Converted 1140 AP can't join the WLC 5508
Hello! Please, help me to sort my problem out.
We have bought autonomous APs AIR-AP1141N-E-K9 and converted them to the lightweight mode, but they cannot join the WLC 5508. The errors are below. There were NO problems with the LAPs that were bought before, together with the WLC.
AP's IP: 172.22.90.27 IOS version 12.4
WLC's IP: 172.22.90.20 IOS version 6.0.188.0
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
logs from the AP:
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
*Oct 13 21:37:06.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 13 21:37:06.045: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 13 21:37:06.046: bsnInitRcbSlot: slot 1 has NO radio
*Oct 13 21:37:06.056: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to a
dministratively down
*Oct 13 21:37:06.066: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
eset
*Oct 13 21:37:06.098: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Oct 13 21:37:15.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
ER
*Oct 13 21:37:24.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Oct 13 21:37:34.060: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 13 21:38:34.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
*Oct 13 21:38:34.823: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
ol Message from 172.22.90.20
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Oct 13 21:38:39.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.22.90.20
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Contr
ol Message from 172.22.90.20
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Failed to handle capwap control messag
e from controller
*Oct 13 21:38:39.824: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap p
acket from 172.22.90.20
*Oct 13 21:39:33.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
72.22.90.20:5246
*Oct 13 21:39:34.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 172.22.90.20 peer_port: 5246
*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Oct 13 21:38:34.001: %DTLS-5-PEER_DISCONNECT: Peer 172.22.90.20 has closed conn
ection.
*Oct 13 21:38:34.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 1
72.22.90.20:5246
*Oct 13 21:38:34.001: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination
*Oct 13 21:38:34.125: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established.
logs from the WLC:
debug capwap events enable
*Dec 21 15:02:06.244: 68:bc:0c:63:3d:a0 DTLS keys for Control Plane deleted successfully for AP 172.22.90.27
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 DTLS connection closed event receivedserver (172:22:90:20/5246) client (172:22:90:27/21077)
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Entry exists for AP (172:22:90:27/21077)
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
*Dec 21 15:02:06.246: 68:bc:0c:63:3d:a0 Deregister LWAPP event for AP 68:bc:0c:63:3d:a0 slot 1
Ble
*Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 capwap_ac_platform.c:1223 - Operation State 0 ===> 4
*Dec 21 15:04:03.194: 68:bc:0c:63:3d:a0 Register LWAPP event for AP 68:bc:0c:63:3d:a0 slot 0
*Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join Version: = 100711424
*Dec 21 15:05:36.253: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Maximum Msg element len = 93
debug capwap errors enable
*Dec 21 16:16:51.879: 68:bc:0c:63:3d:a0 DTLS connection was closed
*Dec 21 16:17:09.940: 68:bc:0c:63:3d:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 12, joined Aps =5
debug capwap detail enable
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21078
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 packet received of length 281 from 172.22.90.27:21078
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Msg Type = 3 Capwap state = 5
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: Result Code message element len = 8
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 1. 47 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 2. 232 3
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 3. 6 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 4. 12 0
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Descriptor message element len = 48
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 acName = Wi-Fi_Controller
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: AC Name message element len = 68
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: WTP Radio Information message element len = 77
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Join resp: CAPWAP Control IPV4 Address len = 87
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Sending encrypted packet to AP 172:22:90:27 (21078)
*Dec 21 16:21:49.961: 68:bc:0c:63:3d:a0 Releasing WTP
*Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 CAPWAP Control Msg Received from 172.22.90.27:21077
*Dec 21 16:24:12.212: 68:bc:0c:63:3d:a0 DTLS connection 0x167c8b20 closed by controller
*Dec 21 16:24:12.212: DTL Deleting AP 9 - 0.0.0.0
*Dec 21 16:24:12.214: CAPWAP DTLS connection closed msg
*Dec 21 16:24:12.216: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.216: Received SPAM_MFP_RADIO_DOWN message
*Dec 21 16:24:12.218: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.220: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.222: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.224: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.226: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(0)
*Dec 21 16:24:12.228: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.228: Received SPAM_MFP_RADIO_DOWN message
*Dec 21 16:24:12.230: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.232: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.234: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.236: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:63:3d:a0(1)
*Dec 21 16:24:12.238: 68:bc:0c:63:3d:a0 Deleting and removing AP 68:bc:0c:63:3d:a0 from fast path
P.S. The time is set to the WLC with the NTP
P.P.S. Don't lookup at the time the logs were made - they were made not during the same day/time
I have solved this as soon as published my problem!!!
the answer is published here:
https://supportforums.cisco.com/thread/2004491
especially in the post of Matthew Fowler
Hi,
Please take a look at CSCte01087.
I see that your WLC is 10.0.13.5 and your AP is 10.0.13.28/24 so they are on the same subnet. I also see your AP MAC address does not begin with 00. This is why I believe it is relevant.
Please try the workaround or open a TAC case if you need a fix.
-Matt
Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.
%CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
%CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
Conditions:
At least one of the following conditions pertains:
- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface
- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
Workaround:
If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.
In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:
-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00
-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.
For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
Another workaround is to downgrade to 6.0.182.0. However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.
different vlan!!!! yes! thank you Matthew Fowler sooooo much!!!!
Similar Messages
-
APs (LAP1142N) are disconnecting after joining the WLC (5508)
Hi,
We are having a problem at the school I'm working at. There are 133 APs located across campus.
They have been running for 3.5 years without any trouble.
Recently we have been having issues with APs disconnecting at random.
It started last week with just a couple. We got them running again, but later the same day new ones had disconnected.
This has continued with more APs and it looks like it happens at random and it is never the same one that disconnects.
We have a centralized support-unit that helps us with stuff like this, but they haven't come up with a solution, so I was hoping someone here had seen this behavior before.
Today at 7AM all the APs were running, but at the time of this post 6 of them have disconnected.
AP (130 of them):
Product ID: AIR-LAP1142N-E-K9
Version ID: V01
Software Version: 7.4.100.0
Boot version: 12.4.18.3
IOS: 15.2(2)JB$
Country Code: Norway (NO)
Regulatory domains: 802.11bg:-E 802.11a:-E
Controller:
Cisco 5508 Wireless Controller
Firmware: 7.4.100.0
Recovery version: 6.0.182.0
Temp is running at 35C
Memory at a stable 50%
Cores 0%/2%, 4%/2%, 3%/2%, 4%/1%, 3%/3%, 5%/2%, 0%/1%, 0%/1%, 0%/1%, 0%/1%
Only using 4 of the ports on the controller 1-4
Some of the error-messages I have located on the different APs that have disconnected:
Layer 3 discovery request not received on management VLAN
Lwapp discovery request rejected
Just give me a shout if any other information is needed.
