No Join Response from WLC 4402 to LWAPP AP

Hi,
i have a problem with the 1242 LWAPP Access Points. It's not possible for a few access points to connect to the WLC.
With some Access Points i get a join response.
WLC image is 5.2.157.0
AP's which i can't connect (no join response)
image version:      3.0.51.0
IOS version:         12.4(21a)JA2
AP's which i can connect (join response)
image version:      5.2.157.0
IOS version:         12.4(18a)JA
Can anybody help me? I can find a few topics in this community, but no one of these topics can help me in this case.
in the following attachment no-join response.txt you can find the recording of the hyper terminal.
Thanks in advance for answers.

Problem is solved.
I have upgraded the WCS und both WLC Controllers to Version 7.x.
And for the "older" AP's with the image 3.x a secondary dns entry cisco-capwap-controller....

Similar Messages

Migration from WLC 4402 to 5508

Hello Forum;
I'm trying to migrate from a WLC 4402 to a 5508. I've uploaded the config from the 4402 and then downloaded it to the 5508. I'm able to get to the GUI but my clients are unable to connect. I've tried pinging from the clients with no luck. The APs connect to the 5508. I noticed that the ap-manager interface is not available for the 5508.
Has anyone had similar issues?
Sean

Yes its expected, coz we do not have AP manager on the 5508 WLC.. Clients are unable to connect is the concern..
Whats the WLAN?? are they enabled?? if yes, then when the client tries to connect, then wats the Policy manager state they get stuck in?? can u please run the below debug and paste it here??
debug client
Looking forward to hear from you!!
Regards
Surendra

Upgrading from WLC 4402-50 to WLC 5508-250

I am planning to upgrade my WLC 4402-50 (HA) to WLC 5508-250 (HA). I also have some really old 1020 Access points that I will be replacing with 1142's. Once I have completed the upgrade to the 5508s, I will repurpose the 4402's as Mobile Anchor controllers to support Guest Wireless.
Does anyone have any actual experience with this sort of upgrade? Any practical suggestions or ideas??
Thanks,

Hi,
Are you still facing this issue? if yes try checking the link if that helps
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
thanks,
Vinay

LAP 1141N Join problem on WLC 4402 Ver 7.0

Hi All,
Please, I need your help with LAP join proccess:
70:ca:9b:25:5b:9d -> AP MAC
10.10.1.30 -> DNS
Thanks in advance!
debug capwap events:
*spamReceiveTask: Mar 07 11:23:14.661: 70:ca:9b:25:5b:9d Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamReceiveTask: Mar 07 11:23:24.660: 70:ca:9b:25:5b:9d Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamReceiveTask: Mar 07 11:23:34.660: 70:ca:9b:25:5b:9d Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamReceiveTask: Mar 07 11:23:44.660: 70:ca:9b:25:5b:9d Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamReceiveTask: Mar 07 11:23:54.660: 70:ca:9b:25:5b:9d Received LWAPP DISCOVERY REQUEST to ff:ff:ff:ff:ff:ff on port '1'
*spamReceiveTask: Mar 07 11:24:04.659: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:04.660: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:24:14.659: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:14.659: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:24:24.659: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:24.659: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:24:34.659: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:34.659: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:24:44.658: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:44.659: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:24:54.658: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:24:54.658: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:25:04.658: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:25:04.658: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:25:14.658: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:25:14.658: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:25:24.658: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:25:24.658: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 11:25:34.657: 70:ca:9b:25:5b:9d Discovery Request from 10.10.1.30:46525
*spamReceiveTask: Mar 07 11:25:34.658: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21

