Discarding Primary discovery request in LWAPP

Hi,
after upgrading our WISM module from version 6 to version 7, we are constantly getting these error messages with syslog:
Jun 20 12:37:02 wism2.xxxx.sk WiSM2: *spamReceiveTask: Jun 20 11:37:02.632: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1821 Discarding Primary discovery request in LWAPP from AP 00:25:b4:da:99:c0 supporting CAPWAP
There is one interesting thing about this log message - there is no AP with the MAC addess "00:25:b4:da:99:c0" in our infrastructure, but the VLAN SVI interfaces on the Cisco 6500, where the WISM module in installed, are using this "00:25:b4:da:99:c0" MAC address.
Any idea what might be wrong?

As far as I'm concerned, your problem was that you had an AP that was not on its primary WLC at the time of the messages. I don't think discovery mechanisms have anything to do with it.
Prior to like 5.X, you defined Primary WLC only by Name. As such, the AP sent to every IP address it knew of for discovery....  since then, you define Primary WLC by Name, plus an Ip address, but this does not restrict primary discovery to that IP (maybe it should?)
Is there any scenario where you would have had an AP on the wrong controller last week?  WLC down? LAN failure? Over subscribed WLC?   
Perhaps we could get some low priority bugs to enhance the message now.... maybe there already is one....    Either way, the message is what it is.   Even if you saw a message that says it dropped the lwapp, you shouldnt care what AP that is, it just means there is one sending primary discoveries...
If you like the message now because you want to know what APs are sending primary discoveries, that should be handled by a proper message in syslog like "AP XXXX is sending primary discovery requests, it is not on its Primary WLC".....   but then you'd flood your syslog if you have purposely took down a WLC.....      I actually think this message you are seeing in syslog should be removed as well,, since you'll likely see a ton of them if you also lose a primary wlc....

Similar Messages

  • WLC 5508 - Ignoring Primary discovery request received on non-management interface (2) from AP

    Hello,
    Im receving this error on my syslog server:
    capwap_ac_sm.c:1443 Ignoring Primary discovery request received on non-management interface (2) from AP
    already checked the configuration and everything seems ok. They are registered and with clients associated.
    What could be the cause?
    Thanks in advance,
    Chris

    Thanks Scott for your fast response.
    No, I'm not using LAG.
    What do you mean with separate AP Managers?
    I have one AP Manager on vlan 100 (10.100.0.25) and the Management interface on the same Vlan (10.100.0.26)
    And users use vlan 150 (10.150.0.x).
    The switch port where the AP is plugged is configured with:
    interface GigabitEthernet2/0/20
    switchport access vlan 100
    switchport mode access
    spanning-tree portfast
    On WLC I can also check the AP history:
    Last Error Occurred Reason            Layer 3 discovery request not received on management interface

  • LWAPP Discovery request - discarded ?

    Greetings all,
    I'm starting to grow a huge headache over a WLC-implementation (4402-12). From my point of view, the controller seems to be configured correctly and the DHCP-scope has been set up with the correct pointers as well as as the DNS-record, all pointing towards the AP-Manager i/f (tagged vlan20 on port 1, mgmt untagged) - still, no access-points will associate. The AP is pingable from the controller. A debug of lwapp events and details shows the following;
    Sat Jan 7 19:36:17 2006: Received a message from AP of length 97 on inteface = 1
    Sat Jan 7 19:36:17 2006: Entered spamGetLCBFromMac file spam_lrad.c line 433**
    Sat Jan 7 19:36:17 2006: Received LWAPP DISCOVERY REQUEST from AP 00:0b:85:5a:bd:50 to ff:ff:ff:ff:ff:ff on port '1'
    Sat Jan 7 19:36:17 2006: Discarding L3 Mode LWAPP DISCOVERY REQUEST on intf '1', vlan = '20', Management vlan = '0'.
    Anyone with a clue regarding what might be causing this? I'm also a little confused regarding the destaddr (bcast) since the AP should've received the ucast address of the controller. We have to handover this system to the cust. fairly soon .. :-)
    WLC Version: 3.2.78.0
    TIA & Best regards,
    /M

    You need to use the Management Interface for LWAPP controller discovery. That's what the WLC expects. So when it sees an LWAPP Discovery Request coming in on another interface, it discards its.
    In L3 LWAPP mode, the AP tries to find a WLC using IP subnet broadcast, over the air provisioning (OTAP), DHCP Option 43, DNS, and WLC IP addresses stored in memory. It will always use ALL of these techniques. That's why you're seeing the broadcast. From the LWAPP Discovery Responses it selects a controller to join.
    Now, you would've seen it join in L2 mode because the AP does an Ethernet "broadcast" to find the WLC. Hence, the mgmt interface sees the LWAPP Discovery, and responds with an Ethernet frame. At L2 mode, all LWAPP is Ethernet encapsulated as opposed to IP encapsulated. When you switched back to L3 mode, the AP remembers the management IP address of the WLC from the L2 join and uses that. That's why it worked after switching L3-->L2-->L3.
    Hope this helps.

  • 3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN

    Hi Guys, 
    This is a follow up post to this thread: https://supportforums.cisco.com/discussion/12400481/3702i-not-joint-2504
    Have been playing around with my AP's and made sure the time is correct on all the devices ( WLC and Switch). I have also moved the AP's to the same Vlan as the management IP of the WLC. 
    if I move the AP's to the same Vlan as the WLC they join and are happy, as soon as I move them to a different Vlan they cant join and there time goes back to the default plus they do not seem to save the WLC details to flash but still remember the test names I give them.
    it appears that option 43 is working fine as I can see it look for the WLC IP and I have done some trouble shooting on the WLC and it looks like it see's the AP but doesn't except it.
    please see below for the boot up of the AP and the WLC logs: 
    AP 
    IIOS Bootloader - Starting system.
    *** deleted for breverity ***** 
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
    executing...
    Secondary Bootloader - Starting system.
    Montserrat Board
    *** deleted for breverity ***** 
    Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
    executing...
                  *** deleted for breverity ***** 
    cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
    Processor board ID FGL1838X4T1
    PowerPC CPU at 800Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 8.0.110.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: F4:4E:05:B7:1E:84
    Part Number                          : 73-15243-01
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC18343WPR
    Top Assembly Part Number             : 068-05054-03
    Top Assembly Serial Number           : FGL1838X4T1
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP3702I-Z-K9
    % Please define a domain-name first.
    Press RETURN to get started!
    *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
    *Mar  1 00:00:19.755: Registering HW DTLS
    *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
    *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
    *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
    *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
    *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
    *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
    *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
    *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
    *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
    *Mar  1 00:00:32.651: Start STILE Activation
    *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
    *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
    *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
    *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
    *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
    *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
    *Mar  1 00:00:50.431: DPAA Initialization Complete
    *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
    *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
    *Mar  1 00:00:53.867: Currently running a Release Image
    *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
    *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
    *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
    *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
    *Mar  1 00:01:02.707: APAVC: Registering with CFT
    *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
    *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
    *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
    %Default route without gateway, if not a point-to-point interface, may impact performance
    *Mar  1 00:01:10.103: AP image integrity check PASSED
    *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
    *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    Not in Bound state.
    *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    Not in Bound state.
    *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    WLC: 
    isco Controller) >show time
    Time............................................. Tue Jan 27 17:44:47 2015
    Timezone delta................................... 0:0
    Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
    NTP Servers
        NTP Polling Interval.........................     3600
         Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
           1              0                             150.101.176.226       AUTH DISABLED
    (Cisco Controller) >show ap join stats summary  
    Incorrect input! Use 'show ap join stats summary [all/<ap-mac>]'
    (Cisco Controller) >show ap join stats summary all 
    Number of APs.............................................. 2 
    Base Mac             AP EthernetMac       AP Name                 IP Address         Status
    f4:4e:05:aa:a6:a0    f4:4e:05:94:c3:98    APf44e.0594.c398        10.1.1.22          Joined    
    f4:4e:05:b6:ce:f0    N A                  Test_1                  10.1.20.7          Not Joined
    (Cisco Controller) >show ap join stats detailed f4:4e:05:b6:ce:f0
    Sync phase statistics
    - Time at sync request received............................ Not applicable
    - Time at sync completed................................... Not applicable
    Discovery phase statistics
    - Discovery requests received.............................. 45
    - Successful discovery responses sent...................... 21
    - Unsuccessful discovery request processing................ 24
    - Reason for last unsuccessful discovery attempt........... Layer 3 discovery request not received on management VLAN
    - Time at last successful discovery attempt................ Jan 27 17:45:49.705
    - Time at last unsuccessful discovery attempt.............. Jan 27 17:45:49.705
    Join phase statistics
    - Join requests received................................... 0
    - Successful join responses sent........................... 0
    - Unsuccessful join request processing..................... 0
    - Reason for last unsuccessful join attempt................ Not applicable
    - Time at last successful join attempt..................... Not applicable
    - Time at last unsuccessful join attempt................... Not applicable
    Configuration phase statistics
    --More-- or (q)uit
    - Configuration requests received.......................... 0
    - Successful configuration responses sent.................. 0
    - Unsuccessful configuration request processing............ 0
    - Reason for last unsuccessful configuration attempt....... Not applicable
    - Time at last successful configuration attempt............ Not applicable
    - Time at last unsuccessful configuration attempt.......... Not applicable
    Last AP message decryption failure details
    - Reason for last message decryption failure............... Not applicable
    Last AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
    - Last AP disconnect reason................................ Not applicable
    Last join error summary
    - Type of error that occurred last......................... Lwapp discovery request rejected
    - Reason for error that occurred last...................... Layer 3 discovery request not received on management VLAN
    - Time at which the last join error occurred............... Jan 27 17:45:49.705
    AP disconnect details
    - Reason for last AP connection failure.................... Not applicable
                                                                               Ethernet Mac : 00:00:00:00:00:00  Ip Address : 10.1.20.7
    (Cisco Controller) >show interface summary 
     Number of Interfaces.......................... 4
    Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
    ap                               LAG  20       10.1.20.231     Dynamic No     No   
    guest                            LAG  30       10.1.30.231     Dynamic No     No   
    management                       LAG  10       10.1.1.231      Static  Yes    No   
    virtual                          N/A  N/A      1.1.1.1         Static  No     No   
    SWITCH
    witch#show run
    Building configuration...
    *** deleted for breverity ***** 
    no aaa new-model
    clock timezone AWST 8
    system mtu routing 1500
    ip routing
    ip dhcp pool WAP_Pool
       network 10.1.20.0 255.255.255.0
       default-router 10.1.20.1 
       option 43 hex f104.0a01.01e7
    ip dhcp pool Clients
       network 10.1.30.0 255.255.255.0
       default-router 10.1.30.1 
       dns-server 203.0.178.191 
    ip dhcp pool test
       network 10.1.1.0 255.255.255.0
       default-router 10.1.1.1 
    crypto pki trustpoint TP-self-signed-4082587776
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-4082587776
     revocation-check none
     rsakeypair TP-self-signed-4082587776
    *** deleted for breverity ***** 
    *** deleted for breverity ***** !
    interface FastEthernet0/3
     description *** WLC ****
     switchport trunk encapsulation dot1q
     switchport mode trunk
    interface FastEthernet0/4
     description **** AP *****
     switchport access vlan 20
     switchport mode access
     spanning-tree portfast
    interface FastEthernet0/5
     description **** AP ****
     switchport access vlan 20
     switchport mode access
     spanning-tree portfast
    interface FastEthernet0/6
    i*** deleted for breverity ***** !
    interface Vlan10
     description *** Managment ***
     ip address 10.1.1.230 255.255.255.0
    interface Vlan20
     description *** WIRELESS APS ***
     ip address 10.1.20.1 255.255.255.0
    interface Vlan30
     ip address 10.1.30.1 255.255.255.0
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    ip http server
    ip http secure-server
    ip sla enable reaction-alerts
    l*** deleted for breverity ***** 
    ntp clock-period 36028827
    ntp source FastEthernet0/1
    ntp server 121.0.0.42
    ntp server 202.127.210.37
    end
    I have also placed a Device in Vlan 20 and it is able to ping the WLC and the WLC can ping it s routing is working. 
    Thanks 

