AP not joining to WLC

Hi,
After a wireless network interruption, one of MAP 1522 it's not joining to WLC .
What should I do to solve this problem?
Thanks.
(Cisco Controller) >show ap join stats detailed 00:08:30:bb:53:20
Discovery phase statistics
- Discovery requests received.............................. 7
- Successful discovery responses sent...................... 5
- Unsuccessful discovery request processing................ 0
- Reason for last unsuccessful discovery attempt........... Not applicable
- Time at last successful discovery attempt................ Feb 23 11:25:16.137
- Time at last unsuccessful discovery attempt.............. Not applicable
Join phase statistics
- Join requests received................................... 2
- Successful join responses sent........................... 2
- Unsuccessful join request processing..................... 2
- Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
- Time at last successful join attempt..................... Feb 23 11:25:28.385
- Time at last unsuccessful join attempt................... Feb 23 11:25:28.386
Configuration phase statistics
- Configuration requests received.......................... 3
- Successful configuration responses sent.................. 1
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Feb 23 11:25:28.581
--More-- or (q)uit
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP
- Last AP disconnect reason................................ AP's capwap state machine restarted
Last join error summary
- Type of error that occurred last......................... AP got or has been disconnected
- Reason for error that occurred last...................... Timed out while waiting for ECHO repsonse from the AP
- Time at which the last join error occurred............... Mar 18 19:07:28.864
AP disconnect details
- Reason for last AP connection failure.................... Timed out while waiting for ECHO repsonse from the AP

Ioan,
as you see here:
Reason for last unsuccessful join attempt................ RADIUS authorization is pending for the AP
It seems you need to add a mac filter for this AP on you WLC so it joins.
Or, if you are using external radius for authorization, you need to add an entery for this AP on the radius server.
Here are some links that may help:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#p5
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml
Don't please forget to rate the reply if it is useful.
Cheers,
Amjad

Similar Messages

AP 1042N with ios 15.2(4)JB5 is not joining to WLC with ios 7.4.121.0

I am trying to add AP 1042N with ios15.2(4)JB5 in WLC 2504 with IOS version 7.4.121.0 , but AP is not joining and
Below mentioned is the log I am getting in the AP , here 192.168.100.10 is WLC ip
*May 20 19:31:22.745: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 20 19:51:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.10 peer_port: 5246
*May 20 19:51:24.804: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.10 peer_port: 5246
*May 20 19:51:24.805: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.10
*May 20 19:51:29.804: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.10
*May 20 19:52:23.222: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.100.10
*May 20 19:52:23.222: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.100.10:5246
*May 20 19:52:23.223: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 20 19:51:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.10 peer_port: 5246
*May 20 19:51:24.818: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.10 peer_port: 5246
*May 20 19:51:24.819: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.10
*May 20 19:51:29.819: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.10
Can anyone tell me, is there any issue between the AP & WLC IOS compatibility or what else could be reason for this.

Hi Thanks for everyone's comments,
I found solution, I i was extracting only one file from the tar image and supporting files were not extracted to flash
Now I did " “archive tar /xtract tftp://<TFTP server IP>/<ImageName>.tar flash: “ and extracted complete tar in to the flash and changed boot priority. Now it is joining to controller
Thank you

AP 3702 not join the WLC

Hi,
I have two WLC 8500 working in SSO and with nat enable feature configure in management interface.
SSO is working, but i have to configure NAT before SSO becasuse when SSO is up, ip address and nat are greyed out in managemente interface.
Some AP's must join the controller in the private address of the management interface and others AP must join in the public ip address configured in NAT address.
for some reason, there are a lot of AP's that can't join the controller, i have 3 ap's joined in the public ip address and 3 ap's joined in the private ip address
config network ap-discovery nat-only disable is already configured, from the console of one AP that can't not join i see the following:
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 212.89.5.130 peer_port: 5246
*Sep 10 12:36:17.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
*Sep 10 12:36:47.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 212.89.5.130:5246
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.35.0.78 peer_port: 5246
the AP is trying both private and public ip address to join the WLC but can't join properly.
From the WLC console:
debug capwap errors enable:
*spamApTask4: Sep 10 13:13:49.837: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.13:47807)since DTLS session is not established
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask2: Sep 10 13:13:52.103: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.11:21207)since DTLS session is not established
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
the AP model are the same, this is not the problem, but for some reason there are AP's that have problems with the NAT configuration, if i disable NAT option, every AP with private ip address config can join the WLC.
I've tried to break SSO, desconfigure NAT, and private ip address AP join the controller without problem.
anybody can give me a clue?
Regards!

it seens like DTLS connection can't be stablished between AP and WLC.
The AP sends discovery request
the WLC respond with two discovery responds, the firts one, contains the public ip address of the WLC and the second one contains the private ip address.
once discovery proccess is complete, the AP tries to send DTLS hello packet to the WLC, but this packet never arrives to WLC.
because hello doesn't arrive, the AP sends a close notify alert to the WLC and tries to send the DTLS hello packet to the WLC private address with same result.
the AP get into a loop trying to send DTLS hello packets to both private and public address.
DTLS hello packet never arrive, but close notify alert arrive to WLC.
theres is FW in the middle doing NAT, but i can understand why close notify alert packets error arrives WLC and Hello DTLS packets don't. this packets uses the same protocol UDP and the same port.
Regards

AP(2720e) not joining a WLC (2504)

