Client get connected occationally with WLC 5508

Hi ,
I have one strange problem on wireless connection.
I just upgraded several 1131 APs to LAP with 2 new Cisco 5508 controller deployed, and we found the clients sometime can get conneted to the 1131 AP, and connection well, sometimes cannot. during our test, one conecion is ok, next one cannot, the third one seems ok again and again.
And we also have 2 new 1140 APs, seems no such problem,
The version for controller is 6.0.196.0, and Client is Lenevo PC with XP.
Any suggestion? or some troubleshooting procedure I can follow?
Thanks!
Roy

Thanks!
Seems some problem with open authentication.
On the Client, it reported cannot get associated.
on the WLC, while I am debug client it reports:
*Jul 14 10:18:51.844: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:a5:c0 (status 12)
*Jul 14 10:18:51.889: 00:1f:3c:c2:e9:71 Ignoring 802.11 assoc request from mobile pending deletion
*Jul 14 10:18:51.889: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:a5:c0 (status 12)
*Jul 14 10:18:51.928: 00:1f:3c:c2:e9:71 Ignoring 802.11 assoc request from mobile pending deletion
*Jul 14 10:18:51.928: 00:1f:3c:c2:e9:71 Sending Assoc Response to station on BSSID c4:7d:4f:47:ae:b0 (status 12)
*Jul 14 10:18:52.446: 00:1f:3c:c2:e9:71 apfMsExpireCallback (apf_ms.c:418) Expiring Mobile!
*Jul 14 10:18:52.446: 00:1f:3c:c2:e9:71 apfMsExpireMobileStation (apf_ms.c:4427) Changing state for mobile 00:1f:3c:c2:e9:71 on AP c4:7d:4f:47:ae:b0 from Associated to Disassociated
I am using remote radius with WLC only.
The strange thing is, when get connected, it looks fine, but I tried disconnect manually, then connect again, it reported cannot get associated, then I try again, it can get connect again,....

Similar Messages

An issue with WLC 5508 and 7921 phone

Hello all!
I have a system with WLC 5508 and some 1242 APs. And I use a lot of 7921 phones.
One of 7921 phones was in trouble. It loses registration, disconnect conversations...
I installed the trial WLC and run voice diagnostics.
I saw some of "Potentially degraded QoS in downlink direction because of incorrect packet classification" messages and one "Fair upstream packet loss ratio: 1,2%, which is less than threshold 2.5%"
As I understand all of 7921 phones in these area are affected.
what does it mean? I set up Platinum QoS for voice WLAN. I don't have any qos configuration string for AP and WLC ports on switches...
any ideas?
thanx in advance

Sergey:
There is one application called "WLC Config analyzer". You save your "show run-config" from your WLC in a text file and import it by this application. it will analyze the file for you and tell you what recommendations for voice are missing so you improve them.
When importing a config file you choose what voice clinets you are using, so you need to choose cisco 7921 to it tells you what config improvemetns is needed based on 7921 needs.
Here is the link to download the application:
https://supportforums.cisco.com/docs/DOC-1373
download the latest versoin.
BTW, how many voice/data clients are connected to one AP in that area? if I remember correctly if you are utilizing voice then the max number of clients connected to one AP should not exceed 17. If you have more than this number per AP try to minimize the number of users concurrently connected to the AP then try again.
Hope you'll find the config analyzer useful.
If useful please don't forget to rate.
Amjad

Remote access VPN client gets connected fails on hosts in LAN

Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)

Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
     172.32.0.0/24 is subnetted, 1 subnets
C       172.32.0.0 is directly connected, Vlan101
C    192.168.200.0/24 is directly connected, Vlan2000
C    192.9.200.0/24 is directly connected, Vlan4000
S    192.168.250.0/24 [1/0] via 192.9.200.125
S    192.168.1.0/24 [1/0] via 192.9.200.125
C    192.168.2.0/24 is directly connected, Vlan1000
S    192.168.252.0/24 [1/0] via 192.9.200.125
S*   0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C    172.32.0.0 255.255.255.0 is directly connected, outside
C    192.9.200.0 255.255.255.0 is directly connected, inside
C    192.168.168.0 255.255.255.0 is directly connected, failover
C    192.168.2.0 255.255.255.0 is directly connected, MGMT
S    192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S    192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route.

