Access Points not joining WLC
Hello All,
I am trying to deploy several AIR-CAP3502E-E-K9 access points from a cisco 5508 wire lan contoller running ver 7 code. However iam having difficulty regiserting the access points with the WLC. The wlc is connect to a 3650 switch, and each access point is connected to a 2960 switch.
Problem Solved. A bad update was not allowing the access points to get their correct firmware.
You need to provide what Leo stated, that would help a lot. Anyways you can't telnet or ssh into a capwap AP if it has not joined the WLC. So that being said, provide the info Leo requested and then console into the ap and provide use with output from the console. Make sure you reboot the AP and then start capturing the output for around 5 minutes.
Sent from Cisco Technical Support iPad App
Similar Messages
-
AIR-CAP3501I access point not joining the Cisco 2100 Wireless Lan controller.
Hello All,
I am installing a new LAP (AIR-CAP3501I ) through the wireless lan controller (AIR-WLC2112-K9) with software version 7.0. I have an external ADSL modem which will act as the DHCP server for the wireless clients and the LAP.
Please find my network setup as below:
The ISP ADSL modem , WLC and LAP are connected to a unmanaged POE switch. The LAP gets its power through the POE switch. When i connect the LAP and the WLC to the switch along with the ADSL modem, the LAPs are getting the ip address from the ADSL modem, however they are not joining the WLC for further process.
ADSL Modem ip address: 192.168.1.254
Management ip address on the LAP: 192.168.1.1 ( Assigned to port 1, untagged Vlan).
Ap Manager ip address: 192.168.1.1 ( Assigned to the same port i.e port1, Untagged Vlan).
The LAP is getting an IP address from the ADSL modem in the range of the DHCP scope.
I will paste the logs very soon.
Please let me know if i am doing anything wrong oe what will be the issue.
Thanks in advance,
Mohammed AmeenHello All,
Please find the logs for "debug capwap event" from the WLC below:
*spamReceiveTask: Sep 26 19:44:59.196: e8:04:62:0a:3f:10 Join Version: = 117465600
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join resp: CAPWAP Maximum Msg element len = 92
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join Response sent to 192.168.1.156:45510
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 CAPWAP State: Join
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
*apfReceiveTask: Sep 26 19:44:59.198: e8:04:62:0a:3f:10 Register LWAPP event for AP e8:04:62:0a:3f:10 slot 0
*spamReceiveTask: Sep 26 19:44:59.341: e8:04:62:0a:d1:20 DTLS connection not found, creating new connection for 192:168:1:158 (45644) 192:168:1:2 (5246)
*spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 DTLS Session established server (192.168.1.2:5246), client (192.168.1.158:45644)
*spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 Starting wait join timer for AP: 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.121: e8:04:62:0a:d1:20 Join Request from 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join Version: = 117465600
*spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join resp: CAPWAP Maximum Msg element len = 92
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 Join Response sent to 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 CAPWAP State: Join
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
*apfReceiveTask: Sep 26 19:45:00.125: e8:04:62:0a:d1:20 Register LWAPP event for AP e8:04:62:0a:d1:20 slot 0
*spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 Configuration Status from 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 CAPWAP State: Configure
*spamReceiveTask: Sep 26 19:45:00.273: Invalid channel 1 spacified for the AP APf866.f2ab.24b6, slotId = 0
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP info for AP e8:04:62:0a:d1:20 -- static 0, 192.168.1.158/255.255.255.0, gtw 192.168.1.254
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP 192.168.1.158 ===> 192.168.1.158 for AP e8:04:62:0a:d1:20
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Setting MTU to 1485
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Finding DTLS connection to delete for AP (192:168:1:158/45644)
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Disconnecting DTLS Capwap-Ctrl session 0xa06d6a4 for AP (192:168:1:158/45644)
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 CAPWAP State: Dtls tear down
*spamReceiveTask: Sep 26 19:45:00.277: spamProcessGlobalPathMtuUpdate: Changing Global LRAD MTU to 576
*spamReceiveTask: Sep 26 19:45:00.277: e8:04:62:0a:d1:20 DTLS connection closed event receivedserver (192:168:1:2/5246) client 192:168:1:158/45644).