I recently purchased two 2702e AP's to expand the wireless coverage of our network but when I plug them in, they will not join the AP for some reason.
This is what I am getting on the controller;
(Cisco Controller) >show ap join stats detailed f44e0544e944
Discovery phase statistics
- Discovery requests received.............................. 51
- Successful discovery responses sent...................... 26
- Unsuccessful discovery request processing................ 0
- Reason for last unsuccessful discovery attempt........... Not applicable
- Time at last successful discovery attempt................ Dec 08 10:24:37.695
- Time at last unsuccessful discovery attempt.............. Not applicable
Join phase statistics
- Join requests received................................... 0
- Successful join responses sent........................... 0
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Not applicable
- Time at last unsuccessful join attempt................... Not applicable
Configuration phase statistics
- Configuration requests received.......................... 0
- Successful configuration responses sent.................. 0
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
--More-- or (q)uit
- Time at last successful configuration attempt............ Not applicable
- Time at last unsuccessful configuration attempt.......... Not applicable
Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable
Last AP disconnect details
- Reason for last AP connection failure.................... Not applicable
- Last AP disconnect reason................................ Not applicable
Last join error summary
- Type of error that occurred last......................... None
- Reason for error that occurred last...................... Not applicable
- Time at which the last join error occurred............... Not applicable
AP disconnect details
- Reason for last AP connection failure.................... Not applicable
I have tried it with just the default settings and by setting the IP on the AP to no avail.
Any suggestion would be much appreciated.
Eric

Hi Eric,
What software code is running on your 2504 ? I hope it is 7.6.130.0
If it is 8.0.100.0, then there was a crtical bug given below, you need to check whether you hitting this
https://tools.cisco.com/bugsearch/bug/CSCur43050
Conditions:
Seen only with APs that were manufactured in August, September or October, 2014 - all Aironet APs were affected EXCEPT the 700 series. Seen with WLCs running 8.0.100.0 or an 8.0.100.x special.
If the WLC was manufactured in September 2014, or later (i.e. has a SHA2 MIC), then the first symptom is seen, i.e. the AP joins the 8.0.100 WLC, downloads the image, but then fails to rejoin.
If the WLC was manufactured before September 2014 (i.e. does not have a SHA2 MIC), then the second symptom is seen, i.e. the AP can join the 8.0.100 WLC OK, but then will fail download during a subsequent upgrade.
Also seen with new APs trying to join a controller running IOS-XE 3.6.0 (15.3(3)JN k9w8 image.) (Track CSCur50946 for the IOS-XE fix)
Workaround:
Downgrade to AireOS 7.6.130.0, or to IOS-XE 3.3, if the APs are supported in the earlier code
Pls attach AP console output while trying to boot & register to see the exact reason for failure.
HTH
Rasika
**** Pls rate all useful responses ****

Cisco LAP 2602 can not join Virtual WLC

dear all,
i just install Virtual WLC and i remove WLC 2504 , i install & configured it , but LAP can not join. it was work fine with WLC 2504.
i used the same network topology with the old WLC.
i receive this error logs.
*spamApTask4: Feb 04 06:01:30.082: <<<< Start of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.082: CAPWAP Control mesg Recd from 10.192.200.93, Port 26711
*spamApTask4: Feb 04 06:01:30.082: HLEN 4, Radio ID 0, WBID 1
*spamApTask4: Feb 04 06:01:30.082: Msg Type : CAPWAP_DISCOVERY_REQUEST
*spamApTask4: Feb 04 06:01:30.082: Msg Length : 155
*spamApTask4: Feb 04 06:01:30.082: Msg SeqNum : 0
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.082: Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083: WTP_SERIAL_NUMBER : AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
*spamApTask4: Feb 04 06:01:30.083: Maximum Radios Supported : 2
*spamApTask4: Feb 04 06:01:30.083: Radios in Use : 2
*spamApTask4: Feb 04 06:01:30.083: Encryption Capabilities : 0x00 0x01
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Mac Type : SPLIT_MAC
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : UNKNOWN IE 207
*spamApTask4: Feb 04 06:01:30.083: IE Length : 4
*spamApTask4: Feb 04 06:01:30.083: Decode routine not available, Printing Hex Dump
*spamApTask4: Feb 04 06:01:30.083: 00000000: 03 00 00 01 ....
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 12
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : RAD_NAME_PAYLOAD
*spamApTask4: Feb 04 06:01:30.083: IE Length : 6
*spamApTask4: Feb 04 06:01:30.083: Rad Name :
*spamApTask4: Feb 04 06:01:30.083: CEO_AP
*spamApTask4: Feb 04 06:01:30.083: <<<< End of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Request from 10.192.200.93:26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 ApModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask4: Feb 04 06:01:30.083: apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType = 26 apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType: Ox1a bundleApImageVer: 8.0.110.0
*spamApTask4: Feb 04 06:01:30.083: version:8 release:0 maint:110 build:0
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93 port 26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93:26711
Please any help.

dear
yes the wlc 2504  is 8.0.110 but because its damaged i replaced it with new vWLC v 8.0.110.
also i can not put the LAP in flexconnect until its joint.

