AP not able join to WLC

Hello,
One of the AP is not joing to 2504WLC.
AP Model:
CAP-3602I-E-K9
The error shows like this "Radius Authorization of the AP has failed"
What Could be the reason?
I check the regulatery domain, country code and compatibilty software but still I am not able to find the root cause.
Any Help will be appreciated.
Thanks

Hi
Make sure to check/uncheck AP policies box on WLC.
From WLC GUI > Secuirty > AAA > AP policies, can you verify you have not checked "Authorize MIC APs against auth-list or AAA" ? If checked, uncheck this and try.
On the logs ": RADIUS authorization is pending for the AP  " means that this needs the MAC addr to be in the mac filter or AP Policies.
So, from WLC GUI>>Secuirty>>AAA>AP policies>>Add> ? (AP mac addr) and check if it joins.
Regards
Dont forget to arte helpful posts.

Similar Messages

  • 3602 AP not able to join 3850 WLC

    Hello,
    I have a 3850 switch with inetegrated WLC and my 3602 is not able to join the controller.  Error from AP:
    *Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    ., 1)24 19:21:23.355: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
    *Oct 24 19:21:23.355: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Oct 24 19:21:28.903: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    Switch Config:
    ip dhcp pool TMOWireless
    network x.x.x.0 255.255.255.0
    default-router x.x.x.1
    dns-server 8.8.8.8 4.2.2.2
    option 43 hex f104.0x4x.dx0x
    option 60 ascii "Cisco AP c3602"
    wireless mobility controller
    wireless management interface Vlanxxxx
    wlan xxxxx1 xxxxx
    client vlan xxxx
    no security wpa akm dot1x
    security wpa akm psk set-key ascii 0 xxxxxxxxx
    no shutdown
    show wlan summary
    Mobility Controller Summary:
    Mobility Role                                   : Mobility Controller
    Mobility Protocol Port                          : 16666
    Mobility Group Name                             : default
    Mobility Oracle IP Address                      : 0.0.0.0
    DTLS Mode                                       : Enabled
    Mobility Domain ID for 802.11r                  : 0xac34
    Mobility Keepalive Interval                     : 10
    Mobility Keepalive Count                        : 3
    Mobility Control Message DSCP Value             : 0
    Mobility Domain Member Count                    : 1
    Link Status is Control Link Status : Data Link Status
    Controllers configured in the Mobility Domain:
    IP               Public IP        Group Name       Multicast IP     Link Status
    x.x.x.x      -                default          0.0.0.0          UP   : UP
    show ap summary:
    clk5-Das-cor01#show ap summary
    Number of APs: 1
    Global AP User Name: Not configured
    Global AP Dot1x User Name: Not configured
    AP Name                           AP Model  Ethernet MAC    Radio MAC       State        
    AP4c00.82df.ac68                  3602I     4c00.82df.ac68  f84f.57e3.8ec0  Registered
    show capwap summary           
    CAPWAP Tunnels General Statistics:
      Number of Capwap Data Tunnels       = 0 
      Number of Capwap Mobility Tunnels   = 0 
      Number of Capwap Multicast Tunnels  = 0 
    Name   APName                           Type PhyPortIf Mode      McastIf
    Name   SrcIP           SrcPort DestIP          DstPort DtlsEn MTU
    Any help is appreciated, thank you.

    Full error log:
    *Oct 24 19:59:32.351: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
    *Oct 24 19:59:37.891: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Oct 24 19:59:37.959: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *Oct 24 19:59:37.959: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
    *Oct 24 19:59:38.175: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Oct 24 19:59:38.191: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Oct 24 19:59:38.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Oct 24 19:59:38.991: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Oct 24 19:59:38.999: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Oct 24 19:59:39.983: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Oct 24 19:59:39.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Oct 24 19:59:40.019: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Oct 24 19:59:40.027: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Oct 24 19:59:40.035: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Oct 24 19:59:41.019: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Oct 24 19:59:41.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Oct 24 19:59:41.055: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Oct 24 19:59:42.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    Not in Bound state.
    *Oct 24 20:00:33.687: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
    *Oct 24 20:00:38.691: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
    *Oct 24 20:00:38.815: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.66.222.69, mask 255.255.255.0, hostname AP4c00.82df.ac68
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)
    *Oct 24 20:00:44.687: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.66.222.1 obtained through DHCP
    *Oct 24 20:00:44.687: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Oct 24 20:00:44.935: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
    *Oct 24 20:01:14.935: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Oct 24 20:01:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.66.222.1 peer_port: 5246
    *Oct 24 20:01:15.239: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.66.222.1 peer_port: 5246
    *Oct 24 20:01:15.239: %CAPWAP-5-SENDJOIN: sending Join Request to 10.66.222.1
    *Oct 24 20:01:15.371: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.66.222.1
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
    *Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
    *Oct 24 20:01:33.367: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
    ., 1)

