AIR-CAP1602i cannot join a WLC 5508 controller

Similar Messages

• Cannot join AP to 5508 controller

  Hi all
  We have an infrastructure with a Cisco 4402-50 controller. We've just installed another controller, a 5508, and WCS as an "umbrella" to control the systems.
  I have trouble joining some AP's to the 5508 controller. Note that all AP's connect fine to the older 4402 controller. It seems that our older AP's join fine, but the newer 1142 models just won't join. As far as as I can tell both controllers have exactly the same configuration (except for IP-adresses and such of course), I've even used configuration templates in WCS to ensure this.
  If I go to Monitoring-->Statistics-->AP join on the 5508 controller, it says that the reason is "RADIUS authentication is pending for the AP". I don't understand this, because I've not set up any RADIUS authentication for AP's (only clients). I use MIC's and a local MAC database on the controller to authenticate the AP's.
  Btw, the software controller version is 6.0.188.0.
  Thanks in advance for any response!

  Hi leolaohoo, and thanks for your response.
  I've tried to configure the 5508 as primary, but that didn't cut it.
  However, I've just fixed the problem by upgrading the firmware on the 5508 to 7 (ED), that - for some reason - did the trick.
  This problem is now solved.

• Problem Joining AIR-CAP1602I-C-K9 with WLC 5508

  Hi,
  I am having trouble to get AIR CAP1602I-C-K9 attached to a 5508 WLC running code 7.4.110.0
  Here is what I got from the AP logs:
  ====================================================================================================
  Extracting files...
  ap1g2-k9w8-mx.152-2.JB2/ (directory) 0 (bytes)
  extracting ap1g2-k9w8-mx.152-2.JB2/K5.bin (75790 bytes)!!!!
  *Dec  6 15:09:23.011: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Dec  6 15:09:23.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.10.100 peer_port: 5246
  *Dec  6 15:09:23.535: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.10.100
  *Dec  6 15:09:23.535: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
  *Dec  6 15:09:23.535: %CAPWAP-3-ERRORLOG: CAPWAP!
  extracting ap1g2-k9w8-mx.152-2.JB2/ap1g2-k9w8-mx.152-2.JB2 (9202946 bytes)!!!!!!!!! SM handler: Failed to process message type 10 state 5.
  *Dec  6 15:09:23.535: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
  *Dec  6 15:09:23.535: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.16.10.100perform archive download capwap:/ap1g2 tar file
  *Dec  6 15:09:23.583: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
  *Dec  6 15:09:23.587: Loading file /ap1g2...
  *Dec  6 15:09:24.007: %LINEPROTO-5-UPDOWN:!!!!!!!!!!! Line protocol on Interface Dot11Radio0, changed state to down
  *Dec  6 15:09:24.063: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up!!!!!!!!!!!
  *Dec  6 15:09:25.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up!!!!!!!!!!
  *Dec  6 15:09:26.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  Premature end of tar file
  ERROR: Problem extracting files from archive.
  Download image failed, notify controller!!! From:7.4.1.37 to 7.4.110.0, FailureCode:3
  archive download: takes 63 seconds
  *Dec  6 15:10:26.851: capwap_image_proc: problem extracting tar file
  ====================================================================================
  after that the AP reboots and do same process over and over again,
  Please help..
  Many Thanks,
  Barth

  Here is the info about AP and WLC:
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.4.110.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... 6.0.182.0
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC1-AP
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. Disabled
  IP Address....................................... 172.16.10.100
  Last Reset....................................... Power on reset
  System Up Time................................... 0 days 4 hrs 12 mins 28 secs
  System Timezone Location.........................
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... US  - United States
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +44 C
  External Temperature............................. +28 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Memory Current Usage............................. Unknown
  Memory Average Usage............................. Unknown
  CPU Current Usage................................ Unknown
  CPU Average Usage................................ Unknown
  Burned-in MAC Address............................ F8:72:EA:EF:2E:A0
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Present, Power Off, Fan On
  Maximum number of APs supported.................. 100
  AP4403.a7fd.f040#sh ver
  Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2012 by Cisco Systems, Inc.
  Compiled Tue 11-Dec-12 04:45 by prod_rel_team
  ROM: Bootstrap program is C1600 boot loader
  BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
  AP4403.a7fd.f040 uptime is 4 minutes
  System returned to ROM by power-on
  System image file is "flash:/ap1g2-k9w8-mx.152-2.JB/ap1g2-k9w8-mx.152-2.JB"
  Last reload reason:
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-CAP1602I-C-K9    (PowerPC) processor (revision B0) with 98294K/32768K bytes of memory.
  Processor board ID FGL1711ZJNW
  PowerPC CPU at 533Mhz, revision number 0x2151
  Last reset from power-on
  LWAPP image version 7.4.1.37
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 44:03:A7:FD:F0:40
  Part Number                          : 73-14671-04
  PCA Assembly Number                  : 000-00000-00
  PCA Revision Number                  :
  PCB Serial Number                    : FOC16517DZ1
  Top Assembly Part Number             : 800-38552-01
  Top Assembly Serial Number           : FGL1711ZJNW
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP1602I-C-K9
  Configuration register is 0xF
  AP4403.a7fd.f040#sh inventory
  NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
  PID: AIR-CAP1602I-C-K9 , VID: V01, SN: FGL1711ZJNW

