AP 3502i with VWLC

AIR-CAP3502I-N-K9 is currently having LWAPP image version 7.0.112.74.
Software Name is "ap3g1-rcvk9w8-mx" and Version 12.4(23c)JA3.
I want it to register with Virtual WLC. Which Software i should put to make it work..? Coz I didnt know how to find 7.3 software
Please provide me the link to download the software..
Any quick help would be appreciated.
Thanks.
Message was edited by: Prasan Venky

If you join the AP to a WLC that is running v7.3 or later, then that AP will be able to join your vWLC.  If not, you need to download this code and upload it to the AP:
WIRELESS LAN RECOVERY
ap3g1-rcvk9w8-tar.152-4.JA1.tar
https://supportforums.cisco.com/docs/DOC-26765#Access_Points_Requirement
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"

Similar Messages

  • Cisco ISE 1.2 Guest Portal customization with vWLC redirect

    Hello Support Community,
    we have a problem regarding customized web authentication on ISE 1.2 with Package ISE12CustomPortalPackage-v4.zip. We have a Virtual Wireless Controller where we do a redirect to ISE. When we use default guest portal on https://x.x.x.x:8443/guestportal/Login.action authentication and authorization works fine. When we do redirect to Cisco templates on https://x.x.x.x:8443/guestportal/portals/example/Login.html customized login page is displayed and after correct authentication guest successful page is displayed but we can't go to any webserver although ISE shows authentication and authorization as successful. When we try to reach a webserver after successful authentication we get redirected to customized login site. Virtual Wireless Controller shows client aus "Webauth Required" after successful authentication. Central Web Authentication isn't possible because we have a different AAA Server for 802.1X and only use wired guest access on a particular VLAN from WLC. Are there any known issues regarding customization template or is there something wrong regarding our redirect?
    I hope somebody can help us.
    Best Regards
    Benjamin

    Hello Neno,
    1. I attached screenshots below.
    2. There is nothing related to this client.
    3. I attached Debug below.
    We are currently using MAB on our switches as a fallback to our 802.1X on our wired access. Order and Priority currently is 802.1X/MAB/Auth-Fail-VLAN. CWA is based on a failed MAC-Authentication which leads to an Authorization Profile to permit access with Webauth.
    If you configure Wired guest access on WLC there isn't a possibility to configure MAC-Authentication.
    CWA on our switches isn't possible because we are currently using failed MAC-Authentication to direct clients to our Auth-Fail-VLAN which has restricted access secured by SVI-ACL which allows us HTTP Access to printers (manual Cert Deployment) and automated Cert enrollment to our computers.
    Best Regards
    Benjamin

  • Configuration of CISCO 3502I with Windows 2003 Server SE

    Hi,
    I am currently trying to configure a CISCO Aironet AIR-CAP3502I-E-K9 with Win Server 2003 Standard Edition.
    First of all is it even possible to cinfigure the above device using DHCP so that it can be run as an access point or can it only be used with a CISCO Controller,
    Does the server need to be a Win 2003 Ent?
    In my situation the Windows Server is the controller we don't have a CISCO controller
    I have created a Vendor class attribute on the DHCP pool of the windows server using option 43
    The IP address of the DHCP server is 10.203.125.48 but the users are sitting on the 10.203.122.xxx subnet.  The AP is currebtly sitting on the same subnet as the DHCP server(125)
    I have created an Option Class called 'CISCO Ap' with an option code of 241 on the DHCP scope
    Under Scope options I have then created an option 241 option name and under 'Available Options' ticked the option 43 and added the name of the DHCP server IP address. 
    When I switch on the AP it is blinking green but I get the following error attached.
    Any Help would be appreciated
    Thanks
    Immy

    That error is "normal" because you are using a 3500 AP.  This particular model of AP requires a wireless LAN controller (WLC).
    You "cannot" load autonomous IOS into the 3500 for wireless service. 