    Hey Scott, 
    I gave that a shot and still no luck, log's from AP boot up:
    IIOS Bootloader - Starting system.
    flash is writable
    Tide XL MB - 40MB of flash
    Xmodem file system is available.
    flashfs[0]: 67 files, 9 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 41158656
    flashfs[0]: Bytes used: 20894208
    flashfs[0]: Bytes available: 20264448
    flashfs[0]: flashfs fsck took 20 seconds.
    Base Ethernet MAC address: f4:4e:05:b7:1e:84
    Ethernet speed is 100 Mb - FULL Duplex
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
    executing...
    Secondary Bootloader - Starting system.
    Montserrat Board
    40MB format
    Tide XL MB - 40MB of flash
    Xmodem file system is available.
    flashfs[0]: 67 files, 9 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 41158656
    flashfs[0]: Bytes used: 20894208
    flashfs[0]: Bytes available: 20264448
    flashfs[0]: flashfs fsck took 21 seconds.
    flashfs[1]: 0 files, 1 directories
    flashfs[1]: 0 orphaned files, 0 orphaned directories
    flashfs[1]: Total bytes: 12257280
    flashfs[1]: Bytes used: 1024
    flashfs[1]: Bytes available: 12256256
    flashfs[1]: flashfs fsck took 1 seconds.
    Base Ethernet MAC address: f4:4e:05:b7:1e:84
    Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
    Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
    File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    Montserrat Board
    40MB format
    Tide XL MB - 40MB of flash
    Initializing flashfs...
    flashfs[2]: 67 files, 9 directories
    flashfs[2]: 0 orphaned files, 0 orphaned directories
    flashfs[2]: Total bytes: 40900608
    flashfs[2]: Bytes used: 20894208
    flashfs[2]: Bytes available: 20006400
    flashfs[2]: flashfs fsck took 14 seconds.
    flashfs[2]: Initialization complete.
    flashfs[4]: 0 files, 1 directories
    flashfs[4]: 0 orphaned files, 0 orphaned directories
    flashfs[4]: Total bytes: 11999232
    flashfs[4]: Bytes used: 1024
    flashfs[4]: Bytes available: 11998208
    flashfs[4]: flashfs fsck took 0 seconds.
    flashfs[4]: Initialization complete.
    Copying radio files from flash: to ram:
    Copy in progress...CCCCC
    Copy in progress...CCC
    Copy in progress...CCCC
    Copy in progress...CCCC
    Copy in progress...CC
    Copy in progress...CCCC
    Copy in progress...CC
    Copy in progress...CCCCC
    Copy in progress...CCCC
    Copy in progress...CC
    Uncompressing radio files...
    ...done Initializing flashfs.
    Radio0  present 8764 8000 0 A8000000 A8010000 0
    Rate table has 650 entries (20 legacy/224 11n/406 11ac)
    POWER TABLE FILENAME = ram:/Q2.bin
    Radio1  present 8864 8000 0 80000000 80100000 4
    POWER TABLE FILENAME = ram:/Q5.bin
    Radio2 not present 0 0 0 0 0 8
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
    Processor board ID FGL1838X4T1
    PowerPC CPU at 800Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 8.0.110.0
    1 Gigabit Ethernet interface
    2 802.11 Radios
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: F4:4E:05:B7:1E:84
    Part Number                          : 73-15243-01
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC18343WPR
    Top Assembly Part Number             : 068-05054-03
    Top Assembly Serial Number           : FGL1838X4T1
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP3702I-Z-K9
    % Please define a domain-name first.
    Press RETURN to get started!
    *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
    *Mar  1 00:00:19.755: Registering HW DTLS
    *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
    *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
    *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
    *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
    *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
    *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
    *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
    *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
    *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
    *Mar  1 00:00:32.651: Start STILE Activation
    *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
    *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Fri 19-Dec-14 11:20 by prod_rel_team
    *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
    *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
    *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
    *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
    *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
    *Mar  1 00:00:50.431: DPAA Initialization Complete
    *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
    *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
    *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
    *Mar  1 00:00:53.867: Currently running a Release Image
    *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
    *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
    *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
    *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
    *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
    *Mar  1 00:01:02.707: APAVC: Registering with CFT
    *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
    *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
    *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
    %Default route without gateway, if not a point-to-point interface, may impact performance
    *Mar  1 00:01:10.103: AP image integrity check PASSED
    *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
    *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
    *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
    *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
    *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
    *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
    Not in Bound state.
    *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
    Not in Bound state.
    *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
    *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP

  • Discovery request received on wrong VLAN

    I am setting up a new 4404 with my existing WLAN. I have a combo for 1100 and 1200 APs, on two different VLANs, with WDS on each VLAN and a WLSE. One of the VLANs is on the same subnet was the WLC management port. The other WLAN VLAN is not. I am able to join the VLAN on the same subnet to my WLC but when I convert one of my auto APs on the other VLAN, it converts but never joins my WLC. If I run a debug on the WLC I get the following.
    Fri Aug 1 12:38:56 2008: 00:17:0f:37:68:60 Received LWAPP DISCOVERY REQUEST from AP 00:17:0f:37:68:60 to ff:ff:ff:ff:ff:ff on port '1'
    Fri Aug 1 12:38:56 2008: Discovery Request received on wrong VLAN '160' on interface '1', management VLAN = '0' - in L3 mode, dropping the packet.
    My WLC is on code 5.0.148. All of my APs have static IP addresses. I have setup DNS but NOT DHCP since all of them have static IP and that option 42 still confuses me. Any thoughts? My 4506 is set to trunk the port the WLC is on. I even tried to only apply the two VLANs to that port. My WLC can ping the IP of the AP on the different VLAN and my AP can ping the WLC.