• Converted 1140 AP can't join the WLC 5508

  Hello! Please, help me to sort my problem out.
  We have bought autonomous APs   AIR-AP1141N-E-K9 and converted them to the lightweight mode, but they cannot join the WLC 5508. The errors are below. There were NO problems with the LAPs that were bought before, together with the WLC.
  AP's IP: 172.22.90.27   IOS version  12.4
  WLC's IP: 172.22.90.20   IOS version 6.0.188.0
  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  logs from the AP:
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  *Oct 13 21:37:06.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Oct 13 21:37:06.045: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
  *Oct 13 21:37:06.046: bsnInitRcbSlot: slot 1 has NO radio
  *Oct 13 21:37:06.056: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
  dministratively down
  *Oct 13 21:37:06.066: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
  eset
  *Oct 13 21:37:06.098: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Oct 13 21:37:15.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
  ER
  *Oct 13 21:37:24.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
  LER
  *Oct 13 21:37:34.060: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
  p: 172.22.90.20 peer_port: 5246
  *Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Oct 13 21:38:34.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
  peer_ip: 172.22.90.20 peer_port: 5246
  *Oct 13 21:38:34.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
  *Oct 13 21:38:34.823: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
  *Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
  ol Message from 172.22.90.20
  *Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
  *Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
  e from controller
  *Oct 13 21:38:39.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
  *Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
  ol Message from 172.22.90.20
  *Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
  *Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
  e from controller
  *Oct 13 21:38:39.824: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
  acket from 172.22.90.20
  *Oct 13 21:39:33.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
  72.22.90.20:5246
  *Oct 13 21:39:34.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
  p: 172.22.90.20 peer_port: 5246
  *Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
  *Oct 13 21:38:34.001: %DTLS-5-PEER_DISCONNECT: Peer 172.22.90.20 has closed conn
  ection.
  *Oct 13 21:38:34.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
  72.22.90.20:5246
  *Oct 13 21:38:34.001: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination
  *Oct 13 21:38:34.125: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
  not established.
  logs from the WLC:
  debug capwap events enable
  *Dec 21 15:02:06.244: 68:bc:0c:63:3d:a0 DTLS keys for Control Plane deleted successfully for AP 172.22.90.27
    *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 DTLS connection closed event receivedserver (172:22:90:20/5246) client (172:22:90:27/21077)
  *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Entry exists for AP (172:22:90:27/21077)
  *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
  *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
  *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
  *Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
  Ble
  *Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 capwap_ac_platform.c:1223 - Operation State 0 ===> 4
  *Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 Register LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
    *Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join Version: = 100711424
  *Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Maximum Msg element len = 93
  debug capwap errors enable
  *Dec 21 16:16:51.879: 68:bc:0c:63:3d:a0 DTLS connection was closed
  *Dec 21 16:17:09.940: 68:bc:0c:63:3d:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 12, joined Aps =5
  debug capwap detail enable
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21078
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 packet received of length 281 from 172.22.90.27:21078
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Msg Type = 3 Capwap state = 5
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: Result Code message element len = 8
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 1. 47 0
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 2. 232 3
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 3. 6 0
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 4. 12 0
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Descriptor message element len = 48
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 acName = Wi-Fi_Controller
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Name message element len = 68
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: WTP Radio Information message element len = 77
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Control IPV4 Address len = 87
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Sending encrypted packet to AP 172:22:90:27 (21078)
  *Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Releasing WTP
  *Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21077
  *Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 DTLS connection 0x167c8b20 closed by controller
  *Dec 21 16:24:12.212: DTL Deleting AP 9 - 0.0.0.0
  *Dec 21 16:24:12.214: CAPWAP DTLS connection closed msg
  *Dec 21 16:24:12.216: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.216: Received SPAM_MFP_RADIO_DOWN message
  *Dec 21 16:24:12.218: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.220: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.222: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.224: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.226: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(0)
  *Dec 21 16:24:12.228: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.228: Received SPAM_MFP_RADIO_DOWN message
  *Dec 21 16:24:12.230: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.232: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.234: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.236: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(1)
  *Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Deleting and removing AP 68:bc:0c:63:3d:a0 from fast path
  P.S. The time is set to the WLC with the NTP
  P.P.S. Don't lookup at the time the logs were made - they were made not during the same day/time

  I have solved this as soon as published my problem!!!
  the answer is published here:
  https://supportforums.cisco.com/thread/2004491
  especially in the post of Matthew Fowler
  Hi,
  Please take a look at CSCte01087.
  I see that your WLC is 10.0.13.5 and your AP is 10.0.13.28/24 so they are on the same subnet. I also see your AP MAC address does not begin with 00. This is why I believe it is relevant.
  Please try the workaround or open a TAC case if you need a fix.
  -Matt
  Symptom:
  An access point running 6.0.188.0 code may be unable to join a WLC5508.
  Messages similar to the following will be seen on the AP.
     %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
     %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
  Conditions:
  At least one of the following conditions pertains:
  - The high order byte of the AP's MAC address is nonzero, and the AP is in
  the same subnet as the WLC5508's management (or AP manager) interface
  - The WLC's management (or AP manager) interface's default gateway's
  MAC address' high order byte is nonzero.
  Workaround:
  If the MAC address of the WLC's default gateway does not begin with 00,
  and if all of the APs' MAC addresses begin with 00, then: you can put
  the APs into the same subnet as the WLC's management (or AP manager)
  interface.
  In the general case, for the situation where the WLC's default gateway's
  MAC does not begin with 00, you can address this by changing it to begin
  with 00. Some methods for doing this include:
  -- use the "mac-address" command on the gateway, to set a MAC address
  that begins with 00
  -- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
  IP as the WLC's gateway.
  For the case where the APs' MAC addresses do not begin with 00, then make
  sure that they are *not* in the same subnet as the WLC's management
  (AP manager) interface, but are behind a router.
  Another workaround is to downgrade to 6.0.182.0.  However, after
  downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
  (i.e. 12.4(21a)JA2) still installed on them will be unable to join.
  Therefore, after downgrading the WLC, the APs will need to have a
  pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.
  different vlan!!!! yes! thank you Matthew Fowler sooooo much!!!!

