AP not able join to WLC
Hello,
One of the AP is not joing to 2504WLC.
AP Model:
CAP-3602I-E-K9
The error shows like this "Radius Authorization of the AP has failed"
What Could be the reason?
I check the regulatery domain, country code and compatibilty software but still I am not able to find the root cause.
Any Help will be appreciated.
Thanks
Hi
Make sure to check/uncheck AP policies box on WLC.
From WLC GUI > Secuirty > AAA > AP policies, can you verify you have not checked "Authorize MIC APs against auth-list or AAA" ? If checked, uncheck this and try.
On the logs ": RADIUS authorization is pending for the AP " means that this needs the MAC addr to be in the mac filter or AP Policies.
So, from WLC GUI>>Secuirty>>AAA>AP policies>>Add> ? (AP mac addr) and check if it joins.
Regards
Dont forget to arte helpful posts.
Similar Messages
-
3602 AP not able to join 3850 WLC
Hello,
I have a 3850 switch with inetegrated WLC and my 3602 is not able to join the controller. Error from AP:
*Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 19:21:17.355: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 19:21:20.355: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
., 1)24 19:21:23.355: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
*Oct 24 19:21:23.355: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Oct 24 19:21:28.903: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
Switch Config:
ip dhcp pool TMOWireless
network x.x.x.0 255.255.255.0
default-router x.x.x.1
dns-server 8.8.8.8 4.2.2.2
option 43 hex f104.0x4x.dx0x
option 60 ascii "Cisco AP c3602"
wireless mobility controller
wireless management interface Vlanxxxx
wlan xxxxx1 xxxxx
client vlan xxxx
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 xxxxxxxxx
no shutdown
show wlan summary
Mobility Controller Summary:
Mobility Role : Mobility Controller
Mobility Protocol Port : 16666
Mobility Group Name : default
Mobility Oracle IP Address : 0.0.0.0
DTLS Mode : Enabled
Mobility Domain ID for 802.11r : 0xac34
Mobility Keepalive Interval : 10
Mobility Keepalive Count : 3
Mobility Control Message DSCP Value : 0
Mobility Domain Member Count : 1
Link Status is Control Link Status : Data Link Status
Controllers configured in the Mobility Domain:
IP Public IP Group Name Multicast IP Link Status
x.x.x.x - default 0.0.0.0 UP : UP
show ap summary:
clk5-Das-cor01#show ap summary
Number of APs: 1
Global AP User Name: Not configured
Global AP Dot1x User Name: Not configured
AP Name AP Model Ethernet MAC Radio MAC State
AP4c00.82df.ac68 3602I 4c00.82df.ac68 f84f.57e3.8ec0 Registered
show capwap summary
CAPWAP Tunnels General Statistics:
Number of Capwap Data Tunnels = 0
Number of Capwap Mobility Tunnels = 0
Number of Capwap Multicast Tunnels = 0
Name APName Type PhyPortIf Mode McastIf
Name SrcIP SrcPort DestIP DstPort DtlsEn MTU
Any help is appreciated, thank you.Full error log:
*Oct 24 19:59:32.351: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Oct 24 19:59:37.891: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Oct 24 19:59:37.959: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Oct 24 19:59:37.959: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Oct 24 19:59:38.175: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 24 19:59:38.191: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 24 19:59:38.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 24 19:59:38.991: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Oct 24 19:59:38.999: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Oct 24 19:59:39.983: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 24 19:59:39.991: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Oct 24 19:59:40.019: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 24 19:59:40.027: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Oct 24 19:59:40.035: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Oct 24 19:59:41.019: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Oct 24 19:59:41.027: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Oct 24 19:59:41.055: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 24 19:59:42.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Not in Bound state.
