Trouble getting Cisco 2600 Series AP to stay joined to WLC 5508

Hi,
I have recently been tasked with upgrading our old Autonomous APs to LWAPs.  We have a 5508 WLC at our Virtual Co-Lo and I am using Flexconnect to accomadate local switching and dhcp at our sites.  I have upgraded over 50 APs and joined them to the controller.  These include only 1130AG and 1240AG models.  However they are working flawlessly and staying connected to the controller.  The issue I'm having is with a new batch of 2600 series APs staying connected to the controller.  I have attempted to do research into what may be causing the disconnects but have yet to find a solution.  I am using DNS to resolve the CAPWAP & LWAPP queries from the APs to the controller accross our WAN.  In reading other posts I thought it may be an issue with packets getting dropped but have had our Vendor who manages Sonicwalls at both ends of the WAN confirm for me there is no packet loss.  Below are logs I gathered using puttty from the AP & WLC.  Any help would be greatly appreciated.
AP I'm doing the testing on:
NAME: "AP2600", DESCR: "Cisco Aironet 2600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP2602I-A-K9 , VID: V01, SN: FTX1740J8V1
WLC in question:
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.112.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... wificontroller
System Location.................................. Corp
System Contact................................... Net Engineer
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.250.32.8
Last Reset....................................... Software reset
System Up Time................................... 190 days 3 hrs 34 mins 24 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
Configured Country............................... US  - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
--More-- or (q)uit
Internal Temperature............................. +38 C
External Temperature............................. +20 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 14
Number of Active Clients......................... 71
Burned-in MAC Address............................ C8:9C:1D:8C:52:E0
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 100
Here is the output that keeps on occuring as the AP joins the WLC for a brief time and then changes to standalone mode
WT-4thFlr-AP3#
*Dec 14 15:42:04.419: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 3)
*Dec 14 15:42:11.443: %EVT-4-WRN: Write of flash:/event.capwap done
*Dec 14 15:42:11.483: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Dec 14 15:42:11.487: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Dec 14 15:42:11.487: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
*Dec 14 15:42:11.571: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
*Dec 14 15:42:21.575: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 14 15:42:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:42:14.303: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:42:14.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
*Dec 14 15:42:15.127: Starting Ethernet promiscuous mode
*Dec 14 15:42:15.535: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Dec 14 15:42:15.667: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
*Dec 14 15:42:15.667: Setting AC first hop MAC: 0017.c575.a23c
*Dec 14 15:42:15.855: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller wificontroller
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.911: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.915: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration file
*Dec 14 15:42:15.915: %LWAPP-3-CLIENTERRORLOG: Switching to Connected mode
*Dec 14 15:42:23.639: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 0 disabled
*Dec 14 15:42:34.615: %CLEANAIR-6-STATE: Slot 1 disabled
*Dec 14 15:45:43.783: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 11)
*Dec 14 15:45:43.787: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Dec 14 15:45:43.787: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Dec 14 15:45:43.787: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.250.32.8:5246
*Dec 14 15:45:43.867: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Selected MWAR 'wificontroller'(index 0).
*Dec 14 15:45:53.867: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 14 15:45:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:45:46.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.250.32.8 peer_port: 5246
*Dec 14 15:45:46.315: %CAPWAP-5-SENDJOIN: sending Join Request to 10.250.32.8
*Dec 14 15:45:46.487: Starting Ethernet promiscuous mode
*Dec 14 15:45:49.903: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Dec 14 15:45:50.031: ac_first_hop_mac - IP:10.1.2.250 Hop IP:10.1.2.250 IDB:BVI1
*Dec 14 15:45:50.031: Setting AC first hop MAC: 0017.c575.a23c
Here are the results of debug capwap client event on the AP:
WT-4thFlr-AP3#debug capwap client event
CAPWAP Client EVENT display debugging is on
WT-4thFlr-AP3#
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:54:58.335: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:54:58.343: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:55:08.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:08 UTC Dec 14 2013
*Dec 14 15:55:25.579: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:25.587: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:55:25.827: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:25.835: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:55:55.835: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:55:55.843: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:55:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:55:56 UTC Dec 14 2013
*Dec 14 15:56:25.735: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:25.743: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:56:25.983: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:25.991: %CAPWAP-3-EVENTLOG: Wtp Event Response from 10.250.32.8
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Sending packet to AC
*Dec 14 15:56:55.991: %CAPWAP-3-EVENTLOG: Echo Request sent to 10.250.32.8
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Queue Empty.
*Dec 14 15:56:55.999: %CAPWAP-3-EVENTLOG: Echo Response from 10.250.32.8
*Dec 14 15:56:56.000: %CAPWAP-3-EVENTLOG: Setting time to 15:56:56 UTC Dec 14 2013
Here are the results of debug capwap client packet detail:
WT-4thFlr-AP3#
*Dec 14 15:59:01.823: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:01.823: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:01.823:         Msg Type   : CAPWAP_ECHO_REQUEST
*Dec 14 15:59:01.823:         Msg Length : 0
*Dec 14 15:59:01.823:         Msg SeqNum : 44
*Dec 14 15:59:01.823: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:01.831: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:01.831: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:01.831:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:01.831:         Msg Type   : CAPWAP_ECHO_RESPONSE
*Dec 14 15:59:01.831:         Msg Length : 15
*Dec 14 15:59:01.831:         Msg SeqNum : 44
*Dec 14 15:59:01.831: 
*Dec 14 15:59:01.831:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
*Dec 14 15:59:01.831:         Vendor Identifier  : 0x00409600
*Dec 14 15:59:01.831:
*Dec 14 15:59:01.831:
    IE            :   UNKNOWN IE 151
*Dec 14 15:59:01.831:     IE Length     :   5
*Dec 14 15:59:01.831:     Decode routine not available, Printing Hex Dump
*Dec 14 15:59:01.831:
52 AC 80 46 00
*Dec 14 15:59:01.831: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:20.931: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:20.931: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:20.931:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:20.931:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:20.931:         Msg Length : 93