Thanks for answer.
Scott, I don't know the reason, I can't give an IP in the same subnet, do you know how configure manually an IP to AP?
3 subnet on the same vlan.
interface Vlan150
ip address 10.126.96.1 255.255.254.0 secondary
ip address 10.160.96.1 255.255.254.0 secondary ->ap manager subnet
ip address 160.10.1.1 255.255.255.0 -> IP AP 160.10.1.50
ip helper-address 10.10.1.30
Stephen,
How know the code?
Interface summary:
Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
ap-manager                       1    untagged 10.160.96.11    Static Yes    No
management                       1    untagged 10.160.96.10    Static No     No
vlan 140                         1    140     10.125.96.30    Dynamic No     No
vlan 160                         1    160      10.160.18.2     Dynamic No     No
vlan 170                         1    170      10.160.10.2     Dynamic No     No
Debug:
*spamReceiveTask: Mar 07 17:36:33.442: 70:ca:9b:25:5b:9d Discovery Request from 160.10.1.50:46525
*spamReceiveTask: Mar 07 17:36:33.442: 70:ca:9b:25:5b:9d Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =21
*spamReceiveTask: Mar 07 17:36:33.442: 70:ca:9b:25:5b:9d Received a Discovery Request from 70:CA:9B:25:5B:9D via IP broadcast address but the source IP address (160.10.1.50) is not in any of the configured subnets. Dropping it
*spamReceiveTask: Mar 07 17:36:33.442: 70:ca:9b:25:5b:9d State machine handler: Failed to process msg type = 1 state = 0 from 160.10.1.50:46525
*spamReceiveTask: Mar 07 17:36:33.442: 70:ca:9b:25:5b:9d Failed to parse CAPWAP packet from 160.10.1.50:46525

Unable to send alerts to email from wlc 4402/wcs

I am looking to send rogue AP alerts to my email.
I've found where to do it in the WCS software, but can't seem to send/recieve them.
I noticed that there is just an email server name, but no usercredentials to login to that server and relay a message.
Do I need an smtp server setup as an open relay to send these alerts?
Thanks

never mind, i found the answer. DNS problem.

AP 1131ag not able to join with WLC 4402

In some of my spare time, I've been trying to get this AP to join with this WLC. It's been about two weeks now. I'm not sure what the problem is. I think that there are a few possible issues, but I'm asking the more experienced & knowledgeable support community. I did convert the autonomous AP to a LAP. So here are some outputs:
AP sh ver
AP0014.6956.6926#sh ver
Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(25e)JAO3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 18-Dec-13 20:53 by prod_rel_team
ROM: Bootstrap program is C1130 boot loader
BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(2)JA3, RELEASE SOFTWARE (fc2)
AP0014.6956.6926 uptime is 2 hours, 11 minutes
System returned to ROM by power-on
System image file is "flash:/c1130-k9w8-mx.124-25e.JAO3/c1130-k9w8-mx.124-25e.JAO3"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FTX0924T1NR
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.3.1.72
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:14:69:56:69:26
Part Number                          : 73-8962-07
PCA Assembly Number                  : 800-24818-06
PCA Revision Number                  : C0
PCB Serial Number                    : FOC092238UU
Top Assembly Part Number             : 800-25544-01
Top Assembly Serial Number           : FTX0924T1NR
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1131AG-A-K9
Configuration register is 0xF
WLC sh sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 4.2.205.0
RTOS Version..................................... 4.2.205.0
Bootloader Version............................... 4.2.205.0
Build Type....................................... DATA + WPS
System Name...................................... wlcVA010a03a01
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.10.1.1
System Up Time................................... 4 days 0 hrs 54 mins 42 secs
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:18:73:35:DC:40
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
WLC debug lwapp errors enable
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:15 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
WLC debug lwapp events enable
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Received LWAPP DISCOVERY REQUEST from AP 00:13:5f:f8:94:f0 to ff:ff:ff:ff:ff:ff on port '1'
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Successful transmission of LWAPP Discovery Response to AP 00:13:5f:f8:94:f0 on port 1
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Received LWAPP DISCOVERY REQUEST from AP 00:13:5f:f8:94:f0 to ff:ff:ff:ff:ff:ff on port '1'
Fri Jan 24 16:52:20 2014: 00:13:5f:f8:94:f0 Successful transmission of LWAPP Discovery Response to AP 00:13:5f:f8:94:f0 on port 1
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Received LWAPP JOIN REQUEST from AP 00:13:5f:f8:94:f0 to 06:0a:10:10:00:00 on port '1'
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:31 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Received LWAPP JOIN REQUEST from AP 00:13:5f:f8:94:f0 to 06:0a:10:10:00:00 on port '1'
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
WLC debug pm pki enable
Fri Jan 24 16:49:45 2014: sshpmGetIssuerHandles: invalid args (0x13d7edd0/0x13d7edd4/0x13d7edd8/0x30231b14/0)
Fri Jan 24 16:49:45 2014: sshpmFreePublicKeyHandle: called with (nil)
Fri Jan 24 16:49:45 2014: sshpmFreePublicKeyHandle: NULL argument.
Fri Jan 24 16:49:50 2014: sshpmGetIssuerHandles: invalid args (0x13d91320/0x13d91324/0x13d91328/0x30231b14/0)
Fri Jan 24 16:49:50 2014: sshpmFreePublicKeyHandle: called with (nil)
Fri Jan 24 16:49:50 2014: sshpmFreePublicKeyHandle: NULL argument.
Thanks!
Leon

cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.WLC sh sysinfoManufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco ControllerProduct Version.................................. 4.2.205.0RTOS Version..................................... 4.2.205.0Bootloader Version............................... 4.2.205.0Build Type....................................... DATA + WPSFri Jan 24 16:55:20 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
adding to Above .
Manually add self-signed certificates (SSCs) to a Cisco Wireless LAN (WLAN) Controller (WLC).
you can manually add the SSC to the WLC.
these kind problems occure with Lightweight AP Protocol (LWAPP)-converted AP.
Via GUI:
Choose Security > AP Policies and click Enabled beside Accept Self Signed Certificate.
Select SSC from the Certificate Type drop-down menu.
Enter the MAC address of the AP and the hash key, and click Add.
Via CLI:
Enable Accept Self Signed Certificate on the WLC. The command is config auth-list ap-policy ssc enable.
(Cisco Controller) >config auth-list ap-policy ssc enable
Add the AP MAC address and hash key to the authorization list,The command is config auth-list add ssc AP_MAC AP_key .
(Cisco Controller) >config auth-list add ssc
More to check here:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml.
Also mention by Scott that this is very old version on WLC.Please upgrade it.
Hope ite helps.
REgards
Dont forget to rate helpful posts

1131 LWAP not join WLC 4402

I am deploying WLC 4402 with LWAP 1131 but AP fail to join the WLC .The resone that I dont have DNS server.The error message in the AP is :
AP001d.451f.8582>
*Mar 1 00:00:38.005: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned D
HCP address 172.26.5.12, mask 255.255.255.0, hostname AP001d.451f.8582
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
*Mar 1 00:00:49.371: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve
I tried to configure the Controller address in LAP but I fail ,The error when I tried to configure AP is below:
AP001d.451f.8582#lwapp ap controller ip address 172.26.5.10
ERROR!!! Command is disabled.
my question is :
is it possible to make LAP join WLC with out DNS,if yes how ?

Hi Yhab,
There are other ways besides DNS to help in the AP and WLC Discovery process. Have a look in this good doc;
Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml#topic2
For the Static entry problem;
If this AP was ever registered you can use this command from the LAP CLI to clear the LWAPP configuration on the LAP:
clear lwapp private-config
This allows you to use the AP LWAPP static configuration commands again.
Here is an example:
Enable (enter password)
AP1240#clear lwapp private-config
AP1240#lwapp ap hostname AP1240
AP1240#lwapp ap ip address 10.77.244.199 255.255.255.224
AP1240#lwapp ap ip default-gateway 10.77.244.220
AP1240#lwapp ap controller ip address 172.16.1.50
Note: You cannot use the clear lwapp private-config command when the LAP is registered with the controller.
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml#t2
Hope this helps!
Rob

Wlc 4402 errors when trying to join ap

Hello,
I have a wlc 4402 controller with software version 6.0.199.4
now i have problems adding 1131 aps to my controller.
in the pas i added 15 access points (withouts problems) but
now doesn't seems to work anymore.
here's what i got from controller when trying to join
*Nov 11 12:24:37.739: %LWAPP-3-RADIUS_ERR: spam_radius.c:138 Could not send join reply, AP authorization failed; AP:00:13:c4:93:c1:58
here's what i got on the AP (console cable on my pc when booting)
%LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init (SSC): no certs in the SSC Private File
Got an idea on this ?
thanks for help

Was the AP in automatic mode before? Did you copy the LWAPP recovery image to the AP using tftp?
All APs manufactured before 2005 or 2006 do not have MIC (manfacture install MIC) installed. You need to use LWAPP conversion tool to convert the AP to LWAPP/CAPWAP; so that the conversion tool will install SSC (Self Signed Certificates) to build the encrypt the LWAPP/CAPWAP control traffic:
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html
As LWAPP discovery image is already there, you need to convert the AP back to autonomous mode and use LWAPP conversion tool to conver the AP:
http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38trb.html#wp1058472
I hope that the mode button is not disable on the AP. if it does, I hope that the break key is not disable. If both the mode button and break key are disable, you need to RMA the AP.