    You need to configure the native vlan on the trunk port to vlan 160. Looks like the packet is being tagged as vlan 60 and your management interface is set to '0' which is untagged.

  • Exceeds data buffer size discarding this snmp request

    Morning
    Cisco Prime LMS 4.2.3 is sending SNMP request too big for asa interface buffer.
    LMS is running on Windows server
    incoming SNMP request (528 bytes) from IP address x.x.x.x  Port  50592  Interface "inside" exceeds data buffer size, discarding this SNMP  request.
    212005: incoming SNMP request (%d bytes) from %s exceeds data buffer size, discarding this SNMP request.
    It is very much like this error
    Error Message    %PIX-3-212005: incoming SNMP request (number bytes) on interface
    interface_name exceeds data buffer size, discarding this SNMP request.
    Explanation    This is an SNMP message. This message reports that the length of the incoming SNMP  request, destined for the firewall, exceeds the size of the internal data buffer (512 bytes) used for  storing the request during internal processing; therefore, the firewall is unable to process this request.  This does not affect the SNMP traffic passing through the firewall via any interface.
    Recommended Action    Have the SNMP management station resend the request with a shorter length,  for example, instead of querying multiple MIB variables in one request, try querying only one MIB  variable in a request. This may involve modifying the configuration of the SNMP manager software.
    how do I change the SNMP request size in LMS?
    I can only find the following that might be an option
    http://blogs.technet.com/b/mihai/archive/2012/05/14/reducing-the-maximum-number-of-oids-queried-in-a-single-batch-in-om-2012.aspx
    any thoughts on the matter would be appreciated
    just using default settings with snmpv3

    Bug in lms 4.2.3
    CSCtj88629            Bug Details
    SNMP packet size requests from LMS is too large
    Symptom:
    LMS sends more than 512 SNMP requests to the FWSM, so it rejects the requests.
    Conditions:
    This occurs with FWSM and ASA's.
    Workaround:
    None.
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj88629

  • Ignoring discovery request - AP on dynamic client interface

    Hi All,
    I have a questing regarding the AP Management Port on the 5508.
    At our customers side there are some FAT-APs and we want to migrate them to the controller.
    There is no DHCP Service active on the network (security-restriction by our customer) and the FAT-APs and Clients are configured with a static IP.
    There is no LAG active everything is on Port 1.
    Now after upgrading one AP to lightwight-mode,... he cannot discover his WLC (thats ok, because the Manament Interface is in a different subnet)
    So I configured a IP-Helper and the neccesary udp-Port to get the AP joined on the WLC.
    But on the Controller I get the following message:
    %CAPWAP-3-DISC_INTF_ERR2: Ignoring discovery request received on a
    wrong VLAN ([dec]) on interface ([int]) from AP
    [hex]:[hex]:[hex]:[hex]:[hex]:[hex]
    The wrong VLAN in the message is a dynamic Interface on the Controller for client and the AP is in that Subnet.
    It its created as an Dynamic Interface on the WLC (without "Enable Dynamic AP Management")
    I hope you can give me a hint. I'm not sure if I should enable "Dynamic AP Management" on that Client Interface.
    By the way, the AP can join when i configure the Controller IP via console on it. But that should not be the solution
    Thanks &
    Best regards,
    Simon

    Hi Nicolas,
    thanks for your reply.
    I know, that this design is not "best practice".
    Our customer has a LAN which has to be completly redesigned.
    They use very huge subnets for their different production segments (255.255.240.0) and everything is in there.
    The Autonomous AP Installation is in one of these huge network segments where the APs and the clients are in the same subnet..
    Thats the background why this szenario is created.
    I know that this design is absolutly unsatisfactory.
    But thats the fact and I have to deal with this.
    The helper is the WLCs Management Adress.
    So what about the "ignoring discovery request" message.
    Is there some possibility to get it work this way or is the only way to upgrade the APs via Console to get them to the controller.
    I know the best way would be to get the APs in a new different subnet,...
    regards,
    Simon

  • Inherit Primary - Service Requests & Activities

    Hi All,
    I have an issue with the Inherit Primary functionality with Books of Business. I have set this up between Service Requests and Activities. If I search for Activity records as I expect, I see all Activity records in my Book only, whether they are owned by me or not.
    If I then look at a Service Request I see the related Activities but only those Owned by me as a user. If someone else in the same book has an Activity against my Service Request I cannot see this record in the related items of my Service Request. If I then search for this Activity I can see the record and have access to this... Argh!
    My colleague has also come across this issue relating to Accounts and Opportunities. Has anyone found a fix?
    Thanks
    Oli @ Innoveer

    The system can only return activities that the user owns, the user is on the activity user list, the user is searching a specific book or the user has access to all activities. In your case, you can see the activity because you are searching in your book. This is a known deficiency.

  • Cisco ASA trying join a controller

    I have observed on syslog a billion of messages like the following:
    Feb 23 10:12:32 wlan-controller-14-2 impa-wireless2: *spamReceiveTask: Feb 23 10:12:29.570: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1835 Discarding Primary discovery request in LWAPP from AP 54:75:d0:91:4f:04 supporting CAPWAP
    (Cisco Controller) >debug capwap detail enable
    *spamReceiveTask: Feb 23 10:12:36.756: 54:75:d0:91:4f:04 LWAPP Primary Discovery Request AP Software Version: 0x700fa00
    AIR-WLC2106-K9 controller is ruunning Software Version 7.0.250.0
    ASA# sh int gigabitEthernet 0/2
    Interface GigabitEthernet0/2 "", is up, line protocol is up
      Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: Smale-Ethernet10/3
        Active member of Port-channel32
        MAC address 5475.d091.4f04, MTU not set
        IP address unassigned
        575994720 packets input, 230167959667 bytes, 0 no buffer
        Received 31034901 broadcasts, 0 runts, 0 giants
        54 input errors, 0 CRC, 0 frame, 54 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        671225576 packets output, 541877862255 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (511/486)
        output queue (blocks free curr/low): hardware (511/355)
    Cisco Adaptive Security Appliance Software Version 9.0(4)
    Device Manager Version 7.3(1)101
    Any idea?

    Open DHCP. (To open DHCP, click Start , point to Settings , click Control Panel , double-click Administrative Tools,and then double-click DHCP )
    In the console tree, click the applicable DHCP server.
    On the Action menu, click Set Predefined Options.
    In Predefined Options and Values, click Add (Option Class Standard), and then click OK.
    In Name, type the string DNS Search List.
    Set Code to15 and Data Type string (it is not an array), and then click OK.
    Right-click Scope Options, select Configure Options, and then check 15 DNS Search List.
    Enter your domain
    Click OK.
    or you can watch this http://www.youtube.com/watch?v=AJhYAalF-XM   Minute 4.10 Create somthing like that. "015 DNS Domain Name "
    hope this helps

  • AIR-CAP1602I-E-K9 Not Talking to WLC 5508

    hi all,
    can't seem to get my APs to talk to WLC 5508.
    can someone advise which WLC firmware to use and where can i get/download (link pls).
    currently WLC is running 6.0.199.4.
    Mar  1 00:00:47.839: %CDP_PD-4-POWER_OK: All radios disabled - NEGOTIATED inlin
    e power source
    *Mar  1 00:00:53.931: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
    not have an Ip !!
    *Mar  1 00:00:55.963: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre
    ss 172.28.159.15, mask 255.255.255.192, hostname APfc99.47a3.4d22
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
    *Mar  1 00:01:06.899: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
    HCP.
    *Mar  1 00:01:15.899: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
    LER
    *Mar  1 00:01:15.899: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'Cisco_f8
    :72:64'running version 6.0.199.4 is rejected.    <<<<
    APfc99.47a3.4d22>sh ve
    Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
    SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 11-Dec-12 04:52 by prod_rel_team
    ROM: Bootstrap program is C1600 boot loader
    BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFT
    WARE (fc1)
    APfc99.47a3.4d22 uptime is 11 minutes
    System returned to ROM by power-on
    System image file is "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx"
    Last reload reason:
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP1602I-E-K9    (PowerPC) processor (revision B0) with 98294K/32768K
    bytes of memory.
    Processor board ID FGL1726W6DQ
    PowerPC CPU at 533Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 7.4.1.37
    1 Gigabit Ethernet interface
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: FC:99:47:A3:4D:22
    Part Number                          : 73-14671-04
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC17182J4J
    Top Assembly Part Number             : 800-38552-01
    Top Assembly Serial Number           : FGL1726W6DQ
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP1602I-E-K9
    Configuration register is 0xF