*Dec 14 15:59:20.931:         Msg SeqNum : 38
*Dec 14 15:59:20.931: 
*Dec 14 15:59:20.931:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 89
*Dec 14 15:59:20.931:         Vendor Identifier  : 0x00409600
*Dec 14 15:59:20.931:
*Dec 14 15:59:20.931:
    IE            :   RRM_NEIGHBOR_CTRL_PAYLOAD
*Dec 14 15:59:20.931:     IE Length     :   83
*Dec 14 15:59:20.931:     Decode routine not available, Printing Hex Dump
*Dec 14 15:59:20.931:
00 0A FA 20 08 01 F4 00 07 0A FA 20 08 03 00 01
01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 01 06 0B
01 01 01
*Dec 14 15:59:20.931: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:20.931: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:20.931: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:20.931:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:20.931:         Msg Length : 8
*Dec 14 15:59:20.931:         Msg SeqNum : 38
*Dec 14 15:59:20.931: 
*Dec 14 15:59:20.931:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:20.931:         Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:20.931: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:21.139: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:21.139: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:21.139:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:21.139:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:21.139:         Msg Length : 111
*Dec 14 15:59:21.139:         Msg SeqNum : 39
*Dec 14 15:59:21.139: 
*Dec 14 15:59:21.139:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 107
*Dec 14 15:59:21.139:         Vendor Identifier  : 0x00409600
*Dec 14 15:59:21.139:
*Dec 14 15:59:21.139:
    IE            :   RRM_NEIGHBOR_CTRL_PAYLOAD
*Dec 14 15:59:21.139:     IE Length     :   101
*Dec 14 15:59:21.139:     Decode routine not available, Printing Hex Dump
*Dec 14 15:59:21.143:
01 0A FA 20 08 01 F4 00 07 0A FA 20 08 0C 00 01
01 00 3C 00 B4 2E 06 2E E7 B4 94 51 B2 C7 79 25
22 FD BE 04 F6 00 00 00 00 00 00 00 00 4F 50 52
53 2D 57 69 46 69 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 24 28 2C
30 34 38 3C 40 95 99 9D A1 01 01 01 01 01 01 01
01 01 01 01 01
*Dec 14 15:59:21.143: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:21.143: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:21.143: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:21.143:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:21.143:         Msg Length : 8
*Dec 14 15:59:21.143:         Msg SeqNum : 39
*Dec 14 15:59:21.143: 
*Dec 14 15:59:21.143:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:21.143:         Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:21.143: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:25.547: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:25.547: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:25.547:         Msg Type   : CAPWAP_WTP_EVENT_REQUEST
*Dec 14 15:59:25.547:         Msg Length : 14
*Dec 14 15:59:25.547:         Msg SeqNum : 45
*Dec 14 15:59:25.547: 
*Dec 14 15:59:25.547:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*Dec 14 15:59:25.547:         Vendor Identifier  : 0x00409600
*Dec 14 15:59:25.547:
*Dec 14 15:59:25.547:
    IE            :   RRM_LOAD_DATA_PAYLOAD
*Dec 14 15:59:25.547:     IE Length     :   4
*Dec 14 15:59:25.547:          slot 0 rxLoad 0 txLoad 0 ccaLoad 33
*Dec 14 15:59:25.547: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:25.555: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:25.555: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:25.555:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:25.555:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:25.555:         Msg Length : 0
*Dec 14 15:59:25.555:         Msg SeqNum : 45
*Dec 14 15:59:25.555: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:25.795: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:25.795: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:25.795:         Msg Type   : CAPWAP_WTP_EVENT_REQUEST
*Dec 14 15:59:25.795:         Msg Length : 14
*Dec 14 15:59:25.795:         Msg SeqNum : 46
*Dec 14 15:59:25.795: 
*Dec 14 15:59:25.795:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10
*Dec 14 15:59:25.795:         Vendor Identifier  : 0x00409600
*Dec 14 15:59:25.795:
*Dec 14 15:59:25.795:
    IE            :   RRM_LOAD_DATA_PAYLOAD
*Dec 14 15:59:25.795:     IE Length     :   4
*Dec 14 15:59:25.795:          slot 1 rxLoad 0 txLoad 0 ccaLoad 0
*Dec 14 15:59:25.795: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:25.803: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:25.803: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:25.803:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:25.803:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:25.803:         Msg Length : 0
*Dec 14 15:59:25.803:         Msg SeqNum : 46
*Dec 14 15:59:25.803: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:30.375: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:30.375: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:30.375:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:30.375:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_REQUEST
*Dec 14 15:59:30.375:         Msg Length : 17
*Dec 14 15:59:30.375:         Msg SeqNum : 40
*Dec 14 15:59:30.375: 
*Dec 14 15:59:30.375:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 13
*Dec 14 15:59:30.375:         Vendor Identifier  : 0x00409600
        SlotId                  :   0
        Mobile Mac Addr         :   BC:52:B7:E3:17:CB
*Dec 14 15:59:30.375: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:30.375: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:30.375: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 15:59:30.375:         Msg Type   : CAPWAP_CONFIGURATION_UPDATE_RESPONSE
*Dec 14 15:59:30.379:         Msg Length : 8
*Dec 14 15:59:30.379:         Msg SeqNum : 40
*Dec 14 15:59:30.379: 
*Dec 14 15:59:30.379:      Type : CAPWAP_MSGELE_RESULT_CODE, Length 4
*Dec 14 15:59:30.379:         Result Code : CAPWAP_SUCCESS
*Dec 14 15:59:30.379: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 15:59:30.387: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 15:59:30.387: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 15:59:30.387:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 15:59:30.387:         Msg Type   : CAPWAP_WTP_EVENT_RESPONSE
*Dec 14 15:59:30.387:         Msg Length : 0
*Dec 14 15:59:30.387:         Msg SeqNum : 47
*Dec 14 15:59:30.387: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 16:00:00.387: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 16:00:00.387: CAPWAP Control mesg Sent to 10.250.32.8, Port 5246
*Dec 14 16:00:00.387:         Msg Type   : CAPWAP_ECHO_REQUEST
*Dec 14 16:00:00.387:         Msg Length : 0
*Dec 14 16:00:00.387:         Msg SeqNum : 48
*Dec 14 16:00:00.387: <<<<  End of CAPWAP Packet  >>>>
*Dec 14 16:00:00.395: <<<<   Start of CAPWAP Packet  >>>>
*Dec 14 16:00:00.395: CAPWAP Control mesg Recd from 10.250.32.8, Port 5246
*Dec 14 16:00:00.395:         HLEN 2,   Radio ID 0,    WBID 1
*Dec 14 16:00:00.395:         Msg Type   : CAPWAP_ECHO_RESPONSE
*Dec 14 16:00:00.395:         Msg Length : 15
*Dec 14 16:00:00.395:         Msg SeqNum : 48
*Dec 14 16:00:00.395: 
*Dec 14 16:00:00.395:      Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 11
*Dec 14 16:00:00.395:         Vendor Identifier  : 0x00409600
*Dec 14 16:00:00.395:
*Dec 14 16:00:00.395:
    IE            :   UNKNOWN IE 151
*Dec 14 16:00:00.395:     IE Length     :   5
*Dec 14 16:00:00.395:     Decode routine not available, Printing Hex Dump
*Dec 14 16:00:00.395:
52 AC 80 81 00
*Dec 14 16:00:00.395: <<<<  End of CAPWAP Packet  >>>>

