AP 3502i with VWLC
AIR-CAP3502I-N-K9 is currently having LWAPP image version 7.0.112.74.
Software Name is "ap3g1-rcvk9w8-mx" and Version 12.4(23c)JA3.
I want it to register with Virtual WLC. Which Software i should put to make it work..? Coz I didnt know how to find 7.3 software
Please provide me the link to download the software..
Any quick help would be appreciated.
Thanks.
Message was edited by: Prasan Venky
If you join the AP to a WLC that is running v7.3 or later, then that AP will be able to join your vWLC. If not, you need to download this code and upload it to the AP:
WIRELESS LAN RECOVERY
ap3g1-rcvk9w8-tar.152-4.JA1.tar
https://supportforums.cisco.com/docs/DOC-26765#Access_Points_Requirement
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
Similar Messages
-
Cisco ISE 1.2 Guest Portal customization with vWLC redirect
Hello Support Community,
we have a problem regarding customized web authentication on ISE 1.2 with Package ISE12CustomPortalPackage-v4.zip. We have a Virtual Wireless Controller where we do a redirect to ISE. When we use default guest portal on https://x.x.x.x:8443/guestportal/Login.action authentication and authorization works fine. When we do redirect to Cisco templates on https://x.x.x.x:8443/guestportal/portals/example/Login.html customized login page is displayed and after correct authentication guest successful page is displayed but we can't go to any webserver although ISE shows authentication and authorization as successful. When we try to reach a webserver after successful authentication we get redirected to customized login site. Virtual Wireless Controller shows client aus "Webauth Required" after successful authentication. Central Web Authentication isn't possible because we have a different AAA Server for 802.1X and only use wired guest access on a particular VLAN from WLC. Are there any known issues regarding customization template or is there something wrong regarding our redirect?
I hope somebody can help us.
Best Regards
BenjaminHello Neno,
1. I attached screenshots below.
2. There is nothing related to this client.
3. I attached Debug below.
We are currently using MAB on our switches as a fallback to our 802.1X on our wired access. Order and Priority currently is 802.1X/MAB/Auth-Fail-VLAN. CWA is based on a failed MAC-Authentication which leads to an Authorization Profile to permit access with Webauth.
If you configure Wired guest access on WLC there isn't a possibility to configure MAC-Authentication.
CWA on our switches isn't possible because we are currently using failed MAC-Authentication to direct clients to our Auth-Fail-VLAN which has restricted access secured by SVI-ACL which allows us HTTP Access to printers (manual Cert Deployment) and automated Cert enrollment to our computers.
Best Regards
Benjamin -
Configuration of CISCO 3502I with Windows 2003 Server SE
Hi,
I am currently trying to configure a CISCO Aironet AIR-CAP3502I-E-K9 with Win Server 2003 Standard Edition.
First of all is it even possible to cinfigure the above device using DHCP so that it can be run as an access point or can it only be used with a CISCO Controller,
Does the server need to be a Win 2003 Ent?
In my situation the Windows Server is the controller we don't have a CISCO controller
I have created a Vendor class attribute on the DHCP pool of the windows server using option 43
The IP address of the DHCP server is 10.203.125.48 but the users are sitting on the 10.203.122.xxx subnet. The AP is currebtly sitting on the same subnet as the DHCP server(125)
I have created an Option Class called 'CISCO Ap' with an option code of 241 on the DHCP scope
Under Scope options I have then created an option 241 option name and under 'Available Options' ticked the option 43 and added the name of the DHCP server IP address.
When I switch on the AP it is blinking green but I get the following error attached.
Any Help would be appreciated
Thanks
ImmyThat error is "normal" because you are using a 3500 AP. This particular model of AP requires a wireless LAN controller (WLC).
You "cannot" load autonomous IOS into the 3500 for wireless service. -
Hello,
I'm using a Cisco Virtual Wireless Controller in version 7.4.110.0 with 2602 access points in FlexConnect mode.
