....
  06846B50: 030205A0 301D0603 551D0E04 1604148F  ... 0...U.......
  06846B60: 93BB23DE B485C5F2 3553F941 3ED2A81F  .;#^4.Er5SyA>R(.
  06846B70: CD53AA30 1F060355 1D230418 30168014  MS*0...U.#..0...
  06846B80: D0C52226 AB4F4660 ECAE0591 C7DC5AD1  PE"&+OF`l...G\ZQ
  06846B90: B047F76C 303F0603 551D1F04 38303630  0Gwl0?..U...8060
  06846BA0: 34A032A0 30862E68 7474703A 2F2F7777  4 2 0..http://ww
  06846BB0: 772E6369 73636F2E 636F6D2F 73656375  w.cisco.com/secu
  06846BC0: 72697479 2F706B69 2F63726C 2F636D63  rity/pki/crl/cmc
  06846BD0: 612E6372 6C304C06 082B0601 05050701  a.crl0L..+......
  06846BE0: 01044030 3E303C06 082B0601 05050730  ..@0>0<..+.....0
  06846BF0: 02863068 7474703A 2F2F7777 772E6369  ..0http://www.ci
  06846C00: 73636F2E 636F6D2F 73656375 72697479  sco.com/security
  06846C10: 2F706B69 2F636572 74732F63 6D63612E  /pki/certs/cmca.
  06846C20: 63657230 3F06092B 06010401 82371402  cer0?..+.....7..
  06846C30: 04321E30 00490050 00530045 00430049  .2.0.I.P.S.E.C.I
  06846C40: 006E0074 00650072 006D0065 00640069  .n.t.e.r.m.e.d.i
  06846C50: 00610074 0065004F 00660066 006C0069  .a.t.e.O.f.f.l.i
  06846C60: 006E0065 300D0609 2A864886 F70D0101  .n.e0...*.H.w...
  06846C70: 05050003 82010100 2134BFC4 607F0AC1  ........!4?D`..A
  06846C80: 4E74DE75 ABC95334 68B4CA08 E6774486  Nt^u+IS4h4J.fwD.
  06846C90: 03367B24 4DFAE43E 8D74380C 581C4242  .6{$Mzd>.t8.X.BB
  06846CA0: 949D7E4B 235E3B5E                    ..~K#^;^       
  *Jan 31 16:52:51.367: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (519) <  length (1151)
  *Jan 31 16:52:51.367: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
  *Jan 31 16:52:51.367: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
  *Jan 31 16:52:51.367: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
  *Jan 31 16:52:51.367: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
  *Jan 31 16:53:51.044: DTLS_CLIENT_EVENT: dtls_disconnect: Disconnecting DTLS connection 0x0278009C
  *Jan 31 16:53:51.044: DTLS_CLIENT_EVENT_DETAIL: dtls_free_connection: Called... for connection 0x0278009C
  *Jan 31 16:53:51.044: DTLS_CLIENT_EVENT_DETAIL: dtls_send_Alert: Called...
  *Jan 31 16:53:51.044: DTLS_CLIENT_EVENT: dtls_send_Alert: Sending FATAL : Close notify Alert
  *Jan 31 16:53:51.045: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.143.254.254:5246
  As you can see there are identical up to handshake seq 2. frag_len (519) <  length (1151). The working AP receives the last fragment and succesfully reassembles it. The failed AP never receives that last fragment.
  I can't think of any reason why this could be happening.

• AP not joining WLC 2504

  Hi all
  my customer has a 2504 WLC, and has problems to join APs (There are no aps joined to the controller at this moment).
  What are the Bold lines tell me?
  in the debug I see the following:
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
  *spamApTask0: Oct 10 09:20:06.019: apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.020: apType = 38 apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.020: Unknown AP type. Using Controller Version!!!
  *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
  *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
  *spamApTask0: Oct 10 09:20:06.021: apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: apType = 38 apModel: AIR-CAP3702I-N-K9
  *spamApTask0: Oct 10 09:20:06.021: Unknown AP type. Using Controller Version!!!
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
  *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.031: 58:f3:9c:7a:22:30 DTLS connection not found, creating new connection for 10:37:24:116 (41508) 10)
  *spamApTask0: Oct 10 09:20:16.498: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
  *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Allocated index from main list, Index: 55
  *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Using CipherSuite AES128-SHA
  *spamApTask0: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS keys for Control Plane are plumbed successfully for AP 10.37.24.116. Inde6
  *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS Session established server (10.37.24.11:5246), client (10.37.24.116:41508)
  *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 Starting wait join timer for AP: 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:78:d1:10 Join Request from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:7a:22:30 Deleting AP entry 10.37.24.116:41508 from temporary database.
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 spamProcessJoinRequest : RAP, Check MAC filter
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 In AAA state 'Idle' for AP 58:f3:9c:78:d1:10
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Mesh AP username 58f39c7a2230.
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 Join Request failed!
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 State machine handler: Failed to process  msg type = 3 state = 0 from 10.37.248
  *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Failed to parse CAPWAP packet from 10.37.24.116:41508
  *spamApTask0: Oct 10 09:20:16.519: XóxÑ
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Finding DTLS connection to delete for AP (10:37:24:116/41508)
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Disconnecting DTLS Capwap-Ctrl session 0x179437d8 for AP (10:37:24:116/41508)
  *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 CAPWAP State: Dtls tear down
  *spamApTask0: Oct 10 09:20:16.520: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
  *spamApTask0: Oct 10 09:20:16.520: 58:f3:9c:78:d1:10 DTLS keys for Control Plane deleted successfully for AP 10.37.24.116
  *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10 DTLS connection closed event receivedserver (10.37.24.11/5246) client (10.37.2)
  *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10

  Hi all, the AP was in Mesh (Bridge) mode and could not connect to the controller
  Ok, how to find out that a AP is in bridge mode, without a join (No Access to the AP).
  go to monitor > statistics > AP Join
  you will see the AP here that tries to connect (clear the list before)
  if the ethernet MAC Address is the same as the Base radio MAC, than the AP is in bridge mode.
  normally ( in local mode) the Ethernet MAC Address reflects the APname
  To allow the AP to join, add in the Authorization list the APName mac Address!
  See: http://supertekboy.com/2014/01/13/cisco-lightweight-access-point-will-not-join-to-a-wireless-lan-controller/
  The case is solved now.