Autonomous 1252 converted to CAPWAP will not join 5508 WLC

WLC 5508 firmware is v6.0.188.0
I've tried updating the autonomous 1252 via both the upgrade tool 3.4 and 'archive download-sw' from the CLI
I've tried multiple recovery images
c1250-rcvk9w8-tar.124-21a.JA2.tar
c1250-rcvk9w8-tar.124-10b.JDA.tar
After AP reboots with recovery image it joins WLC and downloads new CAPWAP image then reboots again
AP will not rejoin WLC with updated CAPWAP firmware
Any help with this is greatly appreciated!
Thanks in advance and happy holidays,
Scott
Error Msg from 1252 console
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
Additional info
WLC Debugs Enabled:
MAC address ................................ c4:7d:4f:39:31:e2
Debug Flags Enabled:
aaa detail enabled.
capwap error enabled.
capwap critical enabled.
capwap events enabled.
capwap state enabled.
dtls event enabled.
lwapp events enabled.
lwapp errors enabled.
pm pki enabled.
WLC Debug Output:
*Dec 18 10:51:51.575: dtls_conn_hash_search: Connection not found in hash table - Table empty.
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: called to get cert for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: called to get key for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: match in row 2
*Dec 18 10:51:51.692: acDtlsCallback: Certificate installed for PKI based authentication.
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=0
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect:   msg=ClientHello len=44 seq=0 frag_off=0 frag_len=44
*Dec 18 10:51:51.693: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.693: local_openssl_dtls_send: Sending 60 bytes
*Dec 18 10:51:51.694: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=1
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect:   msg=ClientHello len=76 seq=1 frag_off=0 frag_len=76
*Dec 18 10:51:51.695: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.696: local_openssl_dtls_send: Sending 314 bytes
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=2
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=0 frag_len=519
*Dec 18 10:51:51.712: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=3
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=519 frag_len=519
*Dec 18 10:51:51.713: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.713: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=4
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=1038 frag_len=108
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: locking ca cert table
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_decode()
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <subject> C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1250-c47d4f3931e2, [email protected]
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <issuer> O=Cisco Systems, CN=Cisco Manufacturing CA
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Mac Address in subject is c4:7d:4f:39:31:e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert Name in subject is C1250-c47d4f3931e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*Dec 18 10:51:51.719: sshpmGetCID: called to evaluate <cscoDefaultMfgCaCert>
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: called to get cert for CID 2ab15c0a
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: ssphmUserCertVerify: calling x509_decode()
*Dec 18 10:51:51.730: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (current): 2009/12/18/15:51:51
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotBefore): 2009/11/03/00:47:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotAfter): 2019/11/03/00:57:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: getting cisco ID cert handle...
*Dec 18 10:51:51.730: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: called with 0x1f1f3b8c
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: freeing public key
*Dec 18 10:51:51.731: openssl_shim_cert_verify_callback: Certificate verification - passed!
*Dec 18 10:51:51.732: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.155: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=5
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect:   msg=ClientKeyExchange len=258 seq=3 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.269: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=6
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=CertificateVerify len=258 seq=4 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=ChangeCipherSpec epoch=0 seq=7
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=1 seq=0
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=Unknown or Encrypted
*Dec 18 10:51:52.273: openssl_dtls_process_packet: Connection established!
*Dec 18 10:51:52.273: acDtlsCallback: DTLS Connection 0x167c5c00 established
*Dec 18 10:51:52.273: openssl_dtls_mtu_update: Setting DTLS MTU for link to peer 192.168.100.54:62227
*Dec 18 10:51:52.273: local_openssl_dtls_send: Sending 91 bytes
*Dec 18 10:53:06.183: sshpmLscTask: LSC Task received a message 4
Aironet 1252 Console Debug:
*Dec 16 11:07:12.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:51:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:40.999: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:51:41.695: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:41.699: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:39.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.100.2:5246
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Dec 18 15:52:40.059: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Dec 18 15:52:40.063: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Dec 18 15:52:40.079: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Dec 18 15:52:40.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Dec 18 15:52:50.059: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:52:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.1

Nathan and Leo are alluding to CSCte01087. Basically the caveat is that DTLS fails on a non-00:xx:xx:xx:xx:xx L2 first hop. e.g. if the APs are on the same VLAN as the management interface, they must have 00 MACs; if they are on a different VLAN, the WLC/AP gateway must have a 00 MAC. If the workaround below does not suit your environment, open a TAC case for an image with the fix.
Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.
   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
Conditions:
At least one of the following conditions pertains:
- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface
- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
Workaround:
If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.
In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:
-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00
-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.
For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
Another workaround is to downgrade to 6.0.182.0. However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

LWAP AP not join a WLC

Hi all,
I have a Cisco 2500 series Wirless Controller and AP : AIR-LAP1310G-E-K9 with can't join a cisco controller, when i looked at the Log file for WLC i found this message :
AP Disassociated. Base Radio MAC:1c:df:0f:cf:da:88.
So when i did this on the controller ( command) : debug capwap errors enable
This appear :
*spamApTask0: Jan 20 14:45:25.849: 1c:df:0f:cf:da:88 Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamApTask0: Jan 20 14:45:25.849: 1c:df:0f:cf:da:88 Join Priority Processing status = 0, Incoming Ap's Priority 0, MaxLrads = 15,joined Aps =3
*spamApTask0: Jan 20 14:45:25.849: 1c:df:0f:cf:da:88 Successful transmission of LWAPP Discovery Response to AP 1c:df:0f:cf:da:88 on port 1
*spamApTask0: Jan 20 14:45:36.851: 1c:df:0f:cf:da:88 Received LWAPP JOIN REQUEST from AP 1c:df:0f:cf:da:88 to 68:86:a7:36:37:00 on port '1'
*spamApTask0: Jan 20 14:45:36.851: Could not find BoardDataPayload
*spamApTask0: Jan 20 14:45:36.865: 1c:df:0f:cf:da:88 AP AP_BEJ: txNonce 00:00:00:00:00:00 rxNonce 00:00:00:00:00:00
*spamApTask0: Jan 20 14:45:36.865: 1c:df:0f:cf:da:88 LWAPP Join Request MTU path from AP 1c:df:0f:cf:da:88 is 1500, remote debug mode is 0
*spamApTask0: Jan 20 14:45:37.048: 1c:df:0f:cf:da:88 Successful transmission of LWAPP Join Reply to AP 1c:df:0f:cf:da:88
*spamApTask0: Jan 20 14:45:37.049: 1c:df:0f:cf:da:88 spam_lrad.c:2080 - Operation State 0 ===> 4
*spamApTask0: Jan 20 14:45:38.231: 1c:df:0f:cf:da:88 Received LWAPP IMAGE_DATA from AP 1c:df:0f:cf:da:88
*spamApTask0: Jan 20 14:45:38.232: 1c:df:0f:cf:da:88 Refusing image download to AP 1c:df:0f:cf:da:88 - unable to open image file /bsn/ap//c1310
Error:No such file or directory(2)
Please help ?