EAP-TLS with WLC 5508, Microsoft NPS and custom EKU OID´s

We are trying to implement EAP-TLS with client certificates that have a custom EKU OID to distinguish the WLAN clients. The Microsoft Press Book
Windows Server 2008 PKI and Certificate Security gives an example on how to configure a policy in NPS that matches specific EKU OID´s. At the moment we have two policies that have an allowed-certificate-oid configured that matches the OID´s in our certificates, but our setup is not working as expected. Authentications will only be successful, if the client authenticates with the certificate that is matched by the first policy rule.
For example:
Policy 1: allowed-certificate-OID --> corporate
Policy 2: allowed-certificate-OID --> private
Client authenticates with EKU corporate --> success
Client authenticates with EKU private --> reject
My expectation was, that if Policy 1 will not match the NPS goes over to Policy 2 and tries to authenticate the client.
Has anyone a simmilar setup or can help to figure out what is going wrong?
We have a WLC 5508 with Software Version 7.4.100.0 and a NPS on a Windows Server 2008 R2
regards
Fabian

The policy rejects and the NPS goes to the next policy, only if the user does not belong to the configured group.
This means I need to have one AD group per application policy, but that will not solve my problem. A user could belong to more than one group, depending on how many devices he/she has. It will work with one group only for each user, because the first policy that matches a AD group, the user belongs to, could have a OID that is not in the certificate. This would cause a recejct with reason code 73:
The purposes that are configured in the Application Policies extensions, also called Enhanced Key Usage (EKU) extensions, section of the user or computer certificate are not valid or are missing. The user or computer certificate must be configured with the Client Authentication purpose in Application Policies extensions. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2.
The certificate does include this OID but not the custom EKU.

VPN client get connect but Request Timed out when ping

Hi, I'm using the cisco 837 router as my VPN server. I get connected using Cisco VPN Client Version 5. But when I ping the router ip, i get request timed out. Here is my configuration :
Building configuration...
Current configuration : 3704 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname michael
boot-start-marker
boot-end-marker
memory-size iomem 5
no logging console
enable secret 5 $1$pZLW$9RZ8afI8QdGRq0ssaEJVu0
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
resource policy
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp pool michael
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 202.134.0.155
ip dhcp pool excluded-address
   host 192.168.1.4 255.255.255.0
   hardware-address 01c8.d719.957a.b9
ip cef
ip name-server 202.134.0.155
ip name-server 203.130.193.74
vpdn enable
username michael privilege 15 secret 5 $1$ZJQu$KDigCvYWKkzuzdYHBEY7f.
username danny privilege 10 secret 5 $1$BDs.$Ez0u9wY7ywiBzVd1ECX0N/
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp xauth timeout 15
crypto isakmp client configuration group michaelvpn
key vpnpassword
pool SDM_POOL_1
acl 199
netmask 255.255.255.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
interface Ethernet0
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet1
duplex auto
speed auto
interface FastEthernet2
duplex auto
speed auto
interface FastEthernet3
duplex auto
speed auto
interface FastEthernet4
duplex auto
speed auto
interface Virtual-PPP1
no ip address
interface Dialer1
description $FW_OUTSIDE$
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname ispusername
ppp chap password 0 isppassword
ppp pap sent-username ispusername password 0 isppassword
crypto map SDM_CMAP_1
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source static udp 192.168.1.0 1723 interface Dialer1 1723
ip nat inside source static tcp 192.168.1.4 21 interface Dialer1 21
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 192.0.0.0 0.255.255.255
access-list 102 remark SDM_ACL Category=2
access-list 102 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 199 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 102
control-plane
banner motd ^C
Authorized Access Only
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit permission to access this device.
All activities performed on this device are logged.
Any violations of access policy will result in disciplinary action.
^C
line con 0
no modem enable
line aux 0
line vty 0 4
scheduler max-task-time 5000
end
Thank you, anny help will be appreciated.