    Hi,
    Date and time is ok on the WLC,
    I configured Accept Self Signed Certificate (SSC) under Security / AP policy, once done the WLC recognized the AP, but output from the console of the AP  power cycle the access point is:
    IOS Bootloader - Starting system.
    FLASH CHIP: Micronix MX25L256_35F
    Xmodem file system is available.
    flashfs[0]: 5 files, 2 directories
    flashfs[0]: 0 orphaned files, 0 orphaned directories
    flashfs[0]: Total bytes: 31936000
    flashfs[0]: Bytes used: 6551040
    flashfs[0]: Bytes available: 25384960
    flashfs[0]: flashfs fsck took 9 seconds.
    Reading cookie from SEEPROM
    Base Ethernet MAC address: 4c:00:82:9a:47:a3
    ************* loopback_mode = 0
    Loading "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx"...####################
    File "flash:/ap1g2-rcvk9w8-mx/ap1g2-rcvk9w8-mx" uncompressed and installed, entr
    y point: 0x100000
    executing...
                  Restricted Rights Legend
    Use, duplication, or disclosure by the Government is
    subject to restrictions as set forth in subparagraph
    (c) of the Commercial Computer Software - Restricted
    Rights clause at FAR sec. 52.227-19 and subparagraph
    (c) (1) (ii) of the Rights in Technical Data and Computer
    Software clause at DFARS sec. 252.227-7013.
               cisco Systems, Inc.
               170 West Tasman Drive
               San Jose, California 95134-1706
    Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
    SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 11-Dec-12 04:52 by prod_rel_team
    Initializing flashfs...
    FLASH CHIP: Micronix MX25L256_35F
    flashfs[2]: 5 files, 2 directories
    flashfs[2]: 0 orphaned files, 0 orphaned directories
    flashfs[2]: Total bytes: 31808000
    flashfs[2]: Bytes used: 6551040
    flashfs[2]: Bytes available: 25256960
    flashfs[2]: flashfs fsck took 9 seconds.
    flashfs[2]: Initialization complete.
    flashfs[3]: 0 files, 1 directories
    flashfs[3]: 0 orphaned files, 0 orphaned directories
    flashfs[3]: Total bytes: 11999232
    flashfs[3]: Bytes used: 1024
    flashfs[3]: Bytes available: 11998208
    flashfs[3]: flashfs fsck took 1 seconds.
    flashfs[3]: Initialization complete....done Initializing flashfs.
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    memory validate-checksum 30
    ^
    % Invalid input detected at '^' marker.
    no ip http server
           ^
    % Invalid input detected at '^' marker.
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    login authentication default
      ^
    % Invalid input detected at '^' marker.
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Warning:  the compile-time code checksum does not appear to be present.
    cisco AIR-CAP1602I-N-K9    (PowerPC) processor (revision B0) with 98294K/32768K
    bytes of memory.
    Processor board ID FGL1730S57A
    PowerPC CPU at 533Mhz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 7.4.1.37
    1 Gigabit Ethernet interface
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 4C:00:82:9A:47:A3
    Part Number                          : 73-14671-04
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC17284HL9
    Top Assembly Part Number             : 800-38552-01
    Top Assembly Serial Number           : FGL1730S57A
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP1602I-N-K9
    % Please define a domain-name first.
    logging facility kern
            ^
    % Invalid input detected at '^' marker.
    logging trap emergencies
            ^
    % Invalid input detected at '^' marker.
    Press RETURN to get started!
    *Mar  1 00:00:12.451: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
    itialising Cfg
    *Mar  1 00:00:13.683: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state
    to up
    *Mar  1 00:00:14.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
    ernet0, changed state to up
    *Mar  1 00:00:15.123: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1600 Software (AP1G2-RCVK9W8-M), Version 15.2(2)JB, RELEASE
    SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 11-Dec-12 04:52 by prod_rel_team
    *Mar  1 00:00:15.151: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
    itialising Cfg
    *Mar  1 00:00:15.151: %CAPWAP-3-ERRORLOG: Failed to load configuration from flas
    h. Resetting to default config
    *Mar  1 00:00:16.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, chan
    ged state to uplwapp_crypto_init: MIC Present and Parsed Successfully
    no bridge-group 1 source-learning
                       ^
    % Invalid input detected at '^' marker.
    %Default route without gateway, if not a point-to-point interface, may impact pe
    rformance
    *Mar  1 00:00:48.695: %CDP_PD-4-POWER_OK: All radios disabled - INJECTOR_CONFIGU
    RED_ON_SOURCE inline power source
    *Mar  1 00:00:48.923: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP addre
    ss 10.2.3.100, mask 255.255.255.0, hostname AP4c00.829a.47a3
    Translating "CISCO-CAPWAP-CONTROLLER.campeche.ecosur.mx"...domain server (10.2.3
    .10) [OK]
    *Mar  1 00:00:59.915: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
    HCP.
    *Mar  1 00:00:59.919: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
    not established. A0203E6, 147E, A020364, A47B, 0
    *Mar  1 00:01:09.915: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 29 09:33:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
    p: 10.2.3.230 peer_port: 5246
    *Jan 29 09:33:18.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
    peer_ip: 10.2.3.230 peer_port: 5246
    *Jan 29 09:33:18.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
    *Jan 29 09:33:23.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
    logging facility kern
            ^
    % Invalid input detected at '^' marker.
    logging trap emergencies
            ^
    % Invalid input detected at '^' marker.
    *Jan 29 09:34:17.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.
    2.3.230:5246
    *Jan 29 09:34:17.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led sta
    te 255
    *Jan 29 09:34:17.999: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. In
    itialising Cfg
    *Jan 29 09:34:17.999: %CAPWAP-3-ERRORLOG: Failed to load configuration from flas
    h. Resetting to default config
    *Jan 29 09:34:28.015: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 29 09:34:28.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
    p: 10.2.3.230 peer_port: 5246
    *Jan 29 09:34:28.535: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
    peer_ip: 10.2.3.230 peer_port: 5246
    *Jan 29 09:34:28.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
    *Jan 29 09:34:33.535: %CAPWAP-5-SENDJOIN: sending Join Request to 10.2.3.230
    and debug command output enable CAPWAP events
    (Cisco Controller) >debug capwap events enable
    (Cisco Controller) >*spamApTask7: Jan 29 03:39:08.092: acDtlsPlumbControlPlaneKeys: lrad:10.2.3.100(42107) mwar:10.2.3.230(5246)
    *spamApTask7: Jan 29 03:39:08.093: 4c:00:82:9a:47:a0 DTLS keys for Control Plane deleted successfully for AP 10.2.3.100
    *spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 DTLS connection closed event receivedserver (10.2.3.230/5246) client (10.2.3.100/42107)
    *spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 Entry exists for AP (10.2.3.100/42107)
    *spamApTask7: Jan 29 03:39:08.100: 4c:00:82:9a:47:a0 No AP entry exist in temporary database for 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.104: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.104: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
    *spamApTask7: Jan 29 03:39:08.104: apModel:
    *spamApTask7: Jan 29 03:39:08.104: apType = 38 apModel:
    *spamApTask0: Jan 29 03:39:08.105: 4c:00:82:9a:47:a3 Received LWAPP DISCOVERY REQUEST to 6c:41:6a:5f:95:2f on port '13'
    *spamApTask0: Jan 29 03:39:08.105: 4c:00:82:9a:47:a3 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
    *spamApTask7: Jan 29 03:39:08.105: apModel:
    *spamApTask7: Jan 29 03:39:08.105: apType = 38 apModel:
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Discovery Request from 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:08.105: 4c:00:82:9a:47:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
    *spamApTask7: Jan 29 03:39:08.105: apModel:
    *spamApTask7: Jan 29 03:39:08.105: apType = 38 apModel:
    *spamApTask7: Jan 29 03:39:08.106: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100 port 42107
    (Cisco Controller) >*spamApTask7: Jan 29 03:39:08.106: 4c:00:82:9a:47:a0 Discovery Response sent to 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:18.104: 4c:00:82:9a:47:a3 DTLS connection not found, creating new connection for 10:2:3:100 (42107) 10:2:3:230 (5246)
    *spamApTask7: Jan 29 03:39:18.638: acDtlsPlumbControlPlaneKeys: lrad:10.2.3.100(42107) mwar:10.2.3.230(5246)
    *spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Allocated index from main list, Index: 397
    *spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Using CipherSuite AES128-SHA
    *spamApTask7: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 DTLS keys for Control Plane are plumbed successfully for AP 10.2.3.100. Index 398
    *spamApTask6: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 DTLS Session established server (10.2.3.230:5246), client (10.2.3.100:42107)
    *spamApTask6: Jan 29 03:39:18.638: 4c:00:82:9a:47:a3 Starting wait join timer for AP: 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:23.636: 4c:00:82:9a:47:a0 Join Request from 10.2.3.100:42107
    *spamApTask7: Jan 29 03:39:23.636: 4c:00:82:9a:47:a3 Deleting AP entry 10.2.3.100:42107 from temporary database.
    *spamApTask7: Jan 29 03:39:23.637: 4c:00:82:9a:47:a0 MIC AP is not allowed to join by config
    *spamApTask7: Jan 29 03:39:23.637: 4c:00:82:9a:47:a0 Join Request failed!