Hi George Stefanick ,
the problème is : i want to convert it to autonomous so to do , it must to plug the AP with the WLC , and in the CLI for WLC : tape this command : o this
config ap tftp-downgrade tftp-server-ip-address filename access-point-name
Refer to this link : http://www.cisco.com/c/en/us/td/docs/wireless/controller/3-2/configuration/guide/ccfig32/c32lwap.html.
but the WLC dont support the AP 1300 series , so please how to convert this AP to autonomos ?

1041N APs not joining 2100 WLC

Hopefully this will be an easy solution for some of you.
I have two LAP1041N APs I am trying to setup on a new 2100 WLC (7.0.116.0). THe APs will blink green fast; then go to a green, red, blue cycle for a min or so; then back to blinking green fast. Not sure what else to try here.
Thanks for the help.

Please use a L2/ L3 switch
For a L2 swith the AP and WLC must be on the same VLAN iof the L2 switch
For AP:
config t
int gig 0/1
swithport access native vlan 1( for ex)
switchport mode access
no shut
For WLC :
config t
int gig 0/2
switchport mode trunk
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
no shut
For L3 switch you can assign vlan interfaces :
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml#wlc
Also here is the link to the discovery process:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
Thanks,
Tuhin

Cisco APs not joining WLC

Hi guys,
I am in the process of configuring a WLC and got stuck due to APs are not joining the WLC.
I have configure DHCP server on the Gateway router and the WLC management interface is pointing to the Gateway as DHCP Server.
I have multiple Dynamic interfaces configured on the WLC and Interface group has been configured and mapped to Management Interface.
For each WLAN, a separate DHCP pool has been created on the router.
LAG has been configured and working fine. Connectivity works fine in the network and I can ping all devices and vlans from WLC.
Now, the APs are not joining the WLC. The error I am getting
" 44:03:a7:f1:b4:40 Received a Discovery Request from 44:03:A7:F1:B4:40 via IP broadcast address but the source IP address (10.xx.xx.xx) is not in any of the configured subnets. Dropping it "
Some one help me troubleshooting this issue with DHCP IP Assignment.
Thanks,
CJ

If you are using Broadcast method to discover WLC to AP then you need to ensure following is correctly configured.
1. Unders the switch SVI defined for AP-management (10.38.11.x) you have to configure "ip helper-address "
2. In switch global config "ip forward-protocol udp 5246"
Refer this for more detail
http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
There are other methods available as well (static, DNS, DHCP option 43) for the WLC discovery purpose. To verify there is no configuration issues at WLC end, you can simply configure the WLC details on AP statically & check wether AP get register to WLC. To do this you can enter following CLI commands on AP console priviledge mode.
debug capwap console cli
capwap ap ip address 10.38.11.x 255.255.255.x
capwap ap ip default-gateway 10.38.11.y
capwap ap controller ip address
In this way your AP should get registered to WLC (if no config issue at WLC end). Refer this for more detail
http://mrncciew.com/2013/03/17/ap-registration/
If you have so many APs, then as Steve pointed configuring DHCP-Option 43 would be a good option
Regards
Rasika
**** Pls rate all useful responses ****

AP 1552E NOT JOINING WLC 2504

Hello,
I am currently having issue relating to my AP not joining the WLC. Have made the WLC the internal DHCP server and the AP has picked an IP Address but the below is what i get from the AP:
*Feb 14 22:48:56.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 14 22:48:56.759: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Feb 14 22:48:56.783: status of voice_diag_test from WLC is false
*Feb 14 22:49:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:12.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 14 22:49:12.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:12.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:12.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Feb 14 22:49:17.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:17.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
*Feb 14 22:49:17.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
*Feb 14 22:49:17.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
*Feb 14 22:49:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:12.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 14 22:49:12.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:12.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:12.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
% CDP is not supported on this interface, or for this encapsulation
*Feb 14 22:49:17.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:17.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
*Feb 14 22:49:17.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
*Feb 14 22:49:17.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
*Feb 14 22:49:17.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 14 22:49:17.707: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 14 22:49:17.759: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Feb 14 22:49:17.783: status of voice_diag_test from WLC is false
*Feb 14 22:49:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 14 22:49:34.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:34.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:34.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Feb 14 22:49:39.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:39.663: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.1.2
*Feb 14 22:49:39.663: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.2 has closed connection.
*Feb 14 22:49:39.663: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.2:5246
*Feb 14 22:49:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 14 22:49:34.663: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.2 peer_port: 5246
*Feb 14 22:49:34.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2
*Feb 14 22:49:34.663: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Feb 14 22:49:38.591: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
*Feb 14 22:49:38.591: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
*Feb 14 22:49:38.591: %MESH-6-LINK_UPDOWN: Mesh station f029.29c2.effc link Down
*Feb 14 22:49:39.663: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.2