The Acess point joins the Controller for 2-3 seconds and then unjoins again. I am not sure what i am doing wrong here. The access points are getting the IPs from the ADSL modem through the switch, then it talks to the WLC, however it does not join the controller for further process.
Note:
The Managemnet interface and the AP manager interface are assigned to the same port 1 with unassigned Vlan as mention above. -
How do i ensure the new access point is joined the controller or not
How do i ensure the new access point is joined the controller or not
To Verifying that Access Points Join the Controller or not there are two ways as below.
Please go through the step by step to find the APs joined state
When replacing a controller, you need to make sure that access points join the new controller.
Using the GUI to Verify that Access Points Join the Controller
Follow these steps to ensure that access points join the new controller.
Step 1 Follow these steps to configure the new controller as a master controller.
a. Click Controller > Advanced > Master Controller Mode to open the Master Controller Configuration page.
b. Check the Master Controller Mode check box.
c. Click Apply to commit your changes.
d. Click Save Configuration to save your changes.
Step 2 (Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network administrator for more information about this step.
Step 3 Restart the access points.
Step 4 Once all the access points have joined the new controller, configure the controller not to be a master controller by unchecking the Master Controller Mode check box on the Master Controller Configuration page.
Using the CLI to Verify that Access Points Join the Controller
Follow these steps to ensure that access points join the new controller.
Step 1 To configure the new controller as a master controller, enter this command:
config network master-base enable
Step 2 (Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network administrator for more information about this step.
Step 3 Restart the access points. -
HELP! Ovi Suite "Packet Data Access Point Not Vali...
So i downloaded Ovi suite to get internet from my phone i have a Nokia 3711 and when i try to connect i get this message on my phone "Packet data access point not valid" what does this mean? and how can i fix it? I have unlimited internet data thing..
I guess you can call up your service provider customer service and ask them to re-send the settings!
-
Access Points not overwritten when restoring a bac...
Hi people,
Seems like the new and still buggy firmware of the E70 has another problem.
Before restoring a backup, if you do not remove the Access Point definitions (only operator Access Points, not Wi-Fi or others), the restore does not overwrite the definitions and makes new copies of the Access Points.
That would be OK if we could remove the extra Access Points but we cannot. When you delete one of the copies, it seems like it is removed but its definition is still somewhere on the phone, so while "Connection Settings" program cannot see it, all programs that use Access Points can see it (but cannot use it because it is a stale record).
Does anyone know where this info is stored so, if I forget to remove them before restoring a backup, I can remove them afterwards?
Kerem Erkan
IT Professional
E70 (2.0618.07.10 - 31.08.06 RM-10)Welcome to the many problems of the LAPAC1750. I finally gave up and went with Ubnt. Uptime is at 75 days now and would've been longer if not for a firmware update.
The LAPAC had good range and worked well when it worked, but it's unstable to be marketed right now. Hopefully Linksys issues a firmware update to fix everything. -
3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN
Hi Guys,
This is a follow up post to this thread: https://supportforums.cisco.com/discussion/12400481/3702i-not-joint-2504
Have been playing around with my AP's and made sure the time is correct on all the devices ( WLC and Switch). I have also moved the AP's to the same Vlan as the management IP of the WLC.
if I move the AP's to the same Vlan as the WLC they join and are happy, as soon as I move them to a different Vlan they cant join and there time goes back to the default plus they do not seem to save the WLC details to flash but still remember the test names I give them.
it appears that option 43 is working fine as I can see it look for the WLC IP and I have done some trouble shooting on the WLC and it looks like it see's the AP but doesn't except it.
please see below for the boot up of the AP and the WLC logs:
AP
IIOS Bootloader - Starting system.
*** deleted for breverity *****
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Montserrat Board
*** deleted for breverity *****
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
executing...
*** deleted for breverity *****
cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FGL1838X4T1
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F4:4E:05:B7:1E:84
Part Number : 73-15243-01
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18343WPR
Top Assembly Part Number : 068-05054-03
Top Assembly Serial Number : FGL1838X4T1
Top Revision Number : A0
Product/Model Number : AIR-CAP3702I-Z-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:19.755: Registering HW DTLS
*Mar 1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is 2500
*Mar 1 00:00:19.815: APAVC: WlanPAKs 42878 RadioPaks 42270
*Mar 1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
*Mar 1 00:00:26.167: record size of 3ss: 1168 read_ptr: 4F9698E
*Mar 1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
*Mar 1 00:00:31.251: record size of vht: 2904 read_ptr: 4F9698E
*Mar 1 00:00:31.407: Wait until the stile protocol list is initialized.