Under my AP Policies I only have "Accept Manufactured Installed Certificate (MIC)" checked.  I attempted to add the AP based on MAC Address (c0:67:af:6f:25:70) with this certificate type but still have the same issue.  I then ran the following debug on my controller and this is the output I recieve regarding that MAC.  I tried to cut the output short because it get's somewhat redundant but was unsure what exactly to look for in the output.  Should I be selecting a different certificate type?  I am somewhat new to wireless technologies but doing my best to pick things up so if this seems trivial please forgive my ignorance.
debug pm pki enable
*sshpmLscTask: Dec 14 20:42:56.450: sshpmLscTask: LSC Task received a message 4
*spamApTask6: Dec 14 20:42:58.840: sshpmGetIssuerHandles: locking ca cert table
*spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*spamApTask6: Dec 14 20:42:58.841: sshpmGetIssuerHandles: calling x509_decode()
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: C=US, ST=California, L=San Jose, O=Cisco Systems, CN=AP3G2-c067af6f2570, [email protected]
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles:   O=Cisco Systems, CN=Cisco Manufacturing CA
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Mac Address in subject is c0:67:af:6f:25:70
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert Name in subject is AP3G2-c067af6f2570
*spamApTask6: Dec 14 20:42:58.845: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: called to evaluate
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: called to get cert for CID 282aef7e
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.845: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.845: ssphmUserCertVerify: calling x509_decode()
*spamApTask6: Dec 14 20:42:58.856: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (current): 2013/12/15/01:42:58
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotBefore): 2013/08/25/13:01:22
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: ValidityString (NotAfter): 2023/08/25/13:11:22
*spamApTask6: Dec 14 20:42:58.856: sshpmGetIssuerHandles: getting cisco ID cert handle...
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: called to evaluate
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.856: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: called with 0x2c5f0cb8
*spamApTask6: Dec 14 20:42:58.857: sshpmFreePublicKeyHandle: freeing public key
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: called to get cert for CID 183fd2b6
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask0: Dec 14 20:43:17.451: sshpmGetCID: called to evaluate

Similar Messages

  • Cisco 2600 series router and cable modems

    Hi everyone, I am just about to get started preparing for my CCNA... I am looking to pick up some used Cisco 2600 series routers to set up a home lab. I am wondering if it is possible to connect a cable modem directly to a 2600 series router? If so, do I need a certain type of WIC? I want to go from my cable modem, to a router, to my switch. Thanks in advance!

    Hi,
    Yes you can, using the Ethernet port on the cable modem, you can connect the cable modem to the router 2600, and the 2600 comes with builtin ethernet or fastethernet (according to your platform).
    HTH,
    Mohammed Mahmoud.

  • Trouble getting settings in iPhoto slideshow to stay as set

    How can I get the settings for individual photos on my slideshow to stay as I have set them?  I've unclicked the Ken Burns setting on two photos in a slideshow because the panning cuts out vital parts of the photo, but the setting goes back to the original when I play the preview. 