• AP not joining WLC

  Hello
  I am running WLC4404 image 6.0 the latest one. the AP is not joining the controller and it is saying invalid license in configuration request.
  This is a boot of one of the access point:
  Dec 11 11:05:59.025: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Dec 11 11:05:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
  *Dec 11 11:05:59.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Dec 11 11:06:02.862: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
  *Dec 11 11:06:02.863: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
  *Dec 11 11:06:02.863: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Dec 11 11:06:03.619: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
  *Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
  *Dec 11 11:06:03.764: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
  *Dec 11 11:06:03.764: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
  *Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Dec 11 11:06:13.824: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Dec 11 11:06:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
  *Dec 11 11:06:14.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Dec 11 11:06:18.644: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
  *Dec 11 11:06:18.644: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
  *Dec 11 11:06:18.644: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Dec 11 11:06:19.587: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
  *Dec 11 11:06:19.722: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
  *Dec 11 11:06:19.722: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
  *Dec 11 11:06:19.722: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
  *Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  Any advise,
  Elie

  Hi Elie,
  As it looks like the AP is closing the DTLS connection:
  ~
  *Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
  ~
  I would also suggest to connect to the AP through the serial console and collect the output there during the boot/join process.
  In regard to the the WLC debugs I would also add the "debug pm pki enable", so to further troubleshoot certificate related issues.
  I hope this helps.
  Regards,
  Federico

• AP not joining WLC b/c of DHCP.

  This is the first time that I've dealt with a WLC, so I'm trying to do a real simple setup. I have a WLC 2106 and a few LAP 1141N's. I'm trying to set them up on a single VLAN, no RADIUS server, and I want my router to handle DHCP (not the WLC). Here's the info I setup the WLC with:
  Welcome to the Cisco Wizard Configuration Tool
  Use the '-' character to backup
  System Name [Cisco_94:40:40]: WLC
  Enter Administrative User Name (24 characters max): cisco
  Enter Administrative Password (24 characters max): *****
  Management Interface IP Address: 192.168.3.5
  Management Interface Netmask: 255.255.255.0
  Management Interface Default Router: 192.168.3.1
  Management Interface VLAN Identifier (0 = untagged): 0
  Management Interface Port Num [1 to 4]: 1
  Management Interface DHCP Server IP Address: 192.168.3.1
  AP Manager Interface IP Address: 192.168.3.6
  AP-Manager is on Management subnet, using same values
  AP Manager Interface DHCP Server (192.168.3.1):
  Virtual Gateway IP Address: 1.1.1.1
  Mobility/RF Group Name: GroupRF
  Network Name (SSID): Test
  Allow Static IP Addresses [YES][no]: yes
  Configure a RADIUS Server now? [YES][no]: no
  Warning! The default WLAN security policy requires a RADIUS server.
  Please see documentation for more details.
  Enter Country Code (enter 'help' for a list of countries) [US]: US
  Enable 802.11b Network [YES][no]: Yes
  Enable 802.11a Network [YES][no]: no
  Enable 802.11g Network [YES][no]: yes
  Enable Auto-RF [YES][no]: yes
  Configuration saved!
  Resetting system with new configuration...
  When I login to the web interface of the WLC (https://192.168.3.5) it doesn't show any AP's as joining even though I have one plugged in to the WLC. I console'd into the AP and this is the error that keeps on repeating:
  *Mar  1 00:51:45.962: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
  not have an Ip !!
  Am I missing something? I already checked the WLC, and the date/time is setup correctly. And I know my router (at 192.168.3.1) is handing out DHCP. Everything is on the same subnet so I don't understand why I'm having such a hard time with this. I've tried my hardest searching online but haven't found anything. Any help would REALLY be appreciated. Thank you very much.
  P.S. If you have any other questions please feel free to ask.

  The answer is that LWAPP / CAPWAP APs need to be connected to an access port on a swtich (configured with the proper VLAN) as they do nothing more than pass the traffic to the WLC through the LWAPP / CAPWAP tunnel.  The WLC ethernet ports are configured as trunks and can not be change. This is because the WLC is where all the VLAN tagging takes place. 
  Hope that helps,
  Scott
  Please rate this post if you found it helpful. 

• AP 1552E NOT JOINING WLC 2504

  Hello,
  I am currently having issue relating to my AP not joining the WLC. Have made the WLC the internal DHCP server and the AP has picked an IP Address but the below is what i get from the AP:
  *Feb 14 22:48:56.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 14 22:48:56.759: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Feb 14 22:48:56.783:  status of voice_diag_test from WLC is false
  *Feb 14 22:49:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:12.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 14 22:49:12.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:12.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:12.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 14 22:49:17.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:17.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
  *Feb 14 22:49:17.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
  *Feb 14 22:49:17.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
  *Feb 14 22:49:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:12.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 14 22:49:12.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:12.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:12.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  % CDP is not supported on this interface, or for this encapsulation
  *Feb 14 22:49:17.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:17.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
  *Feb 14 22:49:17.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
  *Feb 14 22:49:17.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
  *Feb 14 22:49:17.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 14 22:49:17.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 14 22:49:17.759: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Feb 14 22:49:17.783:  status of voice_diag_test from WLC is false
  *Feb 14 22:49:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 14 22:49:34.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:34.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:34.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 14 22:49:39.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:39.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
  *Feb 14 22:49:39.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
  *Feb 14 22:49:39.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
  *Feb 14 22:49:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 14 22:49:34.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
  *Feb 14 22:49:34.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
  *Feb 14 22:49:34.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 14 22:49:38.591: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
  *Feb 14 22:49:38.591: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
  *Feb 14 22:49:38.591: %MESH-6-LINK_UPDOWN: Mesh station f029.29c2.effc link Down
  *Feb 14 22:49:39.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2