- HilleYou may be facing this bug CSCud97983
https://tools.cisco.com/bugsearch/bug/CSCud97983
Here are some more information about bugs we experienced with this 7.4 code
http://mrncciew.com/2013/02/10/day-0-with-wlc-7-4-code/
7.4MR2 (7.4.111.x) is available (pre-release image) if you want latest bug fixed image. This is specially if you are using wireless guest service & having apple iOS 7 devices.
https://supportforums.cisco.com/docs/DOC-37334
HTH
Rasika
**** Pls rate all useful responses **** -
Hello Guys,
I have converted ap 1131 from autonomous to lwapp successfully by using upgrade utility tool but the AP does not join the WLC 2106. I can see it as a neighbor on the switch with no IP address. please help me.
Thank youHello Scott,
Thank you for the reply
Please find the attached file for the config, i found out that i have not updated the time on WLC but i did update the time on WLC and tested for other AP and this one too wont join the WLC. The ap are located remote.
atsg-wl1#show run | incl hostname
hostname atsg-wl1
atsg-wl1#test pb display
Display of the Parameter Block
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1
atsg-wl1#term length 0
atsg-wl1#show version | include Cisco IOS
Cisco IOS Software, C1130 Software (C1130-K9W7-M), Version 12.3(7)JA3, RELEASE SOFTWARE (fc1)
atsg-wl1#show controller | include Radio AIR
Radio AIR-AP1131G, Base Address 0019.0737.02f0, BBlock version 0.00, Software version 5.80.15
Radio AIR-AP1131A, Base Address 0019.073b.02d0, BBlock version 0.00, Software version 5.80.15
atsg-wl1#show controllers d0 | include Current
Current Frequency: 2447 MHz Channel 8
Current CCK Power: 14 dBm
Current OFDM Power: 14 dBm
Current Rates: basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
atsg-wl1#show controllers d1 | include Current
Current Frequency: 5805 MHz Channel 161
Current Power: 17 dBm
Current Rates: basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
atsg-wl1#show run | include station-role
station-role root
station-role root
atsg-wl1#test pb disp
Display of the Parameter Block
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1
atsg-wl1#show int F0 | include address
Hardware is PowerPCElvis Ethernet, address is 0019.555f.ccfa (bia 0019.555f.ccfa)
atsg-wl1#show int | include Dot11Radio
Dot11Radio0 is up, line protocol is up
Dot11Radio1 is up, line protocol is up
atsg-wl1#show sntp | exclude SNTP
10.148.0.1 16 1 never
172.16.21.57 16 1 never
Broadcast client mode is enabled.
atsg-wl1#show run
Building configuration...
Current configuration : 6025 bytes
! Last configuration change at 19:35:46 UTC Thu Jan 31 2013 by didata
! NVRAM config last updated at 19:13:48 UTC Fri Feb 1 2013 by didata
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
hostname atsg-wl1
logging buffered informational
logging console informational
enable secret 5
ip subnet-zero
ip domain name aspentech.com
ip name-server 10.96.16.230
ip name-server 10.148.0.249
ip name-server 10.32.19.1
aaa new-model
aaa group server radius rad_eap
server 10.16.16.123 auth-port 1645 acct-port 1646
aaa authentication login default group tacacs+ local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
no dot11 igmp snooping-helper
dot11 ssid
authentication open eap eap_methods
authentication network-eap eap_methods
guest-mode
infrastructure-ssid optional
dot11 network-map
power inline negotiation prestandard source
usernamepassword 7
username privilege 15 password 7
usernamep rivilege 15 password 7
class-map match-all _class_Protocol_301_C351
match access-group name Voice_Over_IP_301
class-map match-all _class_8
match ip dscp cs1
class-map match-all _class_0
match ip dscp default
class-map match-all _class_48
match ip dscp cs6
class-map match-all _class_18
match ip dscp af21
class-map match-all _class_24
match ip dscp cs3
class-map match-all _class_16
match ip dscp cs2
class-map match-all _class_34
match ip dscp af41
class-map match-all _class_26
match ip dscp af31
class-map match-all _class_40
match ip dscp cs5
class-map match-all _class_46
match ip dscp ef
class-map match-all _class_56
match ip dscp cs7
class-map match-all _class_10
match ip dscp af11
class-map match-all _class_32
match ip dscp cs4
policy-map _policy_Voice_Over_IP_202
class _class_Protocol_301_C351
set cos 6
policy-map _policy_fallback_policy
class _class_0
set cos 0
class _class_8
set cos 1
class _class_10
set cos 1
class _class_16
set cos 2
class _class_18
set cos 2
class _class_24
set cos 3
class _class_26
set cos 3
class _class_32
set cos 4
class _class_34
set cos 4
class _class_40
set cos 5
class _class_46
set cos 5
class _class_48
set cos 6
class _class_56
set cos 7
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
shutdown
encryption mode wep mandatory mic key-hash
broadcast-key change 900
ssid
traffic-class background cw-min 5 cw-max 8 fixed-slot 2
traffic-class best-effort cw-min 5 cw-max 8 fixed-slot 6
traffic-class video cw-min 4 cw-max 6 fixed-slot 1
traffic-class voice cw-min 3 cw-max 7 fixed-slot 1
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 32
fragment-threshold 2338
station-role root
rts threshold 2339
rts retries 32
world-mode legacy
no cdp enable
infrastructure-client
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode wep mandatory mic key-hash
broadcast-key change 900
ssid aspen100abcdefgh
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
world-mode legacy
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.148.0.7 255.255.255.0
no ip route-cache
ip default-gateway 10.148.0.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip tacacs source-interface BVI1
ip radius source-interface BVI1
ip access-list extended Voice_Over_IP_300
permit 119 any any
permit ip any any
ip access-list extended Voice_Over_IP_301
permit 119 any any
permit ip any any
logging facility local0
snmp-server view iso_view iso included
snmp-server community admin view iso_view RW
snmp-server community all4114all view iso_view RW
snmp-server community ddbos2000 RO
snmp-server location ATSG
snmp-server contact James Lee
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server host 192.135.137.12 ddbos2000
tacacs-server host 10.16.16.123 key 7
tacacs-server host 10.96.16.245 key 7
tacacs-server directed-request
radius-server host 10.16.16.123 auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7
radius-server deadtime 120
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 0 0
transport preferred all
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
transport preferred all
transport input all
transport output all
end
atsg-wl1#show run | incl hostname
hostname atsg-wl1
atsg-wl1#arch down /over /create-space tftp://10.148.0.118/images/c1130-rcvk $over /create-space tftp://10.148.0.118/images/c1130-rcvk9 w8-tar.12 te-space tftp://10.148.0.118/images/c1130-rcvk9w8-tar.123 -11.JX1.t ftp://10.148.0.118/images/c1130-rcvk9w8-tar.123-11.JX1.ta r
examining image...