    Hello,
    I think the problem is your parameter is a string but your are using Date function in it.... Why are you using a String and not a Date parameter?
    Doing a google search I found this http://infolab.stanford.edu/~ullman/fcdb/oracle/or-time.html:
    The general usage of TO_DATE is:
    TO_DATE(<string>, '<format>')
    For strings:
    The general usage of TO_CHAR is:
    TO_CHAR(<date>, '<format>')
    So you may want to look around for examples to meet your needs.
    Don

  • NTP on the Cisco 2600 series routers

    Hi,
    I am trying to setup ntp on my 2611 ansd 2621 Cisco routers and so far on one of the routers I have ointed it to the nTP server that I want i.e. ntp0.cornell.edu. it seems that it working but the show clock smd output show the clock for 1999 and a wrong time and time-zone.
    can someone please show me the steps by which I need to configure ntp on these routers?
    I couldn't find any papers on the Cisco sute to show how to do this.
    Thx,
    Masood

    If the clock is showing 1999 then certainly the router is not learning the correct time via NTP. Either the NTP machine it is talking to has the wrong time (certainly not likely if it is leaning from the cornell.edu NTP server) or the router is not talking to the configured server (seems much more likely here). Either the command show ntp status or the command show ntp association would show whether the router was synced to the NTP server.
    But correcting the issue with access to the NTP server will not fix the issue if the router is displaying the wrong time zone (unless the time zone displayed is UTC or GMT). NTP transmits time in UTC/GMT and it is up to the router to specify the timezone. Use the configuration global command clock timezone (and possible clock summer-time) to set the time zone on the router.
    HTH
    Rick

  • 1600 and 2600 series aps no heatmap on cisco prime 1.4.0.45

    after plotting 1600 series and 2600 series aps on the respective uploaded maps, there's NO heatmap coming out. 
    setup composed of:
    1600 series aps
    2600 series aps
    wlc running HA (7.4.121.0)
    cisco prime 1.4.0.45
    i noticed some errors from prime:
    error 1: Exception while computing Coverage Heatmap. Message: COMMON-1 Try Recompute RF Prediction - this error message shows after positioning the aps on the map and clicking save button. it took sometime to display then this error message shows. 
    error 2: Error in Recompute RF Prediction: SyntaxError:syntax error - this error shows after running recompute rf prediction option
    i tried 802.11a/n and 802.11b/g/n protocols but still no heatmap. i tried unselecting ap heatmaps option and select it again but still no heatmap.
    anybody have an idea what is going on? tia

    Hi,
    Try removing both APs from the map and saving. Next, go back into the map an assign the APs. If they still do not map then I would look at the traps on the controller and make sure that the AP is fine. I would also look at performing an on demand refresh from the controller to the WCS. You can do this from the management page in WCS.

  • Cisco aironet 2600 series AP configuration with windows 2008 R2 Radius server.

    I want to know the configuration of Cisco aironet 2600 series AP with windows 2008 R2 Radius server.  
    I have
    1. AD & DHCP Server
    2. Cisco Aironet 2600 Access Point.
    I want to connect wifi devices through this AP. Authentication should be through Radius server and AD.

    Hi , 
    Below link should support your requirement 
    http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116584-configure-wirelesslan-00.html
    Minimal command : -
    AP(config)# aaa new-model
     AP(config)# radius-server host 172.20.0.1 auth-port 1645 acct-port 1645 key XXXXXX
     AP(config)# radius-server deadtime 10
    HTH
    Sandy

  • FreeRadius and Cisco 2600 Terminal Server [IOS 12.1(3)T]

    Hi Cisco People
    I'm using FreeRadius 2 and Cisco 2600 Terminal server to coordinate access to cisco routers based on time‏ ranges.
    Basically we are an education/training environment where we have some students accessing the routers and switches for practise, terminal server are used to consolidate the console access, and these terminal servers authenticate the users through a Radius server (as shown in the following figure). Additionally, the students are categorized into few groups. We want to implement policy on the radius server so that only a certain group can access the resources in a given duration of time (the user should be dropped from the terminal when the subscribed time is reached and cannot access thereafter .) 
    +++++++++++++++                                           +++++++++++++++++                                      +++++++++++++
    +         User          +++++++++++++++++++++++   Cisco 2600          +++++++++++++++++++++   Network      +
    +                          +                                           +   Terminal Serv     +                                      +    Devices      +
    +++++++++++++++                                           +++++++++++++++++                                      +++++++++++++
                                                                                            (NAS)
                                                                                                +
                                                                                                +
                                                                                   +++++++++++++++     
                                                                                  +   FreeRadius      +
                                                                                  +++++++++++++++
    Right now I'm able to do the "hello-world" setup with the following users and clients.conf. On the terminal server side, aaa new-model is enabled on the cisco terminal server to communicate with this radius server.
    users
    =============
    cisco Auth-Type := System
      Service-Type = NAS-Prompt-User,
      cisco-avpair = "shell:priv-lvl=15"
    clients.conf
    ==============
    client 192.168.1.1 {
      secret = SECRET_KEY
      shortname = termserver
      nastype = cisco
    A typical transaction would be :
    Access-Request
    =======
            NAS-IP-Address = 192.168.1.1
            NAS-Port = 35
            NAS-Port-Type = Async
            User-Name = "cisco"
            Calling-Station-Id = "1.1.1.1"
            User-Password = "cisco"
    Access-Accept
    =======
            Service-Type = NAS-Prompt-User
            Cisco-AVPair = "shell:priv-lvl=15"
    This works fine but doesn't provide any timing limitations. So I have modified the FreeRadius config to be :
    users
    =============
    cisco Auth-Type := System
      Service-Type = NAS-Prompt-User,
      cisco-avpair = "shell:priv-lvl=15",
      Session-Timeout = 20
    Cisco Terminal Server
    ==============
    aaa new-model
    aaa authentication login default group radius local none
    aaa authorization exec default group radius if-authenticated 
    aaa accounting exec default start-stop group radius
    aaa accounting network default start-stop group radius
    aaa accounting connection default start-stop group radius
    After this, I am able to see that the terminal server actually receives an Access-Accept including the Session-Timeout attributes like the following :
            Service-Type = NAS-Prompt-User
            Cisco-AVPair = "shell:priv-lvl=15"
            Session-Timeout = 20
    But the problem is that it doesn't really terminate the session after the 20 seconds are reached . My questions is that :
    1. Is the terminal server really able to enforce such time limit after receiving the attribute ?
    2. Is the 2600 terminal server  with [IOS 12.1(3)T] compliant with RFC 2865?
    3. What can I do so that the terminal server forces the user to be logged out after the session time limit is reached ?
    Thanks
    Frank