*Mar 1 00:00:32.651: Start STILE Activation
*Mar 1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:35.447: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
*Mar 1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
*Mar 1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar 1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Mar 1 00:00:50.431: DPAA Initialization Complete
*Mar 1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar 1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:00:53.867: Currently running a Release Image
*Mar 1 00:00:54.287: Incorrect certificate in SHA2 PB !
*Mar 1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
*Mar 1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
*Mar 1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
*Mar 1 00:01:02.707: APAVC: Registering with CFT
*Mar 1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
*Mar 1 00:01:02.707: APAVC: Reattaching Original Buffer pool for system use
*Mar 1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:01:10.103: AP image integrity check PASSED
*Mar 1 00:01:10.187: Incorrect certificate in SHA2 PB !
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
*Mar 1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
*Mar 1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Not in Bound state.
*Mar 1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
Not in Bound state.
*Mar 1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
WLC:
isco Controller) >show time
Time............................................. Tue Jan 27 17:44:47 2015
Timezone delta................................... 0:0
Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
1 0 150.101.176.226 AUTH DISABLED
(Cisco Controller) >show ap join stats summary
Incorrect input! Use 'show ap join stats summary [all/<ap-mac>]'
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 2
Base Mac AP EthernetMac AP Name IP Address Status
f4:4e:05:aa:a6:a0 f4:4e:05:94:c3:98 APf44e.0594.c398 10.1.1.22 Joined
f4:4e:05:b6:ce:f0 N A Test_1 10.1.20.7 Not Joined
(Cisco Controller) >show ap join stats detailed f4:4e:05:b6:ce:f0
Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable
Discovery phase statistics
- Discovery requests received.............................. 45
- Successful discovery responses sent...................... 21
- Unsuccessful discovery request processing................ 24
- Reason for last unsuccessful discovery attempt........... Layer 3 discovery request not received on management VLAN
- Time at last successful discovery attempt................ Jan 27 17:45:49.705
- Time at last unsuccessful discovery attempt.............. Jan 27 17:45:49.705
Join phase statistics
- Join requests received................................... 0
- Successful join responses sent........................... 0
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Not applicable
- Time at last unsuccessful join attempt................... Not applicable
Configuration phase statistics
--More-- or (q)uit
- Configuration requests received.......................... 0
- Successful configuration responses sent.................. 0
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Not applicable
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Not applicable
- Last AP disconnect reason................................ Not applicable
Last join error summary
- Type of error that occurred last......................... Lwapp discovery request rejected
- Reason for error that occurred last...................... Layer 3 discovery request not received on management VLAN
- Time at which the last join error occurred............... Jan 27 17:45:49.705
AP disconnect details
- Reason for last AP connection failure.................... Not applicable
Ethernet Mac : 00:00:00:00:00:00 Ip Address : 10.1.20.7
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 4
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
ap LAG 20 10.1.20.231 Dynamic No No
guest LAG 30 10.1.30.231 Dynamic No No
management LAG 10 10.1.1.231 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
SWITCH
witch#show run
Building configuration...
*** deleted for breverity *****
no aaa new-model
clock timezone AWST 8
system mtu routing 1500
ip routing
ip dhcp pool WAP_Pool
network 10.1.20.0 255.255.255.0
default-router 10.1.20.1
option 43 hex f104.0a01.01e7
ip dhcp pool Clients
network 10.1.30.0 255.255.255.0
default-router 10.1.30.1
dns-server 203.0.178.191
ip dhcp pool test
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
crypto pki trustpoint TP-self-signed-4082587776
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4082587776
revocation-check none
rsakeypair TP-self-signed-4082587776
*** deleted for breverity *****
*** deleted for breverity ***** !
interface FastEthernet0/3
description *** WLC ****
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/4
description **** AP *****
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/5
description **** AP ****
switchport access vlan 20
switchport mode access
spanning-tree portfast
interface FastEthernet0/6
i*** deleted for breverity ***** !
interface Vlan10
description *** Managment ***
ip address 10.1.1.230 255.255.255.0
interface Vlan20
description *** WIRELESS APS ***
ip address 10.1.20.1 255.255.255.0
interface Vlan30
ip address 10.1.30.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip http server
ip http secure-server
ip sla enable reaction-alerts
l*** deleted for breverity *****
ntp clock-period 36028827
ntp source FastEthernet0/1
ntp server 121.0.0.42
ntp server 202.127.210.37
end
I have also placed a Device in Vlan 20 and it is able to ping the WLC and the WLC can ping it s routing is working.