  Platform: AIR-CT2504-K9, Version :
  Manufacturer's Name: Cisco Systems Inc.  Product Name: Cisco Controller  Product Version: 7.0.220.0  RTOS Version: Erro  Bootloader Version: 1.0.18  Build Type: DATA + WPS
  Platform: cisco AIR-CAP1552E-E-K9  Version :
  Cisco IOS Software, C1550 Software (C1520-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
  Proceeding with system init
  Proceeding to unmask interrupts
  Initializing flashfs...
  flashfs[1]: 22 files, 3 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 31610880
  flashfs[1]: Bytes used: 6631936
  flashfs[1]: Bytes available: 24978944
  flashfs[1]: flashfs fsck took 5 seconds.
  flashfs[1]: Initialization complete.
  flashfs[2]: 0 files, 1 directories
  flashfs[2]: 0 orphaned files, 0 orphaned directories
  flashfs[2]: Total bytes: 5806080
  flashfs[2]: Bytes used: 1024
  flashfs[2]: Bytes available: 5805056
  flashfs[2]: flashfs fsck took 1 seconds.
  flashfs[2]: Initialization complete....done Initializing flashfs.
  Warning:  the compile-time code checksum does not appear to be present.
  Radio0  present 8364B 8000 A8020000 0 A8030000 30
  Radio1  present 8364B 8000 B8020000 0 B8030000 13
  Radio2 not present 0 0 0 0 0 11
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  %Error opening flash:/c1520-rcvk9w8-mx/info (No such file or directory)cisco AIR-CAP1552E-E-K9    (PowerPC 8349) processor (revision A0) with 49142K/16384K bytes of memory.
  Processor board ID FCZ1718H01Y
  PowerPC 8349 CPU at 533Mhz, revision number 0x0031
  Last reset from power loss
  LWAPP image version 7.0.220.0
  4 Gigabit Ethernet interfaces
  2 802.11 Radio(s)
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: F0:29:29:C2:EF:E0
  Part Number                          : 73-13538-02
  PCA Assembly Number                  : 800-31224-01
  PCA Revision Number                  : 03
  PCB Serial Number                    : FOC1705241P
  Top Assembly Part Number             : 800-34853-05
  Top Assembly Serial Number           : FCZ1718H01Y
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP1552E-E-K9
  % Please define a domain-name first.
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  Press RETURN to get started!
  *Mar  1 00:00:07.307: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
  *Mar  1 00:00:07.723: m8349_ether_enable: MACCFG1 sync timeout
  *Mar  1 00:00:09.819: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
  *Mar  1 00:00:09.819: %LINK-3-UPDOWN: Interface Ethernet4, changed state to up
  *Mar  1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
  *Mar  1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to up
  *Mar  1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet3, changed state to up
  *Mar  1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
  *Mar  1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
  *Mar  1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
  *Mar  1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, changed state to down
  *Mar  1 00:00:11.963: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
  *Mar  1 00:00:12.039: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)
  *Mar  1 00:00:12.051: AP identified to be in Fenway/Huck Jr/1240/1130 configuration
  *Mar  1 00:00:12.055:  status of voice_diag_test from WLC is false
  *Mar  1 00:00:14.079: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1550 Software (C1520-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Tue 18-Oct-11 15:13 by prod_rel_team
  *Mar  1 00:00:14.079: %SNMP-5-COLDSTART: SNMP agent on host APf029.29c2.efe0 is undergoing a cold start
  *Mar  1 00:00:14.143: %MESH-6-BVI_CREATED: Mesh BVI1 interface created
  *Mar  1 00:00:14.163: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:00:14.163: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:00:15.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:00:15.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:16.143: %LINK-3-UPDOWN: Interface BVI1, changed state to down
  *Mar  1 00:00:17.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitE
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)thernet0, changed state to down
  *Mar  1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
  *Mar  1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
  *Mar  1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, changed state to down
  *Mar  1 00:00:18.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet4, changed state to up
  *Mar  1 00:00:20.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:32.743: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Mar  1 00:00:32.795: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Mar  1 00:00:32.959: %SSH-5-ENABLED: SSH 2.0 has been enabled
  *Mar  1 00:00:33.107: Logging LWAPP message to 255.255.255.255.
  *Mar  1 00:00:33.307: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
  *Mar  1 00:00:46.383: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C2960-24PC-S (189c.5d95.2d18)
  Username:
  *Mar  1 00:01:27.119: %MESH-6-ADJACENCY_STATE_MACHINE_STARTED: Mesh adjacency state machine started
  Username:
  *Mar  1 00:01:32.163: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
  *Mar  1 00:01:34.119: %LINK-3-UPDOWN: Interface BVI1, changed state to up
  *Mar  1 00:01:35.119: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 00:01:37.207: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  % CDP is not supported on this interface, or for this encapsulation
  *Mar  1 00:01:40.887: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Mar  1 00:01:40.907:  status of voice_diag_test from WLC is false
  *Mar  1 00:01:46.387: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C2960-24PC-S (189c.5d95.2d18)
  Regards,
  Obinna Samuel

• 1131 LWAP not join WLC 4402

  I am deploying WLC 4402 with LWAP 1131 but AP fail to join the WLC .The resone that I dont have DNS server.The error message in the AP is :
  AP001d.451f.8582>
  *Mar 1 00:00:38.005: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned D
  HCP address 172.26.5.12, mask 255.255.255.0, hostname AP001d.451f.8582
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  *Mar 1 00:00:49.371: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve
  I tried to configure the Controller address in LAP but I fail ,The error when I tried to configure AP is below:
  AP001d.451f.8582#lwapp ap controller ip address 172.26.5.10
  ERROR!!! Command is disabled.
  my question is :
  is it possible to make LAP join WLC with out DNS,if yes how ?

