Flexconnect APs stopped joining

Hello Community,
A customer of mine has a centralized 2504 WLC with 7.2 code running.  They have 1142N APs deployed locally as well as in remote sites (3) in FlexConnect mode.  For no apparent reason last Thursday all the remote APs disassociated with the controller and could not rejoin.  All the local APs remained up and unaffected.
No changes to the WLAN, LAN, Firewall or MPLS WAN occured to cause this.
The customer opened a TAC case and their determination was that ports 5246-5247 were not getting thru.  When the customer engaged me this morning I had him run a packet capture on the Sonicwall firewall to prove out if the CAPWAP signals were leaving and returning across the WAN.  Sure enough we can see this bi-directional traffic (pic attached).  Also, I had the MPLS provider run a trace at the far end and they see the same traffic leave the remote site. 
And then an odd thing happened; one of the APs at one of the remote sites all of a sudden Joined the controller.  So I tried rebooting the AP that is located in the same office, and it fails to Join.  When I look on the controller under AP Join statistics, the last activity shows the controller receiving a Discovery Request and response is sent, but no further Config Request and response or Join Request and response.
Frankly a little stumped, we are re-engaging TAC, but thought that maybe someone in the community has run across this scenario before. 
I also thought that it may be good to upgrade to 7.4, just on spec.
As always any feedback, advice and comments are appreciated and welcome.
Thanks.

I just checked, and that world-mode command isn't even available on the radio interface, so it must only be available for Autonomous APs.  I wondered if that was the case.  I'd love to try the remote AP swap, but the closest remote site is about 2000km away.  may come to that.  I'll see if they have a spare lying around we can try that with.
When I look at the AP Join stats for a failed AP, theres a Discovery Request Received, and a Discovery Response sent, but nothing past that.
When I do a #show ap join stats detailed the reason for failure shows as "Unavailable"
I did confirm that all the working APs have a country code of CA, which makes sense if they just received that from the controller upon joining, so that may just be a rat-hole I'm chasing down.
We do see that traffic leave and come back across the edge firewall, so it must be traversing, just not the full process.  If it was blocked it should be totally blocked, not mid-way thru?

Similar Messages

  • Users are able /not able to join Flexconnect APs

    Hi Community ,
    I have 2504 controllers(.6) at central office and remote APs have joined the Controllers . Flexconnect is Up and working . Problem is I can see some users are able to connect to some flexconnect APs but not to some other APs in the remote side .
    What is the reason for this type of behavior ?

    You don't happen to have a topology do you? Are you saying you have 6 x 2504's? Why so many? Flex APs are they doing local switching? Do you have VLANs identified on all the FLEX APs? Are the FLEX APs connected to a switch port that allows trunking if they are doing local switching?  How are the clients authenticating central or local AAA server? 
    Really need a L2/L3 topology even pencil sketch to help answer this.
    ~ Please rate helpful post ~

  • Flexconnect AP not joining Controller

    Hi Community ,
    I have some flexconnect APs in remote side . But they are not able to join controller  5508 (7.6) and flexconnect is also showing down in PI.
    Any reason ??

    Hi Adam ,
    Thanks for your reply .
    Scenario is that we have 2 controllers in HQ . Controllers running  IOS code 7.6 . APs are 1242 LAP .  They were working fine just one week ago . But now I can see them they are not in the controller , though up . When I checked in PI , Flexconnect status showing down . Hope this will help .

  • How to Prevent or Block Rogue APs from Joining Your Wired or Wireless WLANs

    Hi all, I deployed a WLAN with 1 WLC 4400 and 5 1252AP. I do not see the way to Block Rogue APs from Joining the Wired or Wireless WLANs

