L3 LWAPP Discovery reject wrong vlan...

Similar Messages

• Discovery request received on wrong VLAN

  I am setting up a new 4404 with my existing WLAN. I have a combo for 1100 and 1200 APs, on two different VLANs, with WDS on each VLAN and a WLSE. One of the VLANs is on the same subnet was the WLC management port. The other WLAN VLAN is not. I am able to join the VLAN on the same subnet to my WLC but when I convert one of my auto APs on the other VLAN, it converts but never joins my WLC. If I run a debug on the WLC I get the following.
  Fri Aug 1 12:38:56 2008: 00:17:0f:37:68:60 Received LWAPP DISCOVERY REQUEST from AP 00:17:0f:37:68:60 to ff:ff:ff:ff:ff:ff on port '1'
  Fri Aug 1 12:38:56 2008: Discovery Request received on wrong VLAN '160' on interface '1', management VLAN = '0' - in L3 mode, dropping the packet.
  My WLC is on code 5.0.148. All of my APs have static IP addresses. I have setup DNS but NOT DHCP since all of them have static IP and that option 42 still confuses me. Any thoughts? My 4506 is set to trunk the port the WLC is on. I even tried to only apply the two VLANs to that port. My WLC can ping the IP of the AP on the different VLAN and my AP can ping the WLC.

  You need to configure the native vlan on the trunk port to vlan 160. Looks like the packet is being tagged as vlan 60 and your management interface is set to '0' which is untagged.

• LWAPP Discovery request - discarded ?

  Greetings all,
  I'm starting to grow a huge headache over a WLC-implementation (4402-12). From my point of view, the controller seems to be configured correctly and the DHCP-scope has been set up with the correct pointers as well as as the DNS-record, all pointing towards the AP-Manager i/f (tagged vlan20 on port 1, mgmt untagged) - still, no access-points will associate. The AP is pingable from the controller. A debug of lwapp events and details shows the following;
  Sat Jan 7 19:36:17 2006: Received a message from AP of length 97 on inteface = 1
  Sat Jan 7 19:36:17 2006: Entered spamGetLCBFromMac file spam_lrad.c line 433**
  Sat Jan 7 19:36:17 2006: Received LWAPP DISCOVERY REQUEST from AP 00:0b:85:5a:bd:50 to ff:ff:ff:ff:ff:ff on port '1'
  Sat Jan 7 19:36:17 2006: Discarding L3 Mode LWAPP DISCOVERY REQUEST on intf '1', vlan = '20', Management vlan = '0'.
  Anyone with a clue regarding what might be causing this? I'm also a little confused regarding the destaddr (bcast) since the AP should've received the ucast address of the controller. We have to handover this system to the cust. fairly soon .. :-)
  WLC Version: 3.2.78.0
  TIA & Best regards,
  /M

  You need to use the Management Interface for LWAPP controller discovery. That's what the WLC expects. So when it sees an LWAPP Discovery Request coming in on another interface, it discards its.
  In L3 LWAPP mode, the AP tries to find a WLC using IP subnet broadcast, over the air provisioning (OTAP), DHCP Option 43, DNS, and WLC IP addresses stored in memory. It will always use ALL of these techniques. That's why you're seeing the broadcast. From the LWAPP Discovery Responses it selects a controller to join.
  Now, you would've seen it join in L2 mode because the AP does an Ethernet "broadcast" to find the WLC. Hence, the mgmt interface sees the LWAPP Discovery, and responds with an Ethernet frame. At L2 mode, all LWAPP is Ethernet encapsulated as opposed to IP encapsulated. When you switched back to L3 mode, the AP remembers the management IP address of the WLC from the L2 join and uses that. That's why it worked after switching L3-->L2-->L3.
  Hope this helps.

• LWAPP Discovery, Microsoft DHCP and failure!

  Fellow Netpro's,
  Interesting case here maybe, which is buggering me since a couple of days.
  We have an environment with hundreds of LAPs over multiple sites throughout the globe. We have main controllers in datacenter for remote LAP (H-REAP mode) and to terminate the WLAN for guests (using the mobility anchors). Larger sites with multiple LAPs have local controllers.
  With this setup we figured the best practice is to use DHCP to assign controller addresses in the L3 LWAPP Discovery process.
  Recently I found that our DHCP administrators are setting up hardcoded DHCP option 43 in order to get it to work. All good, it works. However, I would prefer to use Option 60 with VCI to assign Option 43 values (as I can seein the forseeable future there will be need for smartphones, prnters or other devices requiring other Option 43 values. So, in my minset VCI mapping is the way to go.
  Now, I have been working with one of my system admins to set this up correctly, and followed Cisco's document to the T. Checked, double checked, triple checked it. Restarted the DHCP service, restarted the DHCP server, just to rule out any possible issues.
  But, packet tracing the DHCP upon LAP boot I do see the server is absolutely not sending any Vendor specific info, not even Option 43. Only when I hardcode Option 43 (so not the sub-coded 241) with the local controller IP address the LAP receives the right info and registers to that controller.
  I even have a TAC case opened to request confirmation if the document I have from Cisco is not containing any errors, and TAC confirms this is the correct document.
  Anyone ever run into such issue. I'm convinced it must be something wrong on the DHCP servers (Freaky Mickeysoft), but I'm a noob at server management.
  Any one any clues what to check?
  Thanks in advance,
  Leo

  Cisco APs do use the Option 60 VCI when sending a DHCP Discover message. We use it all the time to configure Option 43 with suboption 241. What is the TAC case number you have open for this?
  Pushkar

• How often LAP in L3 LWAPP mode performs a broadcast LWAPP DISCOVERY?