ThanksHey Scott,
I gave that a shot and still no luck, log's from AP boot up:
IIOS Bootloader - Starting system.
flash is writable
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 67 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 20894208
flashfs[0]: Bytes available: 20264448
flashfs[0]: flashfs fsck took 20 seconds.
Base Ethernet MAC address: f4:4e:05:b7:1e:84
Ethernet speed is 100 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Montserrat Board
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 67 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 20894208
flashfs[0]: Bytes available: 20264448
flashfs[0]: flashfs fsck took 21 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 1 seconds.
Base Ethernet MAC address: f4:4e:05:b7:1e:84
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
Montserrat Board
40MB format
Tide XL MB - 40MB of flash
Initializing flashfs...
flashfs[2]: 67 files, 9 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 40900608
flashfs[2]: Bytes used: 20894208
flashfs[2]: Bytes available: 20006400
flashfs[2]: flashfs fsck took 14 seconds.
flashfs[2]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCCC
Copy in progress...CCCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Radio0 present 8764 8000 0 A8000000 A8010000 0
Rate table has 650 entries (20 legacy/224 11n/406 11ac)
POWER TABLE FILENAME = ram:/Q2.bin
Radio1 present 8864 8000 0 80000000 80100000 4
POWER TABLE FILENAME = ram:/Q5.bin
Radio2 not present 0 0 0 0 0 8
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FGL1838X4T1
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F4:4E:05:B7:1E:84
Part Number : 73-15243-01
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18343WPR
Top Assembly Part Number : 068-05054-03
Top Assembly Serial Number : FGL1838X4T1
Top Revision Number : A0
Product/Model Number : AIR-CAP3702I-Z-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:19.755: Registering HW DTLS
*Mar 1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is 2500
*Mar 1 00:00:19.815: APAVC: WlanPAKs 42878 RadioPaks 42270
*Mar 1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
*Mar 1 00:00:26.167: record size of 3ss: 1168 read_ptr: 4F9698E
*Mar 1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
*Mar 1 00:00:31.251: record size of vht: 2904 read_ptr: 4F9698E
*Mar 1 00:00:31.407: Wait until the stile protocol list is initialized.
*Mar 1 00:00:32.651: Start STILE Activation
*Mar 1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:35.447: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
*Mar 1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
*Mar 1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar 1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Mar 1 00:00:50.431: DPAA Initialization Complete
*Mar 1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar 1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:00:53.867: Currently running a Release Image
*Mar 1 00:00:54.287: Incorrect certificate in SHA2 PB !
*Mar 1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
*Mar 1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
*Mar 1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
*Mar 1 00:01:02.707: APAVC: Registering with CFT
*Mar 1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
*Mar 1 00:01:02.707: APAVC: Reattaching Original Buffer pool for system use
*Mar 1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:01:10.103: AP image integrity check PASSED
*Mar 1 00:01:10.187: Incorrect certificate in SHA2 PB !
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
*Mar 1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
*Mar 1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Mar 1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Not in Bound state.
*Mar 1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
Not in Bound state.
*Mar 1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Mar 1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP -
Hi all
my customer has a 2504 WLC, and has problems to join APs (There are no aps joined to the controller at this moment).
What are the Bold lines tell me?
in the debug I see the following:
*spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
*spamApTask0: Oct 10 09:20:06.019: apModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.020: apType = 38 apModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.020: Unknown AP type. Using Controller Version!!!
*spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
*spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
*spamApTask0: Oct 10 09:20:06.021: apModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.021: apType = 38 apModel: AIR-CAP3702I-N-K9
*spamApTask0: Oct 10 09:20:06.021: Unknown AP type. Using Controller Version!!!
*spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
*spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:16.031: 58:f3:9c:7a:22:30 DTLS connection not found, creating new connection for 10:37:24:116 (41508) 10)
*spamApTask0: Oct 10 09:20:16.498: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
*spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Allocated index from main list, Index: 55
*spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Using CipherSuite AES128-SHA
*spamApTask0: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS keys for Control Plane are plumbed successfully for AP 10.37.24.116. Inde6
*spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS Session established server (10.37.24.11:5246), client (10.37.24.116:41508)
*spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 Starting wait join timer for AP: 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:78:d1:10 Join Request from 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:7a:22:30 Deleting AP entry 10.37.24.116:41508 from temporary database.
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 spamProcessJoinRequest : RAP, Check MAC filter
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 In AAA state 'Idle' for AP 58:f3:9c:78:d1:10
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Mesh AP username 58f39c7a2230.
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 Join Request failed!
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 State machine handler: Failed to process msg type = 3 state = 0 from 10.37.248
*spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Failed to parse CAPWAP packet from 10.37.24.116:41508
*spamApTask0: Oct 10 09:20:16.519: XóxÑ
*spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Finding DTLS connection to delete for AP (10:37:24:116/41508)
*spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Disconnecting DTLS Capwap-Ctrl session 0x179437d8 for AP (10:37:24:116/41508)
*spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 CAPWAP State: Dtls tear down
*spamApTask0: Oct 10 09:20:16.520: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
*spamApTask0: Oct 10 09:20:16.520: 58:f3:9c:78:d1:10 DTLS keys for Control Plane deleted successfully for AP 10.37.24.116
*spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10 DTLS connection closed event receivedserver (10.37.24.11/5246) client (10.37.2)
*spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10Hi all, the AP was in Mesh (Bridge) mode and could not connect to the controller
Ok, how to find out that a AP is in bridge mode, without a join (No Access to the AP).
go to monitor > statistics > AP Join
you will see the AP here that tries to connect (clear the list before)
if the ethernet MAC Address is the same as the Base radio MAC, than the AP is in bridge mode.
normally ( in local mode) the Ethernet MAC Address reflects the APname
To allow the AP to join, add in the Authorization list the APName mac Address!
See: http://supertekboy.com/2014/01/13/cisco-lightweight-access-point-will-not-join-to-a-wireless-lan-controller/
The case is solved now. -
Hello
I am running WLC4404 image 6.0 the latest one. the AP is not joining the controller and it is saying invalid license in configuration request.
This is a boot of one of the access point:
Dec 11 11:05:59.025: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 11 11:05:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
*Dec 11 11:05:59.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 11 11:06:02.862: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
*Dec 11 11:06:02.863: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
*Dec 11 11:06:02.863: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 11 11:06:03.619: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
*Dec 11 11:06:03.764: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
*Dec 11 11:06:03.764: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
*Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 11 11:06:13.824: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 11 11:06:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
*Dec 11 11:06:14.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 11 11:06:18.644: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
*Dec 11 11:06:18.644: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
*Dec 11 11:06:18.644: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 11 11:06:19.587: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Dec 11 11:06:19.722: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
*Dec 11 11:06:19.722: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
*Dec 11 11:06:19.722: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
*Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
Any advise,
ElieHi Elie,
As it looks like the AP is closing the DTLS connection:
~
*Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
~
I would also suggest to connect to the AP through the serial console and collect the output there during the boot/join process.
In regard to the the WLC debugs I would also add the "debug pm pki enable", so to further troubleshoot certificate related issues.
I hope this helps.
Regards,
Federico -
LAP1142 can not join wlc 2100 !
I'd WLC 2100 series and 9 access point LAP1142N .
8 LAP1142N can work fine and join a capwap controller is ok but only one LAP1142 is can not .
Could you help me to solve it ? Part of LAP is AIR-LAP1142N-A-K9
Apr 2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway - gateway found
*Apr 2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway - gateway found
*Apr 2 10:52:42.284: LWAPP_CLIENT_EVENT: Dropping discovery in LWAPP. This AP model is not supported by LWAPP WLC.