    PART 1
    There are three parts to this:
    1. detect - automatic
    2. classify - by default APs are untrusted/unknown, various methods can be configured to classify them as trusted and threat (connected to wired network).
    3. over the air contain (aka mitigate) - in 4.x this is manual, in 5.x you can configure auto-containment
    First you need to detect. WLC does this automatically out of the box. It listens the air for unknown APs, clients and ad-hocs. Are you seeing Rogue APs under Monitor > Rogues > Rogue APs?
    Next, you can manually classify rogue APs as "known" (internal or external). Starting with 5.0 you can also build rogue rules based on RSSI, SSID, Clients, etc. If an AP is classified as "known" (internal or external), WCS stops alerting you.
    Another key classification piece is to detect whether or not the rogue AP is physically connected to your network which is a high security risk. There are three ways WLC can detect it and neither of them is automatic. You must configure these methods manually.
    1. Rogue AP Detector, aka ARP sniffing. You have to dedicate one AP as "Rogue Detector" (change AP mode from local to rogue detector). Configure the port the AP is connected to as switchport mode trunk (normally it's switchport mode access). Rogue Detector AP turns off and doesn't use its radios. When WLC detects rogue APs it can also detect the MAC addresses of any clients associated to that rogue APs, and the rogue detector AP simply watches each hardwire trunked VLAN for ARP requests coming from those rogue AP clients. If it sees one, WLC automatically classifies the rogue AP as "threat" indicating that the rogue AP is physically connected to your network. It doesn't actually do anything with the rogue AP, it simply classifies it and alerts you. Also, keep in mind that this method doesn't work if the rogue AP is a Wireless Router, because Wireless Routers NAT and ARP requests don't propagate to the wire.
    2. RLDP. Rogue Location Discovery Protocol. This feature is by default turned off and can be enabled under Security > Wireless Protection Policies > Rogue Polices. This feature works only when the rogue SSID is open, meaning that it's not using WEP/WPA/802.1x. When you enable RLDP, your WLC will pick some AP (you can't pick manually) which hears Rogue AP traffic, it will temporarily shut off its radio, turn it into a client, and instruct it to associate to the Rogue AP as client (this is where the requirement comes in for the Rogue SSID to be open authentication). Once associated, AP gets a DHCP IP through Rogue AP, it then sends a special small UDP port 6352 RLDP packet to every possible WLC's IP address (mgmt ip, ap manager ip, dynamic int IPs). If WLC gets one of those packets, it means that rogue AP is physically connected to your network. This method will work when Rogue AP is a Wireless Router. But this method is not recommended. It has an adverse effect on your wireless clients because RLDP AP goes offline for a period of time disconnecting your clients and forcing them to associate to another AP. Also, keep in mind, that WLC runs this RLDP process *once* per detected rogue AP. It doesn't periodically do this, it only does it once. In some later WLC versions, you can configure RLDP to run only on "monitor mode" APs, eliminating impact on your clients. Also, you can manually trigger RLDP for a rogue AP from CLI "config rogue ap rldp initiate ". You can "debug dot11 rldp" to see the process.
    3. Switchport Tracing (need WCS, and WLC 5.1). This is a later feature that requires WCS. You can add your Catalyst switches to WCS, and WCS will look at CDP information and MAC tables on your switches to detect whether or not Rogue AP is connected to your network. This works with secured and NAT rogues. You can also *manually* instruct WCS to shut down the switchport that Rogue AP is connected to.

  • APs not joining controller errors

    I keep getting errors on different APs not joining controllers:
    Jan  5 15:54:40.097: %CAPWAP-3-ERRORLOG: Go join a capwap controller
    *Jan  5 15:54:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.x.x.x peer_port: 5246
    *Jan  5 15:54:40.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
    *Jan  5 15:54:41.778: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.x.x.x  peer_port: 5246
    *Jan  5 15:54:41.780: %CAPWAP-5-SENDJOIN: sending Join Request to 10.x.x.x
    *Jan  5 15:54:41.780: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
    *Jan  5 15:54:41.787: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.x.x.x
    *Jan  5 15:54:41.788: %DTLS-5-PEER_DISCONNECT: Peer 10.x.x.x  has closed connection.
    *Jan  5 15:54:41.788: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.x.x.x :5246.
    Any ideas?  I'm not sure why the peer is disconnecting the connection.  The controller that is linked to It happens on 1242 and 1231 APs mostly.  I've had it happen on a 1142 and 1252 once, but after a reboot it joined fine.
    I'm running 6.0.188.0 on 6 WISMs.  The ap-manager that these APs keep trying to join only has 5 APs on it.

    Can you get a sniffer trace of the port-channel to one of the WiSM, and if possible, the console of the AP?  Also, check the MAC address of the AP(s) that are not joining to see if they start with something other than 00:, you may also want to check the MAC of the gw for those AP for the same thing.
    The defect I'm thinking of is CSCte01087

  • AVC, Netflow and Flexconnect APs

    Hi all,
    I have few questions - if anybody was solving the same problem.
    My situation : few branches with Flexconnect APs (in every of them). APs are set for some SSIDs as locally switched (to save WAN connectivity) and some are centrally switched. WLC code 7.4.
    I was very looking forward to implement AVC. AVC works fine but only on centrally switched SSID - this is a big problem.
    Is there any chance how to export traffic info for locally switched SSID?
    I was wondering if LAP can serve as Netflow source (when I'm unable to see AVC data)?
    Any idea?
    Thnx

    HI,
    First: AVC will not work if  you have locally swicthed.
    if you checked the local switching under the SSID, then the AP will handle the traffic on its own, without sending the packets to the WLC, hence the WLC does not know what the users are using.
    2nd : http://mrncciew.com/2013/02/12/configuring-netflow-on-wlc-7-4/
    Reagrds

  • "P2P Blocking" with different Flexconnect APs

    Hello,
    Does the "P2P Blocking" feature work for clients connected to different Flexconnect APs?
    In my case, apparently it doesn't work.
    We have 2 APs in Flexconnect Mode, an SSID with the "P2P Blocking" option set to drop and when we connect a client to one of the APs and another client to the other AP, these clients have visibility between them.
    Is that possible?
    Thank you.