  How often LAP in L3 LWAPP mode performs a broadcast DICOVERY UDP port 12223?
  During the boot or even during its regular operation?
  I saw that the AP is running the broadcast or to be more precise to arrives WLC LWAPP DISCOVERY REQUEST only
  when booting the AP.
  It is correct?
  Regards.
  Mirko Severi.

  Dan,
  in this case, the AP does not generate a broadcast, but only a unicast to the primary controller with the IP found in NVRAM.
  In a network L3 must enable broadcast via helper-address when the AP does not have WLC primary, secondary, tertiary configured, because otherwise you must configure in the AP through the console, option 53 or DNS the Ip address of the controllers.
  Is correct?
  Regards.
  MirkoS.

• WLC 5508 AP Group - Clients using wrong VLAN

  I have a network setup as live-ssid.  It is using the Interface for VLAN 14.  All APs under the default-group AP Group obviously allows clients to DHCP an address from VLAN 14.  This is working fine.
  I created a new AP Group called 3rd Floor.  This has the live-ssid setup, but instead of using the Interface for VLAN 14 it is setup for the Interface for VLAN 50.  I have all the APs on this floor moved to the 3rd Floor AP Group.
  The problem is that 95% of the clients on 3rd Floor are still picking up DHCP addresses from VLAN 14.  I checked and all the clients are connected to the APs on the 3rd Floor.  Only 4 Clients are getting an address from VLAN 50.
  I'm not sure if something is configured wrong or not since some devices pick up the new VLAN and the rest don't.  I've manually reboot the APs on the 3rd floor to see if that would fix it.
  Any help would be great.

  My wild guess is that your clients originally connected to another floor and then moved to the 3rd floor.
  The idea is that if one of your client moves to the 3rd floor, there is no reason to kill its connectivity by assigning it a 3rd floor ip address instead of its 1st floor ip address for example.
  So the clients are assigned a 3rd-floor ip address only if their first AP association is on the 3rd floor.
  Even if you powered the client on the 3rd floor, there is a chance that the client connected to an AP on 2nd or 4th floor and then changed because the APs on 3rd floor are giving a better signal. This is often seen when the floors/ceiling don't represent a big RF attenuation, clients might associate to an AP sitting on another floor.
  Nicolas

• WLC 5508 Flexconnect dhcp request landing on wrong vlan/dhcp pool

  Hi,
  We've recently setup our 5508 to work with Flexconnect. The 5508's run on 8.0.100, they are setup redundant. On the remote site we've setup a local dhcp pool for the various WLAN's/VLAN's. The AP's have registered with the WLC succesfully.
  We then setup the flexconnect groups, added the ap's and configured 1 vlan mapping to it's corresponding wlan id. Alsio setup the wlan, made it so it's using flexconnect, bound it to the interface which will allow it to reach the local dhcp machine.
  User can see the SSID, can login using the password, but they are awarded an ip addres from a different dhcp pool, meant for antoher vlan than the bonding in the flexconnect group is indicating.
  When I check the local dhcp pool for bindings on the mac address of a machine I can see multiple bindings. At 1 point I had 3 bindings in different pools, 1 on the native vlan for the AP, 1 on the vlan it should have and 1 on another vlan which wasn't configured anywhere in the flexconnect setup.
  Does anybody have a clue how and why this is happening?

  Just to add to Salma... All your AP's in FlexConnect are most likely connected to a trunk port. Make sure the native Vlan is defined and the vlan's are allowed on the trunk port. Then you need to verify that the AP's native Vlan and WLAN to Vlan mappings are correct. Seems like you might have some AP's that are not defined properly and that's why users that connect to a WLAN is getting in the wrong subnet. 
  Scott

• Prerequisite script for Exadata Discovery using wrong domainname command?

  Does the Prerequisite script for Exadata Discovery use the Wrong domainname command? It uses domainname, should it be using dnsdomainname?
  The script is found in this MOS note: Prerequisite script for Exadata Discovery in Oracle Enterprise Manager Cloud Control 12c [ID 1473912.1]
  My System administrator wrote "what the precheck script says it is watching out for, is NOT what it’s checking, and what it is checking is NOT needed.
  They say they need the “domain name” to be set, but what they’re checking is the NIS domain name. This is echoed in the man page for “domainname” …
  The man page even has a warning NOT to use “domainname” to check the DNS domain"
  So is the pre-check script wrong, or is the running OEM/agents/discoverer going to look for the apparently doaminname set value within a NIS construct?
  The sysadmins are trying to avoid having anything set with NIS, for fear it confuses a new admin or consultant.
  Thanks in advance for your thoughts. -- Shaun
  PS, if it is wrong, how do we get it corrected with Oracle?