  • WLC cannot get IP of the Wireless Clients and client not able to ping to the gateway

    Dear Cisco Expertise,
    I have configured WLC embedded in Cisco C3650 switch and also 1 unit AP3702I. AP now able to join to the controller. My client able to connect to the AP and get the IP address (10.127.117.1) from the DHCP server but unable to ping to the gateway (10.127.117.254 - interface gateway). Both switch and AP able to ping to the interface gateway. I also trying to ping to the client from the switch and also from the AP to the client but not able to ping. 
    I've check via switch can see the client's IP address and MAC address (using ARP)
    #sh arp vlan 77
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  10.127.117.1          0   843a.4b90.17e0  ARPA   Vlan77
    Internet  10.127.117.254          -   3c08.f6b7.2173  ARPA   Vlan77
    Need your expertise on this matter. Thank you.
    Configuration as below:
    Switch
    ip dhcp pool LWAPP_VLAN
     network 10.127.117.0 255.255.255.0
     default-router 10.127.117.254
     dns-server 10.127.113.10
     domain-name xxx.com
    vlan 77
     name LWAP_VLAN
    interface Vlan10
     ip address 10.127.112.254 255.255.255.128
    interface Vlan77
     ip address 10.127.117.254 255.255.255.0
     ip helper-address 10.127.117.254
    interface GigabitEthernet3/0/5
     description Connect to AP Test
     switchport access vlan 10
     switchport mode access
     no logging event link-status
    wireless mobility controller
    wireless management interface Vlan10
    wireless security web-auth retries 5
    wireless mgmt-via-wireless
    wlan APAC-WLAN 2 Wifi-Test
     client vlan LWAP_VLAN
     ip dhcp opt82
     ip dhcp opt82 ascii
     ip dhcp opt82 format add-ssid
     ip dhcp required
     ip dhcp server 10.127.117.254
     no security wpa akm dot1x
     security wpa akm psk set-key ascii 0 B*MY2014
     security wpa wpa2 ciphers tkip
     session-timeout 300
     no shutdown
    ap group APGroup-Test
     description "For Testing Purposes"
     wlan APAC-WLAN
      vlan LWAP_VLAN
    AP
    interface Dot11Radio0
     antenna gain 0
     stbc
     mbssid
     power client local
     packet retries 64 drop-packet
     station-role root
    interface Dot11Radio1
     antenna gain 0
     stbc
     mbssid
     power client local
     packet retries 64 drop-packet
     station-role root
    interface GigabitEthernet0
     duplex auto
     speed auto
    interface GigabitEthernet0.1
     encapsulation dot1Q 1 native
     bridge-group 1
     bridge-group 1 spanning-disabled
     no bridge-group 1 source-learning
    interface BVI1
     mtu 1792
     ip address 10.127.112.202 255.255.255.128
    interface Virtual-WLAN0
    ip default-gateway 10.127.112.254
    ip forward-protocol nd
    ip dns server

    Pls try the below SSID configuration. WPA2 to be configured with AES & not TKIP. 
    wlan APAC-WLAN 2 Wifi-Test
     client vlan LWAP_VLAN
     security wpa
     no security wpa akm dot1x
     security wpa wpa2 ciphers aes                        
     security wpa akm psk set-key ascii 0 B*MY2014
     ip dhcp required
     no shutdown
    This post should give you some help as well
    http://mrncciew.com/2013/12/04/wlan-config-in-3850-part-1/
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Clients not able to join more 256 nos

    Hi
    We have using wireless controller CISCO 2125 with 8 nos LWAP 1252, including AP's getting the IP from windows DHCPserver (172.29.70.0/23), when clients reaches 256 nos in controller , then further not able to join in wireless network.
    DHCP vendor class or user class will solve this issue. pl guide me .
    thanks
    Karthik

