Access Points not joining WLC

Hello All,
I am trying to deploy several AIR-CAP3502E-E-K9 access points from a cisco 5508 wire lan contoller running ver 7 code. However iam having difficulty regiserting the access points with the WLC. The wlc is connect to a 3650 switch, and each access point is connected to a 2960 switch.
Problem Solved. A bad update was not allowing the access points to get their correct firmware.

You need to provide what Leo stated, that would help a lot. Anyways you can't telnet or ssh into a capwap AP if it has not joined the WLC. So that being said, provide the info Leo requested and then console into the ap and provide use with output from the console. Make sure you reboot the AP and then start capturing the output for around 5 minutes.
Sent from Cisco Technical Support iPad App

Similar Messages

  • AIR-CAP3501I access point not joining the Cisco 2100 Wireless Lan controller.

    Hello All,
    I am installing a new LAP (AIR-CAP3501I ) through the wireless lan controller (AIR-WLC2112-K9) with software version 7.0. I have an external ADSL modem which will act as the DHCP server for the wireless clients and the LAP.
    Please find my network setup as below:
    The ISP ADSL modem , WLC and LAP are connected to a unmanaged POE switch. The LAP gets its power through the POE switch. When i connect the LAP and the WLC to the switch along with the ADSL modem, the LAPs are getting the ip address from the ADSL modem, however they are not joining the WLC for further process.
    ADSL Modem ip address: 192.168.1.254
    Management ip address on the LAP: 192.168.1.1 ( Assigned to port 1, untagged Vlan).
    Ap Manager ip address: 192.168.1.1 ( Assigned to the same port i.e port1, Untagged Vlan).
    The LAP is getting an IP address from the ADSL modem in the range of the DHCP scope.
    I will paste the logs very soon.
    Please let me know if i am doing anything wrong oe what will be the issue.
    Thanks in advance,
    Mohammed Ameen

    Hello All,
    Please find the logs for  "debug capwap event" from the WLC below:
    *spamReceiveTask: Sep 26 19:44:59.196: e8:04:62:0a:3f:10 Join Version: = 117465600
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join resp: CAPWAP Maximum Msg element len = 92
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join Response sent to 192.168.1.156:45510
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 CAPWAP State: Join
    *spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
    *apfReceiveTask: Sep 26 19:44:59.198: e8:04:62:0a:3f:10 Register LWAPP event for AP e8:04:62:0a:3f:10 slot 0
    *spamReceiveTask: Sep 26 19:44:59.341: e8:04:62:0a:d1:20 DTLS connection not found, creating new connection for 192:168:1:158 (45644) 192:168:1:2 (5246)
    *spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 DTLS Session established server (192.168.1.2:5246), client (192.168.1.158:45644)
    *spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 Starting wait join timer for AP: 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.121: e8:04:62:0a:d1:20 Join Request from 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join Version: = 117465600
    *spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join resp: CAPWAP Maximum Msg element len = 92
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 Join Response sent to 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 CAPWAP State: Join
    *spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
    *apfReceiveTask: Sep 26 19:45:00.125: e8:04:62:0a:d1:20 Register LWAPP event for AP e8:04:62:0a:d1:20 slot 0
    *spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 Configuration Status from 192.168.1.158:45644
    *spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 CAPWAP State: Configure
    *spamReceiveTask: Sep 26 19:45:00.273: Invalid channel 1 spacified for the AP APf866.f2ab.24b6, slotId = 0
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP info for AP e8:04:62:0a:d1:20 -- static 0, 192.168.1.158/255.255.255.0, gtw 192.168.1.254
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP 192.168.1.158 ===> 192.168.1.158 for AP e8:04:62:0a:d1:20
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Setting MTU to 1485
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Finding DTLS connection to delete for AP (192:168:1:158/45644)
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Disconnecting DTLS Capwap-Ctrl session 0xa06d6a4 for AP (192:168:1:158/45644)
    *spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 CAPWAP State: Dtls tear down
    *spamReceiveTask: Sep 26 19:45:00.277: spamProcessGlobalPathMtuUpdate: Changing Global LRAD MTU to 576
    *spamReceiveTask: Sep 26 19:45:00.277: e8:04:62:0a:d1:20 DTLS connection closed event receivedserver (192:168:1:2/5246) client 192:168:1:158/45644).
    The Acess point joins the Controller for 2-3 seconds and then unjoins again. I am not sure what i am doing wrong here. The access points are getting the IPs from the ADSL modem through the switch, then it talks to the WLC, however it does not join the controller for further process.
    Note:
    The Managemnet interface and the AP manager interface are assigned to the same port 1 with unassigned Vlan as mention above.