I'm using only one WLAN with 802.1x authtication and dynamic VLAN assignation.
I have 13 wired Apple TV (v3). In controller configuration I enabled mDNS and AirTunes service. In Controller\mDNS\Domain names, I can see all my 13 Apple TV.
On wireless devices, the list of available Apple TV change. Sometimes I see 1 available Apple TV, sometime I see 5... In same time, on two devices, available Apple TV are not sames.
Do you have any idea about wich missconfiguration can create this confusion?
Thanks!Yes, to work with vWLC you need to keep AP in FlexConnect mode.
In FlexConnect, you can have central switching or local switching. If you are doing Flexconnect Central Switching (where all traffic tunnel back to your WLC) it should work. Only concern is you are using vWLC.
Here is what I have done with 5508 (with wired Apple TV) & local mode AP, set up works fine
http://mrncciew.com/2013/03/27/configuring-mdns-on-wlc-7-4/
If not working, confirm this from Cisco TAC (ie mDNS is works fine with vWLC in FlexConnect-Central Switching mode)
HTH
Rasika
**** Pls rate all useful responses **** -
Virtual WLC supported Access Points
Dear All,
I read minimum code version of AP should be 7.3.
Someone please tell me the supported AP models for VWLC 7.4 series..?
KVSMany thanks for your reply.
So, Access points that are supported 7.3 code can be used to register with vWLC..?
7.3.x
1522, 1524PS, 1524SB, 1552E, 1552H, 1552I, 1552C, 1552EU, 1552CU, 1552S, 1130, 1240, 1250, 1260, 2600, 3500e, 3500i, 3600e, 3600i, 3500p, 1140, 600 OEAP, AP801, AP802
Thanks in advance... -
I am working with a vWLC on 7.4 code with a 3500i AP on 12.4(23c)JA code. The AP is not joining the controller automatically here is the output from the AP during a join failure,
*Jul 15 09:57:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.2.98.225 peer_port: 5246
*Jul 15 09:57:59.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 09:57:59.016: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jul 15 09:57:59.016: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jul 15 09:57:59.016: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:333 Certificate verified failed!
*Jul 15 09:57:59.016: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.2.98.225
*Jul 15 09:57:59.016: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.2.98.225:5246
*Jul 15 09:57:59.016: %DTLS-3-BAD_RECORD: Erroneous record received from 10.2.98.225: Malformed Certificate
*Jul 15 09:57:59.016: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.2.98.225:5246
*Jul 15 09:57:59.016: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Jul 15 09:58:18.881: %CDP_PD-2-POWER_LOW: All radios disabled - NON_CISCO-NO_CDP_RECEIVED (0000.0000.0000)
From my research about this issue I should be able to do debug pm pki enable and get the SSC key hash and join the AP manually to the controller. When I do the debug I do not see the SSC key hash, I only see,
(Cisco Controller) >*sshpmLscTask: Jul 15 09:46:08.268: sshpmLscTask: LSC Task received a message 4
*spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Request from 10.2.98.3:3536
*spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Response sent to 10.2.98.3:3536
*spamApTask1: Jul 15 09:57:58.190: 50:3d:e5:f0:dc:f1 Discovery Response sent to 10.2.98.3:3536
*spamApTask1: Jul 15 09:58:09.121: 50:3d:e5:f0:dc:f1 DTLS connection not found, creating new connection for 10:2:98:3 (3536) 10:2:98:225 (5246)
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: called to get cert for CID 1234873a
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1234873a
*spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask1: Jul 15 09:58:09.121: sshpmGetSshPrivateKeyFromCID: match in row 2
*spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 DTLS connection closed event receivedserver (10:2:98:225/5246) client (10:2:98:3/3536)
*spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 No entry exists for AP (10:2:98:3/3536)
*spamApTask3: Jul 15 09:58:09.139: 50:3d:e5:f0:dc:f1 No AP entry exist in temporary database for 10.2.98.3:3536
What else can I try to get this AP to join the controller??