    I think when this feature (P2P blocking) was added, there were no concept of interface groups, etc to map multiple vlan to same SSID. When additional features added the original P2P blocking was not optimized to work in all these scenario.
    This is a one feature I am not trusting well. I think it has drawbacks like what you found. Haven't tested in detail, but heard lots of issues with this feature.
    Open a TAC & confirm with them what is the expected behaviour in your situation
    HTH
    Rasika

  • APs not joining controller

    I upgraded a controller yesterday 5508 it went from a low code version 6.x to 6.0.196.0 then to 7.0.116.0. However although all the access points joined code 6.0.196.0 they refused to join 7.0.116.0. The aps are all 1242s.
    The country codes etc were all fine so I do not understand what was going on.
    Any ideas?
    *spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.734: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Request from 10.0.0.183:55065
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:44.735: 00:3a:99:db:f3:20 Discovery Response sent to 10.0.0.183:55065
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discovery Request from 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:45.308: 00:3a:99:db:fa:20 Discovery Response sent to 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Discovery Request from 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.309: 00:3a:99:db:fa:20 Discovery Response sent to 10.0.0.95:55080
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discovery Request from 10.0.1.232:20023
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discovery Response sent to 10.0.1.232:20023
    *spamApTask0: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:45.511: 00:13:c3:e1:4c:e0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Discovery Request from 10.0.1.232:20023
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:45.512: 00:13:c3:e1:4c:e0 Discovery Response sent to 10.0.1.232:20023
    *spamApTask4: Jun 26 16:07:46.516: 00:3a:99:db:fa:10 DTLS connection not found, creating new connection for 10:0:0:101 (55079) 10:0:1:45 (5246)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:101/55079)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 No entry exists for AP (10:0:0:101/55079)
    *spamApTask4: Jun 26 16:07:46.708: 00:3a:99:db:fa:10 No entry exists in database
    *spamApTask4: Jun 26 16:07:47.759: 00:3a:99:db:fa:a0 Discovery Request from 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.759: 00:3a:99:db:fa:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Response sent to 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Request from 10.0.0.184:55084
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask4: Jun 26 16:07:47.760: 00:3a:99:db:fa:a0 Discovery Response sent to 10.0.0.184:55084
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discovery Request from 10.0.1.239:20032
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discovery Response sent to 10.0.1.239:20032
    *spamApTask0: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:49.471: 00:13:c3:e1:4d:c0 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Discovery Request from 10.0.1.239:20032
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask7: Jun 26 16:07:49.472: 00:13:c3:e1:4d:c0 Discovery Response sent to 10.0.1.239:20032
    *spamApTask1: Jun 26 16:07:52.222: 00:13:c3:e1:4d:80 Discovery Request from 10.0.1.230:20027
    *spamApTask1: Jun 26 16:07:52.222: 00:13:c3:e1:4d:80 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discovery Response sent to 10.0.1.230:20027
    *spamApTask0: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask0: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Discovery Request from 10.0.1.230:20027
    *spamApTask1: Jun 26 16:07:52.223: 00:13:c3:e1:4d:80 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.224: 00:13:c3:e1:4d:80 Discovery Response sent to 10.0.1.230:20027
    *spamApTask5: Jun 26 16:07:52.267: 00:3a:99:da:c7:70 DTLS connection not found, creating new connection for 10:0:0:181 (34152) 10:0:1:45 (5246)
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discovery Request from 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask0: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Received LWAPP DISCOVERY REQUEST to e8:b7:48:9b:86:4f on port '13'
    *spamApTask1: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discovery Response sent to 10.0.0.182:55099
    *spamApTask0: Jun 26 16:07:52.274: 00:3a:99:db:ff:20 Discarding discovery request in LWAPP from AP supporting CAPWAP
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Discovery Request from 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =0
    *spamApTask1: Jun 26 16:07:52.275: 00:3a:99:db:ff:20 Discovery Response sent to 10.0.0.182:55099
    *spamApTask1: Jun 26 16:07:52.306: 00:3a:99:db:f2:40 DTLS connection not found, creating new connection for 10:0:0:100 (55069) 10:0:1:45 (5246)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:181/34152)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 No entry exists for AP (10:0:0:181/34152)
    *spamApTask5: Jun 26 16:07:52.463: 00:3a:99:da:c7:70 No entry exists in database
    *spamApTask1: Jun 26 16:07:52.501: 00:3a:99:db:f2:40 DTLS connection closed event receivedserver (10:0:1:45/5246) client (10:0:0:100/55069)
    *spamApTask1: Jun 26 16:07:52.502: 00:3a:99:db:f2:40 No entry exists for AP (10:0:0:100/55069)
    *spamApTask1: Jun 26 16:07:52.502: 00:3a:99:db:f2:40 No entry exists in database