  Hi Yhab,
  There are other ways besides DNS to help in the AP and WLC Discovery process. Have a look in this good doc;
  Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#topic2
  For the Static entry problem;
  If this AP was ever registered you can use this command from the LAP CLI to clear the LWAPP configuration on the LAP:
  clear lwapp private-config
  This allows you to use the AP LWAPP static configuration commands again.
  Here is an example:
  Enable (enter password)
  AP1240#clear lwapp private-config
  AP1240#lwapp ap hostname AP1240
  AP1240#lwapp ap ip address 10.77.244.199 255.255.255.224
  AP1240#lwapp ap ip default-gateway 10.77.244.220
  AP1240#lwapp ap controller ip address 172.16.1.50
  Note: You cannot use the clear lwapp private-config command when the LAP is registered with the controller.
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml#t2
  Hope this helps!
  Rob

• AP 1532E not join WLC 5508

  Hi all,
  we have two new APs 1532E and we trying to join them into the WLC.
  APs received correctly Management IP address but they doesn't appear in the WLC, we got the follow error message :
  *Jul 16 09:29:46.499: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
  *Jul 16 09:29:46.499: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Jul 16 09:29:46.499: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.31.93.250
  *Jul 16 09:29:51.499: %CAPWAP-5-SENDJOIN: sending Join Request to 172.31.93.250
  *Jul 16 09:30:45.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.31.93.250:5246
  *Jul 16 09:30:46.031: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Jul 16 09:30:46.079: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Jul 16 09:30:46.307: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Jul 16 09:30:56.307: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Jul 16 09:30:54.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.31.93.250 peer_port: 5246
  *Jul 16 09:30:54.507: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.31.93.250 peer_port: 5246
  *Jul 16 09:30:54.507: %CAPWAP-5-SENDJOIN: sending Join Request to 172.31.93.250
  *Jul 16 09:30:54.511: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
  *Jul 16 09:30:54.511: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
  *Jul 16 09:30:54.511: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Jul 16 09:30:54.511: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.31.93.250
  *Jul 16 09:30:59.507: %CAPWAP-5-SENDJOIN: sending Join Request to 172.31.93.250
  *Jul 16 09:31:53.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.31.93.250:5246
  *Jul 16 09:31:54.031: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
  *Jul 16 09:31:54.079: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
  *Jul 16 09:31:54.307: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Jul 16 09:32:03.383: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
  *Jul 16 09:32:03.383: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
  *Jul 16 09:32:03.383: Mesh setting the ethernet port 0 state to 0
  *Jul 16 09:32:03.383: %MESH-6-LINK_UPDOWN: Mesh station 78da.6e60.8000 link Down
  *Jul 16 09:32:04.307: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Jul 16 09:31:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.31.93.251 peer_port: 5246
  *Jul 16 09:32:06.075: Mesh setting the ethernet port 0 state to 2
  Do I need to change Country into the WLC? We have configured IT and US. 
  We tried to put into the MAC filter the Dot11radio MAC address but nothing changed.
  Thanks
  Marco

  Hi,
  I had the same join problem with a new CAP1552E outdoor model which should associate with 5508 WLC or WISM.  According to all information I checked before we ordered the hardware, the ios version should support this.  But could not get it working.
  I found this information about the country-code and the MAC address filtering.
  Removed the US-country-code next to BE-code and added the MAC-address of the AP and the problem was FIXED !!!
  AP joined the controller.  Thanks soo much for posting this very helpfull technical information.
  Belgian Network technician.

• Access Points not joining WLC

  Hello All,
  I am trying to deploy several AIR-CAP3502E-E-K9 access points from a cisco 5508 wire lan contoller running ver 7 code. However iam having difficulty regiserting the access points with the WLC. The wlc is connect to a 3650 switch, and each access point is connected to a 2960 switch.
  Problem Solved. A bad update was not allowing the access points to get their correct firmware.

  You need to provide what Leo stated, that would help a lot. Anyways you can't telnet or ssh into a capwap AP if it has not joined the WLC. So that being said, provide the info Leo requested and then console into the ap and provide use with output from the console. Make sure you reboot the AP and then start capturing the output for around 5 minutes.
  Sent from Cisco Technical Support iPad App

• AP 1552E Lightweight not joining WLC

  I have a WLC 5508 network that works well with 1200 Series APs and now we got a 1552E AP that is in lightweight mode but doesnt join the WLC.
  The AP seems to be able to get to the WLC but some how the connection is not established fully, I suspect maybe the encapsulation could be the problem let me know if you have an idea. The WLC ip is 192.168.0.17 while the AP has a static IP of 192.168.0.123.
  *Feb 10 14:49:29.711: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:29.711: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:29.715: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:29.715: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:29.715: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:29.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 10 14:49:29.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:29.711: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:29.711: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:29.711: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:29.711: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:29.711: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:29.755: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 10 14:49:29.755: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 10 14:49:29.835:  status of voice_diag_test from WLC is false
  *Feb 10 14:49:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 10 14:49:42.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.715: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:42.715: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:42.715: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:42.715: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:42.715: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.715: %CAPWAP-5-SENDJOIN: sendin
  % CDP is not supported on this interface, or for this encapsulationg Join Request to 192.168.0.17 *Feb 10 14:49:29.711: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:29.711: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:29.715: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:29.715: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:29.715: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:29.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 10 14:49:29.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:29.711: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:29.711: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:29.711: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:29.711: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:29.711: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:29.755: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 10 14:49:29.755: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Feb 10 14:49:29.835:  status of voice_diag_test from WLC is false
  *Feb 10 14:49:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Feb 10 14:49:42.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.715: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.17
  *Feb 10 14:49:42.715: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Feb 10 14:49:42.715: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.0.17
  *Feb 10 14:49:42.715: %DTLS-5-PEER_DISCONNECT: Peer 192.168.0.17 has closed connection.
  *Feb 10 14:49:42.715: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.17:5246
  *Feb 10 14:49:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.711: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.17 peer_port: 5246
  *Feb 10 14:49:42.715: %CAPWAP-5-SENDJOIN: sendin
  % CDP is not supported on this interface, or for this encapsulationg Join Request to 192.168.0.17
  Kindly let me know if you have ever faced such a problem.