• Trouble getting Cisco 2600 Series AP to stay joined to WLC 5508

  Hi,
  I have recently been tasked with upgrading our old Autonomous APs to LWAPs.  We have a 5508 WLC at our Virtual Co-Lo and I am using Flexconnect to accomadate local switching and dhcp at our sites.  I have upgraded over 50 APs and joined them to the controller.  These include only 1130AG and 1240AG models.  However they are working flawlessly and staying connected to the controller.  The issue I'm having is with a new batch of 2600 series APs staying connected to the controller.  I have attempted to do research into what may be causing the disconnects but have yet to find a solution.  I am using DNS to resolve the CAPWAP & LWAPP queries from the APs to the controller accross our WAN.  In reading other posts I thought it may be an issue with packets getting dropped but have had our Vendor who manages Sonicwalls at both ends of the WAN confirm for me there is no packet loss.  Below are logs I gathered using puttty from the AP & WLC.  Any help would be greatly appreciated.
  AP I'm doing the testing on:
  NAME: "AP2600", DESCR: "Cisco Aironet 2600 Series (IEEE 802.11n) Access Point"
  PID: AIR-CAP2602I-A-K9 , VID: V01, SN: FTX1740J8V1
  WLC in question:
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.3.112.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... 6.0.182.0
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
  Build Type....................................... DATA + WPS
  System Name...................................... wificontroller
  System Location.................................. Corp
  System Contact................................... Net Engineer
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. Disabled
  IP Address....................................... 10.250.32.8
  Last Reset....................................... Software reset
  System Up Time................................... 190 days 3 hrs 34 mins 24 secs
  System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
  Configured Country............................... US  - United States
  Operating Environment............................ Commercial (0 to 40 C)
  Internal Temp Alarm Limits....................... 0 to 65 C
  --More-- or (q)uit
  Internal Temperature............................. +38 C
  External Temperature............................. +20 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 14
  Number of Active Clients......................... 71
  Burned-in MAC Address............................ C8:9C:1D:8C:52:E0
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 100
  Here is the output that keeps on occuring as the AP joins the WLC for a brief time and then changes to standalone mode
  WT-4thFlr-AP3#
  *Dec 14 15:42:04.419: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 3)
  *Dec 14 15:42:11.443: %EVT-4-WRN: Write of flash:/event.capwap done
  *Dec 14 15:42:11.483: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
  *Dec 14 15:42:11.487: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
  *Dec 14 15:42:11.487: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
  *Dec 14 15:42:11.571: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
  *Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
  *Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Dec 14 15:42:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
  *Dec 14 15:42:14.303: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
  *Dec 14 15:42:14.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
  *Dec 14 15:42:15.127: Starting Ethernet promiscuous mode
  *Dec 14 15:42:15.535: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
  *Dec 14 15:42:15.667: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
  *Dec 14 15:42:15.667: Setting AC first hop MAC: 0017.c575.a23c
  *Dec 14 15:42:15.855: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller wificontroller
  *Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
  *Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
  *Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
  *Dec 14 15:42:15.915: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration file
  *Dec 14 15:42:15.915: %LWAPP-3-CLIENTERRORLOG: Switching to Connected mode
  *Dec 14 15:42:23.639: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
  *Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 0 disabled
  *Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 1 disabled
  *Dec 14 15:45:43.783: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
  ., 11)
  *Dec 14 15:45:43.787: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
  *Dec 14 15:45:43.787: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
  *Dec 14 15:45:43.787: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
  *Dec 14 15:45:43.867: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
  *Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
  *Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Go join a capwap controller
  *Dec 14 15:45:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
  *Dec 14 15:45:46.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
  *Dec 14 15:45:46.315: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
  *Dec 14 15:45:46.487: Starting Ethernet promiscuous mode
  *Dec 14 15:45:49.903: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
  *Dec 14 15:45:50.031: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
  *Dec 14 15:45:50.031: Setting AC first hop MAC: 0017.c575.a23c
  Here are the results of debug capwap client event on the AP:
  WT-4thFlr-AP3#debug capwap client event
  CAPWAP Client EVENT display debugging is on
  WT-4thFlr-AP3#
  *Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
  *Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
  *Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
  *Dec 14 15:55:08.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:08 UTC Dec 14 2013
  *Dec 14 15:55:25.579: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
  *Dec 14 15:55:25.827: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
  *Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
  *Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
  *Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
  *Dec 14 15:55:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:56 UTC Dec 14 2013
  *Dec 14 15:56:25.735: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
  *Dec 14 15:56:25.983: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
  *Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
  *Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Sending packet to AC
  *Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
  *Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
  *Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Queue Empty.
  *Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
  *Dec 14 15:56:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:56:56 UTC Dec 14 2013
  Here are the results of debug capwap client packet detail:
  WT-4thFlr-AP3#
  *Dec 14 15:59:01.823: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:01.823: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:01.823:         Msg Type   : CAPWAP_ECHO_REQUEST
  *Dec 14 15:59:01.823:         Msg Length : 0
  *Dec 14 15:59:01.823:         Msg SeqNum : 44
  *Dec 14 15:59:01.823: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:01.831: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:01.831: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:01.831:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:01.831:         Msg Type   : CAPWAP_ECHO_RESPONSE
  *Dec 14 15:59:01.831:         Msg Length : 15
  *Dec 14 15:59:01.831:         Msg SeqNum : 44
  *Dec 14 15:59:01.831: 
  *Dec 14 15:59:01.831:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
  *Dec 14 15:59:01.831:         Vendor Identifier  : 0x00409600
  *Dec 14 15:59:01.831:
  *Dec 14 15:59:01.831:
      IE            :   UNKNOWN IE 151
  *Dec 14 15:59:01.831:     IE Length     :   5
  *Dec 14 15:59:01.831:     Decode routine not available, Printing Hex Dump
  *Dec 14 15:59:01.831:
  52 AC 80 46 00