*Apr 2 10:52:42.284: status of voice_diag_test from WLC is false
*Apr 2 10:52:52.284: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Apr 2 10:52:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.28.21 peer_port: 5246
*Apr 2 10:52:52.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 2 10:52:52.667: LWAPP_CLIENT_EVENT: lwapp_check_image_good: image is good now
*Apr 2 10:52:53.107: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.28.21 peer_port: 5246
*Apr 2 10:52:53.108: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.28.21
*Apr 2 10:52:53.108: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 2 10:52:53.198: LWAPP_CLIENT_EVENT: ap model AIR-LAP1142N-A-K9
*Apr 2 10:52:53.198: LWAPP_CLIENT_EVENT: ap sw version 12.4(23c)JA
*Apr 2 10:52:53.198: LWAPP_CLIENT_EVENT: lwapp_encode_ap_reset_button_payload: reset button state on
*Apr 2 10:52:53.237: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 2 10:52:53.240: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.28.21
*Apr 2 10:52:53.240: %DTLS-5-PEER_DISCONNECT: Peer 172.16.28.21 has closed connection.
*Apr 2 10:52:53.241: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.28.21:5246
*Apr 2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 0
*Apr 2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 0
*Apr 2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 1
*Apr 2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 1
*Apr 2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 2 10:52:53.286: LWAPP_CLIENT_EVENT: spamInitCfgData: Loaded configuration into v2 struct (version 7.0.98.0)Actually, 5.2 or later is needed.
5.0 and 5.1 do not even support 1140 Access point.
Rating useful replies is more useful than saying "Thank you" -
Access point not online on controller
Hi,
I have been trying to get a 1262AP registered to wireless lan controller.
The core switch has three 2 vlans in it, management which is vlan 41 and AP interaction vlan which is vlan 51.
Controller also has both these vlans.
Vlan 41 - 192.168.40.x/23 ( management vlan)
Vlan 61 - 192.168.61.x/24 (AP vlan)
WLC management interface IP is 192.168.40.18
WLC AP interface IP is 192.168.6.241
Now , during the initial steps, the access points are attached to the switchports on vlan41, wherein they get the dhcp ip from the temporary pool created on the controller and get registered.
But, these access points in actual environment needs to be on static ip address. When it's ip is changed to a static IP address from the controller , it fails to register to the controller. the switchport is put on vlan6 as access port , after static ip is assigned to the access point.
The error i receive is ;
%CAPWAP-3-EVENTLOG: Could not resolve gateway. Not sending discovery request to 0.0.0.0, type 1
the core switch we are using in this new setup is a 2960 with a lanbase image. I realised the switch is not routing enabled. it doesn't accept the command "ip routing". Will this be creating a problem for the access points?
From the switch , the controller management and AP vlan IP address can be pinged. similarly, from the controller, AP and management vlan interface ip address of the switch can be pinged.
Please help.Did you get it to work? The thing you have to understand is how the AP is able to join the WLC and the process the AP goes through to try to join. Here is a document that will help you understand the process and the various ways an AP can join or find the WLC. The easiest almost fool proof way is to place the ap in the same subnet as the management of the WLC. If the AP joins, then the AP will know of the ip of that WLC it joined or any in the mobility group if defined. Take a look at the doc as it explains it better than I can:)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller
Hi,
I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller. I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue? Can this LAN controller version will support this access point?
My Lan Controller Management IP Address is 10.10.10.5
Please find the below configuration of 1300 access point.
AP001d.4513.dd68#reload
Proceed with reload? [confirm]
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
%LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
flashfs[0]: 4 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 7741440
flashfs[0]: Bytes used: 2052608
flashfs[0]: Bytes available: 5688832
flashfs[0]: flashfs fsck took 14 seconds.
Base ethernet MAC Address: 00:1d:45:13:dd:68
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Unable to get our ip address: no "IP_ADDR" variable set
The system has been encountered and error initializing
tftp file system. The system is ignoring the error and
continuing boot. If you interrupt the system boot process,
the following commands will set IP_ADDR, DEFAULT_ROUTER
and NETMASK environment variables, initializing tftp file
system, and finish loading the operating system software:
set IP_ADDR
set DEFAULT_ROUTER
set NETMASK
tftp_init
boot
Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 19-Mar-08 19:09 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x003BE9E0
Initializing flashfs...