    Something "weird" is on the newest 7.0.X.  Here's my situation:
    1.  It doesn't happen to all new APs.  When I mean "new", I mean out from a box including APs from RMA.
    2.  I've seen this in 1240, 1250, 1140.  Haven't seen it on a 3500.
    3.  Here's how it goes ... When the AP, fresh from a box, connects to the networks, sees the WLC/WiSM and downloads the full IOS (OK so far).  After the reboot the AP in question loads the new IOS and shows up in the WLC/WiSM.  When I check CDP neighbors, NOTHING.  What the ... ?
    4.  Go to the switch and do command "sh cdp neighbor" and what do I get?  NOTHING.
    5.  Check PoE and show that it's IEEE.
    For unknown reason, APs in this "trance" shuts off the CDP.  I currently have a Cisco TAC Case trying to iron out this "feature".  Doesn't appear on the 7.0.96.0 but happens to the newer one.

  • APs not joining

    So today has been a disaster. I have 11 Cisco Aironet APs connected to a Cisco WLC 4402 running 7.0.235.3. When we lost power to the controller over the weekend I only had 8 come back. In the AP join log three of them were saying"Layer 3 discovery request not received on management VLAN". Mind you they were working before the power went out. So one of my colleagues advised me to shut down the controller, disable the switch ports the AP's are plugged into, restart the controller, and then reenable the ports on the switch. Well now I only have three. The rest get the same error message I mentioned before. I also tried disabled and reenabled the DHCP scope they work on as well. Like I said they were all working before the power went out. Can anyone help?

    Nothing is wrong.  That message simply means, that there was an LWAPP request and the code the AP is on is CAPWAP.  This happens in case you have a WLC on older code, but get/convert one with newer code.
    Is the dhcp server for the AP management network in another vlan and you have ip helper-address configured?
    How are you doing your Discovery?  L2 forwarding, option 43? 
    I think you may have to upgrade the code on your controller to support your aps... or downgrade the code on the aps manually before attempting the join process with your controller.
    What model # AP ?

  • APs not joining 5508 on dynamic ports created manualy

    Hey all,
    i have a problem with our new 5508 wireless controller (7.0.116.0).
    Port 1 is the system default "management" (Port 2 is backup). Dynamic AP Management is disabled.
    Port 3 is a new dynamic interface "ap-manager 2" with Dynamic AP Management enabled and has a ip in a seperated VLAN which is not routed.
    When i am connecting the AP (1260 series) to the "ap-manager 2" interface, then it will not join and i get an error message on the WLC:
    *spamApTask1: Mar 05 14:52:12.783: %CAPWAP-3-DISC_INTF_ERR1:
    capwap_ac_sm.c:1453 Ignoring discovery request received on non-management
    interface (3) from AP
    When i am connecting the AP to the "management2 interface, then it is working fine. But i don't want the APs in the Management LAN. I want them in the separated no routed LAN explicit for the APs.
    What do i miss here.
    Thanks a lot.
    Regards
    Matthew

    Hmmm...but i found follwoing in the documentation:
    The AP-manager interface's IP address must be different from the management interface's IP address and may or may not be on the same subnet as the management interface. However, we recommend that both interfaces be on the same subnet for optimum access point association.
    I want the APs in a separated non routed LAN because of security reasons. Why set APs into the management LAN when they only need to communicate with the controller?
    But if there is no way to do that, then i need to redesign the plans for the WLAN structure.
    Thanks
    Matthew