  Thanks,
  It downloaded the image from the WLC but still am getting this error
    2F455CFF 4552ECDB 5667E3FC E7093E06 8FAE353D 4228B48D 8B415D9B F496342D
    C1459987 B69BFA4B 51FB67B4 A0C21E7F C6269A39 47EB1D48 5E83B129 8B079E5E
    1EDAB5A0 BE5E1DE0 109FF0BD 4750E32B 02030100 01A38201 37308201 33300C06
    03551D13 04053003 0101FF30 2E060960 86480186 F842010D 0421161F 41697265
    73706163 65204465 76696365 20434120 43657274 69666963 61746530 1D060355
    1D0E0416 04140A52 3BB12570 523B9CEA 747FB2AD 3D8F95EA 3FCC3081 D3060355
    1D230481 CB3081C8 8014538D 8360478D C20F8066 3232E9E1 7070552B 17EAA181
    ACA481A9 3081A631 0B300906 03550406 13025553 31133011 06035504 08130A43
    616C6966 6F726E69 61311130 0F060355 04071308 53616E20 4A6F7365 31173015
    06035504 0A130E41 69726573 70616365 20496E63 2E311430 12060355 040B130B
    456E6769 6E656572 696E6731 1A301806 03550403 13114169 72657370 61636520
    526F6F74 20434131 24302206 092A8648 86F70D01 09011615 73757070 6F727440
    61697265 73706163 652E636F 6D820100 300D0609 2A864886 F70D0101 04050003
    81C100A0 E8D59D9B DA9EED0C 96045DFE A37084EC 59B5C3D3 71694DB0 70664E0C
    8060D69E E366E81F 9F3CCF68 8AB0498E CCFA6CA7 2854F2D8 046690C9 8FEC84EF
    2F7F0F08 C90F719D C0F4C125 CED1B525 6DD93E51 777BD5E8 7F1DC79F CC502DC2
    0242C05D 1682DEE3 DF7541B8 C55B433C 10DFE2BF D2E802E7 D923329A 23A2076F
    86BCC048 D569B383 59AC8979 97F02C55 6F8FE318 754F605C 43CDA7C8 1847B085
    1DADF0D6 CD62C8DE A86E6E12 4A7CDCBF A6FCC7E1 852A1DB1 529D63B3 688305F6 7BD25F
          quit
  crypto pki certificate chain cisco-root-cert
  certificate ca 5FF87B282B54DC8D42A315B568C9ADFF
    30820343 3082022B A0030201 0202105F F87B282B 54DC8D42 A315B568 C9ADFF30
    0D06092A 864886F7 0D010105 05003035 31163014 06035504 0A130D43 6973636F
    20537973 74656D73 311B3019 06035504 03131243 6973636F 20526F6F 74204341
    20323034 38301E17 0D303430 35313432 30313731 325A170D 32393035 31343230
    32353432 5A303531 16301406 0355040A 130D4369 73636F20 53797374 656D7331
    1B301906 03550403 13124369 73636F20 526F6F74 20434120 32303438 30820120
    300D0609 2A864886 F70D0101 01050003 82010D00 30820108 02820101 00B09AB9
    ABA7AF0A 77A7E271 B6B46662 94788847 C6625584 4032BFC0 AB2EA51C 71D6BC6E
    7BA8AABA 6ED21588 48459DA2 FC83D0CC B98CE026 68704A78 DF21179E F46105C9
    15C8CF16 DA356189 9443A884 A8319878 9BB94E6F 2C53126C CD1DAD2B 24BB31C4
    2BFF8344 6FB63D24 7709EABF 2AA81F6A 56F6200F 11549781 75A725CE 596A8265
    EFB7EAE7 E28D758B 6EF2DD4F A65E629C CF100A64 D04E6DCE 2BCC5BF5 60A52747
    8D69F47F CE1B70DE 701B20D6 6ECDA601 A83C12D2 A93FA06B 5EBB8E20 8B7A91E3
    B568EEA0 E7C40174 A8530B2B 4A9A0F65 120E824D 8E63FDEF EB9B1ADB 53A61360
    AFC27DD7 C76C1725 D473FB47 64508180 944CE1BF AE4B1CDF 92ED2E05 DF020103
    A351304F 300B0603 551D0F04 04030201 86300F06 03551D13 0101FF04 05300301
    01FF301D 0603551D 0E041604 1427F3C8 151E6E9A 020916AD 2BA08960 5FDA7B2F
    AA301006 092B0601 04018237 15010403 02010030 0D06092A 864886F7 0D010105
    05000382 0101009D 9D8484A3 41A97C77 0CB753CA 4E445062 EF547CD3 75171CE8
    E0C6484B B6FE4C3A 198156B0 56EE1996 62AA5AA3 64C1F64E 5433C677 FEC51CBA
    E55D25CA F5F0939A 83112EE6 CBF87445 FEE705B8 ABE7DFCB 4BE13784 DAB98B97
    701EF0E2 8BD7B0D8 0E9DB169 D62A917B A9494F7E E68E95D8 83273CD5 68490ED4
    9DF62EEB A7BEEB30 A4AC1F44 FC95AB33 06FB7D60 0ADEB48A 63B09CA9 F2A4B953
    0187D068 A4277FAB FFE9FAC9 40388867 B439C684 6F57C953 DBBA8EEE C043B2F8
    09836EFF 66CF3EEF 17B35818 2509345E E3CBD614 B6ECF292 6F74E42F 812AD592
    91E0E097 3C326805 854BD1F7 57E2521D 931A549F 0570C04A 71601E43 0B601EFE
    A3CE8119 E10B35
          quit
  crypto pki certificate chain Cisco_IOS_MIC_cert
  certificate 2E3E144D0000001BB016
    30820470 30820358 A0030201 02020A2E 3E144D00 00001BB0 16300D06 092A8648
    86F70D01 01050500 30393116 30140603 55040A13 0D436973 636F2053 79737465
    6D73311F 301D0603 55040313 16436973 636F204D 616E7566 61637475 72696E67
    20434130 1E170D31 32313232 36303933 3231365A 170D3232 31323236 30393432
    31365A30 818C310B 30090603 55040613 02555331 13301106 03550408 130A4361
    6C69666F 726E6961 3111300F 06035504 07130853 616E204A 6F736531 16301406
    0355040A 130D4369 73636F20 53797374 656D7331 1B301906 03550403 13124331
    3532302D 30346461 64323166 61386465 3120301E 06092A86 4886F70D 01090116
    11737570 706F7274 40636973 636F2E63 6F6D3082 0122300D 06092A86 4886F70D
    01010105 00038201 0F003082 010A0282 010100B5 1F70C31A E12EDF1A D785A454
    BC6582C5 5AF3CD8D F561B83A 9E83E926 56EF2ABE 27CFF889 F0E13A5E 7EB1C562
    34AA43E8 3E75E2A1 83A27B82 CBE2356F 0842E6D7 887129CB F1FE5558 7A6BF7FF
    229771A2 8B2BBAA9 6678E02D 8073623F 3E5C5A40 07D9B04D 239EAD41 5FC67A59
    B1985F06 7750C5B3 64D2DBD3 66BF2A77 8E2EB7FC 7B3409A8 13BB0422 D10BB367
    FBA72948 58E3AE44 7D1D6483 0C1302F6 7FE49761 CFCE8F35 34647E3B CD5F15E3
    B9EF3B26 F3B09799 2BC6F6C7 41AC6DE1 D048E74D F4F11209 CDE7F377 B4C4A453
    075C9595 E5C61D5F 9F6E2857 AAA5CAF7 0F85DF7F C1B9242A 3AC5FA3F 7324FAE1
    74E39A29 4ABC3FD5 D0F33165 4FD6B75F 000A2902 03010001 A3820124 30820120
    300E0603 551D0F01 01FF0404 030205A0 301D0603 551D0E04 160414AD 5672F62C
    9C862284 6307646C D9E81919 E3123F30 1F060355 1D230418 30168014 D0C52226
    AB4F4660 ECAE0591 C7DC5AD1 B047F76C 303F0603 551D1F04 38303630 34A032A0
    30862E68 7474703A 2F2F7777 772E6369 73636F2E 636F6D2F 73656375 72697479
    2F706B69 2F63726C 2F636D63 612E6372 6C304C06 082B0601 05050701 01044030
    3E303C06 082B0601 05050730 02863068 7474703A 2F2F7777 772E6369 73636F2E
    636F6D2F 73656375 72697479 2F706B69 2F636572 74732F63 6D63612E 63657230
    3F06092B 06010401 82371402 04321E30 00490050 00530045 00430049 006E0074
    00650072 006D0065 00640069 00610074 0065004F 00660066 006C0069 006E0065
    300D0609 2A864886 F70D0101 05050003 82010100 0B5F8FF4 3EAF5A8C 7663D5FB
    16BC2823 4F37FE4A DBB26CDC E779C6D6 8A5CDC54 FACAFDE5 F07A8EC8 F44C07B6
    C0405359 F4CC7369 3763D8D5 AFAC720A 03C958F7 3745035D EF35D346 FCCFC6D9
    604506EE 52C85FDA FA9880FB 6D28C6A5 36D28A0E B97C8DBA 5E511196 C1263F23
    6EF77F60 84AE984F E2B3FF43 700F45FB D78FAA0E D44E3AA7 1014C824 43B11AAF
    03DB7D19 11A8E4AB 8E5EB734 FF7FAFE4 29DC9DB5 82FEBE26 EC39A005 CFD243E9
    8A19D74E A759EDC5 A2788B60 103480FB E7AF1D19 8AFE463E AF6C8CE6 90154ABB