Thank you for your response, here is the debug :
Log Buffer (4096 bytes):
1 15:19:47.011: ISAKMP: set new node 856647599 to QM_IDLE
May 1 15:19:47.015: ISAKMP:(0:8:SW:1):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
     spi 2182802952, message ID = 856647599
May 1 15:19:47.015: ISAKMP:(0:8:SW:1): seq. no 0xA3285B8A
May 1 15:19:47.015: ISAKMP:(0:8:SW:1): sending packet to 120.168.1.24 my_port 4500 peer_port 52667 (R) QM_IDLE
May 1 15:19:47.019: ISAKMP:(0:8:SW:1):purging node 856647599
May 1 15:19:47.019: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
May 1 15:19:47.019: ISAKMP:(0:8:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
May 1 15:19:49.979: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B4F274, count=0
-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:19:49.983: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B4F274, count=0
-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:19:55.127: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B51C44, count=0
-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:19:55.127: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B51C44, count=0
-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:19:58.383: ISAKMP (0:134217736): received packet from 120.168.1.24 dport 4500 sport 52667 Global (R) QM_IDLE
May 1 15:19:58.383: ISAKMP: set new node -1340288848 to QM_IDLE
May 1 15:19:58.387: ISAKMP:(0:8:SW:1): processing HASH payload. message ID = -1340288848
May 1 15:19:58.387: ISAKMP:(0:8:SW:1): processing NOTIFY DPD/R_U_THERE protocol 1
     spi 0, message ID = -1340288848, sa = 81A7DCEC
May 1 15:19:58.387: ISAKMP:(0:8:SW:1):deleting node -1340288848 error FALSE reason "Informational (in) state 1"
May 1 15:19:58.387: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
May 1 15:19:58.387: ISAKMP:(0:8:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
May 1 15:19:58.391: ISAKMP:(0:8:SW:1):DPD/R_U_THERE received from peer 120.168.1.24, sequence 0xA3285B8B
May 1 15:19:58.391: ISAKMP: set new node -752454119 to QM_IDLE
May 1 15:19:58.395: ISAKMP:(0:8:SW:1):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
     spi 2182802952, message ID = -752454119
May 1 15:19:58.395: ISAKMP:(0:8:SW:1): seq. no 0xA3285B8B
May 1 15:19:58.395: ISAKMP:(0:8:SW:1): sending packet to 120.168.1.24 my_port 4500 peer_port 52667 (R) QM_IDLE
May 1 15:19:58.399: ISAKMP:(0:8:SW:1):purging node -752454119
May 1 15:19:58.399: ISAKMP:(0:8:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
May 1 15:19:58.399: ISAKMP:(0:8:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
May 1 15:19:59.887: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81B51C44, count=0
-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:19:59.887: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81B51C44, count=0
-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:20:05.667: %SYS-2-BADSHARE: Bad refcount in pak_enqueue, ptr=81F84148, count=0
-Traceback= 0x80137488 0x801DC350 0x801DDDA8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
May 1 15:20:05.667: %SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=81F84148, count=0
-Traceback= 0x80137488 0x801D8830 0x801DDFD8 0x801E6860 0x807103F4 0x807F99F8 0x801E698C 0x8043FB10 0x8043FDC8 0x80D23CD0 0x80D24304 0x80D24400 0x8027B3C4 0x8027E9E0
After searching thru the internet, I've found :
CSCsb46264
Symptoms: When a dialer interface is configured as an endpoint for a IPSec+GRE tunnel, tracebacks with bad refcount may be generated.
Conditions: This symptom is observed on a Cisco 837 when router-generated packets such as routing updates are being switched.
Is that possible that the root of the problem was that ? Thank you.