  This answer came in from the Oracle Support Community via an Oracle employee:
  According to a remark that is attached to the note that you mention, your concerns are correct:
  "domainname" command does indeed return NIS domainname.
  The DNS domain name that we actually want to use should be checked by "dnsdomainname" command.
  [root@hostname ~]# dnsdomainname
  hostname.example.com
  [root@hostname ~]# domainname
  (none)
  [root@hostname ~]# domainname -h
  Usage: hostname [-v] hostname set hostname (from file)
  domainname [-v] nisdomain set NIS domainname (from file)
  hostname [-v] [-d|-f|-s|-a|-i|-y|-n] display formatted name
  hostname [-v] display hostname
  The response to the remark explains that we are testing this in our internal environment. We have found one issue with this check. The NOTE authors plan to upload the new version of the script when the updated script is fully tested.
  At your service,
  Dave M.

• Rejecting images via keyboard shortcuts rejects wrong images

  Hello,
  It is possible that I am doing something wrong. I am reviewing many images, and I am using alt-del to reject some. Behavior seems wonky:
  - sometimes alt-del marks a message as 'rejected', and that's it
  - sometimes alt-del marks a message as 'rejected' and thumbnail auto-advances
  - and finally, the biggest problem, sometimes alt-del marks the wrong image (typically few images ahead)
  This is in 6.0.1.6 x64
  Am I doing something weird, or is this a real (known?) problem?
  Thanks

  Thanks. I was reviewing in the grid. This does not seem to be happening, now that I got rid of the cache.

• LWAPP discovery problem

  I am currently setting up a 4402 controller and lwapps. Our wireless right now is all managed by corp and is a combination of autonomous and lwapp. Here is my problem.
  I have setup option43 in my dhcp scope. When I connect a fresh radio to the same subnet as the controller I see that the radio goes to the controller but then there is a message and the radio goes to the corp controller.
  Here is the boot log from a new radio.
  %LWAPP-3-CLIENTEVENTLOG: Controller address 10.200.190.10(MINE) obtained through DHCP
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.gtna.gt.ds
  %LWAPP-3-CLIENTEVENTLOG: Controller address 10.148.198.7(CORP) obtained through DNS
  I see that message about a log server. Did I miss something?
  thanks
  tony

  Hi Guys,
  I just thought that I would link this info for the LWAPP Layer 3 startup. +5 points for both Wesley and Leo for your ongoing great work here :)
  The LWAPP AP goes through this process on startup for Layer 3 mode:
  The LAP boots and DHCPs an IP address if it was not previously assigned a static IP address.
  The LAP sends discovery requests to controllers through the various discovery algorithms and builds a controller list. Essentially, the LAP learns as many management interface addresses for the controller list as possible via:
  DHCP option 43 (good for global companies where offices and controllers are on different continents)
  DNS entry for “cisco-lwapp-controller” (good for local businesses - can also be used to find where brand new APs join)
  Management IP addresses of controllers the LAP remembers previously
  A Layer 3 broadcast on the subnet
  Over the air provisioning
  Statically configured information
  From this list, the easiest method to use for deployment is to have the LAPs on the same subnet as the management interface of the controller and allow the LAP's Layer 3 broadcast to find the controller. This method should be used for companies that have a small network and do not own a local DNS server.
  The next easiest method of deployment is to use a DNS entry with DHCP. You can have multiple entries of the same DNS name. This allows the LAP to discover multiple controllers. This method should be used by companies that have all of their controllers in a single location and own a local DNS server. Or, if the company has multiple DNS suffixes and the controllers are segregated by suffix.
  DHCP option 43 is used by large companies to localize the information via the DHCP. This method is used by large enterprises that have a single DNS suffix. For example, Cisco owns buildings in Europe, Australia, and the United States. In order to ensure that the LAPs only join controllers locally, Cisco cannot use a DNS entry and must use DHCP option 43 information to tell the LAPs what the management IP address of their local controller is.
  Finally, static configuration is used for a network that does not have a DHCP server.You can statically configure the information necessary to join a controller via the console port and the AP's CLI. For information on how to statically configure controller information using the AP CLI, refer to Manually Configuring Controller Information Using the Access Point CLI.
  For a detailed explanation on the different discovery algorithms that LAPs use to find controllers, refer to LAP Registration with WLC.
  For information on configuring DHCP option 43 on a DHCP server, refer to DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example.
  Send a discovery request to every controller on the list and wait for the controller's discovery reply which contains the system name, AP-manager IP addresses, the number of APs already attached to each AP-manager interface, and overall excess capacity for the controller.
  Look at the controller list and send a join request to a controller in this order (only if the AP received a discovery reply from it):
  Primary Controller system name (previously configured on LAP)
  Secondary Controller system name (previously configured on LAP)
  Tertiary Controller system name (previously configured on LAP)
  Master controller (if the LAP has not been previously configured with any Primary, Secondary, or Tertiary controller names. Used to always know which controller brand new LAPs join)
  ....continued on next page