Thank you."configure certificate ssc hash validation disable" didn't help, same problems
I tried to add the AP by its MAC and MIC to the authorized APs list but it just tells me "
50:3d:e5:f0:dc:f1 No AP entry exist in temporary database for 10.2.98.3:3536"
The SSC key Hash still doesn't show in the debug output. What else can I try? -
VWLC 7.6.120 with cap2602 APs
Running virtual wireless controller 7.6.120 with AIR-CAP2602E-K-K9 model access points. The server crashed a few days ago and now the access points arent able to join to the controller. They join to the controller for about 5 minutes, and i see users actually connecting to it. Then it just disappears. and does the same cycle again. I've also "clear all config" on all of the access points as well. This setup is actually on a drillship and it goes over the VSAT, we have them setup locally onboard at other sites and never had issues until now. I've attached the logs on its behavior on what it does.
I've also upgraded the controller from 7.4.100 to 7.6.120 thinking it would fix the issue. No dice.
Any help would be appreciated.I downgraded the controller. See the following below.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
RTOS Version..................................... 7.4.121.0
Bootloader Version............................... 7.4.121.0
Emergency Image Version.......................... 7.4.121.0
Build Type....................................... DATA + WPS
System Name...................................... RIG201-vWLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.254.201.224
System Up Time................................... 0 days 4 hrs 39 mins 57 secs
System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:KE,US
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 5
Number of Active Clients......................... 0
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 00:0C:29:03:42:BC
Maximum number of APs supported.................. 200
AP4c00.82b9.96de#sh inventory
NAME: "AP2600", DESCR: "Cisco Aironet 2600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP2602E-K-K9 , VID: V01, SN: FGL1729W06B
AP4c00.82b9.96de#sh version
Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Version 15.2(2)JB3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 19-Dec-13 04:30 by prod_rel_team
ROM: Bootstrap program is C2600 boot loader
BOOTLDR: C2600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
AP4c00.82b9.96de uptime is 3 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.152-2.JB3/ap3g2-k9w8-xx.152-2.JB3"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP2602E-K-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FGL1729W06B
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.121.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 4C:00:82:B9:96:DE
Part Number : 73-14511-02
PCA Assembly Number : 800-37898-01
PCA Revision Number : A0
PCB Serial Number : FOC17273MC9
Top Assembly Part Number : 800-38357-01
Top Assembly Serial Number : FGL1729W06B
Top Revision Number : A0
Product/Model Number : AIR-CAP2602E-K-K9
Configuration register is 0xF -
VWLC with AP1602 + VMware Workstation Multiple IP
Hello,
I have configured a new vWLC system with AP1602's. I have followed the manual and used FlexConnect. Everything is working fine but when I connect the VM's on my laptop they don't get a DHCP address. If I assign a static IP it works. I'm not able to find anything in the manuals.
Can anyone assist?
Thanks,
BryanDebugging the internal DHCP server is typically a matter of finding a client that is having a problem getting an IP address. You need to run these debugs:
debug client <MAC ADDRESS OF CLIENT>
The debug client is a macro that enables these debugs for you while focusing the debug out only on the client MAC address that you have entered:
debug dhcp packet enable
debug dot11 mobile enable
debug dot11 state enable
debug dot1x events enable
debug pem events enable
debug pem state enable
debug cckm client debug enable
The main one for DHCP issues is the debug dhcp packet enable command that is enabled automatically by the debug client command. -
Hi Team,
I installed Cisco vWLC for the first time. Everything works fine except my guest vlan doesnt get IP address from the designated dmz network. I was wondering if I am missing something. Currently Flexconnect it configured on the wlans with LOCAL mode. I've alredy tried to go under each AP and perform vlan mapping but ... no luck so far.
Please get back to me if you have any ideas.