Platform: AIR-CT2504-K9, Version :
Manufacturer's Name: Cisco Systems Inc. Product Name: Cisco Controller Product Version: 7.0.220.0 RTOS Version: Erro Bootloader Version: 1.0.18 Build Type: DATA + WPS
Platform: cisco AIR-CAP1552E-E-K9 Version :
Cisco IOS Software, C1550 Software (C1520-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
flashfs[1]: 22 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 31610880
flashfs[1]: Bytes used: 6631936
flashfs[1]: Bytes available: 24978944
flashfs[1]: flashfs fsck took 5 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 5806080
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 5805056
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Warning: the compile-time code checksum does not appear to be present.
Radio0 present 8364B 8000 A8020000 0 A8030000 30
Radio1 present 8364B 8000 B8020000 0 B8030000 13
Radio2 not present 0 0 0 0 0 11
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
%Error opening flash:/c1520-rcvk9w8-mx/info (No such file or directory)cisco AIR-CAP1552E-E-K9    (PowerPC 8349) processor (revision A0) with 49142K/16384K bytes of memory.
Processor board ID FCZ1718H01Y
PowerPC 8349 CPU at 533Mhz, revision number 0x0031
Last reset from power loss
LWAPP image version 7.0.220.0
4 Gigabit Ethernet interfaces
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: F0:29:29:C2:EF:E0
Part Number                          : 73-13538-02
PCA Assembly Number                  : 800-31224-01
PCA Revision Number                  : 03
PCB Serial Number                    : FOC1705241P
Top Assembly Part Number             : 800-34853-05
Top Assembly Serial Number           : FCZ1718H01Y
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1552E-E-K9
% Please define a domain-name first.
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
Press RETURN to get started!
*Mar 1 00:00:07.307: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.723: m8349_ether_enable: MACCFG1 sync timeout
*Mar 1 00:00:09.819: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:09.819: %LINK-3-UPDOWN: Interface Ethernet4, changed state to up
*Mar 1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet1, changed state to up
*Mar 1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to up
*Mar 1 00:00:09.819: %LINK-3-UPDOWN: Interface GigabitEthernet3, changed state to up
*Mar 1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
*Mar 1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
*Mar 1 00:00:11.375: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, changed state to down
*Mar 1 00:00:11.963: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:12.039: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)
*Mar 1 00:00:12.051: AP identified to be in Fenway/Huck Jr/1240/1130 configuration
*Mar 1 00:00:12.055: status of voice_diag_test from WLC is false
*Mar 1 00:00:14.079: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1550 Software (C1520-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 18-Oct-11 15:13 by prod_rel_team
*Mar 1 00:00:14.079: %SNMP-5-COLDSTART: SNMP agent on host APf029.29c2.efe0 is undergoing a cold start
*Mar 1 00:00:14.143: %MESH-6-BVI_CREATED: Mesh BVI1 interface created
*Mar 1 00:00:14.163: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:00:14.163: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:00:15.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:00:15.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:00:16.143: %LINK-3-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:00:17.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitE
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)thernet0, changed state to down
*Mar 1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
*Mar 1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down
*Mar 1 00:00:17.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3, changed state to down
*Mar 1 00:00:18.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet4, changed state to up
*Mar 1 00:00:20.723: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:32.743: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:32.795: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Mar 1 00:00:32.959: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:33.107: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:00:33.307: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Mar 1 00:00:46.383: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C2960-24PC-S (189c.5d95.2d18)
Username:
*Mar 1 00:01:27.119: %MESH-6-ADJACENCY_STATE_MACHINE_STARTED: Mesh adjacency state machine started
Username:
*Mar 1 00:01:32.163: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Mar 1 00:01:34.119: %LINK-3-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:01:35.119: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:01:37.207: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
% CDP is not supported on this interface, or for this encapsulation
*Mar 1 00:01:40.887: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Mar 1 00:01:40.907: status of voice_diag_test from WLC is false
*Mar 1 00:01:46.387: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C2960-24PC-S (189c.5d95.2d18)
Regards,
Obinna Samuel

Access Points not joining WLC

Hello All,
I am trying to deploy several AIR-CAP3502E-E-K9 access points from a cisco 5508 wire lan contoller running ver 7 code. However iam having difficulty regiserting the access points with the WLC. The wlc is connect to a 3650 switch, and each access point is connected to a 2960 switch.
Problem Solved. A bad update was not allowing the access points to get their correct firmware.

You need to provide what Leo stated, that would help a lot. Anyways you can't telnet or ssh into a capwap AP if it has not joined the WLC. So that being said, provide the info Leo requested and then console into the ap and provide use with output from the console. Make sure you reboot the AP and then start capturing the output for around 5 minutes.
Sent from Cisco Technical Support iPad App

AIR-LAP521G-E-K9 is not joining WLC4402-12

Hi,
Please I need some help with any guide or info regarding my LAP521 access points that are refusing to join the WLC4402-12.
This is my first lightweight access point implementation and I have 3 LAP521's and 1 AIR-CAP3502I-E-K9 access points on my network.
They are meant to pick up ip address from external dhcp server and then join the WLC but only the 3502i joins successfuly while the 521's get dhcp address but do not join the WLC. From the logs, I can see that the WLC is discovered by the 521's and even get a response message from the controller but they are still unable to join as shown in the screenshot below.
My WLC is running software version 7.0.230.0 and the 521's are running an lwapp image version 4.2.61.8.
Base Radio MAC
AP Name
Status
Ethernet MAC
IP Address
Last Join Time
00:23:04:cc:56:d0
NA
Not Joined
00:00:00:00:00:00
172.31.5.115
00:23:04:f2:8d:10
NA
Not Joined
00:00:00:00:00:00
172.31.5.113
00:23:33:22:3d:b0
NA
Not Joined
00:00:00:00:00:00
172.31.5.110
3c:ce:73:94:b4:d0
AP001
Joined
44:2b:03:6d:5d:50
172.31.5.120
Oct 01 18:01:17.713
Please any suggestions or help with resolving this issue will be appreciated.
Thanks