  *Dec 14 15:59:01.831: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:20.931: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:20.931: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:20.931:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:20.931:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
  *Dec 14 15:59:20.931:         Msg Length : 93
  *Dec 14 15:59:20.931:         Msg SeqNum : 38
  *Dec 14 15:59:20.931: 
  *Dec 14 15:59:20.931:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 89
  *Dec 14 15:59:20.931:         Vendor Identifier  : 0x00409600
  *Dec 14 15:59:20.931:
  *Dec 14 15:59:20.931:
      IE            :   RRM_NEIGHBOR_CTRL_PAYLOAD
  *Dec 14 15:59:20.931:     IE Length     :   83
  *Dec 14 15:59:20.931:     Decode routine not available, Printing Hex Dump
  *Dec 14 15:59:20.931:
  00 0A FA 20 08 01 F4 00 07 0A FA 20 08 03 00 01
  01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
  22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
  53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 01 06 0B
  01 01 01
  *Dec 14 15:59:20.931: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:20.931: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:20.931: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:20.931:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
  *Dec 14 15:59:20.931:         Msg Length : 8
  *Dec 14 15:59:20.931:         Msg SeqNum : 38
  *Dec 14 15:59:20.931: 
  *Dec 14 15:59:20.931:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
  *Dec 14 15:59:20.931:         Result Code : CAPWAP_SUCCESS
  *Dec 14 15:59:20.931: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:21.139: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:21.139: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:21.139:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:21.139:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
  *Dec 14 15:59:21.139:         Msg Length : 111
  *Dec 14 15:59:21.139:         Msg SeqNum : 39
  *Dec 14 15:59:21.139: 
  *Dec 14 15:59:21.139:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 107
  *Dec 14 15:59:21.139:         Vendor Identifier  : 0x00409600
  *Dec 14 15:59:21.139:
  *Dec 14 15:59:21.139:
      IE            :   RRM_NEIGHBOR_CTRL_PAYLOAD
  *Dec 14 15:59:21.139:     IE Length     :   101
  *Dec 14 15:59:21.139:     Decode routine not available, Printing Hex Dump
  *Dec 14 15:59:21.143:
  01 0A FA 20 08 01 F4 00 07 0A FA 20 08 0C 00 01
  01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
  22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
  53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
  00 00 00 00 00 00 00 00 00 00 00 00 00 24 28 2C
  30 34 38 3C 40 95 99 9D A1 01 01 01 01 01 01 01
  01 01 01 01 01
  *Dec 14 15:59:21.143: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:21.143: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:21.143: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:21.143:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
  *Dec 14 15:59:21.143:         Msg Length : 8
  *Dec 14 15:59:21.143:         Msg SeqNum : 39
  *Dec 14 15:59:21.143: 
  *Dec 14 15:59:21.143:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
  *Dec 14 15:59:21.143:         Result Code : CAPWAP_SUCCESS
  *Dec 14 15:59:21.143: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.547: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.547: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:25.547:         Msg Type   : CAPWAP_WTP_EVENT_REQUEST
  *Dec 14 15:59:25.547:         Msg Length : 14
  *Dec 14 15:59:25.547:         Msg SeqNum : 45
  *Dec 14 15:59:25.547: 
  *Dec 14 15:59:25.547:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
  *Dec 14 15:59:25.547:         Vendor Identifier  : 0x00409600
  *Dec 14 15:59:25.547:
  *Dec 14 15:59:25.547:
      IE            :   RRM_LOAD_DATA_PAYLOAD
  *Dec 14 15:59:25.547:     IE Length     :   4
  *Dec 14 15:59:25.547:          slot 0 rxLoad 0 txLoad 0 ccaLoad 33
  *Dec 14 15:59:25.547: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.555: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.555: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:25.555:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:25.555:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
  *Dec 14 15:59:25.555:         Msg Length : 0
  *Dec 14 15:59:25.555:         Msg SeqNum : 45
  *Dec 14 15:59:25.555: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.795: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.795: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:25.795:         Msg Type   : CAPWAP_WTP_EVENT_REQUEST
  *Dec 14 15:59:25.795:         Msg Length : 14
  *Dec 14 15:59:25.795:         Msg SeqNum : 46
  *Dec 14 15:59:25.795: 
  *Dec 14 15:59:25.795:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
  *Dec 14 15:59:25.795:         Vendor Identifier  : 0x00409600
  *Dec 14 15:59:25.795:
  *Dec 14 15:59:25.795:
      IE            :   RRM_LOAD_DATA_PAYLOAD
  *Dec 14 15:59:25.795:     IE Length     :   4
  *Dec 14 15:59:25.795:          slot 1 rxLoad 0 txLoad 0 ccaLoad 0
  *Dec 14 15:59:25.795: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.803: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:25.803: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:25.803:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:25.803:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
  *Dec 14 15:59:25.803:         Msg Length : 0
  *Dec 14 15:59:25.803:         Msg SeqNum : 46
  *Dec 14 15:59:25.803: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.375: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.375: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:30.375:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:30.375:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
  *Dec 14 15:59:30.375:         Msg Length : 17
  *Dec 14 15:59:30.375:         Msg SeqNum : 40
  *Dec 14 15:59:30.375: 
  *Dec 14 15:59:30.375:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 13
  *Dec 14 15:59:30.375:         Vendor Identifier  : 0x00409600
          SlotId                  :   0
          Mobile Mac Addr         :   BC:52:B7:E3:17:CB
  *Dec 14 15:59:30.375: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.375: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.375: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 15:59:30.375:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
  *Dec 14 15:59:30.379:         Msg Length : 8
  *Dec 14 15:59:30.379:         Msg SeqNum : 40
  *Dec 14 15:59:30.379: 
  *Dec 14 15:59:30.379:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
  *Dec 14 15:59:30.379:         Result Code : CAPWAP_SUCCESS
  *Dec 14 15:59:30.379: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.387: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 15:59:30.387: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 15:59:30.387:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 15:59:30.387:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
  *Dec 14 15:59:30.387:         Msg Length : 0
  *Dec 14 15:59:30.387:         Msg SeqNum : 47
  *Dec 14 15:59:30.387: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 16:00:00.387: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 16:00:00.387: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
  *Dec 14 16:00:00.387:         Msg Type   : CAPWAP_ECHO_REQUEST
  *Dec 14 16:00:00.387:         Msg Length : 0
  *Dec 14 16:00:00.387:         Msg SeqNum : 48
  *Dec 14 16:00:00.387: <<<<  End of CAPWAP Packet  >>>>
  *Dec 14 16:00:00.395: <<<<   Start of CAPWAP Packet  >>>>
  *Dec 14 16:00:00.395: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
  *Dec 14 16:00:00.395:         HLEN 2,   Radio ID 0,    WBID 1
  *Dec 14 16:00:00.395:         Msg Type   : CAPWAP_ECHO_RESPONSE
  *Dec 14 16:00:00.395:         Msg Length : 15
  *Dec 14 16:00:00.395:         Msg SeqNum : 48
  *Dec 14 16:00:00.395: 
  *Dec 14 16:00:00.395:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
  *Dec 14 16:00:00.395:         Vendor Identifier  : 0x00409600
  *Dec 14 16:00:00.395:
  *Dec 14 16:00:00.395:
      IE            :   UNKNOWN IE 151
  *Dec 14 16:00:00.395:     IE Length     :   5
  *Dec 14 16:00:00.395:     Decode routine not available, Printing Hex Dump
  *Dec 14 16:00:00.395:
  52 AC 80 81 00
  *Dec 14 16:00:00.395: <<<<  End of CAPWAP Packet  >>>>

