Issues adding a second 4402 wireless controller
I currently have 1 4402 wirless controller that is controlling the 17 APs I have in our corporate office and 18 APs we have in a warehouse 10 miles away. The warehouse has all of the APs set to H-REAP so that they can connect across the WAN to reach the controller.I have purchased a second 4402 and have placed the controller at the warehouse to handle all traffic out at that site and to relieve issues we have when the WAN gets saturated.
I have configured the 4402 at the Warehouse with the same basic setup as the first controller (well, different IP and different VLAN and different SSIDs so I can tell I am on the new one easily). The problem I am having is that I cannot get any of the access points to log onto the second controller. All access points still show up on the first controller.
To reach the first controller I had placed the information in the WIndows DHCP scope (Option 241 I believe) to talk to the first controller. I have change dthat to point to the second controller but that does not help. I saw that the first controller was set to be the MAster, so I turned that off to no avail. I even created a new vlan, created the DHCP information, and then added the Access Points to the new VLAN. Still, they connect to the first controller.
Lastly, I logged into the APs and reset them to factory defaults. The APs still find the first controller.
Any ideas what I may be missing to have them hit the new controller?
Thanks much!
Dave
These are from the AP I am trying to join to the Controller and the logs on the Controller. Looks like I have a setting wrong somewhere on the Controller that I am just missing.
*Mar 1 00:00:05.066: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:06.275: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:06.370: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 144 messages)
*Mar 1 00:00:06.403: status of voice_diag_test from WLC is false
*Mar 1 00:00:07.429: STUB Called : crypto_ssl_init
*Mar 1 00:00:08.472: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:08.533: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 11:44 by prod_rel_team
*Mar 1 00:00:08.621: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:08.622: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:00:08.873: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:00:08.873: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:09.472: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:09.876: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:00:09.914: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
*Mar 1 00:00:09.927: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:00:10.331: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:16.997: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 172.16.12.60, mask 255.255.255.0, hostname ap
*Mar 1 00:00:27.497: status of voice_diag_test from WLC is false
*Mar 1 00:00:27.565: Logging LWAPP message to 255.255.255.255.
Translating "CISCO-CAPWAP-CONTROLLER.madden.com"...domain server (172.16.12.11)
*Mar 1 00:00:38.623: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.12.12 obtained through DHCP
Translating "CISCO-LWAPP-CONTROLLER.madden.com"...domain server (172.16.12.11)
*Mar 1 00:00:38.623: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:00:39.624: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Mar 1 00:00:39.626: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.madden.com
*Mar 1 00:00:39.629: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.madden.com
*Mar 1 00:00:50.632: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
*May 17 21:33:15.002: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 17 21:33:16.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
*May 17 21:33:16.824: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
*May 17 21:33:16.824: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 17 21:33:21.823: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
*May 17 21:33:21.825: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
*May 17 21:33:21.825: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
*May 17 21:33:21.826: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
*May 17 21:33:21.827: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 17 21:33:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.12.13 peer_port: 5246
*May 17 21:33:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 17 21:33:15.831: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.12.13 peer_port: 5246
*May 17 21:33:15.833: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
*May 17 21:33:15.833: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 17 21:33:20.832: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.12.13
*May 17 21:33:20.834: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.12.13
*May 17 21:33:20.834: %DTLS-5-PEER_DISCONNECT: Peer 172.16.12.13 has closed connection.
*May 17 21:33:20.834: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.12.13:5246
*May 17 21:33:20.836: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 17 21:33:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.1.105 peer_port: 5246
*May 17 21:33:13.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 17 21:33:14.937: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.1.105 peer_port: 5246
*May 17 21:33:14.939: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.1.105
*May 17 21:33:14.939: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 17 21:33:15.184: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 17 21:33:18.402: %CAPWAP-5-CHANGED: CAPWAP changed state to DOWN
*May 17 21:33:18.404: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 17 21:33:18.478: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller INWDPWC01
*May 17 21:33:18.547: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Guest added to the slot[0]
*May 17 21:33:18.572: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_Guest added to the slot[0]
*May 17 21:33:18.590: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Internal added to the slot[0]
*May 17 21:33:18.607: %LWAPP-3-CLIENTEVENTLOG: SSID LEX_HAND_SCANNERS added to the slot[0]
*May 17 21:33:18.632: %LWAPP-3-CLIENTEVENTLOG: SSID Madden_Zebra added to the slot[0]
*May 17 21:33:18.756: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*May 17 21:33:19.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
(Cisco Controller) >debug capwap events enable
(Cisco Controller) >debug capwap errors enable
(Cisco Controller) >debug pm pki enable
(Cisco Controller) >
(Cisco Controller) >*sshpmLscTask: May 17 16:30:44.379: sshpmLscTask: LSC Task received a message 4
*sshpmLscTask: May 17 16:32:44.380: sshpmLscTask: LSC Task received a message 4
*spamReceiveTask: May 17 16:33:14.641: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:14.642: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
*spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
*spamReceiveTask: May 17 16:33:14.643: 00:16:47:75:19:30 Discovery Response sent to 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Received LWAPP DISCOVERY REQUEST to 00:1b:d4:6b:bb:a0 on port '2'
*spamReceiveTask: May 17 16:33:14.644: 00:16:47:75:19:30 Discarding discovery request in LWAPP from AP supporting CAPWAP
*spamReceiveTask: May 17 16:33:25.638: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: called to get cert for CID 1824fb87
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.639: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
*spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.640: sshpmGetSshPrivateKeyFromCID: match in row 2
*spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: locking ca cert table
*spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*spamReceiveTask: May 17 16:33:25.793: sshpmGetIssuerHandles: calling x509_decode()
*spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
*spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: O=Cisco Systems, CN=Cisco Manufacturing CA
*spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
*spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
*spamReceiveTask: May 17 16:33:25.798: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.798: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.798: ssphmUserCertVerify: calling x509_decode()
*spamReceiveTask: May 17 16:33:25.806: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:25
*spamReceiveTask: May 17 16:33:25.806: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
*spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
*spamReceiveTask: May 17 16:33:25.807: sshpmGetIssuerHandles: getting cisco ID cert handle...