The reason the 521 will not join, is because they require the Cisco Express WLC. They will not join the 4400 WLC. Take a look at this matrix with the code you are running and the AP's that are supported.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp81600
Sent from Cisco Technical Support iPhone App

AP not joining

Hi all,
I could need a little help troubleshooting some AP issue.
For some reason some AP will not join the WLC. (WISMII)
I have several hundrede AP online, but still a few offline
This fails:
FRH-R06-L226-UX-G#sh cdp nei gi2/0/41 detail
Device ID: AP5057.a8a1.c632
Entry address(es):
IP address: 10.61.24.103
Platform: cisco AIR-CAP3502I-E-K9   , Capabilities: Trans-Bridge      (why only Trans-Bridge mode and not Capabilities: Router Trans-Bridge)
Interface: GigabitEthernet2/0/41, Port ID (outgoing port): GigabitEthernet0
Holdtime : 161 sec
Version :
Cisco IOS Software, C3500 Software (AP3G1-RCVK9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)     (yes recovery image I know)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 18-Oct-11 15:02 by prod_rel_team
advertisement version: 2
Duplex: full
Power drawn: 14.500 Watts     (will it change when AP come online?)
Power request id: 63919, Power management id: 2
Power request levels are:14500 0 0 0 0
Management address(es):
This works fine:
FRH-R06-L226-UX-G#sh cdp nei gi2/0/26 detail
Device ID: AP442b.03c2.638d
Entry address(es):
IP address: 10.61.24.84
Platform: cisco AIR-CAP3502I-E-K9   , Capabilities: Router Trans-Bridge
Interface: GigabitEthernet2/0/26, Port ID (outgoing port): GigabitEthernet0.1
Holdtime : 128 sec
Version :
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Mon 10-Dec-12 23:33 by prod_rel_team
advertisement version: 2
Duplex: full
Power drawn: 15.400 Watts
Power request id: 45452, Power management id: 2
Power request levels are:15400 14500 0 0 0
Management address(es):
Switchport config:
interface GigabitEthernet2/0/41
description .1X XG-B-41
switchport access vlan 552
switchport mode access
authentication control-direction in
authentication event fail retry 0 action next-method
authentication event server dead action authorize vlan 552
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout quiet-period 5
dot1x timeout tx-period 3
storm-control broadcast level 0.50
storm-control multicast level 0.50
storm-control action shutdown
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
end
I have no access to the console interface on the AP at the moment.
any suggestions
/Finn

Well you need to take a look at the AP or console. There have been issues with the 3500's and the white light of death. If you can have someone confirm if the APs led is white or not, that will tell you right away if you need to RMA the ap or not. Other than that, you need to console into the AP and post the output when powering up the AP.
Sent from Cisco Technical Support iPhone App

AIR-CAP3501I access point not joining the Cisco 2100 Wireless Lan controller.

Hello All,
I am installing a new LAP (AIR-CAP3501I ) through the wireless lan controller (AIR-WLC2112-K9) with software version 7.0. I have an external ADSL modem which will act as the DHCP server for the wireless clients and the LAP.
Please find my network setup as below:
The ISP ADSL modem , WLC and LAP are connected to a unmanaged POE switch. The LAP gets its power through the POE switch. When i connect the LAP and the WLC to the switch along with the ADSL modem, the LAPs are getting the ip address from the ADSL modem, however they are not joining the WLC for further process.
ADSL Modem ip address: 192.168.1.254
Management ip address on the LAP: 192.168.1.1 ( Assigned to port 1, untagged Vlan).
Ap Manager ip address: 192.168.1.1 ( Assigned to the same port i.e port1, Untagged Vlan).
The LAP is getting an IP address from the ADSL modem in the range of the DHCP scope.
I will paste the logs very soon.
Please let me know if i am doing anything wrong oe what will be the issue.
Thanks in advance,
Mohammed Ameen