    85DA3F6E 45A4FE0B 84229452 2871B507 80277B75 BEF926E1 57B2077D 8F15C4BC
    0FB4D661 8A70568A C8E89CB2 FA317D88 E5B7ACA7
          quit
  certificate ca 6A6967B3000000000003
    308204D9 308203C1 A0030201 02020A6A 6967B300 00000000 03300D06 092A8648
    86F70D01 01050500 30353116 30140603 55040A13 0D436973 636F2053 79737465
    6D73311B 30190603 55040313 12436973 636F2052 6F6F7420 43412032 30343830
    1E170D30 35303631 30323231 3630315A 170D3239 30353134 32303235 34325A30
    39311630 14060355 040A130D 43697363 6F205379 7374656D 73311F30 1D060355
    04031316 43697363 6F204D61 6E756661 63747572 696E6720 43413082 0120300D
    06092A86 4886F70D 01010105 00038201 0D003082 01080282 010100A0 C5F7DC96
    943515F1 F4994EBB 9B41E17D DB791691 BBF354F2 414A9432 6262C923 F79AE7BB
    9B79E807 294E30F5 AE1BC521 5646B0F8 F4E68E81 B816CCA8 9B85D242 81DB7CCB
    94A91161 121C5CEA 33201C9A 16A77DDB 99066AE2 36AFECF8 0AFF9867 07F430EE
    A5F8881A AAE8C73C 1CCEEE48 FDCD5C37 F186939E 3D71757D 34EE4B14 A9C0297B
    0510EF87 9E693130 F548363F D8ABCE15 E2E8589F 3E627104 8726A415 620125AA
    D5DFC9C9 5BB8C9A1 077BBE68 92939320 A86CBD15 75D3445D 454BECA8 DA60C7D8
    C8D5C8ED 41E1F55F 578E5332 9349D5D9 0FF836AA 07C43241 C5A7AF1D 19FFF673
    99395A73 67621334 0D1F5E95 70526417 06EC535C 5CDB6AEA 35004102 0103A382
    01E73082 01E33012 0603551D 130101FF 04083006 0101FF02 0100301D 0603551D
    0E041604 14D0C522 26AB4F46 60ECAE05 91C7DC5A D1B047F7 6C300B06 03551D0F
    04040302 01863010 06092B06 01040182 37150104 03020100 30190609 2B060104
    01823714 02040C1E 0A005300 75006200 43004130 1F060355 1D230418 30168014
    27F3C815 1E6E9A02 0916AD2B A089605F DA7B2FAA 30430603 551D1F04 3C303A30
    38A036A0 34863268 7474703A 2F2F7777 772E6369 73636F2E 636F6D2F 73656375
    72697479 2F706B69 2F63726C 2F637263 61323034 382E6372 6C305006 082B0601
    05050701 01044430 42304006 082B0601 05050730 02863468 7474703A 2F2F7777
    772E6369 73636F2E 636F6D2F 73656375 72697479 2F706B69 2F636572 74732F63
    72636132 3034382E 63657230 5C060355 1D200455 30533051 060A2B06 01040109
    15010200 30433041 06082B06 01050507 02011635 68747470 3A2F2F77 77772E63
    6973636F 2E636F6D 2F736563 75726974 792F706B 692F706F 6C696369 65732F69
    6E646578 2E68746D 6C305E06 03551D25 04573055 06082B06 01050507 03010608
    2B060105 05070302 06082B06 01050507 03050608 2B060105 05070306 06082B06
    01050507 0307060A 2B060104 0182370A 0301060A 2B060104 01823714 02010609
    2B060104 01823715 06300D06 092A8648 86F70D01 01050500 03820101 0030F330
    2D8CF2CA 374A6499 24290AF2 86AA42D5 23E8A2EA 2B6F6923 7A828E1C 4C09CFA4
    4FAB842F 37E96560 D19AC6D8 F30BF5DE D027005C 6F1D91BD D14E5851 1DC9E3F7
    38E7D30B D168BE8E 22A54B06 E1E6A4AA 337D1A75 BA26F370 C66100A5 C379265B
    A719D193 8DAB9B10 11291FA1 82FDFD3C 4B6E65DC 934505E9 AF336B67 23070686
    22DAEBDC 87CF5921 421AE9CF 707588E0 243D5D7D 4E963880 97D56FF0 9B71D8BA
    6019A5B0 6186ADDD 6566F6B9 27A2EE2F 619BBAA1 3061FDBE AC3514F9 B82D9706
    AFC3EF6D CC3D3CEB 95E981D3 8A5EB6CE FA79A46B D7A25764 C43F4CC9 DBE882EC
    0166D410 88A256E5 3C57EDE9 02A84891 6307AB61 264B1A13 9FE4DCDA 5F
          quit
  memory validate-checksum 30
  username Cisco secret 5 $1$vM.P$z4SmRayDYBroWLoHcrQvu/
  ip ssh version 2
  interface Dot11Radio0
  no ip route-cache
  antenna gain 0
  mbssid
  power local 3
  power client local
  packet retries 64 drop-packet
  interface Dot11Radio1
  no ip route-cache
  antenna gain 0
  mbssid
  power client local
  packet retries 64 drop-packet
  interface GigabitEthernet0
  no ip route-cache
  duplex full
  interface GigabitEthernet1
  no ip route-cache
  duplex full
  interface GigabitEthernet2
  no ip route-cache
  duplex full
  interface GigabitEthernet3
  no ip route-cache
  duplex full
  interface BVI1
  ip address dhcp client-id BVI1
  no ip route-cache
  no ip http server
  logging trap emergencies
  logging origin-id string AP:04da.d21f.a8c0
  logging facility kern
  logging snmp-trap notifications
  logging snmp-trap informational
  logging snmp-trap debugging
  logging 255.255.255.255
  line con 0
  line vty 0 4
  transport input none
  line vty 5 15
  transport input none
  end
  AP04da.d21f.a8c0#$
  AP04da.d21f.a8c0#
  AP04da.d21f.a8c0#
  AP04da.d21f.a8c0#
  *Feb 14 17:50:02.587: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
  *Feb 14 17:50:02.587: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
  *Feb 14 17:50:02.587: %MESH-6-LINK_UPDOWN: Mesh station 04da.d21f.a8de link Down
  *Feb 14 17:50:53.591: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
  *Feb 14 17:50:57.635: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre                                                           ss 10.131.228.144, mask 255.255.255.0, hostname AP04da.d21f.a8c0
  *Feb 14 17:50:57.635: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
  % CDP is not supported on this interface, or for this encapsulation
  *Feb 14 17:51:02.587: %CAPWAP-3-ERRORLOG: Invalid event 29 & state 4 combination                                                           .
  *Feb 14 17:51:02.587: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer me                                                           ssage. Event 29, state 4
  *Feb 14 17:51:02.587: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
  *Feb 14 17:51:02.587: %CAPWAP-3-ERRORLOG: Failed to process timer message.
  *Feb 14 17:51:02.671: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led sta                                                           te 255
  Translating "CISCO-CAPWAP-CONTROLLER.ke.batgen.com"...domain server (10.131.228.                                                           50)
  *Feb 14 17:51:04.771: %CAPWAP-3-ERRORLOG: Did not get log server settings from D                                                           HCP.
  *Feb 14 17:51:05.771: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL                                                           LER.ke.batgen.com
  *Feb 14 17:51:16.771: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Feb 14 17:51:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.131.228.17 peer_port:                                5246
  *Feb 14 17:51:17.575: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.131.228.17 peer                               _port: 5246
  *Feb 14 17:51:17.575: %CAPWAP-5-SENDJOIN: sending Join Request to 10.131.228.17