    Frank,
    I think you should use the login time s well:
    Login-Time
    Login-Time is a very powerful internal check AVP. It allows flexible authorization and its value is used by the logintime (rlm_logintime) module to determine if a person is allowed to authenticate to the FreeRADIUS server or not. This value is also used to calculate the Session-Timeout reply value. Session-Timeout is subsequently used by the NAS to limit access time.
    The following line will grant Alice access only between 08:00 and 18:00 each day.
    "alice" Cleartext-Password := "passme", Login-Time := 'Al0800-1800'
    The logintime module will calculate the reply value of Session-Timeout if Alice has logged in within the permitted timeslots to inform the NAS how long she is allowed to stay connected. If Alice tries to access the network when she is not permitted, the request will be rejected.
    http://www.packtpub.com/article/getting-started-with-freeradius
    http://wiki.freeradius.org/config/Users
    yes, the terminal server is RFC 2865 compliant.
    Rate if Useful :)
    Sharing knowledge makes you Immortal.
    Regards,
    Ed

  • Reset 2600 series - no console connection

    I used this article to reset a 2600 Series router/voice gateway to it's default settings but it's not connection to my console connection after the reload....
    http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_tech_note09186a00802017a1.shtml
    Any suggestions for how I can get in there again?

    you should be set for 9600 8 none 1, and flow control set to off.
    HTH,
    Steve
    Please remember to rate useful posts, and mark questions as answered

  • Trying to Download a Software Image to Cisco 2800 series router through TFTP Using the tftpdnld ROMmon Command

    Trying to Download a Software Image to Cisco 2800 series router through TFTP Using the tftpdnld ROMmon Command
    and I am getting an Error , I cant figure out what I am doing wrong. I have also pasted my display down here can someone help me out, thanks in advance, I am still new to this utility.
    My questions are How do you direct this utility to point to the desktop or the TFTP folder
    does FE_PORT: Fast Ethernet 0 imply or point to Fa0/0 on my router
    My router is suppose to have 10.0.0.3 255.0.0.0
    Gateway of 10.0.0.1 255.0.0.0
    My TFTP Server 10.0.0.2 255.0.0.0
    How do I get the MAC address of the Router or the TFTP Server and which one  is required?
    my Ethernet port is 100Mb/Sec I cant tell whether it is full duplex or not so How do i set this FE_SPEED_MODE: Auto???
    =====================================================================================
    rommon 10 >
    rommon 10 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    ?=0
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    TFTP_FILE=
    rommon 11 > TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    rommon 12 > TFTP_CHECKSUM=0
    rommon 13 > SET
    monitor: command "SET" not found
    rommon 14 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    ?=0
    TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    TFTP_CHECKSUM=0
    rommon 15 > tftpdnld
              IP_ADDRESS: 10.0.0.3
          IP_SUBNET_MASK: 255.0.0.0
         DEFAULT_GATEWAY: 10.0.0.1
             TFTP_SERVER: 10.0.0.2
               TFTP_FILE: c2800nm-adventerprisek9-mz.124-24.T4
            TFTP_VERBOSE: Progress
        TFTP_RETRY_COUNT: 18
            TFTP_TIMEOUT: 7200
           TFTP_CHECKSUM: No
            TFTP_MACADDR: 30:37:a6:49:35:a8
                 FE_PORT: Fast Ethernet 0
           FE_SPEED_MODE: Auto
    Invoke this command for disaster recovery only.
    WARNING: all existing data in all partitions on flash: will be lost!
    Do you wish to continue? y/n:  [n]:  y
    ARP: address resolution for 10.0.0.2 timed out.
    ARP failed with failure code 1.  TFTP transfer aborted.
    TFTP: Operation terminated prematurely.
    rommon 16 >       " not found
    rommon 17 >FE_SPEED_MODE=2
    variable name contains illegal (non-printable) characters
    rommon
    rommon 18 > set
    PS1=rommon ! >
    FE_PORT=0
    WARM_REBOOT=
    RET_2_RTS=20:35:55 UTC Thu Sep 25 2014
    BSI=0
    RET_2_RCALTS=
    RANDOM_NUM=1600357627
    IP_ADDRESS=10.0.0.3
    IP_SUBNET_MASK=255.0.0.0
    DEFAULT_GATEWAY=10.0.0.1
    TFTP_SERVER=10.0.0.2
    TFTP_FILE=c2800nm-adventerprisek9-mz.124-24.T4
    TFTP_CHECKSUM=0
    ?=0
    rommon 19 > tftpdnld [ur]
    usage: tftpdnld [-hr]
      Use this command for disaster recovery only to recover an image via TFTP.
      Monitor variables are used to set up parameters for the transfer.
      (Syntax: "VARIABLE_NAME=value" and use "set" to show current variables.)
      "ctrl-c" or "break" stops the transfer before flash erase begins.
      The following variables are REQUIRED to be set for tftpdnld:
                IP_ADDRESS: The IP address for this unit
            IP_SUBNET_MASK: The subnet mask for this unit
           DEFAULT_GATEWAY: The default gateway for this unit
               TFTP_SERVER: The IP address of the server to fetch from
                 TFTP_FILE: The filename to fetch
      The following variables are OPTIONAL:
              TFTP_VERBOSE: Print setting. 0=quiet, 1=progress(default), 2=verbose
          TFTP_RETRY_COUNT: Retry count for ARP and TFTP (default=18)
              TFTP_TIMEOUT: Overall timeout of operation in seconds (default=7200)
             TFTP_CHECKSUM: Perform checksum test on image, 0=no, 1=yes (default=1)
              TFTP_MACADDR: The MAC address for this unit
                   FE_PORT: 0= (default), 1
             FE_SPEED_MODE: 0=10/hdx, 1=10/fdx, 2=100/hdx, 3=100/fdx,
                            5=Auto (default)
          TFTP_DESTINATION: The flash destination device for the file
                            flash:(default), usbflash0:, usbflash1:
      Command line options:
       -h: this help screen
       -r: do not write flash, load to DRAM only and launch image
    rommon 20 > tftpdnld
              IP_ADDRESS: 10.0.0.3
          IP_SUBNET_MASK: 255.0.0.0
         DEFAULT_GATEWAY: 10.0.0.1
             TFTP_SERVER: 10.0.0.2
               TFTP_FILE: c2800nm-adventerprisek9-mz.124-24.T4
            TFTP_VERBOSE: Progress
        TFTP_RETRY_COUNT: 18
            TFTP_TIMEOUT: 7200
           TFTP_CHECKSUM: No
            TFTP_MACADDR: 30:37:a6:49:35:a8
                 FE_PORT: Fast Ethernet 0
           FE_SPEED_MODE: Auto
    Invoke this command for disaster recovery only.
    WARNING: all existing data in all partitions on flash: will be lost!
    Do you wish to continue? y/n:  [n]:  y
    ARP: address resolution for 10.0.0.2 timed out.
    ARP failed with failure code 1.  TFTP transfer aborted.
    TFTP: Operation terminated prematurely.
    rommon 21 >