Hello All,
Please find the logs for "debug capwap event" from the WLC below:
*spamReceiveTask: Sep 26 19:44:59.196: e8:04:62:0a:3f:10 Join Version: = 117465600
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join resp: CAPWAP Maximum Msg element len = 92
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 Join Response sent to 192.168.1.156:45510
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 CAPWAP State: Join
*spamReceiveTask: Sep 26 19:44:59.197: e8:04:62:0a:3f:10 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
*apfReceiveTask: Sep 26 19:44:59.198: e8:04:62:0a:3f:10 Register LWAPP event for AP e8:04:62:0a:3f:10 slot 0
*spamReceiveTask: Sep 26 19:44:59.341: e8:04:62:0a:d1:20 DTLS connection not found, creating new connection for 192:168:1:158 (45644) 192:168:1:2 (5246)
*spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 DTLS Session established server (192.168.1.2:5246), client (192.168.1.158:45644)
*spamReceiveTask: Sep 26 19:45:00.119: e8:04:62:0a:d1:20 Starting wait join timer for AP: 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.121: e8:04:62:0a:d1:20 Join Request from 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join Version: = 117465600
*spamReceiveTask: Sep 26 19:45:00.123: e8:04:62:0a:d1:20 Join resp: CAPWAP Maximum Msg element len = 92
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 Join Response sent to 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 CAPWAP State: Join
*spamReceiveTask: Sep 26 19:45:00.124: e8:04:62:0a:d1:20 capwap_ac_platform.c:1216 - Operation State 0 ===> 4
*apfReceiveTask: Sep 26 19:45:00.125: e8:04:62:0a:d1:20 Register LWAPP event for AP e8:04:62:0a:d1:20 slot 0
*spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 Configuration Status from 192.168.1.158:45644
*spamReceiveTask: Sep 26 19:45:00.273: e8:04:62:0a:d1:20 CAPWAP State: Configure
*spamReceiveTask: Sep 26 19:45:00.273: Invalid channel 1 spacified for the AP APf866.f2ab.24b6, slotId = 0
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP info for AP e8:04:62:0a:d1:20 -- static 0, 192.168.1.158/255.255.255.0, gtw 192.168.1.254
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Updating IP 192.168.1.158 ===> 192.168.1.158 for AP e8:04:62:0a:d1:20
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Setting MTU to 1485
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Finding DTLS connection to delete for AP (192:168:1:158/45644)
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 Disconnecting DTLS Capwap-Ctrl session 0xa06d6a4 for AP (192:168:1:158/45644)
*spamReceiveTask: Sep 26 19:45:00.274: e8:04:62:0a:d1:20 CAPWAP State: Dtls tear down
*spamReceiveTask: Sep 26 19:45:00.277: spamProcessGlobalPathMtuUpdate: Changing Global LRAD MTU to 576
*spamReceiveTask: Sep 26 19:45:00.277: e8:04:62:0a:d1:20 DTLS connection closed event receivedserver (192:168:1:2/5246) client 192:168:1:158/45644).
The Acess point joins the Controller for 2-3 seconds and then unjoins again. I am not sure what i am doing wrong here. The access points are getting the IPs from the ADSL modem through the switch, then it talks to the WLC, however it does not join the controller for further process.
Note:
The Managemnet interface and the AP manager interface are assigned to the same port 1 with unassigned Vlan as mention above.

Ap won't join the WLC

Hello Guys,
I have converted ap 1131 from autonomous to lwapp successfully by using upgrade utility tool but the AP does not join the WLC 2106. I can see it as a neighbor on the switch with no IP address. please help me.
Thank you