  • How do i ensure the new access point is joined the controller or not

    How do i ensure the new access point is joined the controller or not

    To Verifying that Access Points Join the Controller or not there are two ways as below.
    Please go through the step by step to find the APs joined state
    When replacing a controller, you need to make sure that access points join the new controller.
    Using the GUI to Verify that Access Points Join the Controller
    Follow these steps to ensure that access points join the new controller.
    Step 1 Follow these steps to configure the new controller as a master controller.
    a. Click Controller > Advanced > Master Controller Mode to open the Master Controller Configuration page.
    b. Check the Master Controller Mode check box.
    c. Click Apply to commit your changes.
    d. Click Save Configuration to save your changes.
    Step 2 (Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network administrator for more information about this step.
    Step 3 Restart the access points.
    Step 4 Once all the access points have joined the new controller, configure the controller not to be a master controller by unchecking the Master Controller Mode check box on the Master Controller Configuration page.
    Using the CLI to Verify that Access Points Join the Controller
    Follow these steps to ensure that access points join the new controller.
    Step 1 To configure the new controller as a master controller, enter this command:
    config network master-base enable
    Step 2 (Optional) Flush the ARP and MAC address tables within the network infrastructure. Ask your network administrator for more information about this step.
    Step 3 Restart the access points.

  • HELP! Ovi Suite "Packet Data Access Point Not Vali...

    So i downloaded Ovi suite to get internet from my phone i have a Nokia 3711 and when i try to connect i get this message on my phone "Packet data access point not valid" what does this mean? and how can i fix it? I have unlimited internet data thing..

    I guess you can call up your service provider customer service and ask them to re-send the settings!

  • Access Points not overwritten when restoring a bac...

    Hi people,
    Seems like the new and still buggy firmware of the E70 has another problem.
    Before restoring a backup, if you do not remove the Access Point definitions (only operator Access Points, not Wi-Fi or others), the restore does not overwrite the definitions and makes new copies of the Access Points.
    That would be OK if we could remove the extra Access Points but we cannot. When you delete one of the copies, it seems like it is removed but its definition is still somewhere on the phone, so while "Connection Settings" program cannot see it, all programs that use Access Points can see it (but cannot use it because it is a stale record).
    Does anyone know where this info is stored so, if I forget to remove them before restoring a backup, I can remove them afterwards?
    Kerem Erkan
    IT Professional
    E70 (2.0618.07.10 - 31.08.06 RM-10)

    Welcome to the many problems of the LAPAC1750. I finally gave up and went with Ubnt. Uptime is at 75 days now and would've been longer if not for a firmware update.
    The LAPAC had good range and worked well when it worked, but it's unstable to be marketed right now. Hopefully Linksys issues a firmware update to fix everything.