• Doubt with Dynamic Interfaces and VLANs

  Hello.
  I am trying to get wirelles clientes and APs to be on the same VLAN/subnet, now is working with management interface on my WLC 5508. My problem comes up when I change them to a new dynamic interface.
  Before any change:
  VLAN: 8
  Management Interface IP: 192.168.9.2/23
  Gateway: 192.168.8.1
  DHCP Server: 192.168.8.2
  WLAN SSID linked to Managment interface: Ray123
  APs on VLAN 8 and subnet static IP range192.168.9.0/23
  There is no dynamic interface.
  After changes.
  VLAN: 0
  Management Interface: 192.168.6.2/23
  Gateway: 192.168.6.1
  DHCP Server: 192.168.6.2
  Dynamic interface name: Wireless-1
  VLAN: 8
  Management Interface IP: 192.168.9.2/23
  Gateway: 192.168.8.1
  DHCP Server: 192.168.8.2
  WLAN SSID linked to Dynamic interface: Ray123
  APs still on VLAN 8 and subnet static IP range192.168.9.0/23
  After all this done i can see by cdp neighbors all my APs i can ping them and management interface too, but APs are not registered, no clients too.
  According to this guide:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00805e7a24.shtml
  Dynamic interfaces and APs should be on the same VLAN.
  But this another guide states the opposite:
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html
  "Set the APs in a VLAN that is different from the dynamic interface configured on the Controller. If the APs are in the same VLAN as the dynamic interface, the APs are not registered on the Controller and the 'LWAPP discovery rejected' and 'Layer 3 discovery request not received on management VLAN' errors are logged on the Controller"
  I cant understand why VLANs for APs and dynamic interfaces should be on different, it has no sense to configure a vlan intended for APs which shouldnt be on the same vlan.
  Please tell me what is wrong.
  Thanks in advance.

  You have to tell the APs where the WLC lives now, 192.168.6.2.
  You can do this in the following ways:
  Manual Prime the APs
  option 43
  dns
  ip forward udp 5246
  move the aps to the same vlan as the management interface let them join and then chnage the vlan
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• 3702i AP's not Joining WLC - Layer 3 discovery request not received on management VLAN