Client side connection problems with Oracle

Hello,
I'm using JUnit to test my code and am having client connection problems.
Weblogic server 6.1sp2, oracle 8.1.7, win 2000
I create an oracle user on the fly (with a dynamic name) and then need to connect
so I'm getting a direct connection, rather than using a connection pool.
it works fine when run through the container, but when run through JUnit I get the
following error:
java.sql.SQLException: The pool driver only works within the WebLogic server, it
cannot be called directly in a client. Use the t3 driver.
So i changed the code to:
driver = (Driver)Class.
forName("weblogic.jdbc.t3.Driver").newInstance();
from:
driver = (Driver)Class.
forName("weblogic.jdbc.oci.Driver").newInstance();
and now i get this error:
java.sql.SQLException: No suitable driver
Any ideas??
Thanks!
Sara

Hi Sara,
You may want to look at Cactus framework. This is a JUnit extension
for serverside tests. You won't need to care about server/client
configuration:
http://jakarta.apache.org/cactus/index.html
Regards,
Slava Imeshev
"Sara Chieco" <[email protected]> wrote in message
news:3cf7b9ad$[email protected]..
>
Hi Sree,
Actually, I also have a connection pool, so I am getting connections tothe database
both using the pool (for the static user) and directly for the dynamicusers.
>
Here's the code in the config.xml:
<JDBCConnectionPool CapacityIncrement="2"
DriverName="weblogic.jdbc.oci.Driver" InitialCapacity="6"LoginDelaySeconds="1" MaxCapacity="60"
Name="pics"
Properties="weblogic.oci.cacheRows=500;user=**;password=**;defaultRowPrefetc
h=500;server=nmctest"
RefreshMinutes="10" ShrinkPeriodMinutes="15"
ShrinkingEnabled="true" Targets="nmc2Server"
TestTableName="dual" URL="jdbc:weblogic:oracle"/>
<JDBCTxDataSource EnableTwoPhaseCommit="false"
JNDIName="weblogic.jdbc.jts.pics" Name="pics" PoolName="pics"Targets="nmc2Server"/>
>
And if I change the above DriverName to weblogic.jdbc.pool.Driver the poolno longer
works, and the direct connection (attempted with weblogic.jdbc.oci.Driver)does not
work either.
Thanks for your help!
Sara

7925 Phones voice quality issues with wlc 5508 version 7.6

Hi all,
I have a mix environment with 1 WLC 5508 and more or less 6 sites with several Access Points ( all AIR-LAP1242AG and all in FlexConnect mode Hreap ) and several wireless phones (all CP7925G) . My Ap's have antennas 2.4GHz in all sites except 1 site ( the one i'm talking for now) with 2.4GHz and 5GHz , because of the problems we suggest to have all phone in A BAND (5Ghz) . In this site we force the phones just to A (802.11a only) , power safe NONE , Continuous scan mode , i fallow all in http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf , one thing i didn’t do it was apply QoS because I can’t apply several ios commands in that 2960 with lan lite ios.
So I have 3 SSID for data and 2 for VOICE ( one is common to all environment and supports 2.4 and 5Ghz , and other just to test one site , with only 5Ghz with “[WPA2][Auth(802.1X + CCKM)][Auth(FT 802.1X)]”, because I read that problem can be phone rooming , and in FlexConnect only have fast-roaming in a CCKM or a PKM key-management solution , but even like this the problem still exist) .
I have another sites with phones in 2.4GHz running well and others with problems.
i read here in forums lots and lots of people with similar problems , i tried several solutions ( WLC upgrades versions and phones firmware's , …. ) tried all my best of solving the problems mas now I’m running without any ideas , i did also some site surveys and detect some interferers that why I change phones to 5Ghz , and I run also WLC Config analyser to help me , but all without good success. Some changes solve temporarily problems , but after some time , people reclaim about problems.
I can open a TAC case but first I want be sure if did all already.
Can someone try to help me?
ip phone 7925G firmware : CP7925G-1.4.5SR1.3
CUCM 8.6.2
WLC    5508 : 7.6.120.0
AP : AIR-LAP1242AG-E-K9    7.6.120.0       (flexconnect)
Best Regards