  • Cisco APs not joining WLC

    Hi guys,
    I am in the process of configuring a WLC and got stuck due to APs are not joining the WLC.
    I have configure DHCP server on the Gateway router and the WLC management interface is pointing to the Gateway as DHCP Server.
    I have multiple Dynamic interfaces configured on the WLC and Interface group has been configured and mapped to Management Interface.
    For each WLAN, a separate DHCP pool has been created on the router.
    LAG has been configured and working fine. Connectivity works fine in the network and I can ping all devices and vlans from WLC.
    Now, the APs are not joining the WLC. The error I am getting
    " 44:03:a7:f1:b4:40 Received a Discovery Request from 44:03:A7:F1:B4:40 via IP broadcast address but the source IP address (10.xx.xx.xx) is not in any of the configured subnets. Dropping it "
    Some one help me troubleshooting this issue with DHCP IP Assignment.
    Thanks,
    CJ

    If you are using Broadcast method to discover WLC to AP then you need to ensure following is correctly configured.
    1. Unders the switch SVI defined for AP-management (10.38.11.x) you have to configure "ip helper-address "
    2. In switch global config "ip forward-protocol udp 5246"
    Refer this for more detail
    http://mrncciew.com/2013/05/04/wlc-discovery-via-broadcast/
    There are other methods available as well (static, DNS, DHCP option 43) for the WLC discovery purpose. To verify there is no configuration issues at WLC end, you can simply configure the WLC details on AP statically & check wether AP get register to WLC. To do this you can enter following CLI commands on AP console priviledge mode.
    debug capwap console cli
    capwap ap ip address 10.38.11.x 255.255.255.x
    capwap ap ip default-gateway 10.38.11.y
    capwap ap controller ip address
    In this way your AP should get registered to WLC (if no config issue at WLC end). Refer this for more detail
    http://mrncciew.com/2013/03/17/ap-registration/
    If you have so many APs, then as Steve pointed configuring DHCP-Option 43 would be a good option
    Regards
    Rasika
    **** Pls rate all useful responses ****

  • APs not joining WLC

    Hello community,
    I hope you can help me with my problem.
    I have a vWLC Firmware version: 7.4.121.0, I have also Aironet 1700Aps
    I have successfully configured wlc with service and management interface. In the management network I can ping the vWLC managenemt interface as well the APs in this network. The firewall is also the DHCP Server for the management network. (It is working because APs get an IP address) The problem is the APs are not joining the vWLC. This is my first time I use WLC and APs. So they are completely new and not used before.
    Here is the debug output of vWLC:
    ApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa580 for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.997: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:07.998: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.004: 84:80:2d:bd:fa:1e DTLS connection not found, creating new connection for 192:168:200:10 (57250) 192:168:200:3 (5246)
    *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e DTLS Session established server (192.168.200.3:5246), client (192.168.200.10:57250)
    *spamApTask4: Feb 11 16:31:08.472: 84:80:2d:bd:fa:1e Starting wait join timer for AP: 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Join Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:1e Deleting AP entry 192.168.200.10:57250 from temporary database.
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Finding DTLS connection to delete for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 Disconnecting DTLS Capwap-Ctrl session 0x8faa720 for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.477: 84:80:2d:bd:fa:10 CAPWAP State: Dtls tear down
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 DTLS connection closed event receivedserver (192:168:200:3/5246) client (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 Entry exists for AP (192:168:200:10/57250)
    *spamApTask4: Feb 11 16:31:08.479: 84:80:2d:bd:fa:10 No AP entry exist in temporary database for 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.515: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 11 16:31:08.516: 84:80:2d:bd:fa:10 Discovery Response sent to 192.168.200.10:57250
    *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Received LWAPP DISCOVERY REQUEST to 40:4a:03:79:d7:20 on port '1'
    *spamApTask0: Feb 11 16:31:08.516: 84:80:2d:bd:fa:1e Discarding discovery request in LWAPP from AP supporting CAPWAP
    Sadly I don`t have a debuging cable for the APs. Therefore I have no debuging output of the APs. (It is ordered ;-) )
    But I hope the output of the APs is right now not important to solve this problem.
    Thank you
    //EDIT
    On the firewall are no ports blocked