Respectfully,
Marty-Hello Marty,
As per your query i can suggest you the following solution-
Guest vlan doesnt get IP address from the designated dmz network.So please apply the appropriate native vlan to the Flexconnect configured in the local mode.Also make sure to do vlan mapping in order to match Physial switch Vlan matching. Finally configure trunk on the Access-Point port with the corresponding native Vlan.
For more information please refer to the link-
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
Hope this will help -
Hi Forum,
is it possible to operate 2 vWLC (with version 8.0) and configure them to work redundant (in any mode A/A, A/P or cold stand-by) as you could with a 5500 WLC?
TIA
AlexanderHi Alexander,
Yes that is possible, but not in an hitless fashion like SSO with the 5500 controllers. The access-points need to determine that their primary controller is down which will take at least 10~15 seconds (if you are going to use fast AP heartbeats). And all the clients need to re-authenticate. To answer your question; just configure an primary and secondary WLC on the access-point.
With the virtual WLC your access-points have to run in FlexConnect mode which has some drawbacks (just like the virtual WLC itself, comparing it to an physical WLC). But depending on your deployment, the virtual controller can be much cheaper and lift on the HA infrastructure in the already existing hypervisor layer in your datacenter.
It is also possible to do "local authentication" on FlexConnect AP's when the connection to the controller has been lost, which can be handy when the WAN link is instable. Maybe this feature is an better solution that just add an second WLC in the datacenter far away. -
Power supply delivered with AP 3502I ?
hello,
can somebody tell me if when I order a 3502i Access Point, does is it delivered with a power supply included for free, or does a spare power supply must be oredered separately (AIR-PWR-B=) ?
thank for your help
regards
YvonHi,
If the device is purachsed through the channel partner then the box does contain the power supply..
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
3502i keeps losing communication with WLC 5508
Hello all,
This problem only seems to affect one of our sites. Every once in a while, several APs would lose link to the 5508 and get stranded. The only way to fix the issue is either to power cycle, or better yet SSH into the APs and use the command "capwap ap controller ip address x.x.x.x", and then they'd automatically rejoin the controller. At first, I thought network hiccups caused the APs to lose connectivity, but there's none that I could find. I have the primary/secondary controller IPs configured in them as well. See log below:
[previous log entries show AP working as intended, then...]
*Jan 18 05:29:29.632: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
., 1)
*Jan 18 05:29:29.632: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
*Jan 18 05:29:29.645: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 18 05:29:29.645: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to [ommitted due to security reason]:5246
*Jan 18 05:29:29.704: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 0 down
*Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 1 down
*Jan 18 05:32:35.214: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:32:38.278: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:32:38.278: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:32:38.379: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
*Jan 18 05:32:38.379: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:32:46.215: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jan 18 05:35:41.753: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:35:44.817: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:35:44.817: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:35:44.898: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
*Jan 18 05:35:44.898: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:35:52.753: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jan 18 05:38:48.260: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:38:51.324: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:38:51.324: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:38:51.405: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
[These log messages keep looping endlessly]
These APs discover the controller by using DHCP + DNS. Any suggestion will be greatly appreciated!
Thanks,
WilI have only had this issue a few times but what I end up doing is factory default the AP. I also end up uploading the rcv image and deleting the other images in flash. I do some beta testing so it could be that the images get corrupt, but that has been my fix. The AP joins and then downloads the firmware from the WLC again. It might not be what you want to do, but maybe if its an issue with a particular AP you can test it out.
Sent from Cisco Technical Support iPhone App -
In an idle situation how much area is covered by a cisco 3502i acceccpoint , I understand there are many factor that will effect this , thats why I am adking in idle situation , I am looking for a number is square feet.
AmbujEven that has caveates, and depends on the obsticles
Data you can get about 5000 sqft
Voice about 3200 sqft
Location probalby more like 2600 sqft
these should be considered general guidlines, your mileage may vary.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered -
Hi,
I have a hard time geting a AP to connect to a vWLC. I get certificate error on the AP, he dose'nt trust the vWLC's selfsigned certificate.