  • 3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN

    Hi Guys, 
    This is a follow up post to this thread: https://supportforums.cisco.com/discussion/12400481/3702i-not-joint-2504
    Have been playing around with my AP's and made sure the time is correct on all the devices ( WLC and Switch). I have also moved the AP's to the same Vlan as the management IP of the WLC. 
    if I move the AP's to the same Vlan as the WLC they join and are happy, as soon as I move them to a different Vlan they cant join and there time goes back to the default plus they do not seem to save the WLC details to flash but still remember the test names I give them.
    it appears that option 43 is working fine as I can see it look for the WLC IP and I have done some trouble shooting on the WLC and it looks like it see's the AP but doesn't except it.
    please see below for the boot up of the AP and the WLC logs: 
    AP 
    IIOS Bootloader - Starting system.
    *** deleted for breverity ***** 
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
    executing...
    Secondary Bootloader - Starting system.
    Montserrat Board
    *** deleted for breverity ***** 
    Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
    executing...
                  *** deleted for breverity ***** 
    cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
    Processor board ID FGL1838X4T1
    PowerPC CPU at 800Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 8.0.110.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: F4:4E:05:B7:1E:84
    Part Number                          : 73-15243-01
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC18343WPR
    Top Assembly Part Number             : 068-05054-03
    Top Assembly Serial Number           : FGL1838X4T1
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP3702I-Z-K9
    % Please define a domain-name first.
    Press RETURN to get started!
    *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
    *Mar  1 00:00:19.755: Registering HW DTLS
    *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
    *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
    *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
    *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
    *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
    *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
    *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
    *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
    *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
    *Mar  1 00:00:32.651: Start STILE Activation
    *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
    *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
    *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
    *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
    *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
    *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
    *Mar  1 00:00:50.431: DPAA Initialization Complete
    *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
    *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
    *Mar  1 00:00:53.867: Currently running a Release Image
    *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
    *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
    *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
    *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
    *Mar  1 00:01:02.707: APAVC: Registering with CFT
    *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
    *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
    *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
    %Default route without gateway, if not a point-to-point interface, may impact performance
    *Mar  1 00:01:10.103: AP image integrity check PASSED
    *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
    *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    Not in Bound state.
    *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    Not in Bound state.
    *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    WLC: 
    isco Controller) >show time
    Time............................................. Tue Jan 27 17:44:47 2015
    Timezone delta................................... 0:0
    Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
    NTP Servers
        NTP Polling Interval.........................     3600
         Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
           1              0                             150.101.176.226       AUTH DISABLED
    (Cisco Controller) >show ap join stats summary  
    Incorrect input! Use 'show ap join stats summary [all/<ap-mac>]'
    (Cisco Controller) >show ap join stats summary all 
    Number of APs.............................................. 2 
    Base Mac             AP EthernetMac       AP Name                 IP Address         Status
    f4:4e:05:aa:a6:a0    f4:4e:05:94:c3:98    APf44e.0594.c398        10.1.1.22          Joined    
    f4:4e:05:b6:ce:f0    N A                  Test_1                  10.1.20.7          Not Joined
    (Cisco Controller) >show ap join stats detailed f4:4e:05:b6:ce:f0
    Sync phase statistics
    - Time at sync request received............................ Not applicable
    - Time at sync completed................................... Not applicable
    Discovery phase statistics
    - Discovery requests received.............................. 45
    - Successful discovery responses sent...................... 21
    - Unsuccessful discovery request processing................ 24
    - Reason for last unsuccessful discovery attempt........... Layer 3 discovery request not received on management VLAN
    - Time at last successful discovery attempt................ Jan 27 17:45:49.705
    - Time at last unsuccessful discovery attempt.............. Jan 27 17:45:49.705
    Join phase statistics
    - Join requests received................................... 0
    - Successful join responses sent........................... 0
    - Unsuccessful join request processing..................... 0
    - Reason for last unsuccessful join attempt................ Not applicable
    - Time at last successful join attempt..................... Not applicable
    - Time at last unsuccessful join attempt................... Not applicable
    Configuration phase statistics
    --More-- or (q)uit
    - Configuration requests received.......................... 0
    - Successful configuration responses sent.................. 0
    - Unsuccessful configuration request processing............ 0
    - Reason for last unsuccessful configuration attempt....... Not applicable
    - Time at last successful configuration attempt............ Not applicable
    - Time at last unsuccessful configuration attempt.......... Not applicable
    Last AP message decryption failure details
    - Reason for last message decryption failure............... Not applicable
    Last AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
    - Last AP disconnect reason................................ Not applicable
    Last join error summary
    - Type of error that occurred last......................... Lwapp discovery request rejected
    - Reason for error that occurred last...................... Layer 3 discovery request not received on management VLAN
    - Time at which the last join error occurred............... Jan 27 17:45:49.705
    AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
                                                                               Ethernet Mac : 00:00:00:00:00:00  Ip Address : 10.1.20.7
    (Cisco Controller) >show interface summary 
     Number of Interfaces.......................... 4
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    ap                               LAG  20       10.1.20.231     Dynamic No     No   
    guest                            LAG  30       10.1.30.231     Dynamic No     No   
    management                       LAG  10       10.1.1.231      Static  Yes    No   
    virtual                          N/A  N/A      1.1.1.1         Static  No     No   
    SWITCH
    witch#show run
    Building configuration...
    *** deleted for breverity ***** 
    no aaa new-model
    clock timezone AWST 8
    system mtu routing 1500
    ip routing
    ip dhcp pool WAP_Pool
       network 10.1.20.0 255.255.255.0
       default-router 10.1.20.1 
       option 43 hex f104.0a01.01e7
    ip dhcp pool Clients
       network 10.1.30.0 255.255.255.0
       default-router 10.1.30.1 
       dns-server 203.0.178.191 
    ip dhcp pool test
       network 10.1.1.0 255.255.255.0
       default-router 10.1.1.1 
    crypto pki trustpoint TP-self-signed-4082587776
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-4082587776
     revocation-check none
     rsakeypair TP-self-signed-4082587776
    *** deleted for breverity ***** 
    *** deleted for breverity ***** !
    interface FastEthernet0/3
     description *** WLC ****
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface FastEthernet0/4
     description **** AP *****
     switchport access vlan 20
     switchport mode access
     spanning-tree portfast
    interface FastEthernet0/5
     description **** AP ****
     switchport access vlan 20
     switchport mode access
     spanning-tree portfast
    interface FastEthernet0/6
    i*** deleted for breverity ***** !
    interface Vlan10
     description *** Managment ***
     ip address 10.1.1.230 255.255.255.0
    interface Vlan20
     description *** WIRELESS APS ***
     ip address 10.1.20.1 255.255.255.0
    interface Vlan30
     ip address 10.1.30.1 255.255.255.0
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    ip http server
    ip http secure-server
    ip sla enable reaction-alerts
    l*** deleted for breverity ***** 
    ntp clock-period 36028827
    ntp source FastEthernet0/1
    ntp server 121.0.0.42
    ntp server 202.127.210.37
    end
    I have also placed a Device in Vlan 20 and it is able to ping the WLC and the WLC can ping it s routing is working. 
    Thanks 