flashfs[1]: 4 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7741440
flashfs[1]: Bytes used: 2052608
flashfs[1]: Bytes available: 5688832
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1310G-E-K9R (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FHK1133E002
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from reload
LWAPP image version 3.0.51.0
1 FastEthernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1D:45:13:DD:68
Part Number : 73-8960-09
PCA Assembly Number : 800-24963-06
PCA Revision Number : A0
PCB Serial Number : FOC113000V7
Top Assembly Part Number : 800-28479-05
Top Assembly Serial Number : FHK1133E002
Top Revision Number : B0
Product/Model Number : AIR-LAP1310G-E-K9R
The name for the keys will be: ap.cisco.com
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
ip ssh version 2
^
% Invalid input detected at '^' marker.
transport input ssh
^
% Invalid input detected at '^' marker.
aaa new-model
^
% Invalid input detected at '^' marker.
aaa authentication login default enable local none
^
% Invalid input detected at '^' marker.
o
^
% Invalid input detected at '^' marker.
Press RETURN to get started!
*Mar 1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:07.817: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 19-Mar-08 19:09 by prod_rel_team
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
transport input ssh
^
% Invalid input detected at '^' marker.
*Mar 1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
*Mar 1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
*Mar 1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
logging origin-id string AP:001d.4513.dd68
^
% Invalid input detected at '^' marker.
logging 255.255.255.255
^
% Invalid input detected at '^' marker.
logging trap 3
^
% Invalid input detected at '^' marker.
*Mar 1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
AP001d.4513.dd68>
%LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
%LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
%LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
AP001d.4513.dd68>Your debug is very telling ..
AP001d.4513.dd68>
%LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
%DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
%LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
%LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
AP001d.4513.dd68>
What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
This will point the ap to your controller
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection." -
Hi guys,
I am in the process of configuring a WLC and got stuck due to APs are not joining the WLC.
I have configure DHCP server on the Gateway router and the WLC management interface is pointing to the Gateway as DHCP Server.
I have multiple Dynamic interfaces configured on the WLC and Interface group has been configured and mapped to Management Interface.
For each WLAN, a separate DHCP pool has been created on the router.
LAG has been configured and working fine. Connectivity works fine in the network and I can ping all devices and vlans from WLC.
Now, the APs are not joining the WLC. The error I am getting
" 44:03:a7:f1:b4:40 Received a Discovery Request from 44:03:A7:F1:B4:40 via IP broadcast address but the source IP address (10.xx.xx.xx) is not in any of the configured subnets. Dropping it "
Some one help me troubleshooting this issue with DHCP IP Assignment.
Thanks,
CJIf you are using Broadcast method to discover WLC to AP then you need to ensure following is correctly configured.
1. Unders the switch SVI defined for AP-management (10.38.11.x) you have to configure "ip helper-address "
2. In switch global config "ip forward-protocol udp 5246"
Refer this for more detail
http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
There are other methods available as well (static, DNS, DHCP option 43) for the WLC discovery purpose. To verify there is no configuration issues at WLC end, you can simply configure the WLC details on AP statically & check wether AP get register to WLC. To do this you can enter following CLI commands on AP console priviledge mode.
debug capwap console cli
capwap ap ip address 10.38.11.x 255.255.255.x
capwap ap ip default-gateway 10.38.11.y
capwap ap controller ip address
In this way your AP should get registered to WLC (if no config issue at WLC end). Refer this for more detail
http://mrncciew.com/2013/03/17/ap-registration/
If you have so many APs, then as Steve pointed configuring DHCP-Option 43 would be a good option
Regards
Rasika
**** Pls rate all useful responses **** -
AP not joining WLC b/c of DHCP.
This is the first time that I've dealt with a WLC, so I'm trying to do a real simple setup. I have a WLC 2106 and a few LAP 1141N's. I'm trying to set them up on a single VLAN, no RADIUS server, and I want my router to handle DHCP (not the WLC). Here's the info I setup the WLC with:
Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup
System Name [Cisco_94:40:40]: WLC
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): *****
Management Interface IP Address: 192.168.3.5
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.3.1
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1 to 4]: 1
Management Interface DHCP Server IP Address: 192.168.3.1
AP Manager Interface IP Address: 192.168.3.6
AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (192.168.3.1):
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: GroupRF
Network Name (SSID): Test
Allow Static IP Addresses [YES][no]: yes
Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.
Enter Country Code (enter 'help' for a list of countries) [US]: US
Enable 802.11b Network [YES][no]: Yes
Enable 802.11a Network [YES][no]: no
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
Configuration saved!