I know about the requirement for the AP, to have 7.3 code on before connecting to a vWLC. This AP were connected to another demo-license vWLC before, 4 months ago. But now, when I did a reinstall of vWLC, my AP dose'nt connect.
I have done recovery on the AP with all 15.2.2 images for the AP (3502I)
ap3g1-rcvk9w8-tar.152-2.JA.tar
ap3g1-rcvk9w8-tar.152-2.JA1.tar
ap3g1-rcvk9w8-tar.152-2.JB.tar
I have tried to reinstall and change version of the vWLC. (and tried the diffrent images)
AIR-CTVM-7-3-112-0.ova
AIR-CTVM-7-3-101-0.ova
I do see that the right code is on the AP for example:
cisco AIR-CAP3502I-E-K9 (PowerPC460exr) processor (revision A0) with 81910K/49152K bytes of memory.
Processor board ID FCZ1544W0N1
PowerPC460exr CPU at 666Mhz, revision number 0x18A8
Last reset from power-on
LWAPP image version 7.3.1.73
1 Gigabit Ethernet interface
I have checked the time on the vWLC vs AP for missmatch but they are spot on.
Still only get this on the AP:
*Jun 5 23:43:09.012: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jun 5 23:43:09.012: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jun 5 23:43:09.012: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.50.227:5246
*Jun 5 23:43:09.012: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.227:5246
*Jun 5 23:43:09.012: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Jun 5 23:44:14.003: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jun 5 23:43:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.227 peer_port: 5246
*Jun 5 23:43:09.009: %CAPWAP-3-ERRORLOG: Failed to authorize controller using trust config.
*Jun 5 23:43:09.009: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
A good tip on how to get this working would be nice. :-)
Can I clear the AP from rommon in some way?
CheerDisable hash validation on the wlc but it did not work.
And I tried, from rommon, the 'sscoff' but coulde'nt see any results. Do you now what that command does?
In the link you sent there was commands to clear the capwap settings on the AP
'test capwap erase'
'test capwap restart'
After these commands I got another error in tha AP log:
PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID
When I look at the WLC I see that the self signed certificate is valid from to day, 6/6?
I configured the NTP server during setup yesterday so I dont understand how date could be a problem/be wrong on the ssc? I checked time and date an both AP abd vWLC but I did'nt check start date on the certificate...
The AP is on UTC and the WLC on GMT+1 so I'll have to wait 2 hours to see if that was the problem :-)
(tried to set the clock on the AP but It keeps changing back?)
(Cisco Controller) >show certificate ssc
SSC Hash validation.............................. Disabled.
SSC Device Certificate details:
Subject Name :
C=US, ST=California, L=San Jose, O=Cisco Virtual Wireless LAN Controller,
CN=DEVICE-vWLC-AIR-CTVM-K9-000C29E255EE, MAILTO=[email protected]
Validity :
Start : 2013 Jun 6th, 22:49:27 GMT
End : 2023 Apr 15th, 22:49:27 GMT
Hash key : 2d56a1c88e549e8ce66b67770aff8539c4f85cd2
(Cisco Controller) >show time
Time............................................. Thu Jun 6 22:22:41 2013
Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
NTP Servers
NTP Polling Interval......................... 84000
Index NTP Key Index NTP Server NTP Msg Auth Status
1 0 193.11.166.36 AUTH DISABLED
Cheers -
Cisco Aironet 3502i and Virtual Wireless Controller- Question
Hello everyone,
As soon, I purchased two Cisco 3502i and Cisco 1142 however, two issue are that I don't have controller and smartnet. As my purpose, it using for Home Use but house with 2,500 Sq ft with two floor and new 24x24ft garage with two floor. I put two Cisco 3502i for garage and one cisco 1142 in house on second floor. Separated for multi media, gaming, streaming high resolution video, parts, and downloads programmings online. It will run with Cisco Catalyst Express 500 with 24 ports (4 POE) and two gigabit ports. In house, it have Dell Poweredge 2850, Cisco Catalyst Express 500 with 24 ports POE and 2 ports gigabit.