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.807: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: called with 0x31b5178c
*spamReceiveTask: May 17 16:33:25.808: sshpmFreePublicKeyHandle: freeing public key
*spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
*spamReceiveTask: May 17 16:33:27.455: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:27.460: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
*spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 MIC AP is not allowed to join by config
*spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 State machine handler: Failed to process msg type = 3 state = 0 from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:27.462: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.456: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
*spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x13869100 for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:32.457: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 State machine handler: Failed to process msg type = 3 state = 0 from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:32.459: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 172.16.12.60:28081)since DTLS session is not established
*spamReceiveTask: May 17 16:33:32.462: 00:16:47:75:19:30 DTLS connection not found, creating new connection for 172:16:12:60 (28081) 172:16:12:13 (5246)
*spamReceiveTask: May 17 16:33:32.462: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: called to get cert for CID 1824fb87
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: called to get key for CID 1824fb87
*spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.463: sshpmGetSshPrivateKeyFromCID: match in row 2
*spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: locking ca cert table
*spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*spamReceiveTask: May 17 16:33:32.614: sshpmGetIssuerHandles: calling x509_decode()
*spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1200-0015fae6db09, [email protected]
*spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: O=Cisco Systems, CN=Cisco Manufacturing CA
*spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Mac Address in subject is 00:15:fa:e6:db:09
*spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert Name in subject is C1200-0015fae6db09
*spamReceiveTask: May 17 16:33:32.619: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: called to get cert for CID 26a39b4a
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.619: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.619: ssphmUserCertVerify: calling x509_decode()
*spamReceiveTask: May 17 16:33:32.627: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (current): 2012/05/17/21:33:32
*spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/01/17/19:00:47
*spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/01/17/19:10:47
*spamReceiveTask: May 17 16:33:32.627: sshpmGetIssuerHandles: getting cisco ID cert handle...
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: called to evaluate
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.627: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: called with 0x31b53840
*spamReceiveTask: May 17 16:33:32.628: sshpmFreePublicKeyHandle: freeing public key
*spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 DTLS Session established server (172.16.12.13:5246), client (172.16.12.60:28081)
*spamReceiveTask: May 17 16:33:34.288: 00:16:47:75:19:30 Starting wait join timer for AP: 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:34.293: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Deleting AP entry 172.16.12.60:28081 from temporary database.
*spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 MIC AP is not allowed to join by config
*spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 State machine handler: Failed to process msg type = 3 state = 0 from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:34.294: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join Request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Join request received from AP which is already present. Deleting previous connection
172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Multiple Join Request: Join request received from AP which is already present. Deleting previous conne
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Finding DTLS connection to delete for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 Disconnecting DTLS Capwap-Ctrl session 0x138691e8 for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:39.289: 00:16:47:75:19:30 CAPWAP State: Dtls tear down
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection not found. Ignoring join request from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 State machine handler: Failed to process msg type = 3 state = 0 from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 Failed to parse CAPWAP packet from 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 DTLS connection closed event receivedserver (172:16:12:13/5246) client (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No entry exists for AP (172:16:12:60/28081)
*spamReceiveTask: May 17 16:33:39.291: 00:16:47:75:19:30 No AP entry exist in temporary database for 172.16.12.60:28081
*spamReceiveTask: May 17 16:33:39.292: 00:16:47:75:19:30 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 172.16.12.60:28081)since DTLS session is not established
Similar Messages
-
We recently purchased a second 5508 wireless controller (both licensed for 100+ AP's). What is the easiest way to configure and add the second controller so I can split the load between the 2 controllers and provide failover capability? I do not want to run in an active/standby mode since that will effectively cut our AP capacity by half even with both controllers running.
Should I just manually configure the new controller (long and drawn out process to configure all the parameters), backup the current controller configuration and import to the second controller (then change the ip address) or is their an easier way to cause the two controllers to synchronize the configurations?
We are currently running 7.0.240.0 on our active controller and I would rather not upgrade it until we get the new controller online so I can have less downtime and fail AP's between controllers.
What can you recommend?
JimI'm assuming then, when I update the software on the controllers I won't be able to choose which controller is primary for an AP anymore and will lose access to the 100 AP licenses (and the capability to have 100 AP's registered, 100 licenses on each Controller).
Read the Deployment Guide. It should mention that you can choose which controller is the "primary" and which one is the "secondary".
If I'm not concerned about quick failover can I still assign a primary and secondary controller for each AP and utilize all 200 AP licenses that are split between the 2 controllers?
You sure can. But this "old school" method is a very expensive method. Why? Because this means that you have two controllers with similar AP licenses. The newer AP SSO means one controller has a full license and the other has only an HA SSO license, which is a lot cheaper. -
Issues adding Oracle BI Suite Cluster Controller.
Using Enterprise Manager Grid Control (10.2.0.5) and trying to monitor Oracle BIEE? When trying to add an entire Oracle BI Suite EE, it cannot find the Cluster Controllers. Gives me the error Cluster Controller not found.
When I add them manually under each agent, it finds both of them. But it does not see the primary cluster controller as being up. Even though in OBIEE administration tool it identifies the cluster controller as running. I have already given the Agent User the proper Local Security Policy rights.
Any thoughts would be appreciated.Has anyone else encountered the issue?
-
4402 Wireless Controller - Source of IP Communications - what is it?
My client has a 4402 controller that seems to be the source of a TCP request on port 2006.
Their edge router is blocking the communication with an acl.