  • VWLC and Apple TV

    Hello,
    I'm using a Cisco Virtual Wireless Controller in version 7.4.110.0 with 2602 access points in FlexConnect mode.
    I'm using only one WLAN with 802.1x authtication and dynamic VLAN assignation.
    I have 13 wired Apple TV (v3).  In controller configuration I enabled mDNS and AirTunes service.  In Controller\mDNS\Domain names, I can see all my 13 Apple TV.
    On wireless devices, the list of available Apple TV change.  Sometimes I see 1 available Apple TV, sometime I see 5...  In same time, on two devices, available Apple TV are not sames.
    Do you have any idea about wich missconfiguration can create this confusion?
    Thanks!

    Yes, to work with vWLC you need to keep AP in FlexConnect mode.
    In FlexConnect, you can have central switching or local switching. If you are doing Flexconnect Central Switching (where all traffic tunnel back to your WLC) it should work. Only concern is you are using vWLC.
    Here is what I have done with 5508 (with wired Apple TV) & local mode AP, set up works fine
    http://mrncciew.com/2013/03/27/configuring-mdns-on-wlc-7-4/
    If not working, confirm this from Cisco TAC (ie mDNS is works fine with vWLC in FlexConnect-Central Switching mode)
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Virtual WLC supported Access Points

    Dear All,
    I read minimum code version of AP should be 7.3.
    Someone please tell me the supported AP models for VWLC 7.4 series..?
    KVS

    Many thanks for your reply.
    So, Access points that are supported 7.3 code can be used to register with vWLC..?
    7.3.x
    1522, 1524PS, 1524SB, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, 1552S, 1130, 1240, 1250, 1260, 2600, 3500e, 3500i, 3600e, 3600i, 3500p, 1140, 600 OEAP, AP801, AP802
    Thanks in advance...

  • Problems with AP joining vWLC

    I am working with a vWLC on 7.4 code with a 3500i AP on 12.4(23c)JA code.  The AP is not joining the controller automatically here is the output from the AP during a join failure,
    *Jul 15 09:57:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.2.98.225 peer_port: 5246
    *Jul 15 09:57:59.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *Jul 15 09:57:59.016: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
    *Jul 15 09:57:59.016: %CAPWAP-3-ERRORLOG: Certificate verification failed!
    *Jul 15 09:57:59.016: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:333 Certificate verified failed!
    *Jul 15 09:57:59.016: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.2.98.225
    *Jul 15 09:57:59.016: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.2.98.225:5246
    *Jul 15 09:57:59.016: %DTLS-3-BAD_RECORD: Erroneous record received from 10.2.98.225: Malformed Certificate
    *Jul 15 09:57:59.016: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.2.98.225:5246
    *Jul 15 09:57:59.016: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
    *Jul 15 09:58:18.881: %CDP_PD-2-POWER_LOW: All radios disabled - NON_CISCO-NO_CDP_RECEIVED  (0000.0000.0000)
    From my research about this issue I should be able to do debug pm pki enable and get the SSC key hash and join the AP manually to the controller.  When I do the debug I do not see the SSC key hash, I only see,
    (Cisco Controller) >*sshpmLscTask: Jul 15 09:46:08.268: sshpmLscTask: LSC Task received a message 4
    *spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Request from 10.2.98.3:3536
    *spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Response sent to 10.2.98.3:3536
    *spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Response sent to 10.2.98.3:3536
    *spamApTask1: Jul 15 09:58:09.121: 50:3d:e5:f0:dc:f1 DTLS connection not found, creating new connection for 10:2:98:3 (3536) 10:2:98:225 (5246)
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: called to get cert for CID 1234873a
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1234873a
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: match in row 2
    *spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 DTLS connection closed event receivedserver (10:2:98:225/5246) client (10:2:98:3/3536)
    *spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 No entry exists for AP (10:2:98:3/3536)
    *spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 No AP entry exist in temporary database for 10.2.98.3:3536
    What else can I try to get this AP to join the controller??
    Thank you.