    Well, it's totally expected then as it's the maximum amount of clients supported by the 2125.
    If you have that amount of client you should look into having more APs and a more powerful WLC. That limit is not just there for marketing purpose. It looks like your network is under-powered compared to its real usage.
    Regards,
    Nicolas
    ===
    Don't forget to rate answers that you find useful

  • I am not able to register a new ap in WLC

    The issue is i am not able to add new APs on WLC. Currently, there are 48 APs registered. But it does not allow 49th AP.
    i tried a new ap to configure and add in the network but it is not registring but when i remove any other ap from the network the newer which i was trying it will registerd.
    So please help me regarding this issue

    I tried to make a new ap-manager interface it is not working
    i also tried to enable LAG it will show following message.
    Enabling LAG will map your current interface settings to LAG interface. All dynamic AP manager interfaces and untagged interfaces will be deleted. All WLANs will be disabled and mapped to Mgmt interface.!!! You MUST reboot the system after updating the LAG config. After Applying the LAG config, yo u would still need to reboot the system and reconfigure LAG to revert back !!! Please press ok to continue.
    Right now i have configured 2 interface one is managment and other is ap manager interface where is managment interface ip is .2 and ap manager ip is .3
    and all my 48 aps are using controller ip is .3 so when i am enabling LAG the upper statment is saying it will deleted my all interfaces and mapped to managment interface so in this senario my all aps lost the connection.
    so can you please tell me will i go through or any other option is there for register ap to WlC
    because it is not going beyond the limit of 48.

  • External user not able to join Live Meeting, but can join Lync Meeting

    We have LYNC 2010 pool with OCS 2007 R2 & Live Meeting clients ( with few LYNC 2010 clients). We are having issue with one external organization with Live Meetings. If any of our company user schedules Live Meeting, the particular external company users
    ( they have OCS 2007 R2 and Live Meeting clients) are not able to join our Live meetings. If we schedule Lync Meetings, they are able to join  successfully through Web Interface.
    On the other side, our users don't have any issue to join their Live Meetings.
    We have LYNC edge servers and all external users don't have any issue to join our Live Meetings. The external company also don't have any issue with other users.
    It's only 1 to 1 issue with Live Meeting ( not Lync meeting).
    Any help to resolve this issue is much appreciated...
    Tek-Nerd

    Hi,
    From your description, did you mean it is a coexistence environment?
    Did they receive any error message from Live Meeting client?
    If possible, you can test with other federation companies with Live Meeting client. If it happen to all federation companies, I suggest to double check port, certificate requirement for federation. If it happen only for one company, please check
    if Live Meeting Clients update to the latest version.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • TS3991 I organazied my contacts by the address of my tenants. I just joined to Icloud and I am not able to find my tenants in the directory in the computer at all. I could search when I am using my phone but they do not show at first.how can correct this?

    I am a landlord and I organazied my contacts by the address of my tenants. I just joined to Icloud and I am not able to find my tenants in the directory in the computer at all. I could search when I am using my phone but they do not show at first.how can correct this? as an example 37 31 1 and when i type this nothing is showing.

    I am a landlord and I organazied my contacts by the address of my tenants. I just joined to Icloud and I am not able to find my tenants in the directory in the computer at all. I could search when I am using my phone but they do not show at first.how can correct this? as an example 37 31 1 and when i type this nothing is showing.