I thought to make my own developing with my first time using Wireless Controller. I wanted to try out with Virtual WLC on Dell Poweredge 2850 running ESXi 4.1.
Specs for Dell Poweredge 2850:
- 2x Intel Xeon Dual Core 3.8 GHz
- 4GB RAM (Will upgrade to 12GB soon)
- 2x 146GB and 2x 36GB SCSI
- 2x 1 Gbps built in and 4x 1 Gbps PCI-X
Developing with Untangle and pfSense to make it support with LADP and VLAN to both Cisco Express 500 using 4 gbps PCI-X. I have read the requipment list to use Virtual WLC but it seem met the requipment for my 2850. If someone offer me to get Virtual WLC and IOS from their, I accept to "borrow" it. I do go college which is Rochester Institute of Technology at New York and my major is Applied Computer Technology. I live here at Hampton Road, Virginia. Just in case if you might know about RIT. I just start to learning myself with Cisco books.
I have a question:
- Is there possible to get trial or full version of Virtual WLC?
- Is there possible to get Lightweight or Autonomous IOS for Cisco 1142 and 3502i?
- Does it supported Dell PowerEdge 2850?
- Does 3502i support Autonomous? (Not actually but I have researched around online about that it will work with 1262's IOS)
Thanks
GageAnswers in-line...
I have a question:
- Is there possible to get trial or full version of Virtual WLC?
No. You will need a SmartNet contract (or a freshly purchased device) to obtain software from cisco. Nobody will provide this to you.
- Is there possible to get Lightweight or Autonomous IOS for Cisco 1142 and 3502i?
No. You will need a SmartNet contract (or a freshly purchased device) to obtain software from cisco.
Nobody will provide this to you.
- Does it supported Dell PowerEdge 2850?
Cisco doesn't go in to great detail regarding the actual Hardware requirements of the vWLC (as far as ESX Host requirements). Primarily, making sure you are running ESX 4.x/5.x is necessary. The vWLC provisions 2Gb of RAM and 8GB of thick provisioned storage, so if your host can accomodate I don't see any reason it wouldn't work.
- Does 3502i support Autonomous? (Not actually but I have researched around online about that it will work with 1262's IOS)
Yes, with the latest versions of IOS 15.2(2)JB, full functionality in autonomous can be achieved on the 1550, 3500, and 3600 series APs
http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/15.2_2_JB.html#wp355587
Maybe you are looking for
-
How do i stop Safari from freezing while i'm surfing the internet?
Ok, so here's the problem. Every time I go onto Safari, it doesn't respond after i search for something on google or go on Facebook. now, i have to use Safari in Safe Mode each time and the audio is disabled so i can't watch or listen to music videos
-
OVI Suite can't find a bluetooth device in my Note...
hai, i bought a new laptop a couple of weeks ago .. (HP Pavilion dv6-3177ee) it comes with bluetooth version 3. i installed ovi suite and pc suite .. but when i try to connect my phone via bluetooth , it gives me the next massege : "Bluetooth is turn
-
How do I recover answers to my security questions?
forgot the answers to my security questions for iTunes (Windows) and can't figure out how to locate or re-set them.
-
Struts Support: Parsing Portlet JSP File failed
I've manually edited a my .portlet file to contain a strutsContent element (copied from the struts.porlet in the JSR 168 and Struts Support sample). When I run my portal I get an error message: java.lang.RuntimeException: Didn't find TagInfo for tag:
-
Flash embed tag does not obey percentage size, even with html and body at 100%
For some reason i cannot get this swf file to show at 90% width and height. i have tried adding a style sheet in the header to explicity set the html and body to 100% but this still does not help. can anyone see if there is a problem in the code? <pr