Only 47 APs join to WLC-4402-50

Why only 47 APs join to the controller 4402-50, the debug capwap errors enable show this:
(Cisco Controller) >
*Sep 07 11:52:33.700: 00:3a:98:f0:f0:f0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =47
*Sep 07 11:52:46.100: 00:3a:98:f0:f0:f0 Join resp: Unable to encode CAPWAP Control IPV4 Address
*Sep 07 11:52:46.100: 00:3a:98:f0:f0:f0 Failed to encode Join response to 192.168.15.10:10738
*Sep 07 11:52:46.101: 00:3a:98:f0:f0:f0 Config Response Failure: Unable to send Join response to 192.168.15.10:10738
*Sep 07 11:52:46.103: 00:3a:98:f0:f0:f0 State machine handler: Failed to process msg type = 3 state = 0 from 192.168.15.10:10738
*Sep 07 11:52:46.103: 00:3a:98:f0:f0:f0 Failed to parse CAPWAP packet from 192.168.15.10:10738
*Sep 07 11:52:46.105: 00:3a:98:f0:f0:f0 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 192.168.15.10:10738)since DTLS session is not established
Can anybody help me with this? When I disconect another AP the AP join succesfully and when i connect the disconnected AP not join, alway only 47 join, doesn't matter what AP, the first 47 in arrive join to the controller.
Any idea?

The limit Stephen is discussing was put into place to eliminate over subscription of a single sfp port utilizing only one AP manager interface. Enabling LAG equally distributes the traffic out one IP address using BOTH sfp ports from the physical layer perspective. You can also achieve this by adding a second AP manager interface and tying it to the second physical port. You must do one of these two to enable support for the additional 2 APs. When creating a new interface for the AP manager2 make sure that you allow it to dynamically manage the APs. If not, you will still have the same problem.

Problem to register upgraded AP 1242 to WLC 4402

Hi,
I am running a small Cisco WLAN with about 20 APs (all 1242) that are managed by two WLC 4402 (running v4.0.155.0).
WLCs are in Mobility group, serveral WLANs/VLANs are configured (including 802.1x, guest access with WebAuthentication etc.). All APs are configured for the same WLC as primary and the other as secondary. Everthing was working fine until I tried to upgrade another AP from IOS to LWAPP using the Cisco Upgrade tool.
After the AP was flashed and rebooted it started to discover a WLC but fails. The console messages look like this:
*Mar 1 00:00:05.962: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
*Mar 1 00:00:06.952: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:07.952: %LINEPROTO-5-UPDOWN:
ap> Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:25.960: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
Translating "CISCO-LWAPP-CONTROLLER.xxx.yyy"...domain server (10.x.y.z)
*Mar 1 00:00:35.348: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.x.y.z, mask 255.255.254.0, hostname AP0019.3076.fe30
*Mar 1 00:00:36.349: LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve CISCO-LWAPP-CONTROLLER.xxx.yyy
*Mar 1 00:00:46.398: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 1 00:00:54.397: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response
*Mar 1 00:00:54.397: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
*Mar 1 00:00:54.397: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar 1 00:00:54.398: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
The switchport of the AP is configured for the same VLAN as the management and ap-management interface of the controller (not native VLAN), the primary controller is set to master controller mode and I see no other error messages (e. g. on the WLC).
Does anyone know how to fix this problem?
(even adding a "CISCO-LWAPP-CONTROLLER" host in the DNS does not help!!!)

Hi Ankur,
here the output of "dir flash:"
dir flash:
Directory of flash:/
2 -rwx 1048 Aug 14 2007 14:29:38 +00:00 private-multiple-fs
3 -rwx 314 Mar 1 2002 00:00:57 +00:00 env_vars
156 drwx 128 Aug 14 2007 14:29:32 +00:00 c1240-rcvk9w8-mx
10 drwx 256 Aug 15 2007 07:15:47 +00:00 c1240-k9w8-mx.123-11.JX
15998976 bytes total (11196416 bytes free)
AP0019.3076.fe30#
Is there something wrong?
Kind regards,
Hagen

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

WLC 4402 + LAP-1242AG + No DHCP

Greetings to all,
I am trying to get some LAP-1242 to join a 4402 controller without using any DHCP server. Is that possible?
Thank you in advance