    "configure certificate ssc hash validation disable"  didn't help, same problems
    I tried to add the AP by its MAC and MIC to the authorized APs list but it just tells me "
    50:3d:e5:f0:dc:f1 No AP entry exist in temporary database for 10.2.98.3:3536"
    The SSC key Hash still doesn't show in the debug output.  What else can I try?

  • VWLC 7.6.120 with cap2602 APs

    Running virtual wireless controller 7.6.120 with AIR-CAP2602E-K-K9 model access points. The server crashed a few days ago and now the access points arent able to join to the controller. They join to the controller for about 5 minutes, and i see users actually connecting to it. Then it just disappears. and does the same cycle again. I've also "clear all config" on all of the access points as well. This setup is actually on a drillship and it goes over the VSAT, we have them setup locally onboard at other sites and never had issues until now. I've attached the logs on its behavior on what it does.
    I've also upgraded the controller from 7.4.100 to 7.6.120 thinking it would fix the issue. No dice.
    Any help would be appreciated.

    I downgraded the controller. See the following below. 
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.4.121.0
    RTOS Version..................................... 7.4.121.0
    Bootloader Version............................... 7.4.121.0
    Emergency Image Version.......................... 7.4.121.0
    Build Type....................................... DATA + WPS
    System Name...................................... RIG201-vWLC
    System Location.................................. 
    System Contact................................... 
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
    IP Address....................................... 10.254.201.224
    System Up Time................................... 0 days 4 hrs 39 mins 57 secs
    System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... Multiple Countries:KE,US
    --More-- or (q)uit
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 5
    Number of Active Clients......................... 0
    Memory Current Usage............................. Unknown
    Memory Average Usage............................. Unknown
    CPU Current Usage................................ Unknown
    CPU Average Usage................................ Unknown
    Burned-in MAC Address............................ 00:0C:29:03:42:BC
    Maximum number of APs supported.................. 200
    AP4c00.82b9.96de#sh inventory 
    NAME: "AP2600", DESCR: "Cisco Aironet 2600 Series (IEEE 802.11n) Access Point"
    PID: AIR-CAP2602E-K-K9 , VID: V01, SN: FGL1729W06B
    AP4c00.82b9.96de#sh version 
    Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Version 15.2(2)JB3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2013 by Cisco Systems, Inc.
    Compiled Thu 19-Dec-13 04:30 by prod_rel_team
    ROM: Bootstrap program is C2600 boot loader
    BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
    AP4c00.82b9.96de uptime is 3 minutes
    System returned to ROM by power-on
    System image file is "flash:/ap3g2-k9w8-mx.152-2.JB3/ap3g2-k9w8-xx.152-2.JB3"
    Last reload reason: 
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP2602E-K-K9    (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
    Processor board ID FGL1729W06B
    PowerPC CPU at 800Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 7.4.121.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 4C:00:82:B9:96:DE
    Part Number                          : 73-14511-02
    PCA Assembly Number                  : 800-37898-01
    PCA Revision Number                  : A0
    PCB Serial Number                    : FOC17273MC9
    Top Assembly Part Number             : 800-38357-01
    Top Assembly Serial Number           : FGL1729W06B
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP2602E-K-K9   
    Configuration register is 0xF

  • VWLC with AP1602 + VMware Workstation Multiple IP

    Hello,
    I have configured a new vWLC system with AP1602's. I have followed the manual and used FlexConnect. Everything is working fine but when I connect the VM's on my laptop they don't get a DHCP address. If I assign a static IP it works. I'm not able to find anything in the manuals.
    Can anyone assist?
    Thanks,
    Bryan

    Debugging the internal DHCP server is typically a matter of finding a client that is having a problem getting an IP address. You need to run these debugs:
        debug client <MAC ADDRESS OF CLIENT>
    The debug client is a macro that enables these debugs for you while focusing the debug out only on the client MAC address that you have entered:
        debug dhcp packet enable
        debug dot11 mobile enable
        debug dot11 state enable
        debug dot1x events enable
        debug pem events enable
        debug pem state enable
        debug cckm client debug enable
    The main one for DHCP issues is the debug dhcp packet enable command that is enabled automatically by the debug client command.