Resetting system with new configuration...
When I login to the web interface of the WLC (https://192.168.3.5) it doesn't show any AP's as joining even though I have one plugged in to the WLC. I console'd into the AP and this is the error that keeps on repeating:
*Mar 1 00:51:45.962: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Am I missing something? I already checked the WLC, and the date/time is setup correctly. And I know my router (at 192.168.3.1) is handing out DHCP. Everything is on the same subnet so I don't understand why I'm having such a hard time with this. I've tried my hardest searching online but haven't found anything. Any help would REALLY be appreciated. Thank you very much.
P.S. If you have any other questions please feel free to ask.The answer is that LWAPP / CAPWAP APs need to be connected to an access port on a swtich (configured with the proper VLAN) as they do nothing more than pass the traffic to the WLC through the LWAPP / CAPWAP tunnel. The WLC ethernet ports are configured as trunks and can not be change. This is because the WLC is where all the VLAN tagging takes place.
Hope that helps,
Scott
Please rate this post if you found it helpful. -
Access point connection to WLC
Hi all,
I wanted to know that in Cisco wireless or in general, is it possible to connect lightweigt access point with controller without any wired connection ? or a ethernet connection between an AP and WLC is mandatory ???What can't you find?
Reference to the Wireless LAN Controller not having a Wireless NIC? The documents won't list everything the product doesn't come with, it lists what it does come with.
This guide is helpful:
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED.pdf
It doesn't state that the Access Points can communicate with the WLC Wirelessly because they can't. -
CISCO Aironet access point - not able to connect by user.
Hi,
I have CISCO Aironet access point C1130 in my network , but not able to connect by users, I can see below logs from access point. please help on this.
Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:20.544: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:20.544: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:24.832: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:24.832: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:29.741: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000
Jun 13 17:50:29.741: RADIUS: Fail-over denied to (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:29.741: RADIUS: No response from (20.33.100.11:1645,1646) for id 1645/247
Jun 13 17:50:29.741: RADIUS/DECODE: No response from radius-server; parse response; FAIL
Jun 13 17:50:29.741: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
Jun 13 17:50:29.741: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAILOVER_RETRY
Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response
Jun 13 17:50:29.742: Client 5864.6c67.3718 failed: EAP reason 0
Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: Failed client 5894.6b37.3518 with aaa_req_status_detail 0
Jun 13 17:50:29.742: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 5894.6b37.3518
Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 5894.6b37.3518
Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds
Jun 13 17:50:29.743: dot11_auth_dot1x_send_client_fail: Authentication failed for 5894.6b37.3518
Jun 13 17:50:29.743: %DOT11-7-AUTH_FAILED: Station 5894.6b37.3518 Authentication failed
Regards,Hi Niham,
You can try few things to troubleshoot this -
1. check the reachability of Radius server from your wlc (ping).
2. verify the IP address of Raduis server configured on wlc.
3. wlc in the Radius server ?
4. Shared Secret must be same on wlc and in raduis server.
Plz do not forget to rate useful post.
Thanks
Maybe you are looking for
-
MOVED: K8T Neo On-board SATA not working
This topic has been moved to AMD64 ATI/SiS/VIA boards. https://forum-en.msi.com/index.php?topic=142488.0
-
Netcfg + wpa enterprise help
Here is what I have / the troubleshooting I have done: [phil@pwned ~]$ cd /etc/network.d/ [phil@pwned network.d]$ cat uw-secure CONNECTION="wireless" DESCRIPTION="secure uw" INTERFACE=wlan0 IP=dhcp ESSID="uw-secure" TIMEOUT=30 SECURITY=wpa-config SCA
-
I have old bal of 20 USD in Oct. if I use reset function, besides choose "bal sheet prepa valuation", do I also need to choose "create postings", posting date to be 31.Oct.2009, reversal date to be 1.Nov.2009 and reversal posting in postings tab? bef
-
Error when calling BPEL process from web service client
I have created three projects here ,there're no problem when testing Composite Application(SynchronousSampleApplication) by test case inside this project. When I create a Java Application(SynchronousSampleApp),inside this project I've created a web s
-
Fidelity told me to upgrade browser. I installed safari 7 only to find out my macbook pro doesn't support it. How do I uninstall?