  • Issues adding a second 4402 wireless controller

    I currently have 1 4402 wirless controller that is controlling the 17 APs I have in our corporate office and 18 APs we have in a warehouse 10 miles away. The warehouse has all of the APs set to H-REAP so that they can connect across the WAN to reach the controller.I have purchased a second 4402 and have placed the controller at the warehouse to handle all traffic out at that site and to relieve issues we have when the WAN gets saturated.
    I have configured the 4402 at the Warehouse with the same basic setup as the first controller (well, different IP and different VLAN and different SSIDs so I can tell I am on the new one easily). The problem I am having is that I cannot get any of the access points to log onto the second controller. All access points still show up on the first controller.
    To reach the first controller I had placed the information in the WIndows DHCP scope (Option 241 I believe) to talk to the first controller. I have change dthat to point to the second controller but that does not help. I saw that the first controller was set to be the MAster, so I turned that off to no avail. I even created a new vlan, created the DHCP information, and then added the Access Points to the new VLAN. Still, they connect to the first controller.
    Lastly, I logged into the APs and reset them to factory defaults. The APs still find the first controller.
    Any ideas what I may be missing to have them hit the new controller?
    Thanks much!
    Dave

    These are from the AP I am trying to join to the Controller and the logs on the Controller. Looks like I have a setting wrong somewhere on the Controller that I am just missing.
    *Mar  1 00:00:05.066: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
    *Mar  1 00:00:06.275: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
    *Mar  1 00:00:06.370: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 144 messages)
    *Mar  1 00:00:06.403:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:07.429:  STUB Called : crypto_ssl_init
    *Mar  1 00:00:08.472: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
    *Mar  1 00:00:08.533: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2010 by Cisco Systems, Inc.
    Compiled Tue 01-Jun-10 11:44 by prod_rel_team
    *Mar  1 00:00:08.621: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Mar  1 00:00:08.622: bsnInitRcbSlot: slot 1 has NO radio
    *Mar  1 00:00:08.873: %SSH-5-ENABLED: SSH 2.0 has been enabled
    *Mar  1 00:00:08.873: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:09.472: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
    *Mar  1 00:00:09.876: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:09.914: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
    *Mar  1 00:00:09.927: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
    *Mar  1 00:00:10.331: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
    *Mar  1 00:00:16.997: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 172.16.12.60, mask 255.255.255.0, hostname ap
    *Mar  1 00:00:27.497:  status of voice_diag_test from WLC is false
    *Mar  1 00:00:27.565: Logging LWAPP message to 255.255.255.255.
    Translating "CISCO-CAPWAP-CONTROLLER.madden.com"...domain server (172.16.12.11)
    *Mar  1 00:00:38.623: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.12.12 obtained through DHCP
    Translating "CISCO-LWAPP-CONTROLLER.madden.com"...domain server (172.16.12.11)
    *Mar  1 00:00:38.623: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:00:39.624: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
    *Mar  1 00:00:39.626: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.madden.com
    *Mar  1 00:00:39.629: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.madden.com
    *Mar  1 00:00:50.632: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:15.002: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:16.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:16.824: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:16.824: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:21.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:21.825: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
    *May 17 21:33:21.825: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
    *May 17 21:33:21.826: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
    *May 17 21:33:21.827: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:15.831: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
    *May 17 21:33:15.833: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:15.833: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:20.832: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
    *May 17 21:33:20.834: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
    *May 17 21:33:20.834: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
    *May 17 21:33:20.834: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
    *May 17 21:33:20.836: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *May 17 21:33:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.1.105 peer_port: 5246
    *May 17 21:33:13.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *May 17 21:33:14.937: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.1.105 peer_port: 5246
    *May 17 21:33:14.939: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.1.105
    *May 17 21:33:14.939: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *May 17 21:33:15.184: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
    *May 17 21:33:18.402: %CAPWAP-5-CHANGED: CAPWAP changed state to DOWN
    *May 17 21:33:18.404: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
    *May 17 21:33:18.478: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller INWDPWC01
    *May 17 21:33:18.547: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Guest added to the slot[0]
    *May 17 21:33:18.572: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_Guest added to the slot[0]
    *May 17 21:33:18.590: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Internal added to the slot[0]
    *May 17 21:33:18.607: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_HAND_SCANNERS added to the slot[0]
    *May 17 21:33:18.632: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Zebra added to the slot[0]
    *May 17 21:33:18.756: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
    *May 17 21:33:19.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
    (Cisco Controller) >debug capwap events enable
    (Cisco Controller) >debug capwap errors enable
    (Cisco Controller) >debug pm pki enable
    (Cisco Controller) >
    (Cisco Controller) >*sshpmLscTask: May 17 16:30:44.379: sshpmLscTask: LSC Task received a message 4
    *sshpmLscTask: May 17 16:32:44.380: sshpmLscTask: LSC Task received a message 4
    *spamReceiveTask: May 17 16:33:14.641: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.642: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
    *spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Received LWAPP DISCOVERY REQUEST to 00:1b:d4:6b:bb:a0 on port '2'
    *spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamReceiveTask: May 17 16:33:25.638: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: called to get cert for CID 1824fb87
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: match in row 2
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: locking ca cert table
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_alloc() for user cert
    *spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_decode()
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.798: ssphmUserCertVerify: calling x509_decode()
    *spamReceiveTask: May 17 16:33:25.806: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:25
    *spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: getting cisco ID cert handle...
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: called with 0x31b5178c
    *spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: freeing public key
    *spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
    *spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.460: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 MIC AP is not allowed to join by config
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
                                                                                                                                                 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x13869100 for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  172.16.12.60:28081)since DTLS session is not established
    *spamReceiveTask: May 17 16:33:32.462: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
    *spamReceiveTask: May 17 16:33:32.462: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: called to get cert for CID 1824fb87
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: match in row 2
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: locking ca cert table
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_alloc() for user cert
    *spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_decode()
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.619: ssphmUserCertVerify: calling x509_decode()
    *spamReceiveTask: May 17 16:33:32.627: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:32
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: getting cisco ID cert handle...
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: called to evaluate
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
    *spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: called with 0x31b53840
    *spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: freeing public key
    *spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
    *spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.293: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 MIC AP is not allowed to join by config
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
                                                                                                                                                 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x138691e8 for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 State machine handler: Failed to process  msg type = 3 state = 0 from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
    *spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
    *spamReceiveTask: May 17 16:33:39.292: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  172.16.12.60:28081)since DTLS session is not established