    What I notice in the original post is this error
    ARP: address resolution for 10.0.0.2 timed out.
    which says that the router is looking for the 10.0.0.2 server but not getting response to its arp request. Can the original poster clarify for us how the device that has the image file is connected to the router that has the problem? Also what kind of device is 10.0.0.2? Is it a PC running TFTP server software or is it something else?
    HTH
    Rick

  • How to bridge a linksys cisco E1200 series router?

    I have recently purchased a linksys cisco E1200 series router and would like to know how to bridge the connection to my xbox

    purchase 881w, get rid of linksys. That should do it.
    Sent from Cisco Technical Support iPad App

  • Setting up a dsl as failover on 2600 series router

    I need to setup a failover line. the primary line is a T1 which is connected to serial interface. the secondary line is install to the FE0/1 of a 2600 series router. when i configure the nat pool IPOOL i get a error message saying that dynamic maping in use i need to have a sample config to complete this

    Hii,
    the msg comes up in there at nat sessions moving on...so u need to clear the ip translations and try executing the command.. if still msg crops.then u might hv to shut the local inside nat interface for a while ..
    pls do rate the post.

  • I am having trouble getting rid of the delay between slides I am using revolve and there is a delay between when one fades and the other appears

    I am having trouble getting rid of delay between slides.  I am Revolving from one to the other and it comes up blank in between slides.

    @vincepay 
    Here is a link to the drivers for the HP Colour LaserJet 3600 windows 7 drivers:
    HP Color LaserJet 3600 Series Printers World Wide Printing System - 64 bit driver for windows 7
    I am an HP employee.
    Say Thanks by clicking the Kudos Star in the post that helped you.
    Please mark the post that solves your problem as Accepted Solution