Loading images/c1130-rcvk9w8-tar.123-11.JX1.tar from 10.148.0.118 (via BVI1): !
extracting info (273 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 1873920 bytes]
Image info:
Version Suffix: rcvk9w8-
Image Name: c1130-rcvk9w8-mx
Version Directory: c1130-rcvk9w8-mx
Ios Image Size: 1874432
Total Image Size: 1874432
Image Feature: WIRELESS LAN|LWAPP|RECOVERY
Image Family: C1130
Wireless Switch Management Version: 3.0.51.0
Extracting files...
Loading images/c1130-rcvk9w8-tar.123-11.JX1.tar from 10.148.0.118 (via BVI1): !
extracting info (273 bytes)
c1130-rcvk9w8-mx/ (directory) 0 (bytes)
extracting c1130-rcvk9w8-mx/c1130-rcvk9w8-mx (1867816 bytes)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
extracting c1130-rcvk9w8-mx/info (273 bytes)
extracting info.ver (273 bytes)!
[OK - 1873920 bytes]
Deleting current version...
Deleting flash:/c1130-k9w7-mx.123-7.JA3...done.
New software image installed in flash:/c1130-rcvk9w8-mx
Configuring system to use new image...done.
atsg-wl1#show archive status
SUCCESS: Upgrade complete.
atsg-wl1#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
atsg-wl1#dir flash:
Directory of flash:/
2 -rwx 2072 Jan 31 2013 19:36:18 +00:00 private-multiple-fs
149 drwx 128 Jan 31 2013 19:36:11 +00:00 c1130-rcvk9w8-mx
4 -rwx 342 Jan 31 2013 19:36:14 +00:00 env_vars
15998976 bytes total (14126080 bytes free)
atsg-wl1#dir nvram:
Directory of nvram:/
30 -rw- 0 startup-config
31 ---- 0 private-config
1 -rw- 0 ifIndex-table
2 ---- 12 persistent-data
32768 bytes total (30668 bytes free)
atsg-wl1#sh crypto ca trustpoints
atsg-wl1#sh crypto ca certificates
atsg-wl1#terminal length 0
atsg-wl1#show run | begin BVI1
interface BVI1
ip address 10.148.0.7 255.255.255.0
no ip route-cache
ip default-gateway 10.148.0.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip tacacs source-interface BVI1
ip radius source-interface BVI1
ip access-list extended Voice_Over_IP_300
permit 119 any any
permit ip any any
ip access-list extended Voice_Over_IP_301
permit 119 any any
permit ip any any
logging facility local0
snmp-server view iso_view iso included
snmp-server community admin view iso_view RW
snmp-server community all4114all view iso_view RW
snmp-server community ddbos2000 RO
snmp-server location ATSG
snmp-server contact James Lee
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server host 192.135.137.12 ddbos2000
tacacs-server host 10.16.16.123 key 7
tacacs-server host 10.96.16.245 key 7
tacacs-server directed-request
radius-server host 10.16.16.123 auth-port 1645 acct-port 1646 timeout 5 retransmit 3 key 7
radius-server deadtime 120
radius-server vsa send accounting
radius-server vsa send authentication
control-plane
bridge 1 route ip
line con 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
exec-timeout 0 0
transport preferred all
transport input all
transport output all
line vty 5 15
exec-timeout 0 0
transport preferred all
transport input all
transport output all
end -
Hi,
I have two WLC 8500 working in SSO and with nat enable feature configure in management interface.
SSO is working, but i have to configure NAT before SSO becasuse when SSO is up, ip address and nat are greyed out in managemente interface.
Some AP's must join the controller in the private address of the management interface and others AP must join in the public ip address configured in NAT address.
for some reason, there are a lot of AP's that can't join the controller, i have 3 ap's joined in the public ip address and 3 ap's joined in the private ip address
config network ap-discovery nat-only disable is already configured, from the console of one AP that can't not join i see the following:
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:32:48.115: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 212.89.5.130 peer_port: 5246
*Sep 10 12:36:17.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
*Sep 10 12:36:47.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 212.89.5.130:5246
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Selected MWAR 'GI12WLC001A'(index 0).
*Sep 10 12:36:47.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 10 12:35:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.35.0.78 peer_port: 5246
the AP is trying both private and public ip address to join the WLC but can't join properly.
From the WLC console:
debug capwap errors enable:
*spamApTask4: Sep 10 13:13:49.837: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.13:47807)since DTLS session is not established
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: 1c:6a:7a:5b:e0:30 ApModel: AIR-CAP3702I-E-K9
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask3: Sep 10 13:13:49.958: Unknown AP type. Using Controller Version!!!
*spamApTask2: Sep 10 13:13:52.103: 00:10:db:ff:50:06 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 10.35.1.11:21207)since DTLS session is not established
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: 1c:6a:7a:5e:0f:10 ApModel: AIR-CAP3702I-E-K9
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
*spamApTask1: Sep 10 13:13:52.224: Unknown AP type. Using Controller Version!!!
the AP model are the same, this is not the problem, but for some reason there are AP's that have problems with the NAT configuration, if i disable NAT option, every AP with private ip address config can join the WLC.
I've tried to break SSO, desconfigure NAT, and private ip address AP join the controller without problem.
anybody can give me a clue?
Regards!it seens like DTLS connection can't be stablished between AP and WLC.
The AP sends discovery request
the WLC respond with two discovery responds, the firts one, contains the public ip address of the WLC and the second one contains the private ip address.
once discovery proccess is complete, the AP tries to send DTLS hello packet to the WLC, but this packet never arrives to WLC.
because hello doesn't arrive, the AP sends a close notify alert to the WLC and tries to send the DTLS hello packet to the WLC private address with same result.
the AP get into a loop trying to send DTLS hello packets to both private and public address.