  • VWLC issue with guest vlan

    Hi Team,
    I installed Cisco vWLC for the first time. Everything works fine except my guest vlan doesnt get IP address from the designated dmz network. I was wondering if I am missing something. Currently Flexconnect it configured on the wlans with LOCAL mode. I've alredy tried to go under each AP and perform vlan mapping but ... no luck so far.
    Please get back to me if you have any ideas.
    Respectfully,
    Marty-

    Hello Marty,
    As per your query i can suggest you the following solution-
    Guest vlan doesnt get IP address from the designated dmz network.So please apply the appropriate native vlan to the Flexconnect configured in the local mode.Also make sure to do vlan mapping in order to match Physial switch Vlan matching. Finally configure trunk on the Access-Point port with the corresponding native Vlan.
    For more information please refer to the link-
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
    Hope this will help

  • Redundancy with 2 vWLC

    Hi Forum,
    is it possible to operate 2 vWLC (with version 8.0) and configure them to work redundant (in any mode A/A, A/P or cold stand-by) as you could with a 5500 WLC?
    TIA
    Alexander

    Hi Alexander,
    Yes that is possible, but not in an hitless fashion like SSO with the 5500 controllers. The access-points need to determine that their primary controller is down which will take at least 10~15 seconds (if you are going to use fast AP heartbeats). And all the clients need to re-authenticate. To answer your question; just configure an primary and secondary WLC on the access-point.
    With the virtual WLC your access-points have to run in FlexConnect mode which has some drawbacks (just like the virtual WLC itself, comparing it to an physical WLC). But depending on your deployment, the virtual controller can be much cheaper and lift on the HA infrastructure in the already existing hypervisor layer in your datacenter.
    It is also possible to do "local authentication" on FlexConnect AP's when the connection to the controller has been lost, which can be handy when the WAN link is instable. Maybe this feature is an better solution that just add an second WLC in the datacenter far away.

  • Power supply delivered with AP 3502I ?

    hello,
    can somebody tell me if when I order a 3502i Access Point, does is it delivered with a power supply included for free, or does a spare power supply must be oredered separately (AIR-PWR-B=)  ?
    thank for your help
    regards
    Yvon

    Hi,
    If the device is purachsed through the channel partner then the box does contain the power supply..
    Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
    Regards
    Surendra

  • 3502i keeps losing communication with WLC 5508

    Hello all,
    This problem only seems to affect one of our sites.  Every once in a while, several APs would lose link to the 5508 and get stranded.  The only way to fix the issue is either to power cycle, or better yet SSH into the APs and use the command "capwap ap controller ip address x.x.x.x", and then they'd automatically rejoin the controller.  At first, I thought network hiccups caused the APs to lose connectivity, but there's none that I could find.  I have the primary/secondary controller IPs configured in them as well.  See log below:
    [previous log entries show AP working as intended, then...]
    *Jan 18 05:29:29.632: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
    ., 1)
    *Jan 18 05:29:29.632: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
    *Jan 18 05:29:29.645: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Jan 18 05:29:29.645: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to [ommitted due to security reason]:5246
    *Jan 18 05:29:29.704: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
    *Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 0 down
    *Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 1 down
    *Jan 18 05:32:35.214: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
    *Jan 18 05:32:38.278: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
    *Jan 18 05:32:38.278: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
    *Jan 18 05:32:38.379: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
    *Jan 18 05:32:38.379: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
    *Jan 18 05:32:46.215: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Jan 18 05:35:41.753: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
    *Jan 18 05:35:44.817: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
    *Jan 18 05:35:44.817: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
    *Jan 18 05:35:44.898: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
    *Jan 18 05:35:44.898: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
    *Jan 18 05:35:52.753: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Jan 18 05:38:48.260: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
    *Jan 18 05:38:51.324: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
    *Jan 18 05:38:51.324: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
    *Jan 18 05:38:51.405: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
    [These log messages keep looping endlessly]
    These APs discover the controller by using DHCP + DNS.  Any suggestion will be greatly appreciated!
    Thanks,
    Wil