    Hey Scott, 
    I gave that a shot and still no luck, log's from AP boot up:
    IIOS Bootloader - Starting system.
    flash is writable
    Tide XL MB - 40MB of flash
    Xmodem file system is available.
    flashfs[0]: 67 files, 9 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 41158656
    flashfs[0]: Bytes used: 20894208
    flashfs[0]: Bytes available: 20264448
    flashfs[0]: flashfs fsck took 20 seconds.
    Base Ethernet MAC address: f4:4e:05:b7:1e:84
    Ethernet speed is 100 Mb - FULL Duplex
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
    executing...
    Secondary Bootloader - Starting system.
    Montserrat Board
    40MB format
    Tide XL MB - 40MB of flash
    Xmodem file system is available.
    flashfs[0]: 67 files, 9 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 41158656
    flashfs[0]: Bytes used: 20894208
    flashfs[0]: Bytes available: 20264448
    flashfs[0]: flashfs fsck took 21 seconds.
    flashfs[1]: 0 files, 1 directories
    flashfs[1]: 0 orphaned files, 0 orphaned directories
    flashfs[1]: Total bytes: 12257280
    flashfs[1]: Bytes used: 1024
    flashfs[1]: Bytes available: 12256256
    flashfs[1]: flashfs fsck took 1 seconds.
    Base Ethernet MAC address: f4:4e:05:b7:1e:84
    Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    Montserrat Board
    40MB format
    Tide XL MB - 40MB of flash
    Initializing flashfs...
    flashfs[2]: 67 files, 9 directories
    flashfs[2]: 0 orphaned files, 0 orphaned directories
    flashfs[2]: Total bytes: 40900608
    flashfs[2]: Bytes used: 20894208
    flashfs[2]: Bytes available: 20006400
    flashfs[2]: flashfs fsck took 14 seconds.
    flashfs[2]: Initialization complete.
    flashfs[4]: 0 files, 1 directories
    flashfs[4]: 0 orphaned files, 0 orphaned directories
    flashfs[4]: Total bytes: 11999232
    flashfs[4]: Bytes used: 1024
    flashfs[4]: Bytes available: 11998208
    flashfs[4]: flashfs fsck took 0 seconds.
    flashfs[4]: Initialization complete.
    Copying radio files from flash: to ram:
    Copy in progress...CCCCC
    Copy in progress...CCC
    Copy in progress...CCCC
    Copy in progress...CCCC
    Copy in progress...CC
    Copy in progress...CCCC
    Copy in progress...CC
    Copy in progress...CCCCC
    Copy in progress...CCCC
    Copy in progress...CC
    Uncompressing radio files...
    ...done Initializing flashfs.
    Radio0  present 8764 8000 0 A8000000 A8010000 0
    Rate table has 650 entries (20 legacy/224 11n/406 11ac)
    POWER TABLE FILENAME = ram:/Q2.bin
    Radio1  present 8864 8000 0 80000000 80100000 4
    POWER TABLE FILENAME = ram:/Q5.bin
    Radio2 not present 0 0 0 0 0 8
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
    Processor board ID FGL1838X4T1
    PowerPC CPU at 800Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 8.0.110.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: F4:4E:05:B7:1E:84
    Part Number                          : 73-15243-01
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC18343WPR
    Top Assembly Part Number             : 068-05054-03
    Top Assembly Serial Number           : FGL1838X4T1
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP3702I-Z-K9
    % Please define a domain-name first.
    Press RETURN to get started!
    *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
    *Mar  1 00:00:19.755: Registering HW DTLS
    *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
    *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
    *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
    *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
    *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
    *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
    *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
    *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
    *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
    *Mar  1 00:00:32.651: Start STILE Activation
    *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
    *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
    *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
    *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
    *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
    *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
    *Mar  1 00:00:50.431: DPAA Initialization Complete
    *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
    *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
    *Mar  1 00:00:53.867: Currently running a Release Image
    *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
    *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
    *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
    *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
    *Mar  1 00:01:02.707: APAVC: Registering with CFT
    *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
    *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
    *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
    %Default route without gateway, if not a point-to-point interface, may impact performance
    *Mar  1 00:01:10.103: AP image integrity check PASSED
    *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
    *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    Not in Bound state.
    *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    Not in Bound state.
    *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP

  • AP not joining WLC 2504

    Hi all
    my customer has a 2504 WLC, and has problems to join APs (There are no aps joined to the controller at this moment).
    What are the Bold lines tell me?
    in the debug I see the following:
    *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.019: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
    *spamApTask0: Oct 10 09:20:06.019: apModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.020: apType = 38 apModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.020: Unknown AP type. Using Controller Version!!!
    *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
    *spamApTask0: Oct 10 09:20:06.020: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Request from 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 ApModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 4, MaxLrads = 50, 0
    *spamApTask0: Oct 10 09:20:06.021: apModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.021: apType = 38 apModel: AIR-CAP3702I-N-K9
    *spamApTask0: Oct 10 09:20:06.021: Unknown AP type. Using Controller Version!!!
    *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116 port 41508
    *spamApTask0: Oct 10 09:20:06.021: 58:f3:9c:78:d1:10 Discovery Response sent to 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:16.031: 58:f3:9c:7a:22:30 DTLS connection not found, creating new connection for 10:37:24:116 (41508) 10)
    *spamApTask0: Oct 10 09:20:16.498: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
    *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Allocated index from main list, Index: 55
    *spamApTask0: Oct 10 09:20:16.498: 58:f3:9c:7a:22:30 Using CipherSuite AES128-SHA
    *spamApTask0: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS keys for Control Plane are plumbed successfully for AP 10.37.24.116. Inde6
    *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 DTLS Session established server (10.37.24.11:5246), client (10.37.24.116:41508)
    *spamApTask1: Oct 10 09:20:16.499: 58:f3:9c:7a:22:30 Starting wait join timer for AP: 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:78:d1:10 Join Request from 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:16.517: 58:f3:9c:7a:22:30 Deleting AP entry 10.37.24.116:41508 from temporary database.
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 spamProcessJoinRequest : RAP, Check MAC filter
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 In AAA state 'Idle' for AP 58:f3:9c:78:d1:10
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Mesh AP username 58f39c7a2230.
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 Join Request failed!
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:78:d1:10 State machine handler: Failed to process  msg type = 3 state = 0 from 10.37.248
    *spamApTask0: Oct 10 09:20:16.518: 58:f3:9c:7a:22:30 Failed to parse CAPWAP packet from 10.37.24.116:41508
    *spamApTask0: Oct 10 09:20:16.519: XóxÑ
    *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Finding DTLS connection to delete for AP (10:37:24:116/41508)
    *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 Disconnecting DTLS Capwap-Ctrl session 0x179437d8 for AP (10:37:24:116/41508)
    *spamApTask0: Oct 10 09:20:16.519: 58:f3:9c:78:d1:10 CAPWAP State: Dtls tear down
    *spamApTask0: Oct 10 09:20:16.520: acDtlsPlumbControlPlaneKeys: lrad:10.37.24.116(41508) mwar:10.37.24.11(5246)
    *spamApTask0: Oct 10 09:20:16.520: 58:f3:9c:78:d1:10 DTLS keys for Control Plane deleted successfully for AP 10.37.24.116
    *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10 DTLS connection closed event receivedserver (10.37.24.11/5246) client (10.37.2)
    *spamApTask0: Oct 10 09:20:16.526: 58:f3:9c:78:d1:10

    Hi all, the AP was in Mesh (Bridge) mode and could not connect to the controller
    Ok, how to find out that a AP is in bridge mode, without a join (No Access to the AP).
    go to monitor > statistics > AP Join
    you will see the AP here that tries to connect (clear the list before)
    if the ethernet MAC Address is the same as the Base radio MAC, than the AP is in bridge mode.
    normally ( in local mode) the Ethernet MAC Address reflects the APname
    To allow the AP to join, add in the Authorization list the APName mac Address!
    See: http://supertekboy.com/2014/01/13/cisco-lightweight-access-point-will-not-join-to-a-wireless-lan-controller/
    The case is solved now.

  • AP not joining WLC

    Hello
    I am running WLC4404 image 6.0 the latest one. the AP is not joining the controller and it is saying invalid license in configuration request.
    This is a boot of one of the access point:
    Dec 11 11:05:59.025: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Dec 11 11:05:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
    *Dec 11 11:05:59.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *Dec 11 11:06:02.862: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
    *Dec 11 11:06:02.863: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
    *Dec 11 11:06:02.863: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Dec 11 11:06:03.619: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
    *Dec 11 11:06:03.764: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
    *Dec 11 11:06:03.764: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
    *Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Dec 11 11:06:03.803: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Dec 11 11:06:13.824: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Dec 11 11:06:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.140.248 peer_port: 5246
    *Dec 11 11:06:14.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *Dec 11 11:06:18.644: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.140.248 peer_port: 5246
    *Dec 11 11:06:18.644: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.140.248
    *Dec 11 11:06:18.644: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Dec 11 11:06:19.587: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *Dec 11 11:06:19.722: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
    *Dec 11 11:06:19.722: %DTLS-5-PEER_DISCONNECT: Peer 172.16.140.248 has closed connection.
    *Dec 11 11:06:19.722: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.16.140.248:5246
    *Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Dec 11 11:06:19.761: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    Any advise,
    Elie

    Hi Elie,
    As it looks like the AP is closing the DTLS connection:
    ~
    *Dec 11 11:06:03.764: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.140.248
    ~
    I would also suggest to connect to the AP through the serial console and collect the output there during the boot/join process.
    In regard to the the WLC debugs I would also add the "debug pm pki enable", so to further troubleshoot certificate related issues.
    I hope this helps.
    Regards,
    Federico

  • LAP1142 can not join wlc 2100 !

    I'd WLC 2100 series and 9 access point LAP1142N .
    8 LAP1142N can work fine and join a capwap controller is ok but only one LAP1142  is can not .
    Could you help me to solve it ? Part of LAP  is AIR-LAP1142N-A-K9
    Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
    *Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
    *Apr  2 10:52:42.284: LWAPP_CLIENT_EVENT: Dropping discovery in LWAPP. This AP model is not supported by LWAPP WLC.
    *Apr  2 10:52:42.284:  status of voice_diag_test from WLC is false
    *Apr  2 10:52:52.284: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Apr  2 10:52:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.28.21 peer_port: 5246
    *Apr  2 10:52:52.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *Apr  2 10:52:52.667: LWAPP_CLIENT_EVENT: lwapp_check_image_good: image is good now
    *Apr  2 10:52:53.107: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.28.21 peer_port: 5246
    *Apr  2 10:52:53.108: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.28.21
    *Apr  2 10:52:53.108: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: ap model AIR-LAP1142N-A-K9  
    *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: ap sw version 12.4(23c)JA
    *Apr  2 10:52:53.198: LWAPP_CLIENT_EVENT: lwapp_encode_ap_reset_button_payload: reset button state on
    *Apr  2 10:52:53.237: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *Apr  2 10:52:53.240: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.28.21
    *Apr  2 10:52:53.240: %DTLS-5-PEER_DISCONNECT: Peer 172.16.28.21 has closed connection.
    *Apr  2 10:52:53.241: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.28.21:5246
    *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 0
    *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 0
    *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnDeleteAllMobiles radio 1
    *Apr  2 10:52:53.279: LWAPP_CLIENT_EVENT: bsnLockDevice radio 1
    *Apr  2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Apr  2 10:52:53.280: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Apr  2 10:52:53.286: LWAPP_CLIENT_EVENT: spamInitCfgData: Loaded configuration into v2 struct (version 7.0.98.0)