*Oct 24 20:00:33.687: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Oct 24 20:00:38.691: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Oct 24 20:00:38.815: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.66.222.69, mask 255.255.255.0, hostname AP4c00.82df.ac68
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)
*Oct 24 20:00:44.687: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.66.222.1 obtained through DHCP
*Oct 24 20:00:44.687: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Oct 24 20:00:44.935: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Oct 24 20:01:14.935: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 24 20:01:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.66.222.1 peer_port: 5246
*Oct 24 20:01:15.239: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.66.222.1 peer_port: 5246
*Oct 24 20:01:15.239: %CAPWAP-5-SENDJOIN: sending Join Request to 10.66.222.1
*Oct 24 20:01:15.371: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.66.222.1
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 20:01:18.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 20:01:21.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 20:01:24.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 20:01:27.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: DTLS connection not found Failed to encrypt and send packet.
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to encrypt and send packet.
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to send packet from queue
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: SM handler: Failed to process timer message. Event 41, state 8
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to handle timer message.
*Oct 24 20:01:30.363: %CAPWAP-3-ERRORLOG: Failed to process Message timer message.
*Oct 24 20:01:33.367: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
., 1) -
WLC cannot get IP of the Wireless Clients and client not able to ping to the gateway
Dear Cisco Expertise,
I have configured WLC embedded in Cisco C3650 switch and also 1 unit AP3702I. AP now able to join to the controller. My client able to connect to the AP and get the IP address (10.127.117.1) from the DHCP server but unable to ping to the gateway (10.127.117.254 - interface gateway). Both switch and AP able to ping to the interface gateway. I also trying to ping to the client from the switch and also from the AP to the client but not able to ping.
I've check via switch can see the client's IP address and MAC address (using ARP)
#sh arp vlan 77
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.127.117.1 0 843a.4b90.17e0 ARPA Vlan77
Internet 10.127.117.254 - 3c08.f6b7.2173 ARPA Vlan77
Need your expertise on this matter. Thank you.
Configuration as below:
Switch
ip dhcp pool LWAPP_VLAN
network 10.127.117.0 255.255.255.0
default-router 10.127.117.254
dns-server 10.127.113.10
domain-name xxx.com
vlan 77
name LWAP_VLAN
interface Vlan10
ip address 10.127.112.254 255.255.255.128
interface Vlan77
ip address 10.127.117.254 255.255.255.0
ip helper-address 10.127.117.254
interface GigabitEthernet3/0/5
description Connect to AP Test
switchport access vlan 10
switchport mode access
no logging event link-status
wireless mobility controller
wireless management interface Vlan10
wireless security web-auth retries 5
wireless mgmt-via-wireless
wlan APAC-WLAN 2 Wifi-Test
client vlan LWAP_VLAN
ip dhcp opt82
ip dhcp opt82 ascii
ip dhcp opt82 format add-ssid
ip dhcp required
ip dhcp server 10.127.117.254
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 B*MY2014
security wpa wpa2 ciphers tkip
session-timeout 300
no shutdown
ap group APGroup-Test
description "For Testing Purposes"
wlan APAC-WLAN
vlan LWAP_VLAN
AP
interface Dot11Radio0
antenna gain 0
stbc
mbssid
power client local
packet retries 64 drop-packet
station-role root
interface Dot11Radio1
antenna gain 0
stbc
mbssid
power client local
packet retries 64 drop-packet
station-role root
interface GigabitEthernet0
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
mtu 1792
ip address 10.127.112.202 255.255.255.128
interface Virtual-WLAN0
ip default-gateway 10.127.112.254
ip forward-protocol nd
ip dns serverPls try the below SSID configuration. WPA2 to be configured with AES & not TKIP.
wlan APAC-WLAN 2 Wifi-Test
client vlan LWAP_VLAN
security wpa
no security wpa akm dot1x
security wpa wpa2 ciphers aes
security wpa akm psk set-key ascii 0 B*MY2014
ip dhcp required
no shutdown
This post should give you some help as well
http://mrncciew.com/2013/12/04/wlan-config-in-3850-part-1/
HTH
Rasika
**** Pls rate all useful responses **** -
Clients not able to join more 256 nos
Hi
We have using wireless controller CISCO 2125 with 8 nos LWAP 1252, including AP's getting the IP from windows DHCPserver (172.29.70.0/23), when clients reaches 256 nos in controller , then further not able to join in wireless network.