    I have only had this issue a few times but what I end up doing is factory default the AP. I also end up uploading the rcv image and deleting the other images in flash. I do some beta testing so it could be that the images get corrupt, but that has been my fix. The AP joins and then downloads the firmware from the WLC again. It might not be what you want to do, but maybe if its an issue with a particular AP you can test it out.
    Sent from Cisco Technical Support iPhone App

  • Area covered with 3502i

    In an idle situation how much area is covered by a cisco 3502i acceccpoint , I understand there are many factor that will effect this , thats why I am adking in idle situation , I am looking for a number is square feet.
    Ambuj

    Even that has caveates, and depends on the obsticles
    Data you can get about 5000 sqft
    Voice about 3200 sqft
    Location probalby more like 2600 sqft
    these should be considered general guidlines, your mileage may vary.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • An other AP not joining vWLC

    Hi,
    I have a hard time geting a AP to connect to a vWLC. I get certificate error on the AP, he dose'nt trust the vWLC's selfsigned certificate.
    I know about the requirement for the AP, to have 7.3 code on before connecting to a vWLC. This AP were connected to another demo-license vWLC before, 4 months ago. But now, when I did a reinstall of vWLC, my AP dose'nt connect.
    I have done recovery on the AP with all 15.2.2 images for the AP (3502I)
    ap3g1-rcvk9w8-tar.152-2.JA.tar
    ap3g1-rcvk9w8-tar.152-2.JA1.tar
    ap3g1-rcvk9w8-tar.152-2.JB.tar
    I have tried to reinstall and change version of the vWLC. (and tried the diffrent images)
    AIR-CTVM-7-3-112-0.ova
    AIR-CTVM-7-3-101-0.ova
    I do see that the right code is on the AP for example:
    cisco AIR-CAP3502I-E-K9    (PowerPC460exr) processor (revision A0) with 81910K/49152K bytes of memory.
    Processor board ID FCZ1544W0N1
    PowerPC460exr CPU at 666Mhz, revision number 0x18A8
    Last reset from power-on
    LWAPP image version 7.3.1.73
    1 Gigabit Ethernet interface
    I have checked the time on the vWLC vs AP for missmatch but they are spot on.
    Still only get this on the AP:
    *Jun  5 23:43:09.012: %CAPWAP-3-ERRORLOG: Certificate verification failed!
    *Jun  5 23:43:09.012: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
    *Jun  5 23:43:09.012: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.50.227:5246
    *Jun  5 23:43:09.012: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.227:5246
    *Jun  5 23:43:09.012: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
    *Jun  5 23:44:14.003: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jun  5 23:43:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.227 peer_port: 5246
    *Jun  5 23:43:09.009: %CAPWAP-3-ERRORLOG: Failed to authorize controller using trust config.
    *Jun  5 23:43:09.009: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
    A good tip on how to get this working would be nice. :-)
    Can I clear the AP from rommon in some way?
    Cheer    

    Disable hash validation on the wlc but it did not work.
    And I tried, from rommon, the 'sscoff' but coulde'nt see any results. Do you now what that command does?
    In the link you sent there was commands to clear the capwap settings on the AP
    'test capwap erase'
    'test capwap restart'
    After these commands I got another error in tha AP log:
    PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID
    When I look at the WLC I see that the self signed certificate is valid from to day, 6/6?
    I configured the NTP server during setup yesterday so I dont understand how date could be a problem/be wrong on the ssc? I checked time and date an both AP abd vWLC but I did'nt check start date on the certificate...
    The AP is on UTC and the WLC on GMT+1 so I'll have to wait 2 hours to see if that was the problem :-)
    (tried to set the clock on the AP but It keeps changing back?)
    (Cisco Controller) >show certificate ssc
    SSC Hash validation.............................. Disabled.
    SSC Device Certificate details:
             Subject Name :
                     C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
                     CN=DEVICE-vWLC-AIR-CTVM-K9-000C29E255EE, MAILTO=[email protected]
             Validity :
                     Start : 2013 Jun  6th, 22:49:27 GMT
                     End   : 2023 Apr 15th, 22:49:27 GMT
             Hash key : 2d56a1c88e549e8ce66b67770aff8539c4f85cd2
    (Cisco Controller) >show time
    Time............................................. Thu Jun  6 22:22:41 2013
    Timezone delta................................... 0:0
    Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
    NTP Servers
        NTP Polling Interval.........................     84000
         Index     NTP Key Index     NTP Server      NTP Msg Auth Status
           1              0       193.11.166.36       AUTH DISABLED
    Cheers