Hi Stelios,
Just thought I might add a note to the good info from Scott and Richard (5 points to both of you for this helpful info!)
There is no danger of this AP reverting to Autonomous without a concerted effort on your part to reload an IOS :)
Here is a summary;
To clear or remove the manually entered controller information, you can use these EXEC mode CLI commands:
clear lwapp ap ip address
clear lwapp ip default-gateway
clear lwapp controller ip address
clear lwapp ap hostname
Manually Resetting the Access Point to Defaults
You can manually reset your access point to default settings using this EXEC mode CLI command:
Note This command requires the controller configured Enable password to enter the CLI EXEC mode.
clear lwapp private-config
From this Troubleshooting doc;
http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_c4.html#wp1091061
If you enter the clear lwapp private-config command, you might see this error message:
AP0017.5922.f384#clear lwapp private-config
ERROR!!! Command is disabled.
This error message indicates that the static configuration commands are locked out because either:
This command was entered while the LAP is registered to a controller.
***The LAP was previously registered to a WLC, but the username/password was not changed from the default
So try this;
Once your LAP successfully registers with the WLC, the static LWAPP configuration commands (discussed in the previous section) are locked out and are no longer accessible. In order to re-enable the commands, you must have set the username and password while the LAP was joined to the previous controller.
When the LAP is registered to a controller, use this controller CLI command to set the AP's username and password:
config ap username password
From this excellent doc :)
Resetting the LWAPP Configuration on a Lightweight AP (LAP)
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml
Hope this helps!
Rob

WLC 4402 with 1231g

Hi!
I got a problem with a LWAPP 1231 and 4402 WLC. The convertion procedure goes fine, but when the AP tries to join to controller i find some errors on the AP and does not register on the WLC.
Errors on the AP:
*Mar 1 00:00:23.718: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
Mar 1 00:00:34.383: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
Mar 1 00:00:40.395: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not rec
ieve the Join response
*Mar 1 00:00:40.395: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
Mar 1 00:00:40.447: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar 1 00:00:40.447: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file s
ystem is available.
WLC version: AIR-WLC4400-K9-4-2-112-0.aes
AP version: c1200-rcvk9w8-tar.123-11JX1.tar
Hope it helps.
Thank you very much

Check out these other threads:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc09a8d
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cc0cd51

Join response does not reach AP

This problem is also firewall and router/switch related, but the main problem is that the APs do not join.
I have lightweight access-points (LAPs) on a subnet behind a redundant routed firewall context on an FWSM in a 6509. This context has a DHCP relay configured.
The outside of the firewall is connected to the router (MSFC) through an interface vlan.
On that same chassis, a PIX525 is connected. Behind that PIX is the WLC and the DHCP-server.
When the LAP powers on, it does an DHCP request. The context relays it to the DHCP server, and the response is sent to the LAP. In that response is the IP-address of the WLC, which is on the same subnet as the DHCP server.
Next step is a join request to the controller (udp to WLC on port 12223).
When I use the capture facility on the firewall, I see the packet entering the inside interface, and leaving the outside on the FWSM. I do not see any responses.
Next I do the same on the PIX outside: there I see the requests to the WLC, but also the responses FROM the WLC. I do not see those responses on the OUTSIDE of the context of the FWSM!
I use the following ACL for capturing data:
access-list lwapp permit ip any host 192.168.43.10
access-list lwapp permit ip host 192.168.43.10 any
capture wlc access-list lwapp interface outside
Where 192.168.43.10 is the IP-address of the WLC
show capture wlc detail
gives me the packets i need to see.
On the inside of the context this gives me only join requests
On the outside of the context this gives me only the join requests
On the outside of the PIX this gives me bot the join request and the join response
The router does not have any ACL on both interfaces.
Next step is to put an ACL on the router interfaces:
access-list 100 permit ip host 192.168.43.10 192.168.37.32 0.0.0.31 log
access-list 100 permit ip 192.168.37.32 0.0.0.31 host 192.168.43.10 log
access-list 100 permit ip any any
this access-list is put both in- and outgoing on the interface towards the PIX. I see both counters incrementing, and with 'show logging' I see both join request and join responses.
When I place this access-list on the interface towards the FWSM, I see the same.
My conclusion is therefore: the packets are leaving the interface towards the FWSM, but they do not arrive on the outside of the FW-context.
HOWEVER: I can access switches with SSH in the same subnet (they have their management IP in that same subnet).
From the WLC, I can ping the LAPs (there are 2 in that subnet at the moment).
Because the join response is not received, the LAPs are continuously rebooting (being reachable during 20-30 seconds), but during this interval, I can ping them from the WLC.
On the firewalls all needed protocols are allowed through.
Can anyone shed some light on this?
TIA,
Marcel