DTLS hello packet never arrive, but close notify alert arrive to WLC.
theres is FW in the middle doing NAT, but i can understand why close notify alert packets error arrives WLC and Hello DTLS packets don't. this packets uses the same protocol UDP and the same port.
Regards -
WLC software 7.2.103.0
1. first problem: AP1252 can´t join on WLC. MAC was add on mac filter properly.
170
Mon Apr 9 15:37:32 2012
Mesh Node '2c:3f:38:be:53:ef' failed to join controller, MAC address not in MAC filter list.
171
Mon Apr 9 15:37:32 2012
AAA Authentication Failure for UserName:2c3f38be53e0 User Type: WLAN USER
172
Mon Apr 9 15:37:32 2012
Coverage hole pre alarm for client[1] 40:a6:d9:ef:87:68 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 46 7 5 4 2 1 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
173
Mon Apr 9 15:37:32 2012
Coverage hole pre alarm for client[1] 8c:7b:9d:05:a0:67 on 802.11b/g interface of AP 2c:3f:38:bf:0c:80 (AP2c3f.38bf.0c80). Hist: 50 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
174
Mon Apr 9 15:37:30 2012
Interference Profile Failed for Base Radio MAC: 2c:3f:38:bf:1e:40 and slotNo: 0
175
Mon Apr 9 15:37:28 2012
Mesh child node 'd4:d7:48:6d:48:2f' has changed its parent to mesh node '2c:3f:38:bf:ef:60' from mesh node 'd4:d7:48:6c:7d:80'.
176
Mon Apr 9 15:37:28 2012
Mesh Node '2c:3f:38:bf:1d:2f' failed to join controller, MAC address not in MAC filter list.
177
Mon Apr 9 15:37:28 2012
AAA Authentication Failure for UserName:2c3f38bf1d20 User Type: WLAN USER
178
Mon Apr 9 15:37:28 2012
Mesh child node '2c:3f:38:bf:1d:2f' has changed its parent to mesh node 'd4:d7:48:6c:70:e0' from mesh node '2c:3f:38:be:55:00'.
179
Mon Apr 9 15:37:28 2012
Interference Profile Updated to Pass for Base Radio MAC: 2c:3f:38:bf:4b:20 and slotNo: 0
180
Mon Apr 9 15:37:27 2012
Interference Profile Failed for Base Radio MAC: d4:d7:48:6c:81:60 and slotNo: 0
Several APs can´t join on WLC and all are added on MAC filter, but they are showing this messages.
2 . Second problem.: Operational Status = UNKNOWN
Some Access Point are in UNKNOWN status. I tried but I can´t do the reboot.
I can access Web config the APs using WLC, but when I applied the reset, it wasn´t working properly.Murlio:
Is the AP model 1522 or 1252? I think you mean outdoor AP 1522 (which needs a mac filter). right?
please double check the mac filter you added. Try to delete then add it again if necessary.
it is obvious that it is a mac filter problem. be sure that you add the correct mac address and it is written correctly with the correct format and the mac filter created for "any WLAN" and the interface Name is "management".
Hope this will solve the issue.
Amjad -
I have Photoshop CS5 and a Nikon D 810 camera. I have downloaded Camera Raw 8.8 & DNG converter. I can neither open the raw files (.nef), nor process them with the DNG converter. What is going wrong? Thanks!
This is the last paragraph from my very first response to you, post #1 in this thread:
…Additionally, you need to install the DNG Converter, not just "download" it, and you need to launch it and run it on each folder of NEFs you wish to convert to raw DNGs. [emphasis added] -
How can I join the itunes assistanse
how can I join the Itunes assistance ??
Hy !
Try here for contact the support.
http://www.apple.com/support/ipodtouch/contact/ -
Can I join the partnership without creating a new website?
I have a client who already has a business catalyst website, which I would like to edit in Dreamweaver. Can I join the partnership program somehow without having to go through the process of creating a new website which I don't need?
Also, I am unclear on how to get the dreamweaver extension.
thanks!Hi,
For DW extension it depends on what version of CS you are working under. If CS4 or CS5 you'll need to install the plugin.
- http://www.businesscatalyst.com/support/dw
If using the latest CS6 it's already integrated into DW. - http://www.businesscatalyst.com/dw/templates_video.html
As far as editing your client's site you can just have the client add you as a site admin. This will allow you to edit as required.
Kind regards,
-Sidney -
WinXP computers can't join the domain
Hi, I'm setting up my first Xserve and I'm having troubles making WinXP machines join the domain.
With OS X and Win98 clients I have no problems with the tests accounts I have created, but with with WinXP machines I get the error that they can't Join the domain becouse Access is Denied. I don't think is a configuration error on the server's services or the WinXP boxes becouse I can join the domain and access the account for diradmin OK from the WinXP boxes, so it may be an account configuration problem.
Also the accounts have network home folders, don't know if this might also cause a problem, I did try with no home assigned and still got the same error.
Any help would be appreciatedFixed the problem myself....
Creted a new account and dindn't move anything on it, nothing managed and nothing changed on the account windows tab.
Joined the domain with the diradmin account, and after the reboot used the new test user, logged in fine and home folder was mounted as a Network drive perfectly.
Hope this helps someone in the future -
Can't join the airport extreme network with my iphone~~please help
Can't join the airport extreme network with my iphone
What radio mode do you have the 802.11n AirPort Extreme Base Station (AEBSn) configured for? (ref: AirPort Utility > Select the AEBSn > Manual Setup > AirPort > Wireless > Radio Mode = ?)
-
Hi everyone! WE just got an ipod touch 8G. We do have wireless internet, but can't join the network with the ipod touch. Message comes up.."unable to join the network".....very frustrating! We have tried all trouble-shooting suggestions on the site, but nothing is working. Anyone out there got any ideas for us?? The router is a Linksys WRT120N.
Thanks for any help any one can give!!!Does the iPod connect to other neworks?
Do other devices connect to the network?
What encryption are you using?
How you tried changing the type of encruption? Changing to no encryption? -
I can not join the my home WIFI network. I have iPhone and iTouch connected as well as my windows laptop. I have trie power on rese, and network reset. What do I do next?
This is something else you can try.