    Actually, 5.2 or later is needed.
    5.0 and 5.1 do not even support 1140 Access point.
    Rating useful replies is more useful than saying "Thank you"

  • Access point not online on controller

    Hi,
    I have been trying to get a 1262AP registered to wireless lan controller.
    The core switch has three 2 vlans in it, management which is vlan 41 and AP interaction vlan which is vlan 51.
    Controller also has both these vlans.
    Vlan 41 - 192.168.40.x/23 ( management vlan)
    Vlan 61 - 192.168.61.x/24 (AP vlan)
    WLC management interface IP is 192.168.40.18
    WLC AP interface IP is 192.168.6.241
    Now , during the initial steps, the access points are attached to the switchports on vlan41, wherein they get the dhcp ip from the temporary pool created on the controller and get registered.
    But, these access points in actual environment needs to be on static ip address. When it's ip is changed to a static IP address from the controller , it fails to register to the controller. the switchport is put on vlan6 as access port , after  static ip is assigned to the access point.
    The error i receive is ;
    %CAPWAP-3-EVENTLOG: Could not resolve gateway. Not sending discovery request to 0.0.0.0, type 1
    the core switch we are using in this new setup is a 2960 with a lanbase image. I realised the switch is not routing enabled. it doesn't accept the command "ip routing". Will this be creating a problem for the access points? 
    From the switch , the controller management and AP vlan IP address can be pinged. similarly, from the controller, AP and management vlan interface ip address of the switch can be pinged.
    Please help.

    Did you get it to work?  The thing you have to understand is how the AP is able to join the WLC and the process the AP goes through to try to join.  Here is a document that will help you understand the process and the various ways an AP can join or find the WLC.  The easiest almost fool proof way is to place the ap in the same subnet as the management of the WLC.  If the AP joins, then the AP will know of the ip of that WLC it joined or any in the mobility group if defined.  Take a look at the doc as it explains it better than I can:)
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller

    Hi,
    I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller.  I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue?  Can this LAN controller version will support this access point? 
    My Lan Controller Management IP Address is 10.10.10.5
    Please find the below configuration of 1300 access point.
    AP001d.4513.dd68#reload
    Proceed with reload? [confirm]
    %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
    %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
    flashfs[0]: 4 files, 2 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 7741440
    flashfs[0]: Bytes used: 2052608
    flashfs[0]: Bytes available: 5688832
    flashfs[0]: flashfs fsck took 14 seconds.
    Base ethernet MAC Address: 00:1d:45:13:dd:68
    Initializing ethernet port 0...
    Reset ethernet port 0...
    Reset done!
    ethernet link up, 100 mbps, full-duplex
    Ethernet port 0 initialized: link is up
    Unable to get our ip address: no "IP_ADDR" variable set
    The system has been encountered and error initializing
    tftp file system. The system is ignoring the error and
    continuing boot. If you interrupt the system boot process,
    the following commands will set IP_ADDR, DEFAULT_ROUTER
    and NETMASK environment variables, initializing tftp file
    system, and finish loading the operating system software:
        set IP_ADDR
        set DEFAULT_ROUTER
        set NETMASK
        tftp_init
        boot
    Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
    File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Wed 19-Mar-08 19:09 by prod_rel_team
    Image text-base: 0x00003000, data-base: 0x003BE9E0
    Initializing flashfs...
    flashfs[1]: 4 files, 2 directories
    flashfs[1]: 0 orphaned files, 0 orphaned directories
    flashfs[1]: Total bytes: 7741440
    flashfs[1]: Bytes used: 2052608
    flashfs[1]: Bytes available: 5688832
    flashfs[1]: flashfs fsck took 2 seconds.
    flashfs[1]: Initialization complete....done Initializing flashfs.
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-LAP1310G-E-K9R   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
    Processor board ID FHK1133E002
    PowerPCElvis CPU at 262Mhz, revision number 0x0950
    Last reset from reload
    LWAPP image version 3.0.51.0
    1 FastEthernet interface
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:1D:45:13:DD:68
    Part Number                          : 73-8960-09
    PCA Assembly Number                  : 800-24963-06
    PCA Revision Number                  : A0
    PCB Serial Number                    : FOC113000V7
    Top Assembly Part Number             : 800-28479-05
    Top Assembly Serial Number           : FHK1133E002
    Top Revision Number                  : B0
    Product/Model Number                 : AIR-LAP1310G-E-K9R
    The name for the keys will be: ap.cisco.com
    % The key modulus size is 1024 bits
    % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
    ip ssh version 2
        ^
    % Invalid input detected at '^' marker.
    transport input ssh
                     ^
    % Invalid input detected at '^' marker.
    aaa new-model
    ^
    % Invalid input detected at '^' marker.
    aaa authentication login default enable local none
    ^
    % Invalid input detected at '^' marker.
    o
    ^
    % Invalid input detected at '^' marker.
    Press RETURN to get started!
    *Mar  1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Mar  1 00:00:07.817: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Wed 19-Mar-08 19:09 by prod_rel_team
    Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
    transport input ssh
                     ^
    % Invalid input detected at '^' marker.
    *Mar  1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
    *Mar  1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
    *Mar  1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
    logging origin-id string AP:001d.4513.dd68
             ^
    % Invalid input detected at '^' marker.
    logging 255.255.255.255
            ^
    % Invalid input detected at '^' marker.
    logging trap 3
            ^
    % Invalid input detected at '^' marker.
    *Mar  1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
    AP001d.4513.dd68>
    %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
    %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
    Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
    %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    AP001d.4513.dd68>