  • Cisco 2702 not joining controller

    Controller code vs. 7.6.120.0
    From the controller:
    (Cisco Controller) >debug capwap packet enable
     Warning! Enabling this debug with large number of AP's connected, May flood console with message logs !!!.
     Are you sure you want to continue? (y/N)y
    (Cisco Controller) >*spamApTask3: Mar 05 13:38:13.317: <<<<  Start of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.317: CAPWAP Control mesg Recd from 192.168.1.28, Port 43295
    *spamApTask3: Mar 05 13:38:13.317:              HLEN 4,   Radio ID 0,    WBID 1
    *spamApTask3: Mar 05 13:38:13.317:              Msg Type   :   CAPWAP_DISCOVERY_REQUEST
    *spamApTask3: Mar 05 13:38:13.317:              Msg Length : 165
    *spamApTask3: Mar 05 13:38:13.317:              Msg SeqNum : 0
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.317:              Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
    *spamApTask3: Mar 05 13:38:13.317:              Vendor Identifier      : 0x00409600
    *spamApTask3: Mar 05 13:38:13.317:              WTP_SERIAL_NUMBER : AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
    *spamApTask3: Mar 05 13:38:13.317:              Maximum Radios Supported  : 0
    *spamApTask3: Mar 05 13:38:13.317:              Radios in Use             : 0
    *spamApTask3: Mar 05 13:38:13.317:              Encryption Capabilities   : 0x00 0x01
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
    *spamApTask3: Mar 05 13:38:13.317:              WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.317:              WTP Mac Type  : SPLIT_MAC
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
    *spamApTask3: Mar 05 13:38:13.317:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.317:
            IE            :   UNKNOWN IE 207
    *spamApTask3: Mar 05 13:38:13.317:      IE Length     :   4
    *spamApTask3: Mar 05 13:38:13.317:      Decode routine not available, Printing Hex Dump
    *spamApTask3: Mar 05 13:38:13.317: 00000000: 01 00 00 01                                       ....
    *spamApTask3: Mar 05 13:38:13.317:
    *spamApTask3: Mar 05 13:38:13.317:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 22
    *spamApTask3: Mar 05 13:38:13.317:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.317:
            IE            :   RAD_NAME_PAYLOAD
    *spamApTask3: Mar 05 13:38:13.317:      IE Length     :   16
    *spamApTask3: Mar 05 13:38:13.317:      Rad  Name     :
    *spamApTask3: Mar 05 13:38:13.317: AP1c6a.7aba.91ec
    *spamApTask3: Mar 05 13:38:13.317: <<<<  End of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.317: 1c:6a:7a:ba:91:e0 Discovery Request from 192.168.1.28:43295
    *spamApTask3: Mar 05 13:38:13.317: 1c:6a:7a:ba:91:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 5, joined Aps =0
    *spamApTask3: Mar 05 13:38:13.317: apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.317: apType = 41 apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.317: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28 port 43295
    *spamApTask3: Mar 05 13:38:13.317: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28:43295
    *spamApTask3: Mar 05 13:38:13.317: <<<<  Start of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.318: CAPWAP Control mesg Recd from 192.168.1.28, Port 43295
    *spamApTask3: Mar 05 13:38:13.318:              HLEN 4,   Radio ID 0,    WBID 1
    *spamApTask3: Mar 05 13:38:13.318:              Msg Type   :   CAPWAP_DISCOVERY_REQUEST
    *spamApTask3: Mar 05 13:38:13.318:              Msg Length : 165
    *spamApTask3: Mar 05 13:38:13.318:              Msg SeqNum : 0
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              Discovery Type : CAPWAP_DISCOVERY_TYPE_STATIC_CONFIG
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
    *spamApTask3: Mar 05 13:38:13.318:              Vendor Identifier      : 0x00409600
    *spamApTask3: Mar 05 13:38:13.318:              WTP_SERIAL_NUMBER : AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
    *spamApTask3: Mar 05 13:38:13.318:              Maximum Radios Supported  : 0
    *spamApTask3: Mar 05 13:38:13.318:              Radios in Use             : 0
    *spamApTask3: Mar 05 13:38:13.318:              Encryption Capabilities   : 0x00 0x01
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              WTP Mac Type  : SPLIT_MAC
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
    *spamApTask3: Mar 05 13:38:13.318:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.318:
            IE            :   UNKNOWN IE 207
    *spamApTask3: Mar 05 13:38:13.318:      IE Length     :   4
    *spamApTask3: Mar 05 13:38:13.318:      Decode routine not available, Printing Hex Dump
    *spamApTask3: Mar 05 13:38:13.318: 00000000: 01 00 00 01                                       ....
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 22
    *spamApTask3: Mar 05 13:38:13.318:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.318:
            IE            :   RAD_NAME_PAYLOAD
    *spamApTask3: Mar 05 13:38:13.318:      IE Length     :   16
    *spamApTask3: Mar 05 13:38:13.318:      Rad  Name     :
    *spamApTask3: Mar 05 13:38:13.318: AP1c6a.7aba.91ec
    *spamApTask3: Mar 05 13:38:13.318: <<<<  End of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.318: 1c:6a:7a:ba:91:e0 Discovery Request from 192.168.1.28:43295
    *spamApTask3: Mar 05 13:38:13.318: 1c:6a:7a:ba:91:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 5, joined Aps =0
    *spamApTask3: Mar 05 13:38:13.318: apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.318: apType = 41 apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.318: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28 port 43295
    *spamApTask3: Mar 05 13:38:13.318: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28:43295
    *spamApTask3: Mar 05 13:38:13.318: <<<<  Start of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.318: CAPWAP Control mesg Recd from 192.168.1.28, Port 43295
    *spamApTask3: Mar 05 13:38:13.318:              HLEN 4,   Radio ID 0,    WBID 1
    *spamApTask3: Mar 05 13:38:13.318:              Msg Type   :   CAPWAP_DISCOVERY_REQUEST
    *spamApTask3: Mar 05 13:38:13.318:              Msg Length : 165
    *spamApTask3: Mar 05 13:38:13.318:              Msg SeqNum : 0
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_BOARD_DATA, Length 62
    *spamApTask3: Mar 05 13:38:13.318:              Vendor Identifier      : 0x00409600
    *spamApTask3: Mar 05 13:38:13.318:              WTP_SERIAL_NUMBER : AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_DESCRIPTOR, Length 40
    *spamApTask3: Mar 05 13:38:13.318:              Maximum Radios Supported  : 0
    *spamApTask3: Mar 05 13:38:13.318:              Radios in Use             : 0
    *spamApTask3: Mar 05 13:38:13.318:              Encryption Capabilities   : 0x00 0x01
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1
    *spamApTask3: Mar 05 13:38:13.318:              WTP Mac Type  : SPLIT_MAC
    *spamApTask3: Mar 05 13:38:13.318:
    *spamApTask3: Mar 05 13:38:13.318:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
    *spamApTask3: Mar 05 13:38:13.318:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.318:
            IE            :   UNKNOWN IE 207
    *spamApTask3: Mar 05 13:38:13.318:      IE Length     :   4
    *spamApTask3: Mar 05 13:38:13.319:      Decode routine not available, Printing Hex Dump
    *spamApTask3: Mar 05 13:38:13.319: 00000000: 01 00 00 01                                       ....
    *spamApTask3: Mar 05 13:38:13.319:
    *spamApTask3: Mar 05 13:38:13.319:       Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 22
    *spamApTask3: Mar 05 13:38:13.319:              Vendor Identifier  : 0x00409600
    *spamApTask3: Mar 05 13:38:13.319:
            IE            :   RAD_NAME_PAYLOAD
    *spamApTask3: Mar 05 13:38:13.319:      IE Length     :   16
    *spamApTask3: Mar 05 13:38:13.319:      Rad  Name     :
    *spamApTask3: Mar 05 13:38:13.319: AP1c6a.7aba.91ec
    *spamApTask3: Mar 05 13:38:13.319: <<<<  End of CAPWAP Packet  >>>>
    *spamApTask3: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:e0 Discovery Request from 192.168.1.28:43295
    *spamApTask3: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 5, joined Aps =0
    *spamApTask3: Mar 05 13:38:13.319: apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.319: apType = 41 apModel: AIR-CAP2702I-A-K9
    *spamApTask3: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28 port 43295
    *spamApTask3: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:e0 Discovery Response sent to 192.168.1.28:43295
    *spamApTask0: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:ec Received LWAPP DISCOVERY REQUEST to 6c:fa:89:da:ff:00 on port '1'
    *spamApTask0: Mar 05 13:38:13.319: Start of Packet
    *spamApTask0: Mar 05 13:38:13.319: Ethernet Source MAC (LRAD):      1C:6A:7A:BA:91:ED
    *spamApTask0: Mar 05 13:38:13.319: Msg Type       :
    *spamApTask0: Mar 05 13:38:13.319:    DISCOVERY_REQUEST
    *spamApTask0: Mar 05 13:38:13.319: Msg Length     :   70
    *spamApTask0: Mar 05 13:38:13.319: Msg SeqNum     :   0
    *spamApTask0: Mar 05 13:38:13.319:
            IE            :   UNKNOWN IE 58
    *spamApTask0: Mar 05 13:38:13.319:      IE Length     :   1
    *spamApTask0: Mar 05 13:38:13.319:      Decode routine not available, Printing Hex Dump
    *spamApTask0: Mar 05 13:38:13.319: 00000000: 01                                                .
    *spamApTask0: Mar 05 13:38:13.319:
            IE            :   UNKNOWN IE 50
    *spamApTask0: Mar 05 13:38:13.319:      IE Length     :   46
    *spamApTask0: Mar 05 13:38:13.319:      Decode routine not available, Printing Hex Dump
    *spamApTask0: Mar 05 13:38:13.319: 00000000: 00 00 00 00 00 00 00 00  00 00 00 00 46 54 58 31  ............FTX1
    00000010: 38 33 30 53 34 50 39 00  00 00 00 00 00 00 00 00  830S4P9.........
    00000020: 00 00 00 00 01 01 00 0
    *spamApTask0: Mar 05 13:38:13.319:
            IE            :   RAD_PAYLOAD
    *spamApTask0: Mar 05 13:38:13.319:      IE Length     :   14
    *spamApTask0: Mar 05 13:38:13.319:              H/W  Version            :   1
    *spamApTask0: Mar 05 13:38:13.319:              H/W  Release            :   0
    *spamApTask0: Mar 05 13:38:13.319:              H/W  Maint              :   0
    *spamApTask0: Mar 05 13:38:13.319:              H/W  Build              :   0
    *spamApTask0: Mar 05 13:38:13.319:              S/W  Version            :   7
    *spamApTask0: Mar 05 13:38:13.319:              S/W  Release            :   6
    *spamApTask0: Mar 05 13:38:13.319:              S/W  Maint              :   100
    *spamApTask0: Mar 05 13:38:13.319:              S/W  Build              :   0
    *spamApTask0: Mar 05 13:38:13.319:              Boot Version            :   15
    *spamApTask0: Mar 05 13:38:13.319:              Boot Release            :   2
    *spamApTask0: Mar 05 13:38:13.319:              Boot Maint              :   4
    *spamApTask0: Mar 05 13:38:13.319:              Boot Build              :   5
    *spamApTask0: Mar 05 13:38:13.319:              numSlots       :   0
    *spamApTask0: Mar 05 13:38:13.319:              numFilledSlots :   0
    *spamApTask0: Mar 05 13:38:13.319: End of Packet
    *spamApTask0: Mar 05 13:38:13.319: 1c:6a:7a:ba:91:ec Discarding discovery request in LWAPP from AP supporting CAPWAP
    (Cisco Controller) >
    From the AP:
    *Mar  5 19:48:43.007: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
    *Mar  5 19:48:43.007: LWAPP_CLIENT_EVENT: spamResolveStaticGateway  - gateway found
    *Mar  5 19:48:43.007: LWAPP_CLIENT_EVENT: spamSendDiscoveryRequest: sending discovery type 1 to 192.168.1.40
    *Mar  5 19:48:53.007: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Mar  5 19:50:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1 peer_port: 5246
    *Mar  5 19:51:22.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
    *Mar  5 19:51:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.1:5246
    *Mar  5 19:51:52.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Mar  5 19:50:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1 peer_port: 5246
    *Mar  5 19:51:22.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
    *Mar  5 19:51:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.1:5246
    *Mar  5 19:51:52.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Mar  5 19:50:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.1 peer_port: 5246
    *Mar  5 19:51:22.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
    *Mar  5 19:51:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.1:5246
    *Mar  5 19:51:52.999: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 3AFD270. -Process= "CAPWAP CLIENT", ipl= 0, pid= 74
    -Traceback= 119AF80z 12A89C8z 12AA11Cz 16F512Cz 17645ECz 16FF088z 172810Cz 17299B4z 1720150z 1720228z 17204ECz 1717E50z 172F6A0z 173075Cz 1324C90z 1309B58z
    *Mar  5 19:51:52.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
    *Mar  5 19:51:52.999: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
    *Mar  5 19:51:52.999: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default config
    *Mar  5 19:51:52.999: LWAPP_CLIENT_EVENT: parse_lwapp_config: hostname AP1c6a.7aba.91ec
    end
    *Mar  5 19:51:53.003: LWAPP_CLIENT_EVENT: lwapp_mesh_enable_dhcp - allow DHCP
    *Mar  5 19:51:53.003: LWAPP_CLIENT_EVENT: parse_lwapp_config: cdp run
    end
    *Mar  5 19:51:53.003: LWAPP_CLIENT_EVENT: parse_lwapp_config: interface GigabitEthernet0
    cdp enable
    end
    *Mar  5 19:51:53.003: LWAPP_CLIENT_EVENT: parse_lwapp_config: interface GigabitEthernet0.1
    cdp enable
    end
    *Mar  5 19:51:53.003: LWAPP_CLIENT_EVENT: parse_lwapp_config: interface GigabitEthernet1
    cdp enable
    end
    *Mar  5 19:51:53.007: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
    *Mar  5 19:51:53.007: LWAPP_CLIENT_EVENT: parse_lwapp_config: line vty 0 15
     transport input all
    exit
    end