• LAP1142 can not join wlc 2100 !

  I'd WLC 2100 series and 9 access point LAP1142N .
  8 LAP1142N can work fine and join a capwap controller is ok but only one LAP1142  is can not .
  Could you help me to solve it ? Part of LAP  is AIR-LAP1142N-A-K9
  Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
  *Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
  *Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: Dropping discovery in LWAPP. This AP model is not supported by LWAPP WLC.
  *Apr  2 10:52:42.284:  status of voice_diag_test from WLC is false
  *Apr  2 10:52:52.284: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Apr  2 10:52:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.28.21 peer_port: 5246
  *Apr  2 10:52:52.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
  *Apr  2 10:52:52.667: LWAPP_CLIENT_EVENT: lwapp_check_image_good: image is good now
  *Apr  2 10:52:53.107: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.28.21 peer_port: 5246
  *Apr  2 10:52:53.108: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.28.21
  *Apr  2 10:52:53.108: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: ap model AIR-LAP1142N-A-K9  
  *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: ap sw version 12.4(23c)JA
  *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: lwapp_encode_ap_reset_button_payload: reset button state on
  *Apr  2 10:52:53.237: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
  *Apr  2 10:52:53.240: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.28.21
  *Apr  2 10:52:53.240: %DTLS-5-PEER_DISCONNECT: Peer 172.16.28.21 has closed connection.
  *Apr  2 10:52:53.241: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.28.21:5246
  *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 0
  *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 0
  *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 1
  *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 1
  *Apr  2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Apr  2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Apr  2 10:52:53.286: LWAPP_CLIENT_EVENT: spamInitCfgData: Loaded configuration into v2 struct (version 7.0.98.0)