  Under my AP Policies I only have "Accept Manufactured Installed Certificate (MIC)" checked.  I attempted to add the AP based on MAC Address (c0:67:af:6f:25:70) with this certificate type but still have the same issue.  I then ran the following debug on my controller and this is the output I recieve regarding that MAC.  I tried to cut the output short because it get's somewhat redundant but was unsure what exactly to look for in the output.  Should I be selecting a different certificate type?  I am somewhat new to wireless technologies but doing my best to pick things up so if this seems trivial please forgive my ignorance.
  debug pm pki enable
  *sshpmLscTask: Dec 14 20:42:56.450: sshpmLscTask: LSC Task received a message 4
  *spamApTask6: Dec 14 20:42:58.840: sshpmGetIssuerHandles: locking ca cert table
  *spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_alloc() for user cert
  *spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_decode()
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=AP3G2-c067af6f2570, [email protected]
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Mac Address in subject is c0:67:af:6f:25:70
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert Name in subject is AP3G2-c067af6f2570
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: called to evaluate
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: called to get cert for CID 282aef7e
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
  *spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
  *spamApTask6: Dec 14 20:42:58.845: ssphmUserCertVerify: calling x509_decode()
  *spamApTask6: Dec 14 20:42:58.856: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (current): 2013/12/15/01:42:58
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotBefore): 2013/08/25/13:01:22
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotAfter): 2023/08/25/13:11:22
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: getting cisco ID cert handle...
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: called to evaluate
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
  *spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
  *spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: called with 0x2c5f0cb8
  *spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: freeing public key
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: called to get cert for CID 183fd2b6
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
  *spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate

• AP1142N doesn't join his WLC (5508)