DHCP vendor class or user class will solve this issue. pl guide me .
thanks
KarthikWell, it's totally expected then as it's the maximum amount of clients supported by the 2125.
If you have that amount of client you should look into having more APs and a more powerful WLC. That limit is not just there for marketing purpose. It looks like your network is under-powered compared to its real usage.
Regards,
Nicolas
===
Don't forget to rate answers that you find useful -
I am not able to register a new ap in WLC
The issue is i am not able to add new APs on WLC. Currently, there are 48 APs registered. But it does not allow 49th AP.
i tried a new ap to configure and add in the network but it is not registring but when i remove any other ap from the network the newer which i was trying it will registerd.
So please help me regarding this issueI tried to make a new ap-manager interface it is not working
i also tried to enable LAG it will show following message.
Enabling LAG will map your current interface settings to LAG interface. All dynamic AP manager interfaces and untagged interfaces will be deleted. All WLANs will be disabled and mapped to Mgmt interface.!!! You MUST reboot the system after updating the LAG config. After Applying the LAG config, yo u would still need to reboot the system and reconfigure LAG to revert back !!! Please press ok to continue.
Right now i have configured 2 interface one is managment and other is ap manager interface where is managment interface ip is .2 and ap manager ip is .3
and all my 48 aps are using controller ip is .3 so when i am enabling LAG the upper statment is saying it will deleted my all interfaces and mapped to managment interface so in this senario my all aps lost the connection.
so can you please tell me will i go through or any other option is there for register ap to WlC
because it is not going beyond the limit of 48. -
External user not able to join Live Meeting, but can join Lync Meeting
We have LYNC 2010 pool with OCS 2007 R2 & Live Meeting clients ( with few LYNC 2010 clients). We are having issue with one external organization with Live Meetings. If any of our company user schedules Live Meeting, the particular external company users
( they have OCS 2007 R2 and Live Meeting clients) are not able to join our Live meetings. If we schedule Lync Meetings, they are able to join successfully through Web Interface.
On the other side, our users don't have any issue to join their Live Meetings.
We have LYNC edge servers and all external users don't have any issue to join our Live Meetings. The external company also don't have any issue with other users.
It's only 1 to 1 issue with Live Meeting ( not Lync meeting).
Any help to resolve this issue is much appreciated...
Tek-NerdHi,
From your description, did you mean it is a coexistence environment?
Did they receive any error message from Live Meeting client?
If possible, you can test with other federation companies with Live Meeting client. If it happen to all federation companies, I suggest to double check port, certificate requirement for federation. If it happen only for one company, please check
if Live Meeting Clients update to the latest version.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
I am a landlord and I organazied my contacts by the address of my tenants. I just joined to Icloud and I am not able to find my tenants in the directory in the computer at all. I could search when I am using my phone but they do not show at first.how can correct this? as an example 37 31 1 and when i type this nothing is showing.
I am a landlord and I organazied my contacts by the address of my tenants. I just joined to Icloud and I am not able to find my tenants in the directory in the computer at all. I could search when I am using my phone but they do not show at first.how can correct this? as an example 37 31 1 and when i type this nothing is showing.
-
Hi,
I have two WLC 8500 working in SSO and with nat enable feature configure in management interface.
SSO is working, but i have to configure NAT before SSO becasuse when SSO is up, ip address and nat are greyed out in managemente interface.
Some AP's must join the controller in the private address of the management interface and others AP must join in the public ip address configured in NAT address.
for some reason, there are a lot of AP's that can't join the controller, i have 3 ap's joined in the public ip address and 3 ap's joined in the private ip address
config network ap-discovery nat-only disable is already configured, from the console of one AP that can't not join i see the following:
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 212.89.5.130 peer_port: 5246
*Sep 10 12:36:17.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
*Sep 10 12:36:47.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 212.89.5.130:5246
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.35.0.78 peer_port: 5246
the AP is trying both private and public ip address to join the WLC but can't join properly.