Here is two entries from the router log:
Apr 26 16:30:55: %SEC-6-IPACCESSLOGP: list from-inside denied tcp 192.168.1.5(2006) -> 66.227.171.165(64344), 3 packets
Apr 26 16:32:55: %SEC-6-IPACCESSLOGP: list from-college denied tcp 192.168.1.5(2006) -> 124.115.11.71(42315), 6 packets
192.168.1.5 is the management interface on the controller.
The destination is not always the same.
Any thoughts would be helpful.
Thanks,
FredWhat is the virtual IP address?
Definitely looks like that bug then since it is being sourced from the service IP:
CSCsw93671 Packets sourced from the service port sent from wlc when not connected
It has not been resolved yet. -
4402 Wireless Controller Supported AP's
Even though the main page says "25 access points supported" I cannot register more than 12. Where do I find the licensing information please?
Configure the port on the switch to trunk in dot1q encap and remove any vlans that will not be needed on the wireless network.
The default settings on the WLC should be fine.
You will have to go into each dynamic interface on the WLC and set the other port as the secondary, if not set already -
Wireless controller ha between wlc5508 and wlc 4402
We have 2 wlc: a wlc 5508 ( license 100 AP ) and wlc 4402 ( license 12AP).
We try to setup when 5508 down, 12 identify AP (important AP -Group A) will join 4402 and all other AP (not improtan AP -Group B)
wont joint wlc 4402.
First, all AP join wlc 5508, 2 WLC have same mobility group.
After that, we config 12 APs belongto group A have primary and secondary wlc, group B only has primary wlc.
When wlc 5508 down, some of APs of GroupA and some of APs of GroupB join wlc 4402. We test many times and we have differnet result each times.
is theare any way to resolve our problem?
Thanks.Just to add, make sure that the WLC is running the same code, if not, then make sure the ap is supported on the code that is running on the 5508. The issue with mixed code is the ap will upgrade and downgrade very time they switch to a different WLC.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App -
I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller
I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller. Would I need to make any changes on the 4402 WLAN Controller?
One options is to take a cisco autonmous access point and configure it as a WGB. And no, you would not have to do anything special to the WLC in thay deisgn. The WGB would act as a wireless client.
Make sense? -
Wireless Controller 4402 Crash
Hi,
I will make an abbreviation report about my case. My WLC 4402 was running 4.0.217.0 version. There are 18 access point work with local. It's work fine.
To a new project, we will add a access point 1522 and others 1242 to extend the range to a small building using mesh indoor (enterprise mesh).
To make this I read that I need use 5.2 version on WLC. So, I upgrade the WLC (locally) to release 4-2-176-0 and It's work fine (I don't install the new access points yet).
After, I upgrade the WLC to release 5-2-157-0 and install a 5-2-157-0-ER, according to document release. After reboot of new release 5.2, the WLC begin crash and reboot.
I make a downgrade to 4-2-176-0 because my client needed to work, and it's work fine.
In attached is the âtech-supportâ of Controller.
More one information! I too have a WCS that was with release 5.0.56.2 and I upgrade to 5.2.110, before upgrade the controller.
Sorry, because my English is not so good.
thanks
ClaudioIf you downgrade from one release to another, you may lose the configuration from your current release. The workaround is to reload the previous controller configuration files saved on the backup server or to reconfigure the controller.
Before upgrading your controller to software release 5.2 in a mesh network, check the boot variable setting before updating the boot. If the boot system image is visible, then no boot variable update is required. If the boot system image is missing, then you must update the boot variable. Refer the below URL for more information on how to check boot variable setting.
http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52mfw.html#wp1101710 -
Software Version Upgrade for Cisco 4402 Wireless Lan Controller
Hi,
We have Cisco 4402 Wireless Lan Controller with Software Version 3.2.171.6 and we want to upgrade it to latest version.
So can anyone please let me know the latest version to upgrade the WLC?
Also since WLC is running on very lower version is it possible to upgrade to the latest version directly or we have to move it step by step to upgrade this to latest version?
ThanksTake a look at the compatibility matrix below:
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
7.0.235 is the latest that you can go to:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_235_0.html
The release notes outline the upgrade process.
"Upgrade to 4.0.206.0 or later 4.0 release, then upgrade to 4.2.176.0, before upgrading to 7.0.235.0." -
Access-point 1131G registration issues on Wireless controller over Layer3 transport mode.
There are set of 1131G access points which belong to different segment than management couldn’t be registered on Wireless Controller (Catalyst 6509 WISM). However access points allocated in same range of management network is easily registering on controller. I have created AP-Manager interface which allowing Dynamic AP-Management. Once I’m creating dynamic interface on Controller which pointed to Layer3 interface of APs vlan, the controller starts deducting those access points as not-joined APs and displaying following messages. Please suggest.
Lwapp discovery request rejected.
Layer 3 discovery request not received on management VLAN.Hi Pankaj,
Here is the bug ID..
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCti54658
Please create a seperate Dynamic interafce and then see what happens as per the bug work around..
lemme know if this answered your question..
Regards
Surendra
====
Please dont forget to rate the post which answered your question or was usefull -
Hi!
I try to configure a Cisco 5508 Wireless controller and 25 Air-lap1041 to use as VoIP and data. I read documents, manuals, etc, but the AP doesn't charge the configuration, or not conect with the Wireless Controller, why? No Radius server present, only WPA security.howto, please...
I try to put a static ip in the LAP, with lwapp or capwap command, (LWAPP/CAPWAP ap ip address direccion mascara) and the AP returns "You should configure Domain and Name Server from controller CLI/GUI." and i can't change the name of the AP (Command is disabled).
Log from AP:
using ÿÿÿÿ ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x83000800, 0xc0000000
RQDC, RFDC : 0x80000037, 0x00000184
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is NOT up.