I found the issue, while sniffing the traffic on the LAP VLAN.
It appears the WLC is discovered using the management IP-address (43.10 in my case), but the join response is coming from the AP-manager IP address (43.25). That second address was blocked by the firewall, and once allowed, all worked like a charm.
It appears the capture option of the FWSM is not as reliable as a sniffer on a SPAN port (thank you, Mike!)
Marcel

2602i does not Join to 3850 WLC

Trying to join 2602i to 3850 wlc but after join to WLC, the access point keeps rebooting
AP Console log:
APc067.afa7.1ee4#
*Nov 29 23:32:55.027: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 29 23:32:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.129.0.254 peer_port: 5246
*Nov 29 23:32:55.223: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.129.0.254 peer_port: 5246
*Nov 29 23:32:55.223: %CAPWAP-5-SENDJOIN: sending Join Request to 10.129.0.254
., 1)29 23:33:13.415: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
*Nov 29 23:33:13.415: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Nov 29 23:33:19.299: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Nov 29 23:33:19.319: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Nov 29 23:33:19.323: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Nov 29 23:33:19.327: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 29 23:33:19.347: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 29 23:33:20.323: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Nov 29 23:33:20.351: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Nov 29 23:33:20.359: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 29 23:33:21.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Nov 29 23:33:21.351: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Nov 29 23:33:21.379: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 29 23:33:21.387: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Nov 29 23:33:21.395: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 29 23:33:22.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Nov 29 23:33:22.387: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Nov 29 23:33:22.415: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 29 23:33:23.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Not in Bound state.
*Nov 29 23:34:14.847: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Nov 29 23:34:19.847: %CAPWAP-3-ERRORLOG: Invalid event 40 & state 2 combination.
*Nov 29 23:34:19.967: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.129.0.212, mask 255.255.255.128, hostname APc067.afa7.1ee4
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Nov 29 23:34:25.847: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Nov 29 23:34:34.847: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Nov 29 23:35:04.847: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 29 23:35:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.129.0.254 peer_port: 5246
*Nov 29 23:35:04.223: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.129.0.254 peer_port: 5246
*Nov 29 23:35:04.223: %CAPWAP-5-SENDJOIN: sending Join Request to 10.129.0.254
., 1)29 23:35:22.411: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
*Nov 29 23:35:22.411: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Nov 29 23:35:27.479: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Nov 29 23:35:27.499: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Nov 29 23:35:27.499: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Nov 29 23:35:27.503: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 29 23:35:27.527: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 29 23:35:28.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Nov 29 23:35:28.531: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Nov 29 23:35:28.539: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 29 23:35:29.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Nov 29 23:35:29.531: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Nov 29 23:35:29.559: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 29 23:35:29.567: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Nov 29 23:35:29.575: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 29 23:35:30.559: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Nov 29 23:35:30.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Nov 29 23:35:30.595: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 29 23:35:31.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
WLC Log:
Nov 29 23:40:46.469: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:40:46.469: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:40:46.470: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/0/24 is not an access port.
Nov 29 23:40:46.471: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:40:46.471: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:40:46.471: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
54C1BR01A01254#
Nov 29 23:40:46.474: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
Nov 29 23:40:46.474: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm: Failed to create CAPWAP data tunnel with interface id: 0xd670c00000002a for AP: c025.5c68.7f10 Error Reason: Capwap Data Tunnel create retry exceeded max retry count.
Nov 29 23:41:09.584: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm: Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:42:55.496: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
54C1BR01A01254(config)#
Nov 29 23:42:55.499: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/0/24 is not an access port.
Nov 29 23:42:55.499: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
Nov 29 23:42:55.500: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm: Failed to create CAPWAP data tunnel with interface id: 0xcb73c00000002b for AP: c025.5c68.7f10 Error Reason: Capwap Data Tunnel create retry exceeded max retry count.
GB - United Kingdom : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) combination
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR7: 1 wcm: Invalid country code () for AP c0:25:5c:68:7f:10
Nov 29 23:42:55.496: *%LWAPP-3-RD_ERR9: 1 wcm: APs c0:25:5c:68:7f:10 country code changed from () to (GB )
Nov 29 23:42:55.496: *%LWAPP-3-VALIDATE_ERR: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
Nov 29 23:42:55.499: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/0/24 is not an access port.
Nov 29 23:42:55.499: *%LOG-3-Q_IND: 1 wcm: Validation of SPAM Vendor Specific Payload failed - AP c0:25:5c:68:7f:10
Nov 29 23:42:55.500: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm: Failed to create CAPWAP data tunnel with interface id: 0xcb73c00000002b for AP: c025.5c68.7f10 Error Reason: Capwap Data Tunnel create retry exceeded max retry count.
and sometimes:
Nov 30 21:16:56.781: *%CAPWAP-3-ALREADY_IN_JOIN: 1 wcm: Dropping join request from AP c025.5c68.7f10 - AP is already in joined state
Nov 30 21:16:56.785: *%CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to delete CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL database entry not found
Sh Wirless Country Configured:
GB - United Kingdom : 802.11a Indoor,Outdoor/ 802.11b / 802.11g
Sh version (AP):
LWAPP image version 10.1.100.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: C0:67:AF:A7:1E:E4
Part Number                          : 73-14588-02
PCA Assembly Number                  : 800-37899-01
PCA Revision Number                  : A0
PCB Serial Number                    : FOC17353HXS
Top Assembly Part Number             : 800-38356-01
Top Assembly Serial Number           : FCZ1743P1VC
Top Revision Number                  : A0
Product/Model Number                 : AIR-SAP2602I-E-K9
Configuration register is 0xF
APc067.afa7.1ee4#
APc067.afa7.1ee4#^C
Not in Bound state.
*Nov 30 20:04:56.019: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Nov 30 20:05:01.019: %CAPWAP-3-ERRORLOG: Invalid event 40 & state 2 combination.c
*Nov 30 20:05:01.139: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.129.0.211, mask 255.255.255.128, hostname APc067.afa7.1ee4
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Nov 30 20:05:07.019: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
Sh ver (Switch):
Base Ethernet MAC Address          : d0:c7:89:75:c3:00
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC172896LQ
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1729V133
Switch Ports Model              SW Version        SW Image              Mode
*    1 32    WS-C3850-24T       03.03.00SE        cat3k_caa-universalk9 INSTALL
     2 32    WS-C3850-24T       03.03.00SE        cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime                      : 5 days, 23 hours, 2 minutes
Base Ethernet MAC Address          : ec:e1:a9:df:93:80
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17236GD1
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1725V0FT
Configuration register is 0x102