  Hello,
  My APs 1142N don't join their WLC. APs and WLC management interface are in the same vlan (WLC can ping all the APs). It is strange because it doesn't seem like they are trying to contact the WLC.
  What's strange is that I have other AP 1142N which joined this WLC without any problem.
  (Cisco Controller) >show sysinfoManufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco ControllerProduct Version.................................. 7.0.98.214Bootloader Version............................... 1.0.1Field Recovery Image Version..................... N/AFirmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27Build Type....................................... DATA + WPS ...
  ap#show versionCisco IOS Software, C1140 Software (C1140-K9W7-M), Version 12.4(21a)JA1, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2009 by Cisco Systems, Inc.Compiled Wed 16-Sep-09 18:09 by prod_rel_teamROM: Bootstrap program is C1140 boot loaderBOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA6, RELEASE SOFTWARE (fc1)ap uptime is 43 minutesSystem returned to ROM by power-onSystem image file is "flash:/c1140-k9w7-mx.124-21a.JA1/c1140-k9w7-mx.124-21a.JA1" ...cisco AIR-AP1142N-E-K9     (PowerPC405ex) processor (revision A0) with 98294K/32768K bytes of memory.Processor board ID FCZ1649D2U0PowerPC405ex CPU at 586Mhz, revision number 0x147ELast reset from power-on1 Gigabit Ethernet interface2 802.11 Radio(s)32K bytes of flash-simulated non-volatile configuration memory.Base ethernet MAC Address: E0:2F:6D:A5:AA:F6Part Number                          : 73-12836-06PCA Assembly Number                  : 800-33767-06PCA Revision Number                  : A0PCB Serial Number                    : FOC164732R2Top Assembly Part Number             : 800-33775-05Top Assembly Serial Number           : FCZ1649D2U0Top Revision Number                  : A0Product/Model Number                 : AIR-AP1142N-E-K9
  Regards,

  Ok thank. I didn't notice that it was an autonomous image.
  It seems that I can't use this guide (http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp157147) to upgrade them to lightweight (can't install software on windows seven).
  Regards

• APs (LAP1142N) are disconnecting after joining the WLC (5508)

  Hi,
  We are having a problem at the school I'm working at. There are 133 APs located across campus.
  They have been running for 3.5 years without any trouble.
  Recently we have been having issues with APs disconnecting at random.
  It started last week with just a couple. We got them running again, but later the same day new ones had disconnected.
  This has continued with more APs and it looks like it happens at random and it is never the same one that disconnects.
  We have a centralized support-unit that helps us with stuff like this, but they haven't come up with a solution, so I was hoping someone here had seen this behavior before.
  Today at 7AM all the APs were running, but at the time of this post 6 of them have disconnected.
  AP (130 of them):
  Product ID: AIR-LAP1142N-E-K9
  Version ID: V01
  Software Version: 7.4.100.0
  Boot version: 12.4.18.3
  IOS: 15.2(2)JB$
  Country Code: Norway (NO)
  Regulatory domains: 802.11bg:-E    802.11a:-E
  Controller:
  Cisco 5508 Wireless Controller
  Firmware: 7.4.100.0
  Recovery version: 6.0.182.0
  Temp is running at 35C
  Memory at a stable 50%
  Cores 0%/2%, 4%/2%, 3%/2%, 4%/1%, 3%/3%, 5%/2%, 0%/1%, 0%/1%, 0%/1%, 0%/1%
  Only using 4 of the ports on the controller 1-4
  Some of the error-messages I have located on the different APs that have disconnected:
  Layer 3 discovery request not received on management VLAN
  Lwapp discovery request rejected
  Just give me a shout if any other information is needed.
  - Hille

  You may be facing this bug CSCud97983
  https://tools.cisco.com/bugsearch/bug/CSCud97983
  Here are some more information about bugs we experienced with this 7.4 code
  http://mrncciew.com/2013/02/10/day-0-with-wlc-7-4-code/
  7.4MR2 (7.4.111.x) is available (pre-release image) if you want latest bug fixed image. This is specially if you are using wireless guest service & having apple iOS 7 devices.
  https://supportforums.cisco.com/docs/DOC-37334
  HTH
  Rasika
  **** Pls rate all useful responses ****

• WLC 5508 Controller Boot SW 5.2.157.0 ER.aes not found

  Hello Cisco-Experts,
  we just received a new 5508 installed with SW-Version 6.0.199.4, Filed REcovery Image 6.0.182.0.
  Because all other Controllers, all 4400-series, are running on SW-Version 6.0.202, we would like to
  upgrade the software to this level.
  The Upgrade documentation is mentioning a Boot Software-File 5.2.157.0 ER.AES that needs to be
  downloaded also besides the Controller Software file.
  But on Your Web-Download-page for 5508-controllers, I cannot find the described file:
  Cisco Unified Wireless Network Controller Boot Software 5.2.157.0. ER.aes.
  Why are YOu not offering this file anymore for this type of controller ?
  Is it possible to use this file from the 4400-Controller-series ?
  Or is the SW-version already installed on the controller a newer one ?
  Please advise
  Thank You
  Winfried

  Hi,
  5.2 platform code is not supported on 5500 controller and so you don't need that bootloader file and don't have to worry about it. 5.2 bootloader file is for 4400, wism, and other 2100 series small business controllers. 5500 controllers are design for 6.0 and 7.0 codes and there are no bootloader file for these codes.
  Here is  the bug as well!!
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj55193Please dont forget to rate the usefull posts!RegardsSurendra