  • AP 3702 not join the WLC

    Hi,
    I have two WLC 8500 working in SSO and with nat enable feature configure in management interface.
    SSO is working, but i have to configure NAT before SSO becasuse when SSO is up, ip address and nat are greyed out in managemente interface.
    Some AP's must join the controller in the private address of the management interface and others AP must join in the public ip address configured in NAT address. 
    for some reason, there are a lot of AP's that can't join the controller, i have 3 ap's joined in the public ip address and 3 ap's joined in the private ip address
    config network ap-discovery nat-only disable is already configured, from the console of one AP that can't not join i see the following:
    *Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
    *Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 212.89.5.130 peer_port: 5246
    *Sep 10 12:36:17.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
    *Sep 10 12:36:47.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 212.89.5.130:5246
    *Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
    *Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.35.0.78 peer_port: 5246
    the AP is trying both private and public ip address to join the WLC but can't join properly.
    From the WLC console:
    debug capwap errors enable:
    *spamApTask4: Sep 10 13:13:49.837: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  10.35.1.13:47807)since DTLS session is not established 
    *spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
    *spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
    *spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
    *spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
    *spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
    *spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
    *spamApTask2: Sep 10 13:13:52.103: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  10.35.1.11:21207)since DTLS session is not established 
    *spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
    *spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
    *spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
    *spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
    *spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
    *spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
    the AP model are the same, this is not the problem, but for some reason there are AP's that have problems with the NAT configuration, if i disable NAT option, every AP with private ip address config can join the WLC.
    I've tried to break SSO, desconfigure NAT, and private ip address AP join the controller without problem.
    anybody can give me a clue?
    Regards!

    it seens like DTLS connection can't be stablished between AP and WLC.
    The AP sends discovery request
    the WLC respond with two discovery responds, the firts one, contains the public ip address of the WLC and the second one contains the private ip address.
    once discovery proccess is complete, the AP tries to send DTLS hello packet to the WLC, but this packet never arrives to WLC.
    because hello doesn't arrive, the AP sends a close notify alert to the WLC and tries to send the DTLS hello packet to the WLC private address with same result.
    the AP get into a loop trying to send DTLS hello packets to both private and public address.
    DTLS hello packet never arrive, but close notify alert arrive to WLC.
    theres is FW in the middle doing NAT, but i can understand why close notify alert packets error arrives WLC and Hello DTLS packets don't. this packets uses the same protocol UDP and the same port.
    Regards

  • AP not joining to WLC

    Hi,
    After a wireless network interruption, one of MAP 1522  it's  not joining to WLC .
    What should I do to solve this problem?
    Thanks.
    (Cisco Controller) >show ap join stats detailed 00:08:30:bb:53:20
    Discovery phase statistics
    - Discovery requests received.............................. 7
    - Successful discovery responses sent...................... 5
    - Unsuccessful discovery request processing................ 0
    - Reason for last unsuccessful discovery attempt........... Not applicable
    - Time at last successful discovery attempt................ Feb 23 11:25:16.137
    - Time at last unsuccessful discovery attempt.............. Not applicable
    Join phase statistics
    - Join requests received................................... 2
    - Successful join responses sent........................... 2
    - Unsuccessful join request processing..................... 2
    - Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
    - Time at last successful join attempt..................... Feb 23 11:25:28.385
    - Time at last unsuccessful join attempt................... Feb 23 11:25:28.386
    Configuration phase statistics
    - Configuration requests received.......................... 3
    - Successful configuration responses sent.................. 1
    - Unsuccessful configuration request processing............ 0
    - Reason for last unsuccessful configuration attempt....... Not applicable
    - Time at last successful configuration attempt............ Feb 23 11:25:28.581
    --More-- or (q)uit
    - Time at last unsuccessful configuration attempt.......... Not applicable
    Last AP message decryption failure details
    - Reason for last message decryption failure............... Not applicable
    Last AP disconnect details
    - Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP
    - Last AP disconnect reason................................ AP's capwap state machine restarted
    Last join error summary
    - Type of error that occurred last......................... AP got or has been disconnected
    - Reason for error that occurred last...................... Timed out while waiting for ECHO repsonse from the AP
    - Time at which the last join error occurred............... Mar 18 19:07:28.864
    AP disconnect details
    - Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP

    Ioan,
    as you see here:
    Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
    It seems you need to add a mac filter for this AP on you WLC so it joins.
    Or, if you are using external radius for authorization, you need to add an entery for this AP on the radius server.
    Here are some links that may help:
    http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#p5
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml
    Don't please forget to rate the reply if it is useful.
    Cheers,
    Amjad

  • AP(2720e) not joining a WLC (2504)