Hello Scott,
Thank you for the reply
Please find the attached file for the config, i found out that i have not updated the time on WLC but i did update the time on WLC and tested for other AP and this one too wont join the WLC. The ap are located remote.
atsg-wl1#show run | incl hostname
hostname atsg-wl1
atsg-wl1#test pb display
Display of the Parameter Block
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1
atsg-wl1#term length 0
atsg-wl1#show version | include Cisco IOS
Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.3(7)JA3, RELEASE SOFTWARE (fc1)
atsg-wl1#show controller | include Radio AIR
Radio AIR-AP1131G, Base Address 0019.0737.02f0, BBlock version 0.00, Software version 5.80.15
Radio AIR-AP1131A, Base Address 0019.073b.02d0, BBlock version 0.00, Software version 5.80.15
atsg-wl1#show controllers d0 | include Current
Current Frequency: 2447 MHz Channel 8
Current CCK Power: 14 dBm
Current OFDM Power: 14 dBm
Current Rates: basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
atsg-wl1#show controllers d1 | include Current
Current Frequency: 5805 MHz Channel 161
Current Power: 17 dBm
Current Rates: basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
atsg-wl1#show run | include station-role
station-role root
station-role root
atsg-wl1#test pb disp
Display of the Parameter Block
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1
atsg-wl1#show int F0 | include address
Hardware is PowerPCElvis Ethernet, address is 0019.555f.ccfa (bia 0019.555f.ccfa)
atsg-wl1#show int | include Dot11Radio
Dot11Radio0 is up, line protocol is up
Dot11Radio1 is up, line protocol is up
atsg-wl1#show sntp | exclude SNTP
10.148.0.1         16        1        never
172.16.21.57       16        1        never
Broadcast client mode is enabled.
atsg-wl1#show run
Building configuration...
Current configuration : 6025 bytes
! Last configuration change at 19:35:46 UTC Thu Jan 31 2013 by didata
! NVRAM config last updated at 19:13:48 UTC Fri Feb 1 2013 by didata
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
hostname atsg-wl1
logging buffered informational
logging console informational
enable secret 5
ip subnet-zero
ip domain name aspentech.com
ip name-server 10.96.16.230
ip name-server 10.148.0.249
ip name-server 10.32.19.1
aaa new-model
aaa group server radius rad_eap
server 10.16.16.123 auth-port 1645 acct-port 1646
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
no dot11 igmp snooping-helper
dot11 ssid
   authentication open eap eap_methods
   authentication network-eap eap_methods
   guest-mode
   infrastructure-ssid optional
dot11 network-map
power inline negotiation prestandard source
usernamepassword 7
username privilege 15 password 7
usernamep rivilege 15 password 7
class-map match-all _class_Protocol_301_C351
match access-group name Voice_Over_IP_301
class-map match-all _class_8
match ip dscp cs1
class-map match-all _class_0
match ip dscp default
class-map match-all _class_48
match ip dscp cs6
class-map match-all _class_18
match ip dscp af21
class-map match-all _class_24
match ip dscp cs3
class-map match-all _class_16
match ip dscp cs2
class-map match-all _class_34
match ip dscp af41
class-map match-all _class_26
match ip dscp af31
class-map match-all _class_40
match ip dscp cs5
class-map match-all _class_46
match ip dscp ef
class-map match-all _class_56
match ip dscp cs7
class-map match-all _class_10
match ip dscp af11
class-map match-all _class_32
match ip dscp cs4
policy-map _policy_Voice_Over_IP_202
class _class_Protocol_301_C351
set cos 6
policy-map _policy_fallback_policy
class _class_0
set cos 0
class _class_8
set cos 1
class _class_10
set cos 1
class _class_16
set cos 2
class _class_18
set cos 2
class _class_24
set cos 3
class _class_26
set cos 3
class _class_32
set cos 4
class _class_34
set cos 4
class _class_40
set cos 5
class _class_46
set cos 5
class _class_48
set cos 6
class _class_56
set cos 7
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
encryption mode wep mandatory mic key-hash
broadcast-key change 900
ssid
traffic-class background cw-min 5 cw-max 8 fixed-slot 2
traffic-class best-effort cw-min 5 cw-max 8 fixed-slot 6
traffic-class video cw-min 4 cw-max 6 fixed-slot 1
traffic-class voice cw-min 3 cw-max 7 fixed-slot 1
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 32
fragment-threshold 2338
station-role root
rts threshold 2339
rts retries 32
world-mode legacy
no cdp enable
infrastructure-client
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode wep mandatory mic key-hash
broadcast-key change 900
ssid aspen100abcdefgh
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.148.0.7 255.255.255.0
no ip route-cache
ip default-gateway 10.148.0.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip tacacs source-interface BVI1
ip radius source-interface BVI1
ip access-list extended Voice_Over_IP_300
permit 119 any any
permit ip any any
ip access-list extended Voice_Over_IP_301
permit 119 any any
permit ip any any
logging facility local0
snmp-server view iso_view iso included
snmp-server community admin view iso_view RW
snmp-server community all4114all view iso_view RW
snmp-server community ddbos2000 RO
snmp-server location ATSG
snmp-server contact James Lee
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server host 192.135.137.12 ddbos2000
tacacs-server host 10.16.16.123 key 7
tacacs-server host 10.96.16.245 key 7
tacacs-server directed-request
radius-server host 10.16.16.123 auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7
radius-server deadtime 120
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 0 0
transport preferred all
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
transport preferred all
transport input all
transport output all
end
atsg-wl1#show run | incl hostname
hostname atsg-wl1
atsg-wl1#arch down /over /create-space tftp://10.148.0.118/images/c1130-rcvk                                                                    $over /create-space tftp://10.148.0.118/images/c1130-rcvk9                  w8-tar.12                                                                   te-space tftp://10.148.0.118/images/c1130-rcvk9w8-tar.123                  -11.JX1.t                                                                  ftp://10.148.0.118/images/c1130-rcvk9w8-tar.123-11.JX1.ta                  r
examining image...
Loading images/c1130-rcvk9w8-tar.123-11.JX1.tar from 10.148.0.118 (via BVI1): !
extracting info (273 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 1873920 bytes]
Image info:
    Version Suffix: rcvk9w8-
    Image Name: c1130-rcvk9w8-mx
    Version Directory: c1130-rcvk9w8-mx
    Ios Image Size: 1874432
    Total Image Size: 1874432
    Image Feature: WIRELESS LAN|LWAPP|RECOVERY
    Image Family: C1130
    Wireless Switch Management Version: 3.0.51.0
Extracting files...
Loading images/c1130-rcvk9w8-tar.123-11.JX1.tar from 10.148.0.118 (via BVI1): !
extracting info (273 bytes)
c1130-rcvk9w8-mx/ (directory) 0 (bytes)
extracting c1130-rcvk9w8-mx/c1130-rcvk9w8-mx (1867816 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1130-rcvk9w8-mx/info (273 bytes)
extracting info.ver (273 bytes)!
[OK - 1873920 bytes]
Deleting current version...
Deleting flash:/c1130-k9w7-mx.123-7.JA3...done.
New software image installed in flash:/c1130-rcvk9w8-mx
Configuring system to use new image...done.
atsg-wl1#show archive status
SUCCESS: Upgrade complete.
atsg-wl1#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
atsg-wl1#dir flash:
Directory of flash:/
    2 -rwx        2072 Jan 31 2013 19:36:18 +00:00 private-multiple-fs
149 drwx         128 Jan 31 2013 19:36:11 +00:00 c1130-rcvk9w8-mx
    4 -rwx         342 Jan 31 2013 19:36:14 +00:00 env_vars
15998976 bytes total (14126080 bytes free)
atsg-wl1#dir nvram:
Directory of nvram:/
   30 -rw-           0                    startup-config
   31 ----           0                    private-config
    1 -rw-           0                    ifIndex-table
    2 ----          12                    persistent-data
32768 bytes total (30668 bytes free)
atsg-wl1#sh crypto ca trustpoints
atsg-wl1#sh crypto ca certificates
atsg-wl1#terminal length 0
atsg-wl1#show run | begin BVI1
interface BVI1
ip address 10.148.0.7 255.255.255.0
no ip route-cache
ip default-gateway 10.148.0.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip tacacs source-interface BVI1
ip radius source-interface BVI1
ip access-list extended Voice_Over_IP_300
permit 119 any any
permit ip any any
ip access-list extended Voice_Over_IP_301
permit 119 any any
permit ip any any
logging facility local0
snmp-server view iso_view iso included
snmp-server community admin view iso_view RW
snmp-server community all4114all view iso_view RW
snmp-server community ddbos2000 RO
snmp-server location ATSG
snmp-server contact James Lee
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server host 192.135.137.12 ddbos2000
tacacs-server host 10.16.16.123 key 7
tacacs-server host 10.96.16.245 key 7
tacacs-server directed-request
radius-server host 10.16.16.123 auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7
radius-server deadtime 120
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 0 0
transport preferred all
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
transport preferred all
transport input all
transport output all
end

AP not joining to WLC

Similar Messages

Maybe you are looking for