  Hi Guys, 
  This is a follow up post to this thread: https://supportforums.cisco.com/discussion/12400481/3702i-not-joint-2504
  Have been playing around with my AP's and made sure the time is correct on all the devices ( WLC and Switch). I have also moved the AP's to the same Vlan as the management IP of the WLC. 
  if I move the AP's to the same Vlan as the WLC they join and are happy, as soon as I move them to a different Vlan they cant join and there time goes back to the default plus they do not seem to save the WLC details to flash but still remember the test names I give them.
  it appears that option 43 is working fine as I can see it look for the WLC IP and I have done some trouble shooting on the WLC and it looks like it see's the AP but doesn't except it.
  please see below for the boot up of the AP and the WLC logs: 
  AP 
  IIOS Bootloader - Starting system.
  *** deleted for breverity ***** 
  Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
  File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
  executing...
  Secondary Bootloader - Starting system.
  Montserrat Board
  *** deleted for breverity ***** 
  Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
  Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
  File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
  executing...
                *** deleted for breverity ***** 
  cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
  Processor board ID FGL1838X4T1
  PowerPC CPU at 800Mhz, revision number 0x2151
  Last reset from power-on
  LWAPP image version 8.0.110.0
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: F4:4E:05:B7:1E:84
  Part Number                          : 73-15243-01
  PCA Assembly Number                  : 000-00000-00
  PCA Revision Number                  :
  PCB Serial Number                    : FOC18343WPR
  Top Assembly Part Number             : 068-05054-03
  Top Assembly Serial Number           : FGL1838X4T1
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP3702I-Z-K9
  % Please define a domain-name first.
  Press RETURN to get started!
  *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
  *Mar  1 00:00:19.755: Registering HW DTLS
  *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
  *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
  *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
  *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
  *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
  *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
  *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
  *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
  *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
  *Mar  1 00:00:32.651: Start STILE Activation
  *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
  *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Fri 19-Dec-14 11:20 by prod_rel_team
  *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
  *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
  *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
  *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
  *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
  *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
  *Mar  1 00:00:50.431: DPAA Initialization Complete
  *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
  *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
  *Mar  1 00:00:53.867: Currently running a Release Image
  *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
  *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
  *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
  *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
  *Mar  1 00:01:02.707: APAVC: Registering with CFT
  *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
  *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
  *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
  %Default route without gateway, if not a point-to-point interface, may impact performance
  *Mar  1 00:01:10.103: AP image integrity check PASSED
  *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
  *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
  *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
  *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
  *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
  *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  Not in Bound state.
  *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
  *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
  Not in Bound state.
  *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
  *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
  WLC: 
  isco Controller) >show time
  Time............................................. Tue Jan 27 17:44:47 2015
  Timezone delta................................... 0:0
  Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
  NTP Servers
      NTP Polling Interval.........................     3600
       Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
         1              0                             150.101.176.226       AUTH DISABLED
  (Cisco Controller) >show ap join stats summary  
  Incorrect input! Use 'show ap join stats summary [all/<ap-mac>]'
  (Cisco Controller) >show ap join stats summary all 
  Number of APs.............................................. 2 
  Base Mac             AP EthernetMac       AP Name                 IP Address         Status
  f4:4e:05:aa:a6:a0    f4:4e:05:94:c3:98    APf44e.0594.c398        10.1.1.22          Joined    
  f4:4e:05:b6:ce:f0    N A                  Test_1                  10.1.20.7          Not Joined
  (Cisco Controller) >show ap join stats detailed f4:4e:05:b6:ce:f0
  Sync phase statistics
  - Time at sync request received............................ Not applicable
  - Time at sync completed................................... Not applicable
  Discovery phase statistics
  - Discovery requests received.............................. 45
  - Successful discovery responses sent...................... 21
  - Unsuccessful discovery request processing................ 24
  - Reason for last unsuccessful discovery attempt........... Layer 3 discovery request not received on management VLAN
  - Time at last successful discovery attempt................ Jan 27 17:45:49.705
  - Time at last unsuccessful discovery attempt.............. Jan 27 17:45:49.705
  Join phase statistics
  - Join requests received................................... 0
  - Successful join responses sent........................... 0
  - Unsuccessful join request processing..................... 0
  - Reason for last unsuccessful join attempt................ Not applicable
  - Time at last successful join attempt..................... Not applicable
  - Time at last unsuccessful join attempt................... Not applicable
  Configuration phase statistics
  --More-- or (q)uit
  - Configuration requests received.......................... 0
  - Successful configuration responses sent.................. 0
  - Unsuccessful configuration request processing............ 0
  - Reason for last unsuccessful configuration attempt....... Not applicable
  - Time at last successful configuration attempt............ Not applicable
  - Time at last unsuccessful configuration attempt.......... Not applicable
  Last AP message decryption failure details
  - Reason for last message decryption failure............... Not applicable
  Last AP disconnect details
  - Reason for last AP connection failure.................... Not applicable
  - Last AP disconnect reason................................ Not applicable
  Last join error summary
  - Type of error that occurred last......................... Lwapp discovery request rejected
  - Reason for error that occurred last...................... Layer 3 discovery request not received on management VLAN
  - Time at which the last join error occurred............... Jan 27 17:45:49.705
  AP disconnect details
  - Reason for last AP connection failure.................... Not applicable
                                                                             Ethernet Mac : 00:00:00:00:00:00  Ip Address : 10.1.20.7
  (Cisco Controller) >show interface summary 
   Number of Interfaces.......................... 4
  Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
  ap                               LAG  20       10.1.20.231     Dynamic No     No   
  guest                            LAG  30       10.1.30.231     Dynamic No     No   
  management                       LAG  10       10.1.1.231      Static  Yes    No   
  virtual                          N/A  N/A      1.1.1.1         Static  No     No   
  SWITCH
  witch#show run
  Building configuration...
  *** deleted for breverity ***** 
  no aaa new-model
  clock timezone AWST 8
  system mtu routing 1500
  ip routing
  ip dhcp pool WAP_Pool
     network 10.1.20.0 255.255.255.0
     default-router 10.1.20.1 
     option 43 hex f104.0a01.01e7
  ip dhcp pool Clients
     network 10.1.30.0 255.255.255.0
     default-router 10.1.30.1 
     dns-server 203.0.178.191 
  ip dhcp pool test
     network 10.1.1.0 255.255.255.0
     default-router 10.1.1.1 
  crypto pki trustpoint TP-self-signed-4082587776
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-4082587776
   revocation-check none
   rsakeypair TP-self-signed-4082587776
  *** deleted for breverity ***** 
  *** deleted for breverity ***** !
  interface FastEthernet0/3
   description *** WLC ****
   switchport trunk encapsulation dot1q
   switchport mode trunk
  interface FastEthernet0/4
   description **** AP *****
   switchport access vlan 20
   switchport mode access
   spanning-tree portfast
  interface FastEthernet0/5
   description **** AP ****
   switchport access vlan 20
   switchport mode access
   spanning-tree portfast
  interface FastEthernet0/6
  i*** deleted for breverity ***** !
  interface Vlan10
   description *** Managment ***
   ip address 10.1.1.230 255.255.255.0
  interface Vlan20
   description *** WIRELESS APS ***
   ip address 10.1.20.1 255.255.255.0
  interface Vlan30
   ip address 10.1.30.1 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.1.1.1
  ip http server
  ip http secure-server
  ip sla enable reaction-alerts
  l*** deleted for breverity ***** 
  ntp clock-period 36028827
  ntp source FastEthernet0/1
  ntp server 121.0.0.42
  ntp server 202.127.210.37
  end
  I have also placed a Device in Vlan 20 and it is able to ping the WLC and the WLC can ping it s routing is working. 
  Thanks 