  • Radius-Authentication / Cisco 2600 fails MiscError -1642

    Hi,
    Im trying to configure BM 3.8 SP3ir3, Radius (NMAS 2.3) to
    authenticate a Cisco 2600 against my BM. Under BM 3.7 this
    setup is working fine, but now with 3.8 I get the following
    error:
    Access rejected, Miscellaneous error (-1642)
    Ive configured the LPO with the following sequences:
    NDS acceptable, simple acceptable
    A test with NTRADPING:
    with CHAP disabled, it works fine (LPO sequence is NDS)
    with CHAP enabled, Ive got the error above
    I tried the simple login sequence also (like a posting
    in this newsgroup), but no change.
    Hope you can help me, I need chap-authentication...
    From Radius-Debug:
    This one works (without CHAP):
    [2005-07-28 05:52:43 PM] (->)Cacher:
    NWDSReadObjectInfo(das01.radius.bmanager.informati k.kli_pa),
    succeeded, time:7
    [2005-07-28 05:52:43 PM] 31) [(ip) 172.24.4.2:2642], Received 46 Bytes
    (Access-Request (1))
    [2005-07-28 05:52:43 PM] [(total=31) (p=30) (d=0) (r=0) (acc=0)
    (rej=0)]
    [2005-07-28 05:52:43 PM] <2> Done GetNextMessage [(ip)
    172.24.4.2:2642]: time:2611012
    [2005-07-28 05:52:43 PM] -------- START : (Access-Request (1)) [(ip)
    172.24.4.2:2642]: time:640356694---
    [2005-07-28 05:52:43 PM] CACHE:
    CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
    [2005-07-28 05:52:43 PM] AuthRequestHandler(), Calling
    NewRequestHandler.
    [2005-07-28 05:52:43 PM] CACHE:
    CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
    cache
    [2005-07-28 05:52:43 PM]
    (->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
    [2005-07-28 05:52:43 PM] CacheFindContext - GetParentDN(userDN)
    (RADIUS.BMANAGER.INFORMATIK.KLI_PA)
    [2005-07-28 05:52:43 PM] CacheFindContext - tmpContext
    (RADIUS.BMANAGER.INFORMATIK.KLI_PA),
    contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
    [2005-07-28 05:52:43 PM] Handling local authentication request.
    [2005-07-28 05:52:43 PM] CACHE:
    CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
    using cache
    [2005-07-28 05:52:43 PM]
    (->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
    Access Group) succeeded, time:47
    [2005-07-28 05:52:43 PM]
    (->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
    time:42
    [2005-07-28 05:52:43 PM]
    (->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
    Attr) succeeded, time:45
    [2005-07-28 05:52:43 PM] User Name: NAS2-1, User DN:
    NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
    [2005-07-28 05:52:43 PM] (->)NADMAuthRequest()
    [2005-07-28 05:52:43 PM]
    (->)NADMAuthRequest(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA)
    succeeded, time:961
    [2005-07-28 05:52:43 PM] (->)Authenticate (0 policy, NDS pswd) (for
    NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA), succeeded
    [2005-07-28 05:52:43 PM]
    (->)NDSReadData:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Concurr ent
    Limit) failed, no such attribute (-603), time:50
    [2005-07-28 05:52:43 PM] CACHE:
    CacheGetConcurrentLimit(das01.radius.bmanager.info rmatik.kli_pa),
    using cache
    [2005-07-28 05:52:43 PM]
    User:NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Current Login:0, Login
    Limit:-1, succeeded
    [2005-07-28 05:52:43 PM] (->)Authentication SUCCEEDED
    [2005-07-28 05:52:43 PM] Tag "DIALIN" uses profile
    "DIALIN.RADIUS.BMANAGER.INFORMATIK.KLI_PA"
    [2005-07-28 05:52:43 PM] FDN:
    CN=NAS2-1.OU=RADIUS.OU=BMANAGER.OU=INFORMATIK.O=KLI_PA
    [2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
    [2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 6
    [2005-07-28 05:52:43 PM] PutAttributesInBuffer, calling FilterAttribute
    [2005-07-28 05:52:43 PM] Filter attribute, vendorID: 0, attribute: 7
    [2005-07-28 05:52:43 PM] ->Sending Access-Accept (2) [(ip)
    172.24.4.2(2642)] count=32
    [2005-07-28 05:52:43 PM] ->Inserting into RespQ , code(2) id(7).
    [2005-07-28 05:52:43 PM] -------- END : (Access-Request (1)) [(ip)
    172.24.4.2:2642]: time:640358122---
    This one dont work (chap enabled):
    [2005-07-28 05:52:55 PM] 32) [(ip) 172.24.4.2:2647], Received 47 Bytes
    (Access-Request (1))
    [2005-07-28 05:52:55 PM] [(total=32) (p=31) (d=0) (r=0) (acc=0)
    (rej=0)]
    [2005-07-28 05:52:55 PM] <4> Done GetNextMessage [(ip)
    172.24.4.2:2647]: time:2426593
    [2005-07-28 05:52:55 PM] -------- START : (Access-Request (1)) [(ip)
    172.24.4.2:2647]: time:640481075---
    [2005-07-28 05:52:55 PM] CACHE:
    CacheDomainListExist(das01.radius.bmanager.informa tik.kli_pa), using cache
    [2005-07-28 05:52:55 PM] AuthRequestHandler(), Calling
    NewRequestHandler.
    [2005-07-28 05:52:55 PM] CACHE:
    CacheGetEnableCNLogin(das01.radius.bmanager.inform atik.kli_pa), using
    cache
    [2005-07-28 05:52:55 PM]
    (->)CacheGetDNForName:NWDSReadObjectInfo(NAS2-1), succeeded, time:72
    [2005-07-28 05:52:55 PM] CacheFindContext - GetParentDN(userDN)
    (RADIUS.BMANAGER.INFORMATIK.KLI_PA)
    [2005-07-28 05:52:55 PM] CacheFindContext - tmpContext
    (RADIUS.BMANAGER.INFORMATIK.KLI_PA),
    contextName(RADIUS.BMANAGER.INFORMATIK.KLI_PA)
    [2005-07-28 05:52:55 PM] Handling local authentication request.
    [2005-07-28 05:52:55 PM] HandleCHAPRequest(NAS2-1)
    [2005-07-28 05:52:55 PM] CACHE:
    CacheReadSecretForNASAddress(das01.radius.bmanager .informatik.kli_pa),
    using cache
    [2005-07-28 05:52:55 PM] CHAP chapCSize: 16
    [2005-07-28 05:52:55 PM] [CHAP]User Name: NAS2-1, User DN:
    NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA, Domain: , Service Tag:
    [2005-07-28 05:52:55 PM]
    (->)NDSVerifyAttr:NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS:Dial
    Access Group) succeeded, time:53
    [2005-07-28 05:52:55 PM]
    (->)NWDSCompare:(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA) succeeded,
    time:42
    [2005-07-28 05:52:55 PM]
    (->)NWDSRead(NAS2-1.RADIUS.BMANAGER.INFORMATIK.KLI_PA,RADIUS Enable
    Attr) succeeded, time:44
    [2005-07-28 05:52:55 PM] (->)NADMAuthRequest()
    [2005-07-28 05:52:59 PM] ->Sending Access-Reject (3) [(ip)
    172.24.4.2(2647)] count=20
    [2005-07-28 05:52:59 PM] ->Inserting into RespQ , code(3) id(8).
    [2005-07-28 05:52:59 PM] -------- END : (Access-Request (1)) [(ip)
    172.24.4.2:2647]: time:640512029---
    I cannt see an error with chap enabled..
    Regards
    Guenther