    "test mesh mode local" is not a supported command on the AP.  I tried to see if there was another syntax but couldn't find it.  
    AP1c6a.7aba.91ec#test mesh mode local
                           ^
    % Invalid input detected at '^' marker.
    AP1c6a.7aba.91ec#test ?
      GigabitEthernet   GigabitEthernet IEEE 802.3z
      Virtual-Template  Virtual Template interface
      aaa               AAA Authentication, Authorization and Accounting
      arp_retry         Test ARP Retry
      capwap            CAPWAP test commands
      cef               Cisco Express Forwarding test command
      cpuaccounting     CPU Accounting test commands
      cpurmi            CPU RMI test commands
      crypto            Test crypto functions
      dpaa              DPAA test commands
      dtls              DTLS test commands
      ecc               ECC test commands
      evtlog            Evtlog test commands
      ifs               IFS TEST code
      interfaces        Network interfaces
      iphc              IPHC testing
      opssl             OPSSL Test
      pb                Test parameter block file system
      persistent        Persistent commands
      process           Create/kill test processes
      rib               RIB function test
      rmi               RMI test commands
      rtcp              Test RTCP SSM
      save              save load monitor snapshot
      spanning-tree     Spanning Tree Subsystem
      ssm               SSM test commands
      tar               test tar file system
      topology          Routing Topology test command
      transport         TACTIC - transport test commands
    AP1c6a.7aba.91ec#test
    From the AP:
    AP1c6a.7aba.91ec#show version
    Cisco IOS Software, C2700 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB5, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2014 by Cisco Systems, Inc.
    Compiled Thu 01-May-14 22:18 by prod_rel_team
    ROM: Bootstrap program is C2700 boot loader
    BOOTLDR: C2700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB5m, RELEASE SOFTWARE (fc2)
    AP1c6a.7aba.91ec uptime is 46 minutes
    System returned to ROM by power-on
    System image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"
    Last reload reason:
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    cisco AIR-CAP2702I-A-K9 (PowerPC) processor (revision A0) with 204790K/57344K bytes of memory.
    Processor board ID FTX1830S4P9
    PowerPC CPU at 800MHz, revision number 0x2151
    Last reset from power-on
    LWAPP image version 7.6.100.0
    1 Gigabit Ethernet interface
    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 1C:6A:7A:BA:91:EC
    Part Number                          : 73-15824-03
    PCA Assembly Number                  : 000-00000-00
    PCA Revision Number                  :
    PCB Serial Number                    : FOC182876JM
    Top Assembly Part Number             : 800-41174-01
    Top Assembly Serial Number           : FTX1830S4P9
    Top Revision Number                  : A0
    Product/Model Number                 : AIR-CAP2702I-A-K9
    Configuration register is 0xF
    AP1c6a.7aba.91ec#
    From the WLC:
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.101.1
    Firmware Version................................. PIC 16.0
    Build Type....................................... DATA + WPS
    System Name...................................... xxxxxxx_lab
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
    IP Address....................................... 192.168.1.40
    Last Reset....................................... Software reset
    System Up Time................................... 0 days 1 hrs 0 mins 6 secs
    System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    --More-- or (q)uit
    Configured Country............................... US  - United States
    Operating Environment............................ Commercial (0 to 40 C)
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +36 C
    External Temperature............................. +41 C
    Fan Status....................................... 4700 rpm
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 1
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ 6C:FA:89:DA:FF:00
    Maximum number of APs supported.................. 5
    (Cisco Controller) >

  • APs not joining controller

    I upgraded a controller yesterday 5508 it went from a low code version 6.x to 6.0.196.0 then to 7.0.116.0. However although all the access points joined code 6.0.196.0 they refused to join 7.0.116.0. The aps are all 1242s.
    The country codes etc were all fine so I do not understand what was going on.
    Any ideas?
    *spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discovery Request from 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discovery Response sent to 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Discovery Request from 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Discovery Response sent to 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discovery Request from 10.0.1.232:20023
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discovery Response sent to 10.0.1.232:20023
    *spamApTask0: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Discovery Request from 10.0.1.232:20023
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Discovery Response sent to 10.0.1.232:20023
    *spamApTask4: Jun 26 16:07:46.516: 00:3a:99:db:fa:10 DTLS connection not found, creating new connection for 10:0:0:101 (55079) 10:0:1:45 (5246)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:101/55079)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 No entry exists for AP (10:0:0:101/55079)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 No entry exists in database
    *spamApTask4: Jun 26 16:07:47.759: 00:3a:99:db:fa:a0 Discovery Request from 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.759: 00:3a:99:db:fa:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Response sent to 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Request from 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Response sent to 10.0.0.184:55084
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discovery Request from 10.0.1.239:20032
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discovery Response sent to 10.0.1.239:20032
    *spamApTask0: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Discovery Request from 10.0.1.239:20032
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Discovery Response sent to 10.0.1.239:20032
    *spamApTask1: Jun 26 16:07:52.222: 00:13:c3:e1:4d:80 Discovery Request from 10.0.1.230:20027
    *spamApTask1: Jun 26 16:07:52.222: 00:13:c3:e1:4d:80 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discovery Response sent to 10.0.1.230:20027
    *spamApTask0: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discovery Request from 10.0.1.230:20027
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.224: 00:13:c3:e1:4d:80 Discovery Response sent to 10.0.1.230:20027
    *spamApTask5: Jun 26 16:07:52.267: 00:3a:99:da:c7:70 DTLS connection not found, creating new connection for 10:0:0:181 (34152) 10:0:1:45 (5246)
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discovery Request from 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discovery Response sent to 10.0.0.182:55099
    *spamApTask0: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Discovery Request from 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Discovery Response sent to 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.306: 00:3a:99:db:f2:40 DTLS connection not found, creating new connection for 10:0:0:100 (55069) 10:0:1:45 (5246)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:181/34152)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 No entry exists for AP (10:0:0:181/34152)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 No entry exists in database
    *spamApTask1: Jun 26 16:07:52.501: 00:3a:99:db:f2:40 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:100/55069)
    *spamApTask1: Jun 26 16:07:52.502: 00:3a:99:db:f2:40 No entry exists for AP (10:0:0:100/55069)
    *spamApTask1: Jun 26 16:07:52.502: 00:3a:99:db:f2:40 No entry exists in database