  Hey Scott, 
  I gave that a shot and still no luck, log's from AP boot up:
  IIOS Bootloader - Starting system.
  flash is writable
  Tide XL MB - 40MB of flash
  Xmodem file system is available.
  flashfs[0]: 67 files, 9 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 41158656
  flashfs[0]: Bytes used: 20894208
  flashfs[0]: Bytes available: 20264448
  flashfs[0]: flashfs fsck took 20 seconds.
  Base Ethernet MAC address: f4:4e:05:b7:1e:84
  Ethernet speed is 100 Mb - FULL Duplex
  Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1"...#########################
  File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-mx.153-3.JA1" uncompressed and installed, entry point: 0x2003000
  executing...
  Secondary Bootloader - Starting system.
  Montserrat Board
  40MB format
  Tide XL MB - 40MB of flash
  Xmodem file system is available.
  flashfs[0]: 67 files, 9 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 41158656
  flashfs[0]: Bytes used: 20894208
  flashfs[0]: Bytes available: 20264448
  flashfs[0]: flashfs fsck took 21 seconds.
  flashfs[1]: 0 files, 1 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 12257280
  flashfs[1]: Bytes used: 1024
  flashfs[1]: Bytes available: 12256256
  flashfs[1]: flashfs fsck took 1 seconds.
  Base Ethernet MAC address: f4:4e:05:b7:1e:84
  Boot CMD: 'boot  flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1;flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1'
  Loading "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"...###############################################
  File "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1" uncompressed and installed, entry point: 0x1003000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Fri 19-Dec-14 11:20 by prod_rel_team
  Montserrat Board
  40MB format
  Tide XL MB - 40MB of flash
  Initializing flashfs...
  flashfs[2]: 67 files, 9 directories
  flashfs[2]: 0 orphaned files, 0 orphaned directories
  flashfs[2]: Total bytes: 40900608
  flashfs[2]: Bytes used: 20894208
  flashfs[2]: Bytes available: 20006400
  flashfs[2]: flashfs fsck took 14 seconds.
  flashfs[2]: Initialization complete.
  flashfs[4]: 0 files, 1 directories
  flashfs[4]: 0 orphaned files, 0 orphaned directories
  flashfs[4]: Total bytes: 11999232
  flashfs[4]: Bytes used: 1024
  flashfs[4]: Bytes available: 11998208
  flashfs[4]: flashfs fsck took 0 seconds.
  flashfs[4]: Initialization complete.
  Copying radio files from flash: to ram:
  Copy in progress...CCCCC
  Copy in progress...CCC
  Copy in progress...CCCC
  Copy in progress...CCCC
  Copy in progress...CC
  Copy in progress...CCCC
  Copy in progress...CC
  Copy in progress...CCCCC
  Copy in progress...CCCC
  Copy in progress...CC
  Uncompressing radio files...
  ...done Initializing flashfs.
  Radio0  present 8764 8000 0 A8000000 A8010000 0
  Rate table has 650 entries (20 legacy/224 11n/406 11ac)
  POWER TABLE FILENAME = ram:/Q2.bin
  Radio1  present 8864 8000 0 80000000 80100000 4
  POWER TABLE FILENAME = ram:/Q5.bin
  Radio2 not present 0 0 0 0 0 8
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-CAP3702I-Z-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
  Processor board ID FGL1838X4T1
  PowerPC CPU at 800Mhz, revision number 0x2151
  Last reset from power-on
  LWAPP image version 8.0.110.0
  1 Gigabit Ethernet interface
  2 802.11 Radios
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: F4:4E:05:B7:1E:84
  Part Number                          : 73-15243-01
  PCA Assembly Number                  : 000-00000-00
  PCA Revision Number                  :
  PCB Serial Number                    : FOC18343WPR
  Top Assembly Part Number             : 068-05054-03
  Top Assembly Serial Number           : FGL1838X4T1
  Top Revision Number                  : A0
  Product/Model Number                 : AIR-CAP3702I-Z-K9
  % Please define a domain-name first.
  Press RETURN to get started!
  *Mar  1 00:00:19.295: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
  *Mar  1 00:00:19.755: Registering HW DTLS
  *Mar  1 00:00:19.763: APAVC: Initial WLAN Buffers Given to System is  2500
  *Mar  1 00:00:19.815: APAVC:  WlanPAKs 42878 RadioPaks  42270
  *Mar  1 00:00:22.127: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:26.055: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
  *Mar  1 00:00:26.167: Loading Power Tables from ram:/Q2.bin. Class = A
  *Mar  1 00:00:26.167:  record size of 3ss: 1168 read_ptr: 4F9698E
  *Mar  1 00:00:31.207: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