Go to Settings>WiFi>Your Network Name (tap the blue arrow)>Forget this Network. Reboot your iPad, hold down on the sleep button at the top for a couple of seconds until the red slider appears, slide to shut down. Then press the sleep button again until the Apple logo appears and let go of the button and the iPad will restart. Try to join your network again. -
Trouble getting Cisco 2600 Series AP to stay joined to WLC 5508
Hi,
I have recently been tasked with upgrading our old Autonomous APs to LWAPs. We have a 5508 WLC at our Virtual Co-Lo and I am using Flexconnect to accomadate local switching and dhcp at our sites. I have upgraded over 50 APs and joined them to the controller. These include only 1130AG and 1240AG models. However they are working flawlessly and staying connected to the controller. The issue I'm having is with a new batch of 2600 series APs staying connected to the controller. I have attempted to do research into what may be causing the disconnects but have yet to find a solution. I am using DNS to resolve the CAPWAP & LWAPP queries from the APs to the controller accross our WAN. In reading other posts I thought it may be an issue with packets getting dropped but have had our Vendor who manages Sonicwalls at both ends of the WAN confirm for me there is no packet loss. Below are logs I gathered using puttty from the AP & WLC. Any help would be greatly appreciated.
AP I'm doing the testing on:
NAME: "AP2600", DESCR: "Cisco Aironet 2600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP2602I-A-K9 , VID: V01, SN: FTX1740J8V1
WLC in question:
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.112.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... wificontroller
System Location.................................. Corp
System Contact................................... Net Engineer
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.250.32.8
Last Reset....................................... Software reset
System Up Time................................... 190 days 3 hrs 34 mins 24 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
--More-- or (q)uit
Internal Temperature............................. +38 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 14
Number of Active Clients......................... 71
Burned-in MAC Address............................ C8:9C:1D:8C:52:E0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 100
Here is the output that keeps on occuring as the AP joins the WLC for a brief time and then changes to standalone mode
WT-4thFlr-AP3#
*Dec 14 15:42:04.419: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 3)
*Dec 14 15:42:11.443: %EVT-4-WRN: Write of flash:/event.capwap done
*Dec 14 15:42:11.483: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Dec 14 15:42:11.487: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Dec 14 15:42:11.487: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
*Dec 14 15:42:11.571: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
*Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 14 15:42:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:42:14.303: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:42:14.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
*Dec 14 15:42:15.127: Starting Ethernet promiscuous mode
*Dec 14 15:42:15.535: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Dec 14 15:42:15.667: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
*Dec 14 15:42:15.667: Setting AC first hop MAC: 0017.c575.a23c
*Dec 14 15:42:15.855: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller wificontroller
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.915: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.915: %LWAPP-3-CLIENTERRORLOG: Switching to Connected mode
*Dec 14 15:42:23.639: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 0 disabled
*Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 1 disabled
*Dec 14 15:45:43.783: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 11)
*Dec 14 15:45:43.787: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Dec 14 15:45:43.787: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Dec 14 15:45:43.787: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
*Dec 14 15:45:43.867: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
*Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 14 15:45:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:45:46.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:45:46.315: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
*Dec 14 15:45:46.487: Starting Ethernet promiscuous mode
*Dec 14 15:45:49.903: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Dec 14 15:45:50.031: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
*Dec 14 15:45:50.031: Setting AC first hop MAC: 0017.c575.a23c
Here are the results of debug capwap client event on the AP:
WT-4thFlr-AP3#debug capwap client event
CAPWAP Client EVENT display debugging is on
WT-4thFlr-AP3#
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:55:08.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:08 UTC Dec 14 2013
*Dec 14 15:55:25.579: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:55:25.827: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:55:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:56 UTC Dec 14 2013
*Dec 14 15:56:25.735: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:56:25.983: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:56:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:56:56 UTC Dec 14 2013
Here are the results of debug capwap client packet detail:
WT-4thFlr-AP3#
*Dec 14 15:59:01.823: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:01.823: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:01.823: Msg Type : CAPWAP_ECHO_REQUEST
*Dec 14 15:59:01.823: Msg Length : 0
*Dec 14 15:59:01.823: Msg SeqNum : 44
*Dec 14 15:59:01.823: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:01.831: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:01.831: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:01.831: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:01.831: Msg Type : CAPWAP_ECHO_RESPONSE
*Dec 14 15:59:01.831: Msg Length : 15
*Dec 14 15:59:01.831: Msg SeqNum : 44
*Dec 14 15:59:01.831:
*Dec 14 15:59:01.831: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
*Dec 14 15:59:01.831: Vendor Identifier : 0x00409600
*Dec 14 15:59:01.831:
*Dec 14 15:59:01.831:
IE : UNKNOWN IE 151
*Dec 14 15:59:01.831: IE Length : 5
*Dec 14 15:59:01.831: Decode routine not available, Printing Hex Dump
*Dec 14 15:59:01.831:
52 AC 80 46 00
*Dec 14 15:59:01.831: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:20.931: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:20.931: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:20.931: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:20.931: Msg Type : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:20.931: Msg Length : 93
*Dec 14 15:59:20.931: Msg SeqNum : 38
*Dec 14 15:59:20.931:
*Dec 14 15:59:20.931: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 89
*Dec 14 15:59:20.931: Vendor Identifier : 0x00409600
*Dec 14 15:59:20.931:
*Dec 14 15:59:20.931:
IE : RRM_NEIGHBOR_CTRL_PAYLOAD
*Dec 14 15:59:20.931: IE Length : 83
*Dec 14 15:59:20.931: Decode routine not available, Printing Hex Dump
*Dec 14 15:59:20.931:
00 0A FA 20 08 01 F4 00 07 0A FA 20 08 03 00 01
01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 01 06 0B
01 01 01
*Dec 14 15:59:20.931: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:20.931: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:20.931: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:20.931: Msg Type : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:20.931: Msg Length : 8
*Dec 14 15:59:20.931: Msg SeqNum : 38
*Dec 14 15:59:20.931:
*Dec 14 15:59:20.931: Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:20.931: Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:20.931: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:21.139: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:21.139: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:21.139: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:21.139: Msg Type : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:21.139: Msg Length : 111
*Dec 14 15:59:21.139: Msg SeqNum : 39
*Dec 14 15:59:21.139:
*Dec 14 15:59:21.139: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 107
*Dec 14 15:59:21.139: Vendor Identifier : 0x00409600
*Dec 14 15:59:21.139:
*Dec 14 15:59:21.139:
IE : RRM_NEIGHBOR_CTRL_PAYLOAD
*Dec 14 15:59:21.139: IE Length : 101
*Dec 14 15:59:21.139: Decode routine not available, Printing Hex Dump
*Dec 14 15:59:21.143:
01 0A FA 20 08 01 F4 00 07 0A FA 20 08 0C 00 01
01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 24 28 2C
30 34 38 3C 40 95 99 9D A1 01 01 01 01 01 01 01
01 01 01 01 01
*Dec 14 15:59:21.143: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:21.143: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:21.143: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:21.143: Msg Type : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:21.143: Msg Length : 8
*Dec 14 15:59:21.143: Msg SeqNum : 39
*Dec 14 15:59:21.143:
*Dec 14 15:59:21.143: Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:21.143: Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:21.143: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:25.547: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:25.547: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:25.547: Msg Type : CAPWAP_WTP_EVENT_REQUEST
*Dec 14 15:59:25.547: Msg Length : 14
*Dec 14 15:59:25.547: Msg SeqNum : 45
*Dec 14 15:59:25.547:
*Dec 14 15:59:25.547: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*Dec 14 15:59:25.547: Vendor Identifier : 0x00409600
*Dec 14 15:59:25.547:
*Dec 14 15:59:25.547:
IE : RRM_LOAD_DATA_PAYLOAD
*Dec 14 15:59:25.547: IE Length : 4
*Dec 14 15:59:25.547: slot 0 rxLoad 0 txLoad 0 ccaLoad 33
*Dec 14 15:59:25.547: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:25.555: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:25.555: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:25.555: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:25.555: Msg Type : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:25.555: Msg Length : 0
*Dec 14 15:59:25.555: Msg SeqNum : 45
*Dec 14 15:59:25.555: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:25.795: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:25.795: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:25.795: Msg Type : CAPWAP_WTP_EVENT_REQUEST
*Dec 14 15:59:25.795: Msg Length : 14
*Dec 14 15:59:25.795: Msg SeqNum : 46
*Dec 14 15:59:25.795:
*Dec 14 15:59:25.795: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*Dec 14 15:59:25.795: Vendor Identifier : 0x00409600
*Dec 14 15:59:25.795:
*Dec 14 15:59:25.795:
IE : RRM_LOAD_DATA_PAYLOAD
*Dec 14 15:59:25.795: IE Length : 4
*Dec 14 15:59:25.795: slot 1 rxLoad 0 txLoad 0 ccaLoad 0
*Dec 14 15:59:25.795: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:25.803: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:25.803: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:25.803: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:25.803: Msg Type : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:25.803: Msg Length : 0
*Dec 14 15:59:25.803: Msg SeqNum : 46
*Dec 14 15:59:25.803: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:30.375: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:30.375: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:30.375: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:30.375: Msg Type : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:30.375: Msg Length : 17
*Dec 14 15:59:30.375: Msg SeqNum : 40
*Dec 14 15:59:30.375:
*Dec 14 15:59:30.375: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 13
*Dec 14 15:59:30.375: Vendor Identifier : 0x00409600
SlotId : 0
Mobile Mac Addr : BC:52:B7:E3:17:CB
*Dec 14 15:59:30.375: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:30.375: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:30.375: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:30.375: Msg Type : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:30.379: Msg Length : 8
*Dec 14 15:59:30.379: Msg SeqNum : 40
*Dec 14 15:59:30.379:
*Dec 14 15:59:30.379: Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:30.379: Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:30.379: <<<< End of CAPWAP Packet >>>>
*Dec 14 15:59:30.387: <<<< Start of CAPWAP Packet >>>>
*Dec 14 15:59:30.387: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:30.387: HLEN 2, Radio ID 0, WBID 1
*Dec 14 15:59:30.387: Msg Type : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:30.387: Msg Length : 0
*Dec 14 15:59:30.387: Msg SeqNum : 47
*Dec 14 15:59:30.387: <<<< End of CAPWAP Packet >>>>
*Dec 14 16:00:00.387: <<<< Start of CAPWAP Packet >>>>
*Dec 14 16:00:00.387: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 16:00:00.387: Msg Type : CAPWAP_ECHO_REQUEST
*Dec 14 16:00:00.387: Msg Length : 0
*Dec 14 16:00:00.387: Msg SeqNum : 48
*Dec 14 16:00:00.387: <<<< End of CAPWAP Packet >>>>
*Dec 14 16:00:00.395: <<<< Start of CAPWAP Packet >>>>
*Dec 14 16:00:00.395: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 16:00:00.395: HLEN 2, Radio ID 0, WBID 1
*Dec 14 16:00:00.395: Msg Type : CAPWAP_ECHO_RESPONSE
*Dec 14 16:00:00.395: Msg Length : 15
*Dec 14 16:00:00.395: Msg SeqNum : 48
*Dec 14 16:00:00.395:
*Dec 14 16:00:00.395: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
*Dec 14 16:00:00.395: Vendor Identifier : 0x00409600
*Dec 14 16:00:00.395:
*Dec 14 16:00:00.395:
IE : UNKNOWN IE 151
*Dec 14 16:00:00.395: IE Length : 5
*Dec 14 16:00:00.395: Decode routine not available, Printing Hex Dump
*Dec 14 16:00:00.395:
52 AC 80 81 00
*Dec 14 16:00:00.395: <<<< End of CAPWAP Packet >>>>Under my AP Policies I only have "Accept Manufactured Installed Certificate (MIC)" checked. I attempted to add the AP based on MAC Address (c0:67:af:6f:25:70) with this certificate type but still have the same issue. I then ran the following debug on my controller and this is the output I recieve regarding that MAC. I tried to cut the output short because it get's somewhat redundant but was unsure what exactly to look for in the output. Should I be selecting a different certificate type? I am somewhat new to wireless technologies but doing my best to pick things up so if this seems trivial please forgive my ignorance.
debug pm pki enable
*sshpmLscTask: Dec 14 20:42:56.450: sshpmLscTask: LSC Task received a message 4
*spamApTask6: Dec 14 20:42:58.840: sshpmGetIssuerHandles: locking ca cert table
*spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_decode()
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=AP3G2-c067af6f2570, [email protected]
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: O=Cisco Systems, CN=Cisco Manufacturing CA
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Mac Address in subject is c0:67:af:6f:25:70
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert Name in subject is AP3G2-c067af6f2570
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: called to evaluate
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: called to get cert for CID 282aef7e
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.845: ssphmUserCertVerify: calling x509_decode()
*spamApTask6: Dec 14 20:42:58.856: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (current): 2013/12/15/01:42:58
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotBefore): 2013/08/25/13:01:22
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotAfter): 2023/08/25/13:11:22
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: getting cisco ID cert handle...