Hi Serge,
Thanks for the suggestions. I have taken care of all the settings. Problem is , the user is seated in his office cabin and using the 7925 and there is around 50db signal strength in his room from an AP which is just outside the cabin. And this doesnt occur often, when we go to check and make calls, everything is fine whereas the user says it happens sometimes in the morning, evening etc... randomly... where the fone goes blank while in a call.... since the problem never happens when we go to troubleshoot the issue, we really dont know what is going on. This is happening when calling PSTN.
AP's are not restarting and there is no logs indicating that. Wireless infrastructure looks very much OK cos there are other users who are not experiencing this problem and there is ample coverage all over the floor. I am baffled why only one user has this problem even when he is seated in his office cabin.
Tried changing phones also, but still remains.
Question : i tried to do a linktest from WLC to his phone, but it failed, while linktest to laptops are working fine. Does wlc linktest not working for wireless phones ?
regards
Joe

Cisco CAP 3702I not registered with WLC 5508.

I Have WLC 5508 in my network. Now i need to add another 2 no of cisco CAP 3702I in to my network. But we got the following errors
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 10.56.200.201
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:06.359: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 01:27:25.359: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 10.56.200.201
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'WLC'runn
ing version 7.3.101.0 is rejected.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 01:27:25.363: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process m
essage type 2 state 2.

Your WLC seems to be running version 7.3 which is not supported with 37xx AP platform.
You need to run WLC with version 7.6.100.0 onwards to support these new AP's.
For more details check the Wireless Software Compatibility Matrix.
-Thanks
Vinod
**Encourage Contributors. RATE Them.**

SFP Error with WLC 5508

all,
I'm facing a problem to upgrade my WLC 5508 from 6.0.199.4 to 7.0.98.218
On my WLC, I have a bad src error message about the SFP.
With the version 6, I have the "warning" but the port is UP and Running
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Forw Enable Auto       1000 Full Up     Enable N/A     SFP Error
on version 7.0.98.218, the port never comes UP:
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Disa Enable Auto       Auto       Down   Enable N/A     SFP Error
I see a bug about CSCta32912, but normally, it is solved in version 7.
How to solve this issue?
Thanks.
           STP   Admin   Physical   Physical   Link   Link
Pr Type   Stat   Mode     Mode      Status   Status Trap     POE    SFPType
1 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
2 Normal Disa Enable Auto       Auto       Down   Enable N/A     Not Present
3 Normal Forw Enable Auto       1000 Full Up     Enable N/A     SFP Error

Are you using a Cisco SFP or a third party one?
Sent from Cisco Technical Support iPad App

AP 1310 with WLC 5508

Hi,
I have upgraded my WLC 5508 from 7.0 to 7.4 and the AP 1310 no longer can associate to WLC.
Seems that the AP doesn't work with WLC ver 7.4
Except changing these APs to autonomous mode, any other alternatives?
Besides, if we change them to autonomous mode, can Prime Infrastructure manage/monitor these APs?
thanks.

The 1310 last support is on v7.0.x of the WLC. See the matrix below.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Prime Infrastructure can monitor the Autonomous access point but will not do anything else than monitor. Config changes is done via the bridge/AP itself.
Sent from Cisco Technical Support iPhone App

"get connected" problem with 6233

ive tried bluetooth and an accepted cable
they both connect to the phone fine and i can transfer files with theblue soleil
i have all latest file versions
BUT when i go through the "get connected" process so i can use my phone with PC suite it doesnt let me click next in the "authenticate phone" stage after all connections have been made and work
i have tried for a week and nothing seems to make a difference
any ideas?Message Edited by pauld on 28-Dec-2006
03:22 PM

See my message from here (and try it)
/discussions/board/message?board.id=connectivity&message.id=3431&page=1
if that did not help, could you send PC Suite's system info?
(You find it from PC Suite > Help > About Nokia PC Suite > System Info... ) select all, Ctrl + C and paste that you response.