From the WLC console:
debug capwap errors enable:
*spamApTask4: Sep 10 13:13:49.837: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.13:47807)since DTLS session is not established
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask2: Sep 10 13:13:52.103: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.11:21207)since DTLS session is not established
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
the AP model are the same, this is not the problem, but for some reason there are AP's that have problems with the NAT configuration, if i disable NAT option, every AP with private ip address config can join the WLC.
I've tried to break SSO, desconfigure NAT, and private ip address AP join the controller without problem.
anybody can give me a clue?
Regards!it seens like DTLS connection can't be stablished between AP and WLC.
The AP sends discovery request
the WLC respond with two discovery responds, the firts one, contains the public ip address of the WLC and the second one contains the private ip address.
once discovery proccess is complete, the AP tries to send DTLS hello packet to the WLC, but this packet never arrives to WLC.
because hello doesn't arrive, the AP sends a close notify alert to the WLC and tries to send the DTLS hello packet to the WLC private address with same result.
the AP get into a loop trying to send DTLS hello packets to both private and public address.
DTLS hello packet never arrive, but close notify alert arrive to WLC.
theres is FW in the middle doing NAT, but i can understand why close notify alert packets error arrives WLC and Hello DTLS packets don't. this packets uses the same protocol UDP and the same port.
Regards -
Hi,
After a wireless network interruption, one of MAP 1522 it's not joining to WLC .
What should I do to solve this problem?
Thanks.
(Cisco Controller) >show ap join stats detailed 00:08:30:bb:53:20
Discovery phase statistics
- Discovery requests received.............................. 7
- Successful discovery responses sent...................... 5
- Unsuccessful discovery request processing................ 0
- Reason for last unsuccessful discovery attempt........... Not applicable
- Time at last successful discovery attempt................ Feb 23 11:25:16.137
- Time at last unsuccessful discovery attempt.............. Not applicable
Join phase statistics
- Join requests received................................... 2
- Successful join responses sent........................... 2
- Unsuccessful join request processing..................... 2
- Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
- Time at last successful join attempt..................... Feb 23 11:25:28.385
- Time at last unsuccessful join attempt................... Feb 23 11:25:28.386
Configuration phase statistics
- Configuration requests received.......................... 3
- Successful configuration responses sent.................. 1
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Feb 23 11:25:28.581
--More-- or (q)uit
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP
- Last AP disconnect reason................................ AP's capwap state machine restarted
Last join error summary
- Type of error that occurred last......................... AP got or has been disconnected
- Reason for error that occurred last...................... Timed out while waiting for ECHO repsonse from the AP
- Time at which the last join error occurred............... Mar 18 19:07:28.864
AP disconnect details
- Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the APIoan,
as you see here:
Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
It seems you need to add a mac filter for this AP on you WLC so it joins.
Or, if you are using external radius for authorization, you need to add an entery for this AP on the radius server.
Here are some links that may help:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#p5
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml
Don't please forget to rate the reply if it is useful.
Cheers,
Amjad -
AP(2720e) not joining a WLC (2504)
I recently purchased two 2702e AP's to expand the wireless coverage of our network but when I plug them in, they will not join the AP for some reason.
This is what I am getting on the controller;
(Cisco Controller) >show ap join stats detailed f44e0544e944
Discovery phase statistics
- Discovery requests received.............................. 51
- Successful discovery responses sent...................... 26
- Unsuccessful discovery request processing................ 0
- Reason for last unsuccessful discovery attempt........... Not applicable
- Time at last successful discovery attempt................ Dec 08 10:24:37.695
- Time at last unsuccessful discovery attempt.............. Not applicable
Join phase statistics
- Join requests received................................... 0
- Successful join responses sent........................... 0
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Not applicable
- Time at last unsuccessful join attempt................... Not applicable
Configuration phase statistics
- Configuration requests received.......................... 0
- Successful configuration responses sent.................. 0
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
--More-- or (q)uit
- Time at last successful configuration attempt............ Not applicable
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Not applicable
- Last AP disconnect reason................................ Not applicable
Last join error summary
- Type of error that occurred last......................... None
- Reason for error that occurred last...................... Not applicable
- Time at which the last join error occurred............... Not applicable
AP disconnect details
- Reason for last AP connection failure.................... Not applicable
I have tried it with just the default settings and by setting the IP on the AP to no avail.