• AP Cannot join WLC, i have RADIUS authorization is pending for the AP Error

  Hi Support,
  I'm new in installing WIFI, I have WLC 2504 using 7.4.100.0
  I have AP 1600 (AIR-CAP1602E-E-K9)
  I installed the WLC and AP in a cisco poe switch, wlc and ap are in the same subnet and can ping ap from WLC, but the AP cannot join the wlc. i have this error message
  (Cisco Controller) >show ap join stats detailed 00:06:f6:d6:03:f0
  Sync phase statistics
  - Time at sync request received............................ Not applicable
  - Time at sync completed................................... Not applicable
  Discovery phase statistics
  - Discovery requests received.............................. 124
  - Successful discovery responses sent...................... 124
  - Unsuccessful discovery request processing................ 0
  - Reason for last unsuccessful discovery attempt........... Not applicable
  - Time at last successful discovery attempt................ Jun 11 11:56:46.133
  - Time at last unsuccessful discovery attempt.............. Not applicable
  Join phase statistics
  - Join requests received................................... 62
  - Successful join responses sent........................... 0
  - Unsuccessful join request processing..................... 62
  - Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
  - Time at last successful join attempt..................... Not applicable
  - Time at last unsuccessful join attempt................... Jun 11 11:56:56.606
  Another this is from AP cli, i cannot have the command configure terminal
  Can you please help me

  Thanks Scott, i'm in Gabon (Central Africa) there is no Gabon in coutries list, then i chosen France.
  this is the new status
  (Cisco Controller) >show ap join stats detailed 00:06:f6:d6:03:f0
  Sync phase statistics
  - Time at sync request received............................ Not applicable
  - Time at sync completed................................... Not applicable
  Discovery phase statistics
  - Discovery requests received.............................. 126
  - Successful discovery responses sent...................... 126
  - Unsuccessful discovery request processing................ 0
  - Reason for last unsuccessful discovery attempt........... Not applicable
  - Time at last successful discovery attempt................ Jun 11 13:38:37.411
  - Time at last unsuccessful discovery attempt.............. Not applicable
  Join phase statistics
  - Join requests received................................... 63
  - Successful join responses sent........................... 1
  - Unsuccessful join request processing..................... 62
  - Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
  - Time at last successful join attempt..................... Jun 11 13:38:49.888
  - Time at last unsuccessful join attempt................... Jun 11 11:56:56.606
  Configuration phase statistics
  --More-- or (q)uit
  - Configuration requests received.......................... 0
  - Successful configuration responses sent.................. 0
  - Unsuccessful configuration request processing............ 0
  - Reason for last unsuccessful configuration attempt....... Not applicable
  - Time at last successful configuration attempt............ Not applicable
  - Time at last unsuccessful configuration attempt.......... Not applicable
  Last AP message decryption failure details
  - Reason for last message decryption failure............... Not applicable
  Last AP disconnect details
  - Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP
  - Last AP disconnect reason................................ Not applicable
  Last join error summary
  - Type of error that occurred last......................... AP got or has been disconnected
  - Reason for error that occurred last...................... Timed out while waiting for ECHO repsonse from the AP
  - Time at which the last join error occurred............... Jun 11 13:40:31.432
  AP disconnect details
  - Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP
  Ethernet Mac : 00:06:f6:d6:03:f0  Ip Address : 172.25.100.84
  --More-- or (q)uit
  (Cisco Controller) >

• WLC 5508 8.0.100 AP dropout anf fallback issue

  After WLC upgrade to 8.0.100 [ not in HA mode], the AP seem to be dropping out and reconnect using the fallback to IP-  inspite of the statically configured IP on the AP
  Running Outdoor mesh AIR-CAP1552E-N-K9 on WLC 5508
  (Cisco Controller) >show boot
  Primary Boot Image............................... 8.0.100.0 (default) (active)
  Backup Boot Image................................ 7.6.101.2
  =========
  Last AP disconnect details
  - Reason for last AP connection failure.................... The AP has been reset by the controller
  - Last AP disconnect reason................................ Unknown failure reason
  Last join error summary
  - Type of error that occurred last......................... Lwapp join request rejected
  - Reason for error that occurred last...................... No Mwar payload found in join request
  - Time at which the last join error occurred............... Dec 03 00:05:26.114
  AP disconnect details
  - Reason for last AP connection failure.................... The AP has been reset by the controller

  We downgraded the WLC to  7.4.121.0 and finally got rid of the DHCP problem
  But encountered a new issue
  The WGB once connected to the mesh AP does not reconnect to the network  , auth failure-   AIR-SAP1602E-Z-K9 running  - ap1g2-k9w7-mx.152-2.JB2
  Local EAP auth configured for WGB client on the WLC
  Looks more like the WGB stuck in a state , unable to negotiate its credentials
  Controller log
  *dot1xMsgTask: Mar 24 10:33:52.737: #DOT1X-3-WPA_SEND_STATE_ERR: 1x_kxsm.c:1404 Unable to send EAPOL-key msg  - invalid WPA state (0) - client f4:0f:1b:23:03:37
  Attached is the debug and client status from WLC
  Any  idea what is going on
  Thanks

• Upgrade WLC 5508 IOS 8.0.100

  Hi
  I wan to upgrade the IOS version on WLC 5508, but I do not is recommended, 
  Can you help me is recommended upgrade for this version?.
  The apple devices have a problem with retry authentication constantly
  regards

  After WLC upgrade to 8.0.100 [ not in HA mode], the AP seem to be dropping out and reconnect using the fallback to IP-  inspite of the statically configured IP on the AP
  Running Outdoor mesh AIR-CAP1552E-N-K9 on WLC 5508
  (Cisco Controller) >show boot
  Primary Boot Image............................... 8.0.100.0 (default) (active)
  Backup Boot Image................................ 7.6.101.2
  =========
  Last AP disconnect details
  - Reason for last AP connection failure.................... The AP has been reset by the controller
  - Last AP disconnect reason................................ Unknown failure reason
  Last join error summary
  - Type of error that occurred last......................... Lwapp join request rejected
  - Reason for error that occurred last...................... No Mwar payload found in join request
  - Time at which the last join error occurred............... Dec 03 00:05:26.114
  AP disconnect details
  - Reason for last AP connection failure.................... The AP has been reset by the controller

• WLC 5508 and Multiple DHCP servers in different sites?