PCIE1 port 1 not initialize
PCIEx: initialization done
flashfs[0]: 6 files, 2 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 32385024
flashfs[0]: Bytes used: 2369024
flashfs[0]: Bytes available: 30016000
flashfs[0]: flashfs fsck took 21 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 44:2b:03:dc:09:25
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...###########################
File "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" uncompressed and installed, entr
y point: 0x4000
executing...
enet halted
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
flashfs[1]: 6 files, 2 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 32126976
flashfs[1]: Bytes used: 2369024
flashfs[1]: Bytes available: 29757952
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1041N-E-K9 (PowerPC405ex) processor (revision B0) with 98294K/32
768K bytes of memory.
Processor board ID FCZ1611W414
PowerPC405ex CPU at 333Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 7.0.94.21
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:2B:03:DC:09:25
Part Number : 73-14034-04
PCA Assembly Number : 800-34273-05
PCA Revision Number : A0
PCB Serial Number : FOC16075VZ3
Top Assembly Part Number : 800-34284-03
Top Assembly Serial Number : FCZ1611W414
Top Revision Number : A0
Product/Model Number : AIR-LAP1041N-E-K9
% Please define a domain-name first.
Press RETURN to get started!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:09.574: *** CRASH_LOG = YES
Base Ethernet MAC address: 44:2B:03:DC:09:25
*Mar 1 00:00:09.838: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log
(contains, 1024 messages)
*Mar 1 00:00:11.848: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Mar 1 00:00:11.892: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-RCVK9W8-M), Version 12.4(23c)JA, RELEA
SE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 01-Jun-10 12:53 by prod_rel_team
*Mar 1 00:08:16.954: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 1 00:08:28.047: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Mar 1 00:08:28.049: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:09:08.282: %CDP_PD-2-POWER_LOW: All radios disabled - LOW_POWER_CLASS
IC_NO_INJECTOR_CONFIGURED AIR-CT5508-K9 (c464.138f.9345)
*Mar 1 00:09:08.282: -Verify the required power-injector is installed on this
port: AIR-CT5508-K9(Gig 0/0/2).
*Mar 1 00:09:08.282: -If a power-injector is installed, issue the command:"pow
er inline negotiation injector installed"
*Mar 1 00:12:19.976: %CAPWAP-5-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Mar 1 00:12:29.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:39.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:49.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:12:59.994: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:09.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
Not in Bound state.
*Mar 1 00:13:19.993: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does
not have an Ip !!
*Mar 1 00:13:19.993: %CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
logs from wireless controller:
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
ap-manager 2 untagged 209.165.200.231 Dynamic Yes No
management 1 untagged 209.165.200.230 Static Yes No
service-port N/A N/A 192.168.1.157 Static No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
i conect with service-port ok and the management port works, i think.
AP442b.03dc.0925>ping 209.165.200.230
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.165.200.230, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
AP442b.03dc.0925>
Help, please!
i write in spanish:
Hola:
Tengo que configurar un cisco 5508 wireless controller con 25 air-lap1041n, para usarlo como acceso de datos y voz. ¿Cómo lo hago? He leído manuales, y seguido las instrucciones, pero el punto de acceso parace que no es capaz de cargar el perfil. No hay servidor radius, solo la configuración de una clave wpa. Alguién me puede indicar pasos, GraciasHi!
I buy a gigabit switch. I connect the service-port to gigabit switch, and laptop to gigabit switch. I used 192.168.1.x ip address (192.168.1.157 to service-port and 192.168.1.233 to wired port on laptop, well, the laptop has two ip adress, 192.168.1.233 and 209.165.200.2, and the laptop works ok. Ping to 209.165.200.230 -ip address of management interface- and ping to 209.165.200.203 -ip address for AP, is assigned by DHCP of WLC. And i connect the ap to gigabit switch, and the wlc assigns well an ip direction.
I post the run-config and sysinfo log. The gigabit switch is tp-link model tl-sg1005d, no configuration.
Before the logs, I see this message from AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Hola:
He comprado un switch gigabit. Conecto el service-port al switch gigabit y el portátil también (por cable). Uso como direcciones ip el rango 192.168.1.x (192.168.1.157 asignado al service-port y 192, 168.1.233 al portátil, bueno, el portátil tiene dos direcciones, la dicha anteriormente y la 209.165.200.2) El portátil funciona bien, hace ping al 209.165.200.230 - la ip de la management interface, y a 209.165.200.203 - ip asignada al AP por el DHCP del WLC. He conectado el AP al swtich gigabit, y el dhcp del wlc asigna correctamente una dirección ip.
Añado a continuación los resultados de los comandos "show run-config" y "show sysinfo". El switch es un TP-LINK modelo TL-S1005D, sin necesidad de configuración.
Antes de mostrar los resultados de los comandos, he visto el siguiente mensaje en el log del AP:
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
Un saludo
Antonio R.
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis" , DESCR: "Cisco Wireless Controller"
PID: AIR-CT5508-K9, VID: V02, SN: FCW1608L05X
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 17 mins 45 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Network Information
RF-Network Name............................. hosp
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
STP Admin Physical Physical Link Link
Pr Type Stat Mode Mode Status Status Trap POE SFPType
1 Normal Forw Enable Auto 1000 Full Up Enable N/A 1000BaseTX
2 Normal Disa Enable Auto Auto Down Enable N/A Not Present
3 Normal Disa Enable Auto Auto Down Enable N/A Not Present
4 Normal Disa Enable Auto Auto Down Enable N/A Not Present
5 Normal Disa Enable Auto Auto Down Enable N/A Not Present
6 Normal Disa Enable Auto Auto Down Enable N/A Not Present
7 Normal Disa Enable Auto Auto Down Enable N/A Not Present
8 Normal Disa Enable Auto Auto Down Enable N/A Not Present
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Location
Site Name........................................ default-group
Site Description.................................