    I recently purchased two 2702e AP's to expand the wireless coverage of our network but when I plug them in, they will not join the AP for some reason.
    This is what I am getting on the controller;
    (Cisco Controller) >show ap join stats detailed f44e0544e944
    Discovery phase statistics
    - Discovery requests received.............................. 51
    - Successful discovery responses sent...................... 26
    - Unsuccessful discovery request processing................ 0
    - Reason for last unsuccessful discovery attempt........... Not applicable
    - Time at last successful discovery attempt................ Dec 08 10:24:37.695
    - Time at last unsuccessful discovery attempt.............. Not applicable
    Join phase statistics
    - Join requests received................................... 0
    - Successful join responses sent........................... 0
    - Unsuccessful join request processing..................... 0
    - Reason for last unsuccessful join attempt................ Not applicable
    - Time at last successful join attempt..................... Not applicable
    - Time at last unsuccessful join attempt................... Not applicable
    Configuration phase statistics
    - Configuration requests received.......................... 0
    - Successful configuration responses sent.................. 0
    - Unsuccessful configuration request processing............ 0
    - Reason for last unsuccessful configuration attempt....... Not applicable
    --More-- or (q)uit
    - Time at last successful configuration attempt............ Not applicable
    - Time at last unsuccessful configuration attempt.......... Not applicable
    Last AP message decryption failure details
    - Reason for last message decryption failure............... Not applicable
    Last AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
    - Last AP disconnect reason................................ Not applicable
    Last join error summary
    - Type of error that occurred last......................... None
    - Reason for error that occurred last...................... Not applicable
    - Time at which the last join error occurred............... Not applicable
    AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
    I have tried it with just the default settings and by setting the IP on the AP to no avail.
    Any suggestion would be much appreciated.
    Eric

    Hi Eric,
    What software code is running on your 2504 ? I hope it is 7.6.130.0
    If it is 8.0.100.0, then there was a crtical bug given below, you need to check whether you hitting this
    https://tools.cisco.com/bugsearch/bug/CSCur43050
    Conditions:
    Seen only with APs that were manufactured in August, September or October, 2014 - all Aironet APs were affected EXCEPT the 700 series. Seen with WLCs running 8.0.100.0 or an 8.0.100.x special.
    If the WLC was manufactured in September 2014, or later (i.e. has a SHA2 MIC), then the first symptom is seen, i.e. the AP joins the 8.0.100 WLC, downloads the image, but then fails to rejoin.
    If the WLC was manufactured before September 2014 (i.e. does not have a SHA2 MIC), then the second symptom is seen, i.e. the AP can join the 8.0.100 WLC OK, but then will fail download during a subsequent upgrade.
    Also seen with new APs trying to join a controller running IOS-XE 3.6.0 (15.3(3)JN k9w8 image.) (Track CSCur50946 for the IOS-XE fix)
    Workaround:
    Downgrade to AireOS 7.6.130.0, or to IOS-XE 3.3, if the APs are supported in the earlier code
    Pls attach  AP console output while trying to boot & register to see the exact reason for failure.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • WLC 4404 - Not able to see the 802.11a/n AP summary details

    Hi Friends,
    I have a query related to wireless. I have multiple WLCs in my network. Recently I observed that in one WLC, in monitoring page while we checking the access point summary information, I can see in 802.11a/n Radios, 8 APs are down. And I tried to see those details by clicking the ‘detail’ option over there, but no result was displaying. Same I have checked in ‘Wireless’ tab as well but the result was same. We have total 69 APs associated with this WLC. AP Models which are associated with this WLC are AIR-LAP1231G-A-K9 & AIR-LAP1242AG-A-K9. Firmware version running in the WLC is 7.0.235.3 which is recently upgraded.
    Then I logged into multiple WLCs for checking the same. All these WLC are running with 7.0.116.0 code. In some APs I am able to see some AP information which is down for 802.11a/n Radios, for eg: if I have 18 APs down in a/n radio I can see 7 AP’s details. But can’t able to see all the AP information. For 802.11b/g/n Radios it is perfectly fine. And in these WLCs we have AIR-LAP1262N-N-K9 model also associated.
    And one thing I noticed here is the number of APs that I can see the details is exactly same as the number of AIR-LAP1262N-N-K9 model APs associated with that WLC.
    So can anyone confirm that the other 2 models won’t support a/n radios (hardware limitation) or is it any kind of bug in the firmware.
    My WLC models are AIR-WLC4404-100-K9 & WS-SVC-WISM-1-K9
    Thanks in advance for your time and response
    Regards,
    Anand

    Hi Leo,
    I am not able to identify the AP which are down for 802.11a/n radio :( (we are not using a/n radio in this location, that is why 8 out of 8 are showing down).