    Okay I upgraded the vWLC to 8.0.110.0.
    I looked in the event log of the vWLC. It was successfully discovered and also the new image version was send to the AP.
    Sadly the Ap does not join to the vWLC.
    *apfReceiveTask: Feb 12 09:53:35.640: WARP IEs: (12)
    *apfReceiveTask: Feb 12 09:53:35.640:      [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
    *apfReceiveTask: Feb 12 09:53:35.640: Wlan Feature status 0 for  AP:84:80:2d:45:75:e0 (slotID 1)
    *apfReceiveTask: Feb 12 09:53:35.640: Split tunnel status (Disabled) encoded in the vap payload for WLAN(1), AP:84:80:2d:45:75:e0 (slotID 1)
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Configuration Status from 192.168.200.10:57251
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 CAPWAP State: Configure
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP info for AP 84:80:2d:45:75:e0 -- static 0, 192.168.200.10/255.255.255.0, gtw 192.168.200.3
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Updating IP 192.168.200.10 ===> 192.168.200.10 for AP 84:80:2d:45:75:e0
    *spamApTask5: Feb 12 09:53:35.789: 84:80:2d:45:75:e0 Invalid length (9) countedlen 6 sizeUserPayload 277 for vendor-specific element 0x00409600-unknown (185) from AP  84:80:2D:45:75:E0
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Setting MTU to 1485
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Finding DTLS connection to delete for AP (192:168:200:10/57251)
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 Disconnecting DTLS Capwap-Ctrl session 0xb947000 for AP (192:168:200:10/57251)
    *spamApTask5: Feb 12 09:53:35.790: 84:80:2d:45:75:e0 CAPWAP State: Dtls tear down
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 DTLS connection closed event receivedserver (192.168.200.3/5246) client (192.168.200.10/57251)
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 Entry exists for AP (192.168.200.10/57251)
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
    *spamApTask5: Feb 12 09:53:35.791: update ap status:84:80:2d:45:75:e0 ,index:60
    *spamApTask5: Feb 12 09:53:35.791: 84:80:2d:45:75:e0 No AP entry exist in temporary database for 192.168.200.10:57251
    *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 0
    *apfReceiveTask: Feb 12 09:53:35.792: 84:80:2d:45:75:e0 Deregister LWAPP event for AP 84:80:2d:45:75:e0 slot 1
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 12 09:53:35.918: apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.918: apType = 45 apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
    *spamApTask4: Feb 12 09:53:35.918: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Request from 192.168.200.10:57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 200, joined Aps =0
    *spamApTask4: Feb 12 09:53:35.919: apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.919: apType = 45 apModel: AIR-CAP702I-C-K9
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10 port 57250
    *spamApTask4: Feb 12 09:53:35.919: 84:80:2d:45:75:e0 Discovery Response sent to 192.168.200.10:57250
    Sadly I don`t understand what this debugging log says :-(
    Maybe you can help me again
    Thank you
    //SOLUTION -----------------------------------------------------------------------------------------------------------------------------------------------------------
    I found something on the internet, but for all people having also this problem here is the solution:
    Change the country of your vWLC. Right now I am in China, so I changed it and then it was working flawlessly :-)
    Step 1  
    Disable the 802.11 networks as follows:
    Choose Wireless > 802.11a/n > Network.
    Unselect the 802.11a Network Status check box.
    Click Apply.
    Choose Wireless > 802.11a/n > Network.
    Unselect the 802.11b/g Network Status check box.
    Click Apply.
    Step 2  
    Choose Wireless > Country to open the Country page.
    Thank you all for your help :-)
    Paul

  • APs not Join WiSM

    Hello, I am Claudio
    I have problems with register the APs in the module WiSM, the AP join statistics is null.
    The IPs from APs are local DHCP in the module.
    The softtware version in the WiSM is 7.0.116. The APs are 1140. The IOS version on the Cat6500 is 12.2.33SXI4a.
    Some of you had a similar problem.
    Thanks, best regards

    The option 43 is......
    ip dhcp pool APs
    network 172.23.24.0 255.255.255.0
    default-router 172.23.24.1
    option 43 hex f108ac140194ac140196
    The problem is not the option 43, the problem is between the module WiSM and SUP720.
    I Replace WiSM for a WLC4402 and APs were recorded without problems
    debug WiSM.....
    URA_NUNOA_SW_6500_CLH#
    Aug 31 16:27:20.818: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1
    Aug 31 16:27:20.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d                            22
    Aug 31 16:27:20.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2
    Aug 31 16:27:20.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58                            e2
    Aug 31 16:27:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1
    Aug 31 16:27:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2
    Aug 31 16:27:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1
    Aug 31 16:27:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2
    Aug 31 16:28:00.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2
    Aug 31 16:28:00.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58                            e2
    Aug 31 16:28:00.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1
    Aug 31 16:28:00.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d                            22
    Aug 31 16:28:15.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1
    Aug 31 16:28:15.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2
    Aug 31 16:28:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1
    Aug 31 16:28:35.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2
    Aug 31 16:28:40.818: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd2f.2d22 for slot/port 2/1
    Aug 31 16:28:40.818: WiSM-Evt:dman_reg_arp_added: cntrl 2/1 got an ip 172.20.1.178 68ef.bd2f.2d22/68ef.bd2f.2d22
    Aug 31 16:28:40.822: WiSM-Evt:dman_cntrl_db_search_by_mac: Found mac 68ef.bd30.58e2 for slot/port 2/2
    Aug 31 16:28:40.822: WiSM-Evt:dman_reg_arp_added: cntrl 2/2 got an ip 172.20.1.179 68ef.bd30.58e2/68ef.bd30.58e2
    Aug 31 16:28:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/1
    Aug 31 16:28:55.822: WiSM-Evt:dman_proc_keepalive_tmr_handler: keepalive timer expired for 2/2