  • Cisco Aironet 3502i and Virtual Wireless Controller- Question

    Hello everyone,
    As soon, I purchased two Cisco 3502i and Cisco 1142 however, two issue are that I don't have controller and smartnet. As my purpose, it using for Home Use but house with 2,500 Sq ft with two floor and new 24x24ft garage with two floor. I put two Cisco 3502i for garage and one cisco 1142 in house on second floor. Separated for multi media, gaming, streaming high resolution video, parts, and downloads programmings online. It will run with Cisco Catalyst Express 500 with 24 ports (4 POE) and two gigabit ports. In house, it have Dell Poweredge 2850, Cisco Catalyst Express 500 with 24 ports POE and 2 ports gigabit.
    I thought to make my own developing with my first time using Wireless Controller. I wanted to try out with Virtual WLC on Dell Poweredge 2850 running ESXi 4.1.
    Specs for Dell Poweredge 2850:
    - 2x Intel Xeon Dual Core 3.8 GHz
    - 4GB RAM (Will upgrade to 12GB soon)
    - 2x 146GB and 2x 36GB SCSI
    - 2x 1 Gbps built in and 4x 1 Gbps PCI-X
    Developing with Untangle and pfSense to make it support with LADP and VLAN to both Cisco Express 500 using 4 gbps PCI-X. I have read the requipment list to use Virtual WLC but it seem met the requipment for my 2850. If someone offer me to get Virtual WLC and IOS from their, I accept to "borrow" it. I do go college which is Rochester Institute of Technology at New York and my major is Applied Computer Technology. I live here at Hampton Road, Virginia. Just in case if you might know about RIT. I just start to learning myself with Cisco books.
    I have a question:
    - Is there possible to get trial or full version of Virtual WLC?
    - Is there possible to get Lightweight or Autonomous IOS for Cisco 1142 and 3502i?
    -  Does it supported Dell PowerEdge 2850?
    - Does 3502i support Autonomous? (Not actually but I have researched around online about that it will work with 1262's IOS)
    Thanks
    Gage

    Answers in-line...
    I have a question:
    - Is there possible to get trial or full version of Virtual WLC?
    No.  You will need a SmartNet contract (or a freshly purchased device) to obtain software from cisco.  Nobody will provide this to you.
    - Is there possible to get Lightweight or Autonomous IOS for Cisco 1142 and 3502i?
    No.  You will need a SmartNet contract (or a freshly purchased device) to obtain software from cisco. 
    Nobody will provide this to you.
    -  Does it supported Dell PowerEdge 2850?
    Cisco doesn't go in to great detail regarding the actual Hardware requirements of the vWLC (as far as ESX Host requirements).  Primarily, making sure you are running ESX 4.x/5.x is necessary.  The vWLC provisions 2Gb of RAM and 8GB of thick provisioned storage, so if your host can accomodate I don't see any reason it wouldn't work.
    - Does 3502i support Autonomous? (Not actually but I have researched around online about that it will work with 1262's IOS)
    Yes, with the latest versions of IOS 15.2(2)JB, full functionality in autonomous can be achieved on the 1550, 3500, and 3600 series APs
    http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/15.2_2_JB.html#wp355587

Maybe you are looking for