  *Mar  1 00:00:31.251: Loading Power Tables from ram:/Q5.bin. Class = Z
  *Mar  1 00:00:31.251:  record size of vht: 2904 read_ptr: 4F9698E
  *Mar  1 00:00:31.407: Wait until the stile protocol list is initialized.
  *Mar  1 00:00:32.651: Start STILE Activation
  *Mar  1 00:00:34.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
  *Mar  1 00:00:35.447: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2014 by Cisco Systems, Inc.
  Compiled Fri 19-Dec-14 11:20 by prod_rel_team
  *Mar  1 00:00:35.447: %SNMP-5-COLDSTART: SNMP agent on host Test_1 is undergoing a cold start
  *Mar  1 00:00:36.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 00:00:37.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully
  *Mar  1 00:00:37.939: %SSH-5-ENABLED: SSH 2.0 has been enabled
  *Mar  1 00:00:37.939: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:00:38.987: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:00:47.567: %LINK-6-UPDOWN: Interface BVI1, changed state to down
  *Mar  1 00:00:48.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
  *Mar  1 00:00:50.431: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
  *Mar  1 00:00:50.431: DPAA Initialization Complete
  *Mar  1 00:00:50.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
  *Mar  1 00:00:51.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
  *Mar  1 00:00:53.435: %LINK-6-UPDOWN: Interface BVI1, changed state to up
  *Mar  1 00:00:53.867: Currently running a Release Image
  *Mar  1 00:00:54.287: Incorrect certificate in SHA2 PB !
  *Mar  1 00:00:54.287: Using SHA-1 signed certificate for image signing validation.
  *Mar  1 00:00:54.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
  *Mar  1 00:00:59.787: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.2, mask 255.255.255.0, hostname Test_1
  *Mar  1 00:01:02.707: APAVC: Succeeded to activate all the STILE protocols.
  *Mar  1 00:01:02.707: APAVC: Registering with CFT
  *Mar  1 00:01:02.707: APAVC: CFT registration of delete callback succeeded
  *Mar  1 00:01:02.707: APAVC: Reattaching  Original Buffer pool for system use
  *Mar  1 00:01:02.707: Pool-ReAtach: paks 42878 radio42270
  %Default route without gateway, if not a point-to-point interface, may impact performance
  *Mar  1 00:01:10.103: AP image integrity check PASSED
  *Mar  1 00:01:10.187: Incorrect certificate in SHA2 PB !
  *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:01:10.203: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:01:11.591: %CDP_PD-4-POWER_OK: 15.4 W power - NEGOTIATED inline power source
  *Mar  1 00:01:12.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:01:13.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:01:13.947: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:01:14.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  *Mar  1 00:01:20.211: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 CLI Request Triggered
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:01:31.215: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
  *Mar  1 00:02:11.599: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
  *Mar  1 00:02:11.603: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
  *Mar  1 00:02:11.611: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
  *Mar  1 00:02:12.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
  *Mar  1 00:02:12.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
  *Mar  1 00:02:12.647: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
  *Mar  1 00:02:12.655: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
  *Mar  1 00:02:13.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
  *Mar  1 00:02:13.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
  *Mar  1 00:02:13.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
  *Mar  1 00:02:14.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
  Not in Bound state.
  *Mar  1 00:02:44.719: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
  *Mar  1 00:02:49.839: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.3, mask 255.255.255.0, hostname Test_1
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:02:55.719: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP
  Not in Bound state.
  *Mar  1 00:03:59.219: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
  *Mar  1 00:04:04.343: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.1.20.4, mask 255.255.255.0, hostname Test_1
  Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
  *Mar  1 00:04:10.223: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.1.1.231 obtained through DHCP