  • 3502i APs not joining controller

    So basically my infrastructure consists of four 4402 WLCs running on 7.0.235.3. I'm trying to get new access points to join to the environment, but I am having difficulty doing so. All currently joined APs work fine and are operating well. I'm getting a red, green, off blink code which means it's trying to join, but never does. The other one I get a constantly blinking green but it never joins either. I've setup option 43 in DHCP, added cisco-capwap-controller entries in DNS thinking it was because those are missing, and still cannot get these two access points to join. Can anyone think why it would not be joining?
    The access points and WLC are all on the Same VLAN by the way.

    Hello,
    In a Cisco Unified Wireless network, the LAPs  must first discover and       join a WLC before they can service wireless clients.
    Originally, the controllers only operated in Layer 2 mode. In Layer  2       mode, the LAPs are required to be on the same subnet as the management       interface and the Layer 3 mode AP-manager interface is not present on  the       controller. The LAPs communicate with the controller using Layer 2       encapsulation only (ethernet encapsulation) and do not Dynamic Host       Configuration Protocol (DHCP) an IP address.
    When Layer 3 mode on the controller was developed, a new Layer 3       interface called AP-manager was introduced. In Layer 3 mode, the LAPs  would       DHCP an IP address first and then send their discovery request to the       management interface using IP addresses (Layer 3). This allowed the  LAPs to be       on a different subnet than the management interface of the controller.  Layer 3       mode is the dominate mode today. Some controllers and LAPs can only  perform       Layer 3 mode.
    However, this presented a new problem: how did the LAPs find the       management IP address of the controller when it was on a different  subnet?
    In Layer 2 mode, they were required to be on the same subnet. In  Layer       3 mode, the controller and LAP are essentially playing hide and seek  in the       network. If you do not tell the LAP where the controller is via DHCP  option 43,       DNS resolution of "Cisco-lwapp-controller@local_domain", or statically       configure it, the LAP does not know where in the network to find the  management       interface of the controller.
    In addition to these methods, the LAP does automatically look on  the       local subnet for controllers with a 255.255.255.255 local broadcast.  Also, the       LAP remembers the management IP address of any controller it joins  across       reboots. Therefore, if you put the LAP first on the local subnet of  the       management interface, it will find the controller's management  interface and       remember the address. This is called priming. This does not help find  the       controller if you replace a LAP later on. Therefore, Cisco recommends  using the       DHCP option 43 or DNS methods.
    When the LAPs discover the controller, they do not know if the       controller is in Layer 2 mode or Layer 3 mode. Therefore, the LAPs  always       connect to the management interface address of the controller first  with a       discovery request. The controller then tells the LAP which mode it is  in the       discovery reply. If the controller is in Layer 3 mode, the discovery  reply       contains the Layer 3 AP-manager IP address so the LAP can send a join  request       to the AP-manager interface next.
    Note: By default both management and AP-manager interfaces are  left           untagged on their VLAN during configuration. In case these are tagged,  make           sure they are tagged to the same VLAN in order to properly receive  discovery           and join response from the WLC.
    The LWAPP AP goes through this process on startup for Layer 3       mode:
    The LAP boots and DHCPs an IP address if it was not previously           assigned a static IP address.
    The LAP sends discovery requests to controllers through the various           discovery algorithms and builds a controller list. Essentially, the  LAP learns           as many management interface addresses for the controller list as  possible via:
    DHCP option 43 (good for global companies where offices and             controllers are on different continents)
    DNS entry for             cisco-capwap-controller (good for local             businesses - can also be used to find where brand new APs join)
    Note: If you use CAPWAP, make sure that there is a DNS entry for                 cisco-capwap-controller.
    Management IP addresses of controllers the LAP remembers             previously
    A Layer 3 broadcast on the subnet
    Over the air provisioning
    Statically configured information
    From this list, the easiest method to use for deployment is to  have           the LAPs on the same subnet as the management interface of the  controller and           allow the LAP’s Layer 3 broadcast to find the controller. This method  should be           used for companies that have a small network and do not own a local  DNS           server.
    The next easiest method of deployment is to use a DNS entry with           DHCP. You can have multiple entries of the same DNS name. This allows  the LAP           to discover multiple controllers. This method should be used by  companies that           have all of their controllers in a single location and own a local DNS  server.           Or, if the company has multiple DNS suffixes and the controllers are  segregated           by suffix.
    DHCP option 43 is used by large companies to localize the  information           via the DHCP. This method is used by large enterprises that have a  single DNS           suffix. For example, Cisco owns buildings in Europe, Australia, and  the United           States. In order to ensure that the LAPs only join controllers  locally, Cisco           cannot use a DNS entry and must use DHCP option 43 information to tell  the LAPs           what the management IP address of their local controller is.
    Finally, static configuration is used for a network that does not           have a DHCP server.You can statically configure the information  necessary to           join a controller via the console port and the AP’s CLI. For  information on how           to statically configure controller information using the AP CLI, refer  to           Manually            Configuring Controller Information Using the Access Point CLI.
    For a detailed explanation on the different discovery algorithms  that           LAPs use to find controllers, refer to           LAP            Registration with WLC.
    For information on configuring DHCP option 43 on a DHCP server,  refer           to           DHCP            OPTION 43 for Lightweight Cisco Aironet Access Points Configuration           Example.
    Send a discovery request to every controller on the list and wait  for           the controller's discovery reply which contains the system name,  AP-manager IP           addresses, the number of APs already attached to each AP-manager  interface, and           overall excess capacity for the controller.
    Look at the controller list and send a join request to a controller           in this order (only if the AP received a discovery reply from it):
    Primary Controller system name (previously configured on             LAP)
    Secondary Controller system name (previously configured on             LAP)
    Tertiary Controller system name (previously configured on             LAP)
    Master controller (if the LAP has not been previously configured             with any Primary, Secondary, or Tertiary controller names. Used to  always know             which controller brand new LAPs join)
    If none of the above are seen, load balance across controllers             using the excess capacity value in the discovery response.
    If two controllers have the same excess capacity, then send the             join request to the first controller that responded to the discovery  request             with a discovery response. If a single controller has multiple  AP-managers on             multiple interfaces, choose the AP-manager interface with the least  number of             APs.
    The controller will respond to all discovery requests without             checking certificates or AP credentials. However, join requests must  have a             valid certificate in order to get a join response from the  controller. If the             LAP does not receive a join response from its choice, the LAP will  try the next             controller in the list unless the controller is a configured  controller             (Primary/Secondary/Tertiary).
    When it receives the join reply, the AP checks to make sure it has           the same image as that of the controller. If not, the AP downloads the  image           from the controller and reboots to load the new image and starts the  process           all over again from step 1.
    If it has the same software image, it asks for the configuration  from           the controller and moves into the registered state on the controller.
    After you download the configuration, the AP might reload again to           apply the new configuration. Therefore, an extra reload can occur and  is a           normal behavior.