Any suggestion would be much appreciated.
EricHi Eric,
What software code is running on your 2504 ? I hope it is 7.6.130.0
If it is 8.0.100.0, then there was a crtical bug given below, you need to check whether you hitting this
https://tools.cisco.com/bugsearch/bug/CSCur43050
Conditions:
Seen only with APs that were manufactured in August, September or October, 2014 - all Aironet APs were affected EXCEPT the 700 series. Seen with WLCs running 8.0.100.0 or an 8.0.100.x special.
If the WLC was manufactured in September 2014, or later (i.e. has a SHA2 MIC), then the first symptom is seen, i.e. the AP joins the 8.0.100 WLC, downloads the image, but then fails to rejoin.
If the WLC was manufactured before September 2014 (i.e. does not have a SHA2 MIC), then the second symptom is seen, i.e. the AP can join the 8.0.100 WLC OK, but then will fail download during a subsequent upgrade.
Also seen with new APs trying to join a controller running IOS-XE 3.6.0 (15.3(3)JN k9w8 image.) (Track CSCur50946 for the IOS-XE fix)
Workaround:
Downgrade to AireOS 7.6.130.0, or to IOS-XE 3.3, if the APs are supported in the earlier code
Pls attach AP console output while trying to boot & register to see the exact reason for failure.
HTH
Rasika
**** Pls rate all useful responses **** -
WLC 4404 - Not able to see the 802.11a/n AP summary details
Hi Friends,
I have a query related to wireless. I have multiple WLCs in my network. Recently I observed that in one WLC, in monitoring page while we checking the access point summary information, I can see in 802.11a/n Radios, 8 APs are down. And I tried to see those details by clicking the ‘detail’ option over there, but no result was displaying. Same I have checked in ‘Wireless’ tab as well but the result was same. We have total 69 APs associated with this WLC. AP Models which are associated with this WLC are AIR-LAP1231G-A-K9 & AIR-LAP1242AG-A-K9. Firmware version running in the WLC is 7.0.235.3 which is recently upgraded.
Then I logged into multiple WLCs for checking the same. All these WLC are running with 7.0.116.0 code. In some APs I am able to see some AP information which is down for 802.11a/n Radios, for eg: if I have 18 APs down in a/n radio I can see 7 AP’s details. But can’t able to see all the AP information. For 802.11b/g/n Radios it is perfectly fine. And in these WLCs we have AIR-LAP1262N-N-K9 model also associated.
And one thing I noticed here is the number of APs that I can see the details is exactly same as the number of AIR-LAP1262N-N-K9 model APs associated with that WLC.
So can anyone confirm that the other 2 models won’t support a/n radios (hardware limitation) or is it any kind of bug in the firmware.
My WLC models are AIR-WLC4404-100-K9 & WS-SVC-WISM-1-K9
Thanks in advance for your time and response
Regards,
AnandHi Leo,
I am not able to identify the AP which are down for 802.11a/n radio :( (we are not using a/n radio in this location, that is why 8 out of 8 are showing down). -
i m not able to connect for the wifi which i have used earlier ,i m getting an error as unable to join the network how to resolve this please help me
We were able to log in this morning and all is working. You should be able to log in at any point today. Please let us know if you are having any other difficulties.
-
I have iphone 4s , I'm not able to join any wifi, I have tried many things, resetting, trying different wifi and many others , but still not able to join any wifi , what shall I do?
Contact iTunes support. Nobody here can help with billing problems.
-
AIR-CAP1602i cannot join a WLC 5508 controller
Hello,
I'm managing a large number of access points on a Cisco wlc 5508 controller.
We've recently purchased a bunch of new AIR-CAP1602I-E-K9.
note that we already have AIR-CAP1602I-E-K9 and other models in production.
These A.P are not able to join the controller for some reason, I've tried a lot of different things but I am now at a loss.
I have checked the regulatory domain, upgraded the FUS, manually upgraded the software version of the LAP to match the version on the other A.P.