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: called to evaluate
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: called with 0x2c5f0cb8
*spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: freeing public key
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: called to get cert for CID 183fd2b6
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate -
Hello folks,
I really feel sorry for bringing up this discussion again. I wouldn't dare to ask this question if I find someone's clear cut suggestion/solution or an overview giving a detailed step-by-step procedure. People just suggest jumping through so many hoops like resetting the AP or converting it back to standalone mode and then back to LWAPP.
Hence I have so many questions and hope that we can make a good guide covering all possible problems.
1) AP was originally running a standalone image. I booted it into a so-called ROMMON or AP mode (ESC is the right key to make it boot into this mode)
I found a recovery image in its flash - c1140-rcvk9w8-mx. I made the AP boot from it by using "set" command and I see that it start booting using this recovery image. Here goes the question. Do all AP settings matter ? E.g. when I run "set" command from AP I see the following:
ap: set
?=
DEFAULT_ROUTER=10.0.0.1
Default_router=10.9.99.1
ENABLE_BREAK=yes
IP_ADDR=10.0.0.1
IP_AddR=10.9.99.9
MANUAL_BOOT=no
NETMASK=255.255.255.224
NEW_IMAGE=yes
PWR_INJECTOR_DETECT=0016.c7fa.b394
RELOAD_REASON=9
ROM_PERSISTENT_UTC=1014941470
TERMLINES=0
netmask=255.255.255.0
2) How would do something like "write erase" or even recover the enable password while being in AP mode? Do I really need to do it ? What I see next makes me believe there's something with the AP configuration (particularly SSH) that prevents an AP join WLC.
3) The AP is powered on, connected to the switchport on the same L2 VLAN where WLC management interface. Then it boots and gets an IP address from the DHCP server located on the other switch.
*Mar 1 00:00:08.695: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:08.705: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (0000.0000.0000)
*Mar 1 00:00:09.629: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:17.534: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.122, mask 255.255.255.0, hostname AP2
Here comes the question, why do I see this on the console (pay attention at "transport input ssh" line)? Does it have anything to do with an error for DTLS ?
*Apr 12 12:44:21.034: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 12 12:44:31.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246
*Apr 12 12:44:55.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:1924 Max retransmission count reached!
*Apr 12 12:44:55.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.1.141 is reached.
transport input ssh
^
% Invalid input detected at '^' marker.
4) Do I have to connect the controller ap-manager interface to the network or I can rely on the AP find the WLC via its management interface. I have never worked with 4400 series controllers. Just started with 5500 and they don't have the ap-manager interface.
Cisco guide says: "The management interface is also used for layer two communications between the WLC and access points", so I can safely assume that it is enough. Moreover I can ping the AP from the WLC while connected to WLC via SSH and its management interface.
5) And finally, what's wrong with the discovery? This is what I see on the controller while debugging capwap packets:
(Cisco Controller) debug>*spamReceiveTask: Apr 12 12:53:52.253: <<<< Start of CAPWAP Packet >>>>
*spamReceiveTask: Apr 12 12:53:52.253: CAPWAP Control mesg Recd from 192.168.1.122, Port 57046
*spamReceiveTask: Apr 12 12:53:52.253: HLEN 4, Radio ID 0, WBID 1
*spamReceiveTask: Apr 12 12:53:52.253: Msg Type : CAPWAP_DISCOVERY_REQUEST
*spamReceiveTask: Apr 12 12:53:52.253: Msg Length : 29
*spamReceiveTask: Apr 12 12:53:52.253: Msg SeqNum : 0
*spamReceiveTask: Apr 12 12:53:52.253:
*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
*spamReceiveTask: Apr 12 12:53:52.253: Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
*spamReceiveTask: Apr 12 12:53:52.253:
*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
*spamReceiveTask: Apr 12 12:53:52.253: WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
*spamReceiveTask: Apr 12 12:53:52.253:
*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
*spamReceiveTask: Apr 12 12:53:52.253: WTP Mac Type : SPLIT_MAC
*spamReceiveTask: Apr 12 12:53:52.253:
*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*spamReceiveTask: Apr 12 12:53:52.253: Vendor Identifier : 0x00409600
*spamReceiveTask: Apr 12 12:53:52.254:
What discovery mode are we in? L2 or L3 ?(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.230.0
RTOS Version..................................... 7.0.230.0
Bootloader Version............................... 4.0.219.0
Emergency Image Version.......................... N/A
Build Type....................................... DATA + WPS
System Name...................................... Cisco_8b:83:03
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 192.168.1.140
System Up Time................................... 0 days 19 hrs 9 mins 20 secs
System Timezone Location.........................
Configured Country............................... CA - Canada
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +41 C
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:23:5E:8B:83:00
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 12
"Show inventory" on the AP doesn't give any output. Giving you the "show version" instead omitting some legal stuff
AP2>sh ver
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 12.4(18a)JA, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 21-Nov-08 01:28 by prod_rel_team
ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(18a)JA, RELEASE SOFTWARE (fc4)
AP2 uptime is 1 hour, 42 minutes
System returned to ROM by reload
System image file is "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"
Last reload reason:
cisco AIR-LAP1142N-N-K9 (PowerPC405ex) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FTX1329S9NB
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 3.0.51.0
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:BD:18:ED:66
Part Number : 73-11451-06
PCA Assembly Number : 800-30554-03
PCA Revision Number : A0
PCB Serial Number : FOC13282UKM
Top Assembly Part Number : 800-31273-01
Top Assembly Serial Number : FTX1329S9NB
Top Revision Number : A0
Product/Model Number : AIR-LAP1142N-N-K9
Configuration register is 0xF
And the full boot process on WAP:
IOS Bootloader - Starting system.
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x84000800, 0x40000000
RQDC, RFDC : 0x80000038, 0x0000020a
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is up.