    Your debug is very telling ..
    AP001d.4513.dd68>
    %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
    %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
    Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
    %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
    %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
    AP001d.4513.dd68>
    What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
    This will point the ap to your controller
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Cisco APs not joining WLC

    Hi guys,
    I am in the process of configuring a WLC and got stuck due to APs are not joining the WLC.
    I have configure DHCP server on the Gateway router and the WLC management interface is pointing to the Gateway as DHCP Server.
    I have multiple Dynamic interfaces configured on the WLC and Interface group has been configured and mapped to Management Interface.
    For each WLAN, a separate DHCP pool has been created on the router.
    LAG has been configured and working fine. Connectivity works fine in the network and I can ping all devices and vlans from WLC.
    Now, the APs are not joining the WLC. The error I am getting
    " 44:03:a7:f1:b4:40 Received a Discovery Request from 44:03:A7:F1:B4:40 via IP broadcast address but the source IP address (10.xx.xx.xx) is not in any of the configured subnets. Dropping it "
    Some one help me troubleshooting this issue with DHCP IP Assignment.
    Thanks,
    CJ

    If you are using Broadcast method to discover WLC to AP then you need to ensure following is correctly configured.
    1. Unders the switch SVI defined for AP-management (10.38.11.x) you have to configure "ip helper-address "
    2. In switch global config "ip forward-protocol udp 5246"
    Refer this for more detail
    http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
    There are other methods available as well (static, DNS, DHCP option 43) for the WLC discovery purpose. To verify there is no configuration issues at WLC end, you can simply configure the WLC details on AP statically & check wether AP get register to WLC. To do this you can enter following CLI commands on AP console priviledge mode.
    debug capwap console cli
    capwap ap ip address 10.38.11.x 255.255.255.x
    capwap ap ip default-gateway 10.38.11.y
    capwap ap controller ip address
    In this way your AP should get registered to WLC (if no config issue at WLC end). Refer this for more detail
    http://mrncciew.com/2013/03/17/ap-registration/
    If you have so many APs, then as Steve pointed configuring DHCP-Option 43 would be a good option
    Regards
    Rasika
    **** Pls rate all useful responses ****

  • AP not joining WLC b/c of DHCP.

    This is the first time that I've dealt with a WLC, so I'm trying to do a real simple setup. I have a WLC 2106 and a few LAP 1141N's. I'm trying to set them up on a single VLAN, no RADIUS server, and I want my router to handle DHCP (not the WLC). Here's the info I setup the WLC with:
    Welcome to the Cisco Wizard Configuration Tool
    Use the '-' character to backup
    System Name [Cisco_94:40:40]: WLC
    Enter Administrative User Name (24 characters max): cisco
    Enter Administrative Password (24 characters max): *****
    Management Interface IP Address: 192.168.3.5
    Management Interface Netmask: 255.255.255.0
    Management Interface Default Router: 192.168.3.1
    Management Interface VLAN Identifier (0 = untagged): 0
    Management Interface Port Num [1 to 4]: 1
    Management Interface DHCP Server IP Address: 192.168.3.1
    AP Manager Interface IP Address: 192.168.3.6
    AP-Manager is on Management subnet, using same values
    AP Manager Interface DHCP Server (192.168.3.1):
    Virtual Gateway IP Address: 1.1.1.1
    Mobility/RF Group Name: GroupRF
    Network Name (SSID): Test
    Allow Static IP Addresses [YES][no]: yes
    Configure a RADIUS Server now? [YES][no]: no
    Warning! The default WLAN security policy requires a RADIUS server.
    Please see documentation for more details.
    Enter Country Code (enter 'help' for a list of countries) [US]: US
    Enable 802.11b Network [YES][no]: Yes
    Enable 802.11a Network [YES][no]: no
    Enable 802.11g Network [YES][no]: yes
    Enable Auto-RF [YES][no]: yes
    Configuration saved!
    Resetting system with new configuration...
    When I login to the web interface of the WLC (https://192.168.3.5) it doesn't show any AP's as joining even though I have one plugged in to the WLC. I console'd into the AP and this is the error that keeps on repeating:
    *Mar  1 00:51:45.962: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
    not have an Ip !!
    Am I missing something? I already checked the WLC, and the date/time is setup correctly. And I know my router (at 192.168.3.1) is handing out DHCP. Everything is on the same subnet so I don't understand why I'm having such a hard time with this. I've tried my hardest searching online but haven't found anything. Any help would REALLY be appreciated. Thank you very much.
    P.S. If you have any other questions please feel free to ask.