Wireless voice quality issues with wlc 5508 7.0.98

Hi,
I am having random occurances of voice drops (one-way audio) during phone calls. WLC 5508 (7.0.98) , LAP1242AG (only G antenna present), and 7925G phones. coverage is excellent throughout the floor and its a confined office space. Its not happening always. I am seeing these logs , not sure if it is related. :
*apfReceiveTask: Feb 10 11:31:53.831: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
*apfReceiveTask: Feb 10 11:31:33.356: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:290 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg
I have set DCA list to1,6 and 11. I tried disabling RRM and statically fixing the channels and power also. Still the issue is seen,
7925G firmware is 1.4.1
i tried to do linktest from the WLC to the phone, but link test is failed. linktest to a laptop works though. I have only mac filtering for the voice ssid.
any suggestions pls ?
regards
Joe

Hi Serge,
Thanks for the suggestions. I have taken care of all the settings. Problem is , the user is seated in his office cabin and using the 7925 and there is around 50db signal strength in his room from an AP which is just outside the cabin. And this doesnt occur often, when we go to check and make calls, everything is fine whereas the user says it happens sometimes in the morning, evening etc... randomly... where the fone goes blank while in a call.... since the problem never happens when we go to troubleshoot the issue, we really dont know what is going on. This is happening when calling PSTN.
AP's are not restarting and there is no logs indicating that. Wireless infrastructure looks very much OK cos there are other users who are not experiencing this problem and there is ample coverage all over the floor. I am baffled why only one user has this problem even when he is seated in his office cabin.
Tried changing phones also, but still remains.
Question : i tried to do a linktest from WLC to his phone, but it failed, while linktest to laptops are working fine. Does wlc linktest not working for wireless phones ?
regards
Joe

Win 2008 R2 radius integration with WLC 5508

Requires help in integrating Win 2008 R2 Radius server with WLC 5508

Step by Step instructions - NPS & Wireless LAN Controller
PEAP Authentication - http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html
EAP-TLS
https://kb.meraki.com/knowledge_base/radius-creating-a-policy-in-nps-to-support-eap-tls-authentication
hope that helps, Please let me know if you have any other questions in regards to setting up your NPS server
Please rate that post if it answers your question or helps you to resolve the problem.

Problem Joining AIR-CAP1602I-C-K9 with WLC 5508

Hi,
I am having trouble to get AIR CAP1602I-C-K9 attached to a 5508 WLC running code 7.4.110.0
Here is what I got from the AP logs:
====================================================================================================
Extracting files...
ap1g2-k9w8-mx.152-2.JB2/ (directory) 0 (bytes)
extracting ap1g2-k9w8-mx.152-2.JB2/K5.bin (75790 bytes)!!!!
*Dec 6 15:09:23.011: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Dec 6 15:09:23.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.10.100 peer_port: 5246
*Dec 6 15:09:23.535: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.10.100
*Dec 6 15:09:23.535: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 6 15:09:23.535: %CAPWAP-3-ERRORLOG: CAPWAP!
extracting ap1g2-k9w8-mx.152-2.JB2/ap1g2-k9w8-mx.152-2.JB2 (9202946 bytes)!!!!!!!!! SM handler: Failed to process message type 10 state 5.
*Dec 6 15:09:23.535: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 6 15:09:23.535: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.16.10.100perform archive download capwap:/ap1g2 tar file
*Dec 6 15:09:23.583: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Dec 6 15:09:23.587: Loading file /ap1g2...
*Dec 6 15:09:24.007: %LINEPROTO-5-UPDOWN:!!!!!!!!!!! Line protocol on Interface Dot11Radio0, changed state to down
*Dec 6 15:09:24.063: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up!!!!!!!!!!!
*Dec 6 15:09:25.139: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up!!!!!!!!!!
*Dec 6 15:09:26.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Premature end of tar file
ERROR: Problem extracting files from archive.
Download image failed, notify controller!!! From:7.4.1.37 to 7.4.110.0, FailureCode:3
archive download: takes 63 seconds
*Dec 6 15:10:26.851: capwap_image_proc: problem extracting tar file
====================================================================================
after that the AP reboots and do same process over and over again,
Please help..
Many Thanks,
Barth