  • I m not able to connect for the wifi  which i have used earlier ,i m getting an error as unable to join the network how to resolve this please help me

    i m not able to connect for the wifi  which i have used earlier ,i m getting an error as unable to join the network how to resolve this please help me

    We were able to log in this morning and all is working. You should be able to log in at any point today. Please let us know if you are having any other difficulties.

  • I have iphone 4s , I'm not able to join any wifi, I have tried all the methods, resetting, trying different wifi and many others , but still not able to join any wifi , what shall I do?

    I have iphone 4s , I'm not able to join any wifi, I have tried many things, resetting, trying different wifi and many others , but still not able to join any wifi , what shall I do?

    Contact iTunes support. Nobody here can help with billing problems.

  • AIR-CAP1602i cannot join a WLC 5508 controller

    Hello,
    I'm managing a large number of access points on a Cisco wlc 5508 controller.
    We've recently purchased a bunch of new AIR-CAP1602I-E-K9.
    note that we already have AIR-CAP1602I-E-K9 and other models in production.
    These A.P are not able to join the controller for some reason, I've tried a lot of different things but I am now at a loss.
    I have checked the regulatory domain, upgraded the FUS, manually upgraded the software version of the LAP to match the version on the other A.P.
    I even downgraded/upgraded the WLC code (version 7.4.x and 8.0)
    I use the dhcp option 43 to to send the controller IP.
    Here are the info that can help:
    errors:
    #on A.P
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    #on WLC
    Lwapp join request rejected (WLC version 7.6.130.0)
    Failed to add database entry (WLC version 8.0)
    WLC sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.101.1
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System Name...................................... XXX
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    Redundancy Mode.................................. Disabled
    IP Address....................................... XXX
    Last Reset....................................... Software reset
    System Up Time................................... 6 days 4 hrs 16 mins 27 secs
    System Timezone Location.........................
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... Multiple Countries:CA,FR
    Operating Environment............................ Commercial (0 to 40 C)
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +41 C
    External Temperature............................. +22 C
    Fan Status....................................... OK
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 7
    Number of Active Clients......................... 1977
    Burned-in MAC Address............................ A4:93:4C:B0:E4:C0
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Present, OK
    Maximum number of APs supported.................. 250
    AP sh version
    AP58f3.9cb8.3701#sh version
    Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 22-Aug-14 10:56 by prod_rel_team
    ROM: Bootstrap program is C1600 boot loader
    BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
    AP58f3.9cb8.3701 uptime is 31 minutes
    System returned to ROM by power-on
    System image file is "flash:/ap1g2-k9w8-mx.152-4.JB6/ap1g2-k9w8-mx.152-4.JB6"
    Last reload reason:
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP1602I-E-K9 (PowerPC) processor (revision B0) with 229366K/32768K bytes of memory.
    Processor board ID FGL1832X5QU
    PowerPC CPU at 533MHz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 7.6.100.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 58:F3:9C:B8:37:01
    Part Number                          : 73-14671-04
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC183171L4
    Top Assembly Part Number             : 800-38552-01
    Top Assembly Serial Number           : FGL1832X5QU
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP1602I-E-K9
    AP sh inventory
    NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
    PID: AIR-CAP1602I-E-K9 , VID: V01, SN: FGL1832X5QU
    Thanks for your help !

    Hi Olivier,
    The error messages that you have on the debugs:
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
    *Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
    It is related to the bug: CSCuh46442
    https://tools.cisco.com/bugsearch/bug/CSCuh46442/?referring_site=ss
    This bug is resolved in version : 8.0.100.0
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html#pgfId-1163951
    Can you please paste here "show ap auth-list" from the controller CLI?
    I suggest to enable MIC if it is not enabled, and then check if the AP's will join or not.
    Kind Regards
    Mohammad Setan

  • Hello I Have a problem that i cant solve i have itunes 10.2 went to 10.5 but i cant get anything to work comes up with (could not access network location ).I have checked my firewall settings tweaked as much as i can but not able to install itunes nor qui

    Hello Im Having A Problem With Itunes im Not Able to reinstall itunes at all nor quicktime and bonjour service is not working either .i have tried tweaking my firewall but to no avail hoping someone can help me cos apple sure cant typical like politicians they sway away from the problem and blame someone else ?.

    Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
    Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
    There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for