    The answer is that LWAPP / CAPWAP APs need to be connected to an access port on a swtich (configured with the proper VLAN) as they do nothing more than pass the traffic to the WLC through the LWAPP / CAPWAP tunnel.  The WLC ethernet ports are configured as trunks and can not be change. This is because the WLC is where all the VLAN tagging takes place. 
    Hope that helps,
    Scott
    Please rate this post if you found it helpful. 

  • Access point connection to WLC

    Hi all,
    I wanted to know that in Cisco wireless or in general, is it possible to connect lightweigt access point with controller without any wired connection ? or a ethernet connection between an AP and WLC is mandatory ???

    What can't you find?
    Reference to the Wireless LAN Controller not having a Wireless NIC? The documents won't list everything the product doesn't come with, it lists what it does come with.
    This guide is helpful:
    http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED.pdf
    It doesn't state that the Access Points can communicate with the WLC Wirelessly because they can't.

  • CISCO Aironet access point - not able to connect by user.

    Hi,
    I have CISCO Aironet access point C1130 in my network , but not able to connect by users, I can see below logs from access point. please help on this.
    Jun 13 17:50:10.686: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:10.686: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:15.678: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:15.678: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:20.544: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:20.544: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:24.832: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:24.832: RADIUS: Retransmit to (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS: no sg in radius-timers: ctx 0x10653F8 sg 0x0000         
    Jun 13 17:50:29.741: RADIUS: Fail-over denied to  (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS: No response from (20.33.100.11:1645,1646) for id 1645/247         
    Jun 13 17:50:29.741: RADIUS/DECODE: No response from radius-server; parse response; FAIL         
    Jun 13 17:50:29.741: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL         
    Jun 13 17:50:29.741: dot11_auth_dot1x_parse_aaa_resp: Received server response: FAILOVER_RETRY         
    Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server response         
    Jun 13 17:50:29.742: Client 5864.6c67.3718 failed: EAP reason 0         
    Jun 13 17:50:29.742: dot11_auth_dot1x_parse_aaa_resp: Failed client 5894.6b37.3518 with aaa_req_status_detail 0         
    Jun 13 17:50:29.742: dot11_auth_dot1x_run_rfsm: Executing Action(SERVER_WAIT,SERVER_FAIL) for 5894.6b37.3518         
    Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Forwarding server message to client 5894.6b37.3518         
    Jun 13 17:50:29.742: dot11_auth_dot1x_send_response_to_client: Started timer client_timeout 30 seconds         
    Jun 13 17:50:29.743: dot11_auth_dot1x_send_client_fail: Authentication failed for 5894.6b37.3518         
    Jun 13 17:50:29.743: %DOT11-7-AUTH_FAILED: Station 5894.6b37.3518 Authentication failed
    Regards,       

    Hi Niham,
    You can try few things to troubleshoot this -
    1. check the reachability of Radius server from your wlc (ping).
    2. verify the IP address of Raduis server configured on wlc.
    3. wlc in the Radius server ?
    4. Shared Secret must be same on wlc and in raduis server.
    Plz do not forget to rate useful post.
    Thanks

Maybe you are looking for

  • MOVED: K8T Neo On-board SATA not working

    This topic has been moved to AMD64 ATI/SiS/VIA boards. https://forum-en.msi.com/index.php?topic=142488.0

  • Netcfg + wpa enterprise help

    Here is what I have / the troubleshooting I have done: [phil@pwned ~]$ cd /etc/network.d/ [phil@pwned network.d]$ cat uw-secure CONNECTION="wireless" DESCRIPTION="secure uw" INTERFACE=wlan0 IP=dhcp ESSID="uw-secure" TIMEOUT=30 SECURITY=wpa-config SCA

  • Reset F.05

    I have old bal of 20 USD in Oct. if I use reset function, besides choose "bal sheet prepa valuation", do I also need to choose "create postings", posting date to be 31.Oct.2009, reversal date to be 1.Nov.2009 and reversal posting in postings tab? bef

  • Error when calling BPEL process from web service client

    I have created three projects here ,there're no problem when testing Composite Application(SynchronousSampleApplication) by test case inside this project. When I create a Java Application(SynchronousSampleApp),inside this project I've created a web s

  • How do I uninstall safari 7

    Fidelity told me to upgrade browser. I installed safari 7 only to find out my macbook pro doesn't support it. How do I uninstall?