I even downgraded/upgraded the WLC code (version 7.4.x and 8.0)
I use the dhcp option 43 to to send the controller IP.
Here are the info that can help:
errors:
#on A.P
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
#on WLC
Lwapp join request rejected (WLC version 7.6.130.0)
Failed to add database entry (WLC version 8.0)
WLC sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... XXX
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... XXX
Last Reset....................................... Software reset
System Up Time................................... 6 days 4 hrs 16 mins 27 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CA,FR
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +41 C
External Temperature............................. +22 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 7
Number of Active Clients......................... 1977
Burned-in MAC Address............................ A4:93:4C:B0:E4:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 250
AP sh version
AP58f3.9cb8.3701#sh version
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 22-Aug-14 10:56 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
AP58f3.9cb8.3701 uptime is 31 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.152-4.JB6/ap1g2-k9w8-mx.152-4.JB6"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-E-K9 (PowerPC) processor (revision B0) with 229366K/32768K bytes of memory.
Processor board ID FGL1832X5QU
PowerPC CPU at 533MHz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.6.100.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 58:F3:9C:B8:37:01
Part Number : 73-14671-04
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC183171L4
Top Assembly Part Number : 800-38552-01
Top Assembly Serial Number : FGL1832X5QU
Top Revision Number : A0
Product/Model Number : AIR-CAP1602I-E-K9
AP sh inventory
NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP1602I-E-K9 , VID: V01, SN: FGL1832X5QU
Thanks for your help !Hi Olivier,
The error messages that you have on the debugs:
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
It is related to the bug: CSCuh46442
https://tools.cisco.com/bugsearch/bug/CSCuh46442/?referring_site=ss
This bug is resolved in version : 8.0.100.0
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html#pgfId-1163951
Can you please paste here "show ap auth-list" from the controller CLI?
I suggest to enable MIC if it is not enabled, and then check if the AP's will join or not.
Kind Regards
Mohammad Setan -
Hello Im Having A Problem With Itunes im Not Able to reinstall itunes at all nor quicktime and bonjour service is not working either .i have tried tweaking my firewall but to no avail hoping someone can help me cos apple sure cant typical like politicians they sway away from the problem and blame someone else ?.
Well you need to understand the behavior of h-reap or what it's called now, FlexConnect. In this mode, the clients are still remembers on the WLC until the session timer/idle timer expires. So switching between SSID's in h-reap will not be the same when switching when the AP's are in local mode.
Take a look at the client when connected in FlexConnect in the WLC GUI monitor tab. Thus will show you what ssid and vlan the client is on. Now switch to a different ssid and compare this. It's probably the same because the client has not timed out. Now go back to the other ssid and look again. Now on the WLC, remove or delete the client and then switch to the other ssid at the same time. Or switch SSID's and then remove the client. The client will join the new ssid and in the monitor tab, you should see the info.
There is no need to have clients have multiple SSID's unless your testing. Devices should only have one ssid profile configured to eliminate any connectivity issues from the device wanting to switch SSID's.
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
We are running a commercial application on a Windows 2008 Server. After reboot, we cannot access the application because two services fail to start. The reason they fail to start is that the passwords to the local user accounts tied to those services
-
Forcing implementation of an inherited static method/field?
Suppose I have some classes - BlueAction, RedAction etc - extending an abstract base class called BaseAction. I put an abstract method called getColour() in BaseAction, and implement it in all the classes that extend it, so BlueAction returns blue, a
-
Where can I get a used MacBook
Where can I get a used apple MacBook for around 100-200$ please help
-
Navigation buttons and many such icons show up like a add-on bar during start-up
The icons show up for just a few seconds at the bottom of the browser window. Here is the screenshot http://postimg.org/image/fx7buzsxj/
-
New field in ME22n - Fast change option
Hi Experts, I have a requirment to add new field (SLFDT - Statistical delivery date) in ME22N fast change option.Since the customer don't want to change the standard structures ,I have created append structure for MEPOITEM and MEGUI_MASSCH_ALLOWED_F