  • 1041N APs not joining 2100 WLC

    Hopefully this will be an easy solution for some of you.
    I have two LAP1041N APs I am trying to setup on a new 2100 WLC (7.0.116.0).  THe APs will blink green fast; then go to a green, red, blue cycle for a min or so; then back to blinking green fast.  Not sure what else to try here.
    Thanks for the help.

    Please use a L2/ L3 switch
    For a L2 swith the AP and WLC must be on the same VLAN iof the  L2 switch
    For AP:
    config t
    int gig 0/1
    swithport access native vlan 1( for ex)
    switchport mode access
    no shut
    For WLC :
    config t
    int gig 0/2
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    no shut
    For L3 switch you can assign vlan interfaces :
    http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080665cdf.shtml#wlc
    Also here is the link to the discovery process:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
    Thanks,
    Tuhin

Maybe you are looking for

  • MOD files in FCE?

    How can I get FCE to read MOD files? (from a Canon FS11)

  • Classes and object exercise! help!

    I'm really really new to JAVA... don't even know how to make a single line of code that will run. I have this exercise that wants me to.... creat a MySavings application that displays a menur of choices for entering pennies nickels, dimes and quarter

  • How Do I Fix This? Error Message After Submitting Podcast

    I want to submit a podcast, but after entering my feed this message appears "Invalid XML: Error on Line 661: The Processing Instruction Target matching "[xX][mM][IL]" Is Not Allowed" What do I do?

  • Usage Decision Issue

    Dear All, when i try to make a Usage Decision in the Development Server after i put the Usage Decision Code it get saves automatically. There the status Inspection Lot is 2. When i try to make the UD in the Quality Server after i put the Usage Decisi

  • MacBook Pro Retina 13" - Can i upgrade the dual-core i7 to quad-core i7 CPU?

    MacBook Pro Retina 13" - Can i upgrade the dual-core i7 to quad-core i7 CPU?  (obviously not talking about BTO, but about "self-service" upgrade ...)