WLAN ID Interface Network Admission Control
1 management Disabled
AP Name Slots AP Model Ethernet MAC Location
Port Country Priority GroupName
Press Enter to continue or to abort
AP Config
Press Enter to continue or to abort
Press Enter to continue or to abort
AP Airewave Director Configuration
Press Enter to continue or to abort
802.11a Configuration
802.11a Network.................................. Disabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
Press Enter to continue or to abort
802.11a Advanced Configuration
Press Enter to continue or to abort
802.11a Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
TxPower Update Logging......................... Off
Default 802.11a AP performance profiles
802.11a Global Interference threshold.......... 10 %
802.11a Global noise threshold................. -70 dBm
802.11a Global RF utilization threshold........ 80 %
802.11a Global throughput threshold............ 1000000 bps
802.11a Global clients threshold............... 12 clients
Default 802.11a AP monitoring
802.11a Monitor Mode........................... enable
802.11a Monitor Mode for Mesh AP Backhaul...... disable
802.11a Monitor Channels....................... Country channels
802.11a AP Coverage Interval................... 180 seconds
802.11a AP Load Interval....................... 60 seconds
802.11a AP Noise Interval...................... 180 seconds
--More or (q)uit current module or to abort
--More or (q)uit current module or to abort
802.11a AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
Coverage Hole Detection
802.11a Coverage Hole Detection Mode........... Enabled
802.11a Coverage Voice Packet Count............ 100 packets
802.11a Coverage Voice Packet Percentage....... 50%
802.11a Coverage Voice RSSI Threshold.......... -80 dBm
802.11a Coverage Data Packet Count............. 50 packets
802.11a Coverage Data Packet Percentage........ 50%
802.11a Coverage Data RSSI Threshold........... -80 dBm
802.11a Global coverage exception level........ 25 %
802.11a Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
--More or (q)uit current module or to abort
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 75 seconds ago
DCA Sensitivity Level.......................... STARTUP (5 dB)
DCA 802.11n Channel Width...................... 20 MHz
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11a 5 GHz Auto-RF Channel List
Allowed Channel List......................... 36,40,44,48,52,56,60,64
Unused Channel List.......................... 100,104,108,112,116,120,124,
128,132,136,140
DCA Outdoor AP option.......................... Disabled
Radio RF Grouping
802.11a Group Mode............................. AUTO
--More or (q)uit current module or to abort
802.11a Group Update Interval.................. 600 seconds
802.11a Group Leader........................... c4:64:13:8f:93:40
802.11a Group Member......................... c4:64:13:8f:93:40
802.11a Last Run............................... 75 seconds ago
802.11b Configuration
802.11b Network.................................. Enabled
11gSupport....................................... Enabled
11nSupport....................................... Enabled
802.11b/g Operational Rates
802.11b/g 1M Rate............................ Mandatory
802.11b/g 2M Rate............................ Mandatory
802.11b/g 5.5M Rate.......................... Mandatory
802.11b/g 11M Rate........................... Mandatory
802.11g 6M Rate.............................. Supported
802.11g 9M Rate.............................. Supported
802.11g 12M Rate............................. Supported
802.11g 18M Rate............................. Supported
802.11g 24M Rate............................. Supported
802.11g 36M Rate............................. Supported
802.11g 48M Rate............................. Supported
802.11g 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
--More or (q)uit current module or to abort
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mode................................. Disabled
--More or (q)uit current module or to abort
CF Poll Request mandatory........................ Disabled
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 1
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Call Admission Limit ........................... 105
G711 CU Quantum ................................. 15
ED Threshold..................................... -50
Fragmentation Threshold.......................... 2346
PBCC mandatory................................... Disabled
RTS Threshold.................................... 2347
Short Preamble mandatory......................... Enabled
Short Retry Limit................................ 7
Legacy Tx Beamforming setting.................... Enabled
Traffic Stream Metrics Status.................... Disabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
Faster Carrier Tracking Loop..................... Disabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admision Control (CAC) configuration
Voice AC - Admission control (ACM)............ Disabled
--More or (q)uit current module or to abort
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ 50
Video reserved roaming bandwidth.............. 0
802.11b Advanced Configuration
Press Enter to continue or to abort
802.11b Airewave Director Configuration
RF Event and Performance Logging
Channel Update Logging......................... Off
Coverage Profile Logging....................... Off
Foreign Profile Logging........................ Off
Load Profile Logging........................... Off
Noise Profile Logging.......................... Off
Performance Profile Logging.................... Off
Transmit Power Update Logging.................. Off
Default 802.11b AP performance profiles
802.11b Global Interference threshold.......... 10 %
802.11b Global noise threshold................. -70 dBm
802.11b Global RF utilization threshold........ 80 %
802.11b Global throughput threshold............ 1000000 bps
802.11b Global clients threshold............... 12 clients
Default 802.11b AP monitoring
802.11b Monitor Mode........................... enable
802.11b Monitor Channels....................... Country channels
802.11b AP Coverage Interval................... 180 seconds
802.11b AP Load Interval....................... 60 seconds
802.11b AP Noise Interval...................... 180 seconds
802.11b AP Signal Strength Interval............ 60 seconds
Automatic Transmit Power Assignment
Transmit Power Assignment Mode................. AUTO
Transmit Power Update Interval................. 600 seconds
Transmit Power Threshold....................... -70 dBm
Transmit Power Neighbor Count.................. 3 APs
Min Transmit Power............................. -10 dBm
Max Transmit Power............................. 30 dBm
Transmit Power Update Contribution............. SNI.