Here is the info about AP and WLC:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... WLC1-AP
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 172.16.10.100
Last Reset....................................... Power on reset
System Up Time................................... 0 days 4 hrs 12 mins 28 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +44 C
External Temperature............................. +28 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ F8:72:EA:EF:2E:A0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, Power Off, Fan On
Maximum number of APs supported.................. 100
AP4403.a7fd.f040#sh ver
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:45 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
AP4403.a7fd.f040 uptime is 4 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.152-2.JB/ap1g2-k9w8-mx.152-2.JB"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-C-K9    (PowerPC) processor (revision B0) with 98294K/32768K bytes of memory.
Processor board ID FGL1711ZJNW
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.1.37
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:03:A7:FD:F0:40
Part Number                          : 73-14671-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC16517DZ1
Top Assembly Part Number             : 800-38552-01
Top Assembly Serial Number           : FGL1711ZJNW
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602I-C-K9
Configuration register is 0xF
AP4403.a7fd.f040#sh inventory
NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP1602I-C-K9 , VID: V01, SN: FGL1711ZJNW

3502i keeps losing communication with WLC 5508

Hello all,
This problem only seems to affect one of our sites. Every once in a while, several APs would lose link to the 5508 and get stranded. The only way to fix the issue is either to power cycle, or better yet SSH into the APs and use the command "capwap ap controller ip address x.x.x.x", and then they'd automatically rejoin the controller. At first, I thought network hiccups caused the APs to lose connectivity, but there's none that I could find. I have the primary/secondary controller IPs configured in them as well. See log below:
[previous log entries show AP working as intended, then...]
*Jan 18 05:29:29.632: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_ECHO_REQUEST
., 1)
*Jan 18 05:29:29.632: %LWAPP-3-CLIENTEVENTLOG: Switching to Standalone mode
*Jan 18 05:29:29.645: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 18 05:29:29.645: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to [ommitted due to security reason]:5246
*Jan 18 05:29:29.704: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 0 down
*Jan 18 05:29:32.797: %CLEANAIR-6-STATE: Slot 1 down
*Jan 18 05:32:35.214: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:32:38.278: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:32:38.278: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:32:38.379: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
*Jan 18 05:32:38.379: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:32:46.215: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jan 18 05:35:41.753: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:35:44.817: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:35:44.817: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:35:44.898: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
*Jan 18 05:35:44.898: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:35:52.753: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Jan 18 05:38:48.260: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Jan 18 05:38:51.324: %LWAPP-3-LWAPP_INTERFACE_GOT_IP_ADDRESS: Interface BVI1 obtained IP from DHCP...
*Jan 18 05:38:51.324: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Jan 18 05:38:51.405: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.100.1.20, mask 255.255.255.0, hostname AP020
[These log messages keep looping endlessly]
These APs discover the controller by using DHCP + DNS. Any suggestion will be greatly appreciated!
Thanks,
Wil

I have only had this issue a few times but what I end up doing is factory default the AP. I also end up uploading the rcv image and deleting the other images in flash. I do some beta testing so it could be that the images get corrupt, but that has been my fix. The AP joins and then downloads the firmware from the WLC again. It might not be what you want to do, but maybe if its an issue with a particular AP you can test it out.
Sent from Cisco Technical Support iPhone App

Client get connected occationally with WLC 5508

Similar Messages

Maybe you are looking for