Hi,
3850 is in MC mode.
The AP is connected to an access switch which is connected via trunk port to 3850. the access port is in a same vlan as wireless management VLAN.AP is not connected directly to 3850 as this switch is not poe capable.
Country code is set to GB as th AP is ion Europe domain.
NTP has been configured
1- show license right-to-use summary :
ipservices   permanent   N/A      Lifetime
apcount      base        0        Lifetime
apcount      adder       4        Lifetime
License Level In Use: ipservices
License Level on Reboot: ipservices
Evaluation AP-Count: Disabled
Total AP Count Licenses: 4
AP Count Licenses In-use: 1
AP Count Licenses Remaining: 3
the one which is in use is my AP which has issue. keeps rebooting:
2. show wireless mobility summary
Mobility Controller Summary:
Mobility Role                                   : Mobility Controller
Mobility Protocol Port                          : 16666
Mobility Group Name                             : BSTAR
Mobility Oracle IP Address                      : 0.0.0.0
DTLS Mode                                       : Enabled
Mobility Domain ID for 802.11r                  : 0x276d
Mobility Keepalive Interval                     : 10
Mobility Keepalive Count                        : 3
Mobility Control Message DSCP Value             : 48
Mobility Domain Member Count                    : 1
Link Status is Control Link Status : Data Link Status
Controllers configured in the Mobility Domain:
IP               Public IP        Group Name       Multicast IP     Link Status
10.129.0.254     -                BSTAR            0.0.0.0          UP   : UP
3- Show run | in Wireless
qos wireless-default-untrust
wireless mobility controller
wireless mobility group name BSTAR
wireless management interface Vlan10
wireless wps ap-authentication

No Join Response from WLC 4402 to LWAPP AP

Similar Messages

Maybe you are looking for