Transmit Power Assignment Leader............... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
Coverage Hole Detection
802.11b Coverage Hole Detection Mode........... Enabled
802.11b Coverage Voice Packet Count............ 100 packets
802.11b Coverage Voice Packet Percentage....... 50%
802.11b Coverage Voice RSSI Threshold.......... -80 dBm
802.11b Coverage Data Packet Count............. 50 packets
802.11b Coverage Data Packet Percentage........ 50%
802.11b Coverage Data RSSI Threshold........... -80 dBm
802.11b Global coverage exception level........ 25 %
802.11b Global client minimum exception lev.... 3 clients
Automatic Channel Assignment
Channel Assignment Mode........................ AUTO
Channel Update Interval........................ 600 seconds [startup]
Anchor time (Hour of the day).................. 0
Channel Update Contribution.................... SNI.
Channel Assignment Leader...................... c4:64:13:8f:93:40
Last Run....................................... 213 seconds ago
DCA Sensitivity Level: ...................... STARTUP (5 dB)
DCA Minimum Energy Limit....................... -95 dBm
Channel Energy Levels
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
Channel Dwell Times
Minimum...................................... unknown
Average...................................... unknown
Maximum...................................... unknown
802.11b Auto-RF Allowed Channel List........... 1,6,11
Auto-RF Unused Channel List.................... 2,3,4,5,7,8,9,10,12,13
Radio RF Grouping
802.11b Group Mode............................. AUTO
802.11b Group Update Interval.................. 600 seconds
802.11b Group Leader........................... c4:64:13:8f:93:40
802.11b Group Member......................... c4:64:13:8f:93:40
802.11b Last Run............................... 213 seconds ago
Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... hosp
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x97e2
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast
IP Status
c4:64:13:8f:93:40 209.165.200.230 hosp 0.0.0.0
Up
Advanced Configuration
Probe request filtering.......................... Enabled
Probes fwd to controller per client per radio.... 0
Probe request rate-limiting interval............. 500 msec
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
dot11-padding.................................... Disabled
Authentication Response Timeout (seconds)........ 10
Rogue Entry Timeout (seconds).................... 1200
AP Heart Beat Timeout (seconds).................. 30
AP Discovery Timeout (seconds)................... 10
AP Local mode Fast Heartbeat (seconds)........... disable
AP Hreap mode Fast Heartbeat (seconds)........... disable
AP Primary Discovery Timeout (seconds)........... 120
AP Primed Join Timeout (seconds)................. 0
Packet Forwarding watchdog timer (seconds)....... 240 (enable)
Location Configuration
RFID Tag data Collection......................... Enabled
RFID timeout.................................... 1200 seconds
RFID mobility.................................... Oui:00:14:7e : Vendor:pango S
tate:Disabled
Interface Configuration
Interface Name................................... management
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 209.165.200.230
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 209.165.200.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 192.168.1.1
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 209.165.200.230
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
Interface Name................................... service-port
MAC Address...................................... c4:64:13:8f:93:41
IP Address....................................... 192.168.1.157
IP Netmask....................................... 255.255.255.0
DHCP Option 82................................... Disabled
DHCP Protocol.................................... Disabled
AP Manager....................................... No
Guest Interface.................................. No
Interface Name................................... virtual
MAC Address...................................... c4:64:13:8f:93:40
IP Address....................................... 1.1.1.1
DHCP Option 82................................... Disabled
Virtual DNS Host Name............................ Disabled
AP Manager....................................... No
Guest Interface.................................. No
WLAN Configuration
WLAN Identifier.................................. 1
Profile Name..................................... HOSP3C
Network Name (SSID).............................. HOSP3C
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
NAC-State...................................... Disabled
Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 209.165.200.230
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Platinum (voice)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... 802.11b and 802.11g only
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Disabled
Accounting.................................... Disabled
Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Enabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT(802.11r)............................. Disabled
FT-PSK(802.11r)......................... Disabled
FT Reassociation Timeout......................... 20
FT Over-The-Air mode............................. Enabled
FT Over-The-Ds mode.............................. Enabled
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
H-REAP Learn IP Address....................... Enabled
Infrastructure MFP protection................. Enabled
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Band Select...................................... Enabled
Load Balancing................................... Enabled
Mobility Anchor List
WLAN ID IP Address Status
Press Enter to continue or to abort
Press Enter to continue or to abort
ACL Configuration
Press Enter to continue or to abort
CPU ACL Configuration
CPU Acl Name................................ NOT CONFIGURED
Wireless Traffic............................ Disabled
Wired Traffic............................... Disabled
RADIUS Configuration
Vendor Id Backward Compatibility................. Disabled
Call Station Id Case............................. lower
Call Station Id Type............................. IP Address
Aggressive Failover.............................. Enabled
Keywrap.......................................... Disabled
Fallback Test:
Test Mode.................................... Off
Probe User Name.............................. cisco-probe
Interval (in seconds)........................ 300
MAC Delimiter for Authentication Messages........ hyphen
MAC Delimiter for Accounting Messages............ hyphen
Authentication Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
Accounting Servers
Idx Type Server Address Port State Tout RFC3576 IPSec - AuthMode/P
hase1/Group/Lifetime/Auth/Encr
--More or (q)uit current module or to abort
TACACS Configuration
Authentication Servers
Idx Server Address Port State Tout
Authorization Servers
Idx Server Address Port State Tout
Accounting Servers
Idx Server Address Port State Tout
LDAP Configuration
Press Enter to continue or to abort
Local EAP Configuration
User credentials database search order:
Primary ..................................... Local DB
Timer:
Active timeout .............................. 300
Configured EAP profiles:
EAP Method configuration:
EAP-FAST:
Server key ................................