• VIC1225 and Qlogic CNA are sending FIP VLAN discovery tagged

  Hi during troubleshooting I observed that the VIC1225 and the QLogic CNA are sending FIP VLAN discovery in in VLAN 193, though the VLAN 193 is not configured , neither on the NIC nor on the Nexus5500 where the CNAs are connected. Interesting that Nexus5500 is answering with the FIP VLAN response in VLAN 194 as well, any idea how this VLAN 194 is selected for the VLAN discovery ?
  following document tells me that FIP VLAN Discovery is running in the native VLAN
  http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/white_paper_c11-560403.html
  FIP VLAN Discovery
  FIP VLAN discovery discovers the FCoE VLAN that will be used by all other FIP protocols as well as by the FCoE encapsulation for Fibre Channel payloads on the established virtual link. One of the goals of FC-BB-5 was to be as nonintrusive as possible on initiators and targets, and therefore FIP VLAN discovery occurs in the native VLAN used by the initiator or target to exchange Ethernet traffic. The FIP VLAN discovery protocol is the only FIP protocol running on the native VLAN; all other FIP protocols run on the discovered FCoE VLANs
  any idea out there ?
  Thx
  Hubert

  Hi Hubert,
  FIP will use whatever is configured on the C-Series for the native VLAN. My guess is someone configured either the vHBA or vNIC with this VLAN in the CIMC. Otherwise you are correct it will use the native VLAN for discovery. If they are not configured, I would try to update your drivers to the latest.
  Ant

• LWAPP Access point wont advertise SSID's

  I have a 4402 WLC and LWAPP AIR-LAP1131AG-E-K9  connected to it.
  I have been wrestling with the config for sometime now.
  I have a laptop right next to it that wont see the SSIDs I have configured being broadcast.
  I have no idea why but I do have the following errors in the log.
  Apr 17 11:37:59.091 sim.c:913 SIM-3-GW_MISMATCH: MAC address of the GW 00:0f:f7:32:c1:80 recieved in the JOIN Request differs from the cached MAC addr 00:00:0c:07:ac:64 of the Gw. Deleting the Gw IP 10.45.50.97 for the AP Mgr & sending ARP req. for resolv
  Apr 17 11:37:49.080 spam_lrad.c:1107 LWAPP-3-DISC_INTF_ERR2: Ignoring discovery request received on a wrong VLAN (70) on interface (1) in L3 LWAPP mode
  I notice the first error related to the GW IP, but I am not sure where this is specified and why it is mismatched.
  I also dont know what the second error means either about the wrong VLAN.
  Please can anyone help!
  Many thanks,
  Neil

  Ok I now understand why I am not seeing any SSID's
  I am actually troubleshooting this remotely and have a laptop sat next to the AP. The laptop has a hard wired connection that when connected disables the Wireless adpater. Its a HP nc6400 laptop. I am not sure if it is a laptop setting or a GPO.
  So the not seeing the SSID is fixed.
  When I shutdown the switchport for the laptop. I did see the laptop pick up a DHCP address in the wireless scope I configured.
  However this actually only worked once which was wierd.
  I solved the gateway mismatch by actually putting the correct gateway address into ap-manager interface.
  But I am still left with the message
  Apr 17 11:37:49.080 spam_lrad.c:1107 LWAPP-3-DISC_INTF_ERR2: Ignoring discovery request received on a wrong VLAN (70) on interface (1) in L3 LWAPP mode
  However this has been joined with another log entry;
  Apr 17 21:05:38.734 1x_auth_pae.c:2510 DOT1X-3-MAX_EAP_RETRIES: Max EAP identity request retries (21) exceeded for client 00:1b:77:31:9d:72
  The Mac address here is the Wireless Adapter of my test laptop.
  The information of the WLC is
  Product Identifier Description
  AIR-WLC4402-25-K9
  Version Identifier Description
  V04
  Possibly this is not what you are after but if you show me where to look that would be great.
  It might be relevant but I have joined the AP to the switch with
  switchport access vlan 70
  switchport mode access
  The config to the WLC is on a Gi port
  switchport trunk encapsulation dot1q
  switchport trunk allow vlan 2,11,70,80
  switchport mode trunk
  I am wondering if I should have
  switchport trunk native vlan 70 in here?
  The interface config on the controller is
  (Cisco Controller) >show interface SUMM
  Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Gu
  est
  ap-manager                       1    2        10.45.50.111    Static  Yes    No
  management                       1    2        10.45.50.110    Static  No     No
  service-port                     N/A  N/A      10.44.48.214    Static  No     No
  virtual                          N/A  N/A      1.1.1.1         Static  No     No
  york-vlan70                      1    70       10.44.51.1      Dynamic No     No
  Many thanks,
  Neil

• 6500 WiSM - Error %LWAPP-3-DISC_INTF_ERR2

  I'm receiving the following message...
  Error Message %LWAPP-3-DISC_INTF_ERR2: Ignoring discovery request received on a
  wrong VLAN (205) on interface (990) in L3 LWAPP mode.
  The WiSM module in the 6500 is configured with its AP Manager and Management interfaces in the same subnet, in vlan 990. We've then configured vlan 250 and created a dynamic IP interface for management of APs in a different building. The idea is to have a management subnet for AP's for each building. IE, 3 buildings...3 management subnets. Both vlan 990 and Vlan 205 are trunked and tagged on the two WiSM port-channels. The AP connects to an Access-Port in vlan 205. The AP gets a DHCP address but fails to join the controller.
  The design is to have an AP Management subnet per building...I've verified that Option 43 is configured to point to the management interface...
  The only configuration difference I can find between the bench setup and Cisco documentation is that the AP Manager + Management interfaces are untagged on the trunk.

  Maagement and AP-Managers should be on the same vlan which is vlan 990. There is no reason to create a dynamic interface for vlan 250 to manage ap's. Dynamic interfaces are to map ssid to a subnet. What you can to is on each building L3 interface that the AP's are on, configure a ip helper-address and also globally configure ip forward protocol udp 12222 and ip forward protocol udp 12223 and see if this works for you.