  Actually, 5.2 or later is needed.
  5.0 and 5.1 do not even support 1140 Access point.
  Rating useful replies is more useful than saying "Thank you"

• AP not joining WLC via l3 network DTLS problem

  Dear All,
  i have a problem which is annoying me so bad!
  I have the scenario you can see in the attached file. The problem i have is that during the CAPWAP registration
  the public AP contact as I expect (option 43 dhcp) via the public interface 1.1.1.1 but after it finds the WLC, 
  what goes wrong is the dtls handshake, where the WLC tried to replay with the LAN interface.
  Both interfaces are configured as "Enable Dynamic AP Management" and of course if i disable the flag on that option the public AP starts working.
  Here some logs from the AP:
  %CAPWAP-3-ERRORLOG: Selected MWAR 'mywlc01'(index 0).
  %CAPWAP-3-ERRORLOG: Go join a capwap controller
  %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.10.254:5246 peer_port: 5246
  : DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2208 Max retransmission count reached for Connection 0x853E728!
  %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.10.254:5246
  %CAPWAP-3-ERRORLOG: Selected MWAR 'mywlc01'(index 0).
  %CAPWAP-3-ERRORLOG: Go join a capwap controller
  %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.10.254 peer_port: 5246
  DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2208 Max retransmission count reached for Connection 0x853E728!
  More info the WLC ( 5508 IOS 7.6 ) can reach the AP and it's getaway is the Public If connected to the router.
  The WLC LAN has not been routed inside the public area.
  Thanks

  sh version
  Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Fri 22-Aug-14 11:52 by prod_rel_team
  ROM: Bootstrap program is C3700 boot loader
  BOOTLDR: C3700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB, RELEASE SOFTWARE (fc1)
  AP74a2.e679.29ac uptime is 3 hours, 44 minutes
  System returned to ROM by power-on
  System image file is "flash:/ap3g2-k9w8-mx.152-4.JB6/ap3g2-k9w8-xx.152-4.JB6"
  Last reload reason:
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-CAP3702I-E-K9 (PowerPC) processor (revision A0) with 204790K/57344K bytes of memory.
  Processor board ID FCZ1905U1AY
  PowerPC CPU at 800MHz, revision number 0x2151
  Last reset from power-on
  LWAPP image version 7.6.130.0
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 74:AA:AE:00:11:22
  Part Number                          : 73-15243-01
  PCA Assembly Number                  : 000-00000-00
  PCA Revision Number                  :
  PCB Serial Number                    : xxxxx
  Top Assembly Part Number             : 068-05054-04
  Top Assembly Serial Number           : xxxxxx
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP3702I-E-K9
  Configuration register is 0xF
  #sh ip interface brief
  Interface                  IP-Address      OK? Method Status                Prot
  BVI1                       3.3.3.3  YES DHCP   up                    up
  Dot11Radio0                unassigned      NO  unset  up                    up
  Dot11Radio1                unassigned      NO  unset  up                    up
  GigabitEthernet0           unassigned      NO  unset  up                    up
  GigabitEthernet0.1         unassigned      YES unset  up                    up
  Virtual-WLAN0              unassigned      NO  unset  up                    up
  Virtual-WLAN0.1            unassigned      NO  unset  up                    up
  Virtual-WLAN0.2            unassigned      NO  unset  up                    up
  Virtual-WLAN0.3            unassigned      NO  unset  up                    up
  Virtual-WLAN0.4            unassigned      NO  unset  up                    up
  Virtual-WLAN0.5            unassigned      NO  unset  up                    up
  Virtual-WLAN0.6            unassigned      NO  unset  up                    up
  Virtual-WLAN0.7            unassigned      NO  unset  up                    up
  Virtual-WLAN0.8            unassigned      NO  unset  up                    up
  Virtual-WLAN0.9            unassigned      NO  unset  up                    up
  Virtual-WLAN0.10           unassigned      NO  unset  up                    up
  Virtual-WLAN0.11           unassigned      NO  unset  up                    up
  Virtual-WLAN0.12           unassigned      NO  unset  up                    up
  Virtual-WLAN0.13           unassigned      NO  unset  up                    up
  Virtual-WLAN0.14           unassigned      NO  unset  up                    up
  Virtual-WLAN0.15           unassigned      NO  unset  up                    up
  Virtual-WLAN0.16           unassigned      NO  unset  up                 up

• Do not have "background" layer and "shapes not showing up in my layers.

  I open a new doc. there is no "background" layer, it is Layer 1 and when I make a shape it does not show up in the layers box. Maye reinstall ps?

  Make a Shape how?
  With which Tool and what are the Tool’s settings in the Options Bar?
  Could you please post a screenshot with the Layers Panel visible?