TTL for the PAC ........................... 10
Anonymous provision allowed ............... Yes
Authority ID .............................. 436973636f00000000000000000000
00
Authority Information ..................... Cisco A-ID
Press Enter to continue or to abort
HREAP Group Summary
HREAP Group Summary: Count: 0
Group Name # Aps
Press Enter to continue or to abort
HREAP Group Detail
Press Enter to continue or to abort
Route Info
Number of Routes................................. 0
Destination Network Netmask Gateway
Press Enter to continue or to abort
Qos Queue Length Info
Platinum queue length............................ 100
Gold queue length................................ 75
Silver queue length.............................. 50
Bronze queue length.............................. 25
Press Enter to continue or to abort
Mac Filter Info
Press Enter to continue or to abort
Authorization List
Authorize MIC APs against AAA ................... disabled
Authorize LSC APs against Auth-List ............. disabled
Allow APs with MIC - Manufactured Installed C.... disabled
Allow APs with SSC - Self-Signed Certificate..... disabled
Allow APs with LSC - Locally Significant Cert.... disabled
Load Balancing Info
Aggressive Load Balancing........................ Disabled
Aggressive Load Balancing Window................. 5 clients
Aggressive Load Balancing Denial Count........... 3
Statistics
Total Denied Count............................... 0 clients
Total Denial Sent................................ 0 messages
Exceeded Denial Max Limit Count.................. 0 times
None 5G Candidate Count.......................... 0 times
None 2.4G Candidate Count........................ 0 times
Press Enter to continue or to abort
Dhcp Scope Info
Scope: PUNTOSAP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 209.165.200.201
Pool End......................................... 209.165.200.229
Network.......................................... 209.165.200.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 0.0.0.0 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Press Enter to continue or to abort
Exclusion List ConfigurationUnable to retrieve exclusion-list entry
Press Enter to continue or to abort
CDP Configuration
Press Enter to continue or to abort
Country Channels Configuration
Configured Country............................. ES - Spain
KEY: * = Channel is legal in this country and may be configured manually.
A = Channel is the Auto-RF default in this country.
. = Channel is not legal in this country.
C = Channel has been configured for use by Auto-RF.
x = Channel is available to be configured for use by Auto-RF.
(-,-) = (indoor, outdoor) regulatory doamin allowed by this country.
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11bg :
Channels : 1 1 1 1 1
: 1 2 3 4 5 6 7 8 9 0 1 2 3 4
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): A * * * * A * * * * A * * .
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
802.11a : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
Channels : 3 3 3 4 4 4 4 4 5 5 6 6 0 0 0 1 1 2 2 2 3 3 4 4 5 5 6 6
: 4 6 8 0 2 4 6 8 2 6 0 4 0 4 8 2 6 0 4 8 2 6 0 9 3 7 1 5
-----------------:+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
ES (-E ,-E ): . A . A . A . A A A A A * * * * * * * * * * * . . . . .
Press Enter to continue or to abort
WPS Configuration Summary
Auto-Immune
Auto-Immune.................................... Disabled
Client Exclusion Policy
Excessive 802.11-association failures.......... Enabled
Excessive 802.11-authentication failures....... Enabled
Excessive 802.1x-authentication................ Enabled
IP-theft....................................... Enabled
Excessive Web authentication failure........... Enabled
Signature Policy
Signature Processing........................... Enabled
Press Enter to continue or to abort
Custom Web Configuration
Radius Authentication Method..................... PAP
Cisco Logo....................................... Enabled
CustomLogo....................................... None
Custom Title..................................... None
Custom Message................................... None
Custom Redirect URL.............................. None
Web Authentication Type.......................... Internal Default
External Web Authentication URL.................. None
Configuration Per Profile:
Rogue AP Configuration
Rogue Location Discovery Protocol................ Disabled
Rogue on wire Auto-Contain....................... Disabled
Rogue using our SSID Auto-Contain................ Disabled
Valid client on rogue AP Auto-Contain............ Disabled
Rogue AP timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
Adhoc Rogue Configuration
Detect and report Ad-Hoc Networks................ Enabled
Auto-Contain Ad-Hoc Networks..................... Disabled
Client MAC Address Adhoc BSSID State # APs Last Heard
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
Rogue Client Configuration
Validate rogue clients against AAA............... Disabled
--More-- or (q)uit
MAC Address State # APs Last Heard
Ignore List Configuration
MAC Address
Rogue Rule Configuration
Priority Rule Name State Type Match Hit Count
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 6.0.199.4
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console
1.27
Build Type....................................... DATA + WPS
System Name...................................... CISCO-CAPWAP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
IP Address....................................... 209.165.200.230
Last Reset....................................... Power on reset
System Up Time................................... 0 days 0 hrs 41 mins 2 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin,
Rome, Vienna
Current Boot License Level....................... base
Current Boot License Type........................ Permanent
Next Boot License Level.......................... base
Next Boot License Type........................... Permanent
Configured Country............................... ES - Spain
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +23 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ C4:64:13:8F:93:40
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 25
(Cisco Controller) >
The AP log
AP442b.03dc.0925>
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Selected MWAR 'CISCO-CAPWAP-CONTROLLER
'(index 0).
*Apr 19 23:10:18.428: %CAPWAP-3-ERRORLOG: Go join a capwap controller
logging facility kern
^
% Invalid input detected at '^' marker.
logging facility kern
^
% Invalid input detected at '^' marker.
*Apr 19 23:10:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
p: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:19.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 19 23:10:20.200: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
peer_ip: 209.165.200.230 peer_port: 5246
*Apr 19 23:10:20.201: %CAPWAP-5-SENDJOIN: sending Join Request to 209.165.200.23
0
*Apr 19 23:10:20.201: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Apr 19 23:10:20.211: %CAPWAP-3-ERRORLOG: This AP is not supported in controller
version 6.0.199.4 ---->What's mean that? Is it compatible the ap with the WLC? ¿Es compatible el AP con el WLC?
*Apr 19 23:10:20.354: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Apr 19 23:10:20.355: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 209
.165.200.230:5246
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.356: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Apr 19 23:10:20.412: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is
not established -
Adding a second time capsule?
I've reviewed some of he discussion on adding a second Time Machine but two issues arise. The information relates to older Time Machine software and leads to confusion.