PCIE1: VC0 is active
PCIEx: initialization done
flashfs[0]: 149 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 7901696
flashfs[0]: Bytes available: 24483328
flashfs[0]: flashfs fsck took 16 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 00:22:bd:18:ed:66
Ethernet speed is 100 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...#############################################################################################################################################################################################################################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entry point: 0x4000
executing...
enet halted
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 12.4(18a)JA, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 21-Nov-08 01:28 by prod_rel_team
Image text-base: 0x00004000, data-base: 0x00430000
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
flashfs[1]: 149 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32385024
flashfs[1]: Bytes used: 7901696
flashfs[1]: Bytes available: 24483328
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
Ethernet speed is 100 Mb - FULL duplex
cisco AIR-LAP1142N-N-K9 (PowerPC405ex) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FTX1329S9NB
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 3.0.51.0
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:22:BD:18:ED:66
Part Number : 73-11451-06
PCA Assembly Number : 800-30554-03
PCA Revision Number : A0
PCB Serial Number : FOC13282UKM
Top Assembly Part Number : 800-31273-01
Top Assembly Serial Number : FTX1329S9NB
Top Revision Number : A0
Product/Model Number : AIR-LAP1142N-N-K9
% Please define a domain-name first.
ip ssh version 2
^
% Invalid input detected at '^' marker.
transport input ssh
^
% Invalid input detected at '^' marker.
aaa new-model
^
% Invalid input detected at '^' marker.
aaa authentication login default local
^
% Invalid input detected at '^' marker.
login authentication default
^
% Invalid input detected at '^' marker.
transport input ssh
^
% Invalid input detected at '^' marker.
RS
Press RETURN to get started!
SI IDB null
RSSI IDB null
*Mar 1 00:00:05.992: *** CRASH_LOG = YES
Base Ethernet MAC address: 00:22:BD:18:ED:66
*Mar 1 00:00:06.203: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)
*Mar 1 00:00:08.251: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:08.292: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 12.4(18a)JA, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 21-Nov-08 01:28 by prod_rel_team
*Mar 1 00:00:08.318: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:08.327: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (0000.0000.0000)
*Mar 1 00:00:09.251: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:17.157: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.123, mask 255.255.255.0, hostname AP2
logging origin-id string AP:0022.bd18.ed66
^
% Invalid input detected at '^' marker.
logging 255.255.255.255
^
% Invalid input detected at '^' marker.
logging trap 3
^
% Invalid input detected at '^' marker.
*Mar 1 00:00:27.230: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
*Mar 1 00:00:27.343: Logging LWAPP message to 255.255.255.255.
Translating "CISCO-LWAPP-CONTROLLER"...domain server (192.168.1.40)
*Mar 1 00:00:38.267: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:00:39.267: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
*Apr 12 15:39:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246 -
Cisco LAP 2602 can not join Virtual WLC
dear all,
i just install Virtual WLC and i remove WLC 2504 , i install & configured it , but LAP can not join. it was work fine with WLC 2504.
i used the same network topology with the old WLC.
i receive this error logs.
*spamApTask4: Feb 04 06:01:30.082: <<<< Start of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.082: CAPWAP Control mesg Recd from 10.192.200.93, Port 26711
*spamApTask4: Feb 04 06:01:30.082: HLEN 4, Radio ID 0, WBID 1
*spamApTask4: Feb 04 06:01:30.082: Msg Type : CAPWAP_DISCOVERY_REQUEST
*spamApTask4: Feb 04 06:01:30.082: Msg Length : 155
*spamApTask4: Feb 04 06:01:30.082: Msg SeqNum : 0
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.082: Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
*spamApTask4: Feb 04 06:01:30.082:
*spamApTask4: Feb 04 06:01:30.082: Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083: WTP_SERIAL_NUMBER : AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
*spamApTask4: Feb 04 06:01:30.083: Maximum Radios Supported : 2
*spamApTask4: Feb 04 06:01:30.083: Radios in Use : 2
*spamApTask4: Feb 04 06:01:30.083: Encryption Capabilities : 0x00 0x01
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
*spamApTask4: Feb 04 06:01:30.083: WTP Mac Type : SPLIT_MAC
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : UNKNOWN IE 207
*spamApTask4: Feb 04 06:01:30.083: IE Length : 4
*spamApTask4: Feb 04 06:01:30.083: Decode routine not available, Printing Hex Dump
*spamApTask4: Feb 04 06:01:30.083: 00000000: 03 00 00 01 ....
*spamApTask4: Feb 04 06:01:30.083:
*spamApTask4: Feb 04 06:01:30.083: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 12
*spamApTask4: Feb 04 06:01:30.083: Vendor Identifier : 0x00409600
*spamApTask4: Feb 04 06:01:30.083:
IE : RAD_NAME_PAYLOAD
*spamApTask4: Feb 04 06:01:30.083: IE Length : 6
*spamApTask4: Feb 04 06:01:30.083: Rad Name :
*spamApTask4: Feb 04 06:01:30.083: CEO_AP
*spamApTask4: Feb 04 06:01:30.083: <<<< End of CAPWAP Packet >>>>
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Request from 10.192.200.93:26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 ApModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
*spamApTask4: Feb 04 06:01:30.083: apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType = 26 apModel: AIR-CAP2602E-I-K9
*spamApTask4: Feb 04 06:01:30.083: apType: Ox1a bundleApImageVer: 8.0.110.0
*spamApTask4: Feb 04 06:01:30.083: version:8 release:0 maint:110 build:0
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93 port 26711
*spamApTask4: Feb 04 06:01:30.083: dc:a5:f4:8c:ff:30 Discovery Response sent to 10.192.200.93:26711
Please any help.dear
yes the wlc 2504 is 8.0.110 but because its damaged i replaced it with new vWLC v 8.0.110.
also i can not put the LAP in flexconnect until its joint.
Maybe you are looking for
-
Please help me! I am struggling with the mesh tool!
So I want to make this chair look like it does in the picture, but I cant! There is a chapter in my Illustrator CS3 book explaining how to use gradient mesh and mesh tool, but it doesnt help me at all. I am clueless! The tutorial says that I can cr
-
How to embed the Images in the java sourse
How to embed the Images in the java sourse The size of the file will be too large while I put the binary code of the image into the java sourse! thanks
-
Error regarding server connection problems when trying to download rented film on my ipad
-
How to load html file based on locale?
Based on the browser langugae settings / regional settings (locale), we need to display the one of the html pages. html content is specific to country and plain text only not using unicode. Is there is a way to load using java. It is working for .pro
-
Error: Error in OPEN_FORM for document '123456789' in ME9A(print preview)
Hello Experts, I am encountering an error when I try to print preview my RFQ form via ME9A. What I did was to just copy the existing custom form to my own custom form then assign my form to our output type via NACE transaction. So when I click the di