  Hi
  I work for health authority in our region and we just purchased a Cisco wlc 5508 controller along with 25 3500 AP's. We have multiple sites with different IP subnets in each, all connected by a frame relay (owned by ISP). Each site has its own DHCP server. I have the controller in our main site. So when I take an AP to a remote site, the Ap gets an DHCP address from local DHCP server (which is great) and contacts controller and joins controller. Everything is good. BUT, when a client joins at the remote site, it gets an address from a previous site which will not work because the client is now on a different subnet. We dont use Vlans as they dont transvers the frame relay. I need those clients to obtain DHCP from the local DHCP server from the site they are on. Is that possible??
  I have updated the controller to latest version as well.
  Thanks
  Bryan Yaciuk, CCNA
  Parkland Regional Health Authority

  We call this as HREAP LOCAL SWITCHING!! but here is the catch.. everytime the AP joins the new site.. we need to configure the VLAN mapping and this wil do it for you!! Here is the link which will resolve ur issue..
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#ll
  Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Wlc 5508 webauth subnet mask change issue

  Recenly l changed the network subnet for a particular wlc interface and scope and also an upstream router and for some reason it would only allow me to use a /24 Host mask as my plan was to go to a /22 mask to allow for over 1000 hosts within this scope.
  The Upstream Router which is a  ( RV042 ) had the following original config :
       192.168.1.1
       255.255.255.0
  I have noticed this device will not let me change the mask from a /24 to a /22 as you can only change from a pre-defined list of masks and you cannot manually add any either..
  New Config
       10.10.0.10
       255.255.255.0
  WLC 5508 Controller Interface
       Original Config
        192.168.1.25
       255.255.255.0
       192.168.1.1
       New Config
       10.10.0.25
       255.255.252.0
       Scope
       Range : 10.10.1.10 - 10.10.3.254
       Mask : 255.255.252.0
       Network : 10.0.0.0
       Router : 10.10.0.10
  When l reconfigure to this addressing the wireless clients connect and get the new dhcp scope details but following this the webauth screen doesn't appear not allowing them to connect meaning there is no routing of traffic / internet access.
  If l modify the above interface and scope masks back to a /24 - 255.255.255.0 the the wireless clients connect and webauth appears to prompt them to accept the terms and conditions and connect thus giving them internet access.
  It looks like an issue with the mask ? The main reason l am trying to change the subnet addressing is because the standard /24 mask is not providing enough dhcp addresses and we have had times were the scope has been exhausted due to the public connecting and disconnecting as the lease perod of 2 hours holds onto the address before expiring meaning there is not enough available addresses for people to connect.
  I would of thought that the upstream router ( RV042 ) even though it is only a /24 mask would still route the traffic coming from a WLC Controller interface with a /22 mask ?
  Hopefully someone can suggest a solution ?
  Thanks Simon

  Hey Scott just getting back to this issue..   If for instance l can modify the wlc interface and Scope to have a /22 mask ( 1022 Hosts ) and my upstream Router ( Cisco RV042 ) can only provide a /24 or higher mask then does that mean l am still limited to a range of 254 hosts ( /24 Mask ) ?  Would this mean l need to look into replacing my upstream Cisco RV042 VPN Router ?

• WLC 5508 Most Recent Traps Duplications

  Hi,
  I have recently noticed that in my WLC traps  I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS.  Example Mac addresss'08:11:96:e4:1a:60
  4
  Wed Mar 27 16:05:56 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  5
  Wed Mar 27 16:05:45 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  7
  Wed Mar 27 16:04:53 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
  12
  Wed Mar 27 16:02:51 2013
  Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate
    This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?
  Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
  Any ideas?
  Any information would be great.
  Cheers
  Eddy

  Hi Eddy,
  I am not an ISE guy so not sure about ISE config. But I would say couldn't it be roaming that increases the hit count?
  Whenever a client roams it authenticates again with the radius server. There are key caching mechanisms to bypass this process and makes roaming faster.
  You may read this: https://supportforums.cisco.com/thread/2065138
  Now, if for some reason the WLC sends a request to the ISE for every roaming process then that probably explains what you see
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• WLC 5508 webauth_bundle

  Hi
  I'm trying to upload webauth_bundle-1.0.2.zip file on WLC 5508 controller with software version 7.0.220.0 via tftp server.
  First the controller says that "Unknown bundle type. Valid bundle is a tar file." so I unzip file and create a tar file and now WLC says
  "Error: Webauth Bundle file transfer failed - File is too big".
  Could someone help me
  thanks

  Antonello,
  What you need to do is extract the webauth_bundle-1.0.2.zip file. This zip files has all the different types of webauth or pasthrough examples and login.tar files. Take a look at the readme.html file inside of the zip and that will explain the different bundles. When you decide on one, you can upload the login.tar file.
  These examples allowyou to customize them. Hope this helps.