I have an Airport Extreme with S/W version 7.6.4 and would like to add a newer Airport Extreme to back up the older one. Reading the suggestions on adding a new TC didn't cover the newer Time Machines and I could find Apple's instructions for doing it.
Somewhere I read that the new TC could be connected to the old TC but forgot the port setup. Also, newer instructions for adding a second TC so both the old and the new acquire the same data could not be found.
Hope This question is clear. Is there help on this?The network setup is fairly trivial.
Plug TC2 into TC1. (the hardware is Time Capsule.. TC as per your title.. or is it Airport Extreme as per your question..?? Time Machine is software on your computer.. and totally unrelated to the hardware.)
Makes no difference which way around you do it. Plug WAN of the 2nd device into LAN of the 1st device. And setup the 2nd device in bridge.. wireless is up to you.. off or on?? Roaming or not??
As far as backup is concerned.. you need to be clear in the question. And sorry it is a bit mixed up now.
But I can tell you what you cannot do.
You cannot backup to both units at once. You can however setup Time Machine in the computer to backup sequentially to both.
See Q34 http://pondini.org/TM/FAQ.html
The TC itself cannot backup to another TC.
(extreme with hard disk amounts to the same thing.. with caveats)
You can backup one TC to another manually via a computer.. it is slow and I do not recommend it.. if a fault creeps into backup1, you are simply copying said fault to backup2.. AND it is poor for another reason.. Time Machine cannot do it.. you will need another utility eg Carbon Copy Cloner.. and even then you will probably end up backing up a huge amount of data every time.. since TM works so strangely you cannot just backup differences. -
Problems between a Wireless Controller and a Switch.
I have a Wireless Controller 4402 connected to one sw2960G.
I configured the controller with LAG and the switch (sw2960G) with etherchanel.
I connected the controller 2 distribution ports to the 2 ports of the switch (configured with etherchanel).
It worked like it should work.
But the problem is like this: if I take one cable that is connected to the switch and unplugged that cable from the switch (if that cable is the one connected to controllers port one) I have connectivity between both machines.
If I plug in the switch the cable connected to controller port one and take the other cable and unplugged that cable from the switch I stop the connectivity between the two machines.
I think that was not supposed to happen⦠because the LAG in the controller should put every AP in the second controller's port, and the connectivity between the machines should not end.
Can any one help me?
Can any one tell me what I am doing wrong?
Thanks in advance,
RuiWith LAG enabled in the controller I think I can have only one ap-manager interface.
The LAG will (it is supposed to) do the load balance automatically.
I mean, if one of the interfaces is âdownâ the other will have to coupe with all the AP's.
I should have always connection between the controller and the switch.
The STP of the controller is configured by default (STP Mode = OFF).
In the case of etherchannel load balance⦠I saw the Cisco documentation and I did not saw any thing about that. I think that The LAG as to do that for the controller⦠I'm right about that?
I will see the link that you advisedâ¦
Can you help me?
Thanks,
Rui -
Hi, in our environment we are having a wireless controller 4402 connecting to foundry layer 3 switch HW: BigIron 15000 Router. the LWAP1252 is connecting to POE switch cisco WS-C3560E-24PD, when this LWAP1252 is brought online i am getting this error message
%CDP_PD-2-POWER_LOW: All radios disabled - INJECTOR_DETECTED_MULTIPLE_MACS_ON_HUB BigIron Router
and the radios are not getting ON, even though the switch WS-C3560E-24PD inline power is manually set to 20w
Please let me know is there any compatibility issue with foundry switch.
thanks in advancethe error:-
%CDP_PD-4-POWER_OK: Full Power - INJECTOR_DETECTED_MULTIPLE_MACS_ON_
HUB inline power source-This message indicates the access point is operating at full power because it has detected multiple Cisco devices. The access point power is being supplied from a power injector or a non-Cisco power source because a Cisco power source does not forward CDP packets.
from:-
http://www.cisco.com/en/US/docs/wireless/access_point/1250/installation/guide/125h_c4.html -
Wireless Controller 5508 dropping MAC Addresses
Our 5508 Wireless Controller will drop MAC addresses clean out of the system. Addresses that are in use everyday just disappear. It is not a limitation issue because we are adding iPads everyday. And it is not a daily occurance, but maybe once or twice a week. Has anyone come accross this issue? Everything has been updated and it is more of a hassle than anything, I am just trying to understand what is happening.
Shannon,
can you be a bit more specific, when you say it's dropping mac addresses?
is that from the user list? the macfilter?
Maybe you are looking for
-
Issue with substitution variable with @MDSHIFT in BR in Calc Manager
Hi Experts, We have a BR in EAS which is working fine. and exported to Calcmanager, now while validation it is giving error "@BaseScenario" is not found. the code is @MDSHIFT("LFLSalesIncVAT_GBP_C_DHP"->&BaseScenario->"Final"->"CD_FinalPlanPL",-1,"Ye
-
Finding location of deleted (ghost) files
I deleted my Amazon MP3 downloads folder from my C: drive by accident. For some reason it wasn't sent to the recycle bin but deleted completely. I have downloaded a freeware app. and recovered about 40% of the files but the rest couldn't be located.
-
Does anyone know what would cause me to start hearing a talk program of some type after hitting the play button after it had been on pause. Hitting the pause button shuts off the talking, but hitting the play button starts it up again. The strange
-
BOM Performance Analysis using SAT or SE30 t-code?
Hi, Currently I'm doing performance analysis of BOM to find out the bottlenecks. I'm doing the analysis using SAT or SE30 t-code. From my understanding, BOM performance depends upon 1. no. of BOM items 2. BOM Level 3. BOM Evolution over time Can
-
Separate midi drum channels not showing in piano roll, only kick
hey ya'll! I separated my midi drum notes on to separate mudi tracks. But now only the kick track shows up in the piano roll window. I am using AD and need to be able to edit the drum midi tracks. I use the piano roll window for this. Can someone he