    Something "weird" is on the newest 7.0.X.  Here's my situation:
    1.  It doesn't happen to all new APs.  When I mean "new", I mean out from a box including APs from RMA.
    2.  I've seen this in 1240, 1250, 1140.  Haven't seen it on a 3500.
    3.  Here's how it goes ... When the AP, fresh from a box, connects to the networks, sees the WLC/WiSM and downloads the full IOS (OK so far).  After the reboot the AP in question loads the new IOS and shows up in the WLC/WiSM.  When I check CDP neighbors, NOTHING.  What the ... ?
    4.  Go to the switch and do command "sh cdp neighbor" and what do I get?  NOTHING.
    5.  Check PoE and show that it's IEEE.
    For unknown reason, APs in this "trance" shuts off the CDP.  I currently have a Cisco TAC Case trying to iron out this "feature".  Doesn't appear on the 7.0.96.0 but happens to the newer one.

  • APs not joining WLC

    Hello community,
    I hope you can help me with my problem.
    I have a vWLC Firmware version: 7.4.121.0, I have also Aironet 1700Aps
    I have successfully configured wlc with service and management interface. In the management network I can ping the vWLC managenemt interface as well the APs in this network. The firewall is also the DHCP Server for the management network. (It is working because APs get an IP address) The problem is the APs are not joining the vWLC. This is my first time I use WLC and APs. So they are completely new and not used before.
    Here is the debug output of vWLC:
    ApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa580 for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.004: 84:80:2d:bd:fa:1e DTLS connection not found, creating new connection for 192:168:200:10 (57250) 192:168:200:3 (5246)
    *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e DTLS Session established server (192.168.200.3:5246), client (192.168.200.10:57250)
    *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e Starting wait join timer for AP: 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Join Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:1e Deleting AP entry 192.168.200.10:57250 from temporary database.
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa720 for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Received LWAPP DISCOVERY REQUEST to 40:4a:03:79:d7:20 on port '1'
    *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Discarding discovery request in LWAPP from AP supporting CAPWAP
    Sadly I don`t have a debuging cable for the APs. Therefore I have no debuging output of the APs. (It is ordered ;-) )
    But I hope the output of the APs is right now not important to solve this problem.
    Thank you
    //EDIT
    On the firewall are no ports blocked

    Okay I upgraded the vWLC to 8.0.110.0.
    I looked in the event log of the vWLC. It was successfully discovered and also the new image version was send to the AP.
    Sadly the Ap does not join to the vWLC.
    *apfReceiveTask: Feb 12 09:53:35.640: WARP IEs: (12)
    *apfReceiveTask: Feb 12 09:53:35.640:      [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
    *apfReceiveTask: Feb 12 09:53:35.640: Wlan Feature status 0 for  AP:84:80:2d:45:75:e0 (slotID 1)
    *apfReceiveTask: Feb 12 09:53:35.640: Split tunnel status (Disabled) encoded in the vap payload for WLAN(1), AP:84:80:2d:45:75:e0 (slotID 1)
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Configuration Status from 192.168.200.10:57251
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 CAPWAP State: Configure
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP info for AP 84:80:2d:45:75:e0 -- static 0, 192.168.200.10/255.255.255.0, gtw 192.168.200.3
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP 192.168.200.10 ===> 192.168.200.10 for AP 84:80:2d:45:75:e0
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Invalid length (9) countedlen 6 sizeUserPayload 277 for vendor-specific element 0x00409600-unknown (185) from AP  84:80:2D:45:75:E0
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Setting MTU to 1485
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Finding DTLS connection to delete for AP (192:168:200:10/57251)
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Disconnecting DTLS Capwap-Ctrl session 0xb947000 for AP (192:168:200:10/57251)
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 CAPWAP State: Dtls tear down
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 DTLS connection closed event receivedserver (192.168.200.3/5246) client (192.168.200.10/57251)
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 Entry exists for AP (192.168.200.10/57251)
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
    *spamApTask5: Feb 12 09:53:35.791: update ap status:84:80:2d:45:75:e0 ,index:60
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 No AP entry exist in temporary database for 192.168.200.10:57251
    *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
    *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 12 09:53:35.918: apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.918: apType = 45 apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 12 09:53:35.919: apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.919: apType = 45 apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
    Sadly I don`t understand what this debugging log says :-(
    Maybe you can help me again
    Thank you
    //SOLUTION -----------------------------------------------------------------------------------------------------------------------------------------------------------
    I found something on the internet, but for all people having also this problem here is the solution:
    Change the country of your vWLC. Right now I am in China, so I changed it and then it was working flawlessly :-)
    Step 1  
    Disable the 802.11 networks as follows:
    Choose Wireless > 802.11a/n > Network.
    Unselect the 802.11a Network Status check box.
    Click Apply.
    Choose Wireless > 802.11a/n > Network.
    Unselect the 802.11b/g Network Status check box.
    Click Apply.
    Step 2  
    Choose Wireless > Country to open the Country page.
    Thank you all for your help :-)
    Paul

  • Updated WLC has strange error log and AP's not joining

    Hi we recently updated all of our WLC's to 7.098 and it all went smoothly, controllers rebooted and AP's updated their firmware and rebooted OK.
    One WLC (4402) which was working fine since the update now has no AP's associated. The AP's were all configured to run in HREAP mode and are on remote sites within our WAN. I have checked that all policies and ports are still open (none have changed anyway) but the AP's can not join with the contoller.
    The log from an AP trying to join with the WLC.
    *Mar  1 00:15:24.966: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
    *Mar  1 00:15:34.991: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan 12 02:17:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.96.4.17 peer_port: 5246
    *Jan 12 02:17:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
    *Jan 12 02:18:17.447: %CDP_PD-2-POWER_LOW: All radios disabled - NON_CISCO-NO_CDP_RECEIVED  (0000.0000.0000)
    *Jan 12 02:18:25.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
    *Jan 12 02:18:25.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.96.4.17 is reached.
    *Jan 12 02:18:56.000: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.96.4.17:5246
    *Jan 12 02:18:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Jan 12 02:18:56.001: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
    *Jan 12 02:19:06.006: %CAPWAP-3-ERRORLOG: Go join a lwapp controller
    *Jan 12 02:19:06.006: %LWAPP-3-CLIENTERRORLOG: Set Transport AddressCalled
    *Jan 12 02:19:06.014: %LWAPP-5-CHANGED: CAPWAP changed state to JOIN
    *Jan 12 02:19:11.013: %LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - ceo-wlc-01)
    The logs on WLC show as below.
    *emWeb: Jan 12 13:14:13.629: %AAA-5-AAA_AUTH_ADMIN_USER: aaa.c:1289 Authentication succeeded for admin user 'adann'
    *spamReceiveTask: Jan 12 13:14:12.919: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:21:a0:81:a4:10 supporting CAPWAP
    *spamReceiveTask: Jan 12 13:14:11.543: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:21:a0:81:8f:a0 supporting CAPWAP
    *spamReceiveTask: Jan 12 13:14:11.395: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:24:14:ff:f1:70 supporting CAPWAP
    *emWeb: Jan 12 13:14:10.731: %AAA-5-AAA_AUTH_ADMIN_USER: aaa.c:1289 Authentication succeeded for admin user 'adann'[...It occurred 2 times/sec!.]
    *emWeb: Jan 12 13:14:09.459: %AAA-5-AAA_AUTH_ADMIN_USER: aaa.c:1289 Authentication succeeded for admin user 'adann'
    *spamReceiveTask: Jan 12 13:14:09.457: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1440 Discarding discovery request in LWAPP from AP 00:24:14:ff:ec:00 supporting CAPWAP
    Any suggestions would be appreciated!
    Tony

    Strange. Something must have happened that you didn't notice.
    From the logs, it looks like only lwapp requests are arriving at the WLC. And WLC discards them cause it knows the AP can also do capwap so it's waiting for the capwap join packet.
    As next step, I'd take a look at network traffic. Mostly close to the WLC where we want to know if we are receiving capwap discovery/join from the AP or not.
    Nicolas

Maybe you are looking for