    I'm having the same problem. radping works with chap and simple passwords
    but gives the -1642 error when I'm authenticating from my cisco vpn router.
    BTW, I had everything working for YEARS with nds passwords and earlier
    versions of bordermanager. BM 3.8 broke it.
    Thanks
    David
    > Hi Jake,
    >
    > yes, its a cisco-issue. For downloading dynamic routes with
    > radius you need the cisco-default-pw called "cisco". Strange
    > and a big security leak....
    >
    > The authentication with ppp-user and chap / simple password
    > works fine now.
    >
    > Regards
    > Guenther
    >
    > Jake Speed schrieb:
    > > Hi,
    > > yes it's woking fine !
    > > Working with a 3640, and 8 Bri/40 Async Interaces. With Chap enabeld,
    > > and simple password used.
    > > Seems to be a problem on the cisco site, so if radping works NW Radius
    > > and the objects are ok.
    > >
    > > by
    > > Jake
    > >
    > > Guenther Rasch wrote:
    > >
    > >> Hi Craig,
    > >>
    > >> I dont know why, but now CHAP works with ntradping.exe
    > >> - Cisco router still doesnt work. Ive configured
    > >> "simple password" in the lp-object...
    > >>
    > >> Does anyone have a working configuration nmas radius /
    > >> cisco nas-router?
    > >>
    > >> Regards
    > >> Guenther
    > >>
    > >> Craig Johnson schrieb:
    > >>
    > >>> In article <Yg0He.13962$[email protected]>,
    > >>> Guenther Rasch wrote:
    > >>>
    > >>>> is it possible in BM 3.8? Which password / login sequence do I need
    to
    > >>>> get CHAP working?
    > >>>>
    > >>>
    > >>> As far as I know, you cannot make CHAP work against an NDS password,
    > >>> in any version of Novell RADIUS.
    > >>> I don't really know about getting the dial access system password
    > >>> working 3.8 (NMAS) RADIUS. I would assume there would be a login
    > >>> policy object rule for it.
    > >>>
    > >>> Craig Johnson
    > >>> Novell Support Connection SysOp
    > >>> *** For a current patch list, tips, handy files and books on
    > >>> BorderManager, go to http://www.craigjconsulting.com ***
    > >>>
    > >>>

  • Trouble getting internet route table distributet in a VRF

    Hi every one ..
    I'm have some trouble getting distributed the internet routing table between PE routers ...
    CE1 og PE1 works fine, BGP routes all internet routes are shown i en route table, but distributing between PE1 and PE2 is now working .. any one having a clue !!.
    My gold is to move internet access into it's oven VRF, and away from the global routing table
    In the MPLS core aim running the same AS number as our official AS, that we use for peering to the internet..
    snap of configurations
    ***CE1***
    router bgp 65534
    neighbor 172.31.61.55 remote-as 65534
    neighbor 172.31.61.55 description PE-1
    neighbor 172.31.61.55 shutdown
    neighbor 172.31.61.55 update-source Loopback0
    neighbor 172.31.61.55 next-hop-self
    ***MPLS PE1***
    ip vrf NET-INTERNET
    rd 65534:10051
    route-target export 65534:10051
    route-target import 65534:10051
    interface Port-channel1.35
    encapsulation dot1Q 35
    ip vrf forwarding NET-INTERNET
    ip address 172.31.61.55 255.255.255.224
    mpls label protocol ldp
    tag-switching mtu 1546
    tag-switching ip
    router bgp 65534
    neighbor 192.168.0.146 remote-as 65534
    neighbor 192.168.0.146 description PE2
    neighbor 192.168.0.146 update-source Loopback0
    neighbor 192.168.0.146 version 4
    neighbor 192.168.0.146 next-hop-self
    address-family vpnv4
    neighbor 192.168.0.146 activate
    neighbor 192.168.0.146 send-community both
    exit-address-family
    address-family ipv4 vrf NET-INTERNET
    neighbor 172.31.1.2 remote-as 65534
    neighbor 172.31.1.2 activate
    neighbor 172.31.1.2 description CE1
    no auto-summary
    no synchronization
    exit-address-family
    ***MPLS PE2***
    ip vrf NET-INTERNET
    rd 65534:10051
    route-target export 65534:10051
    route-target import 65534:10051
    interface Port-channel1.67
    encapsulation dot1Q 67
    ip vrf forwarding NET-INTERNET
    ip address 172.31.254.1 255.255.255.252
    mpls label protocol ldp
    tag-switching mtu 1546
    tag-switching ip
    router bgp 65534
    neighbor 192.168.0.132 remote-as 65534
    neighbor 192.168.0.132 description PE1
    neighbor 192.168.0.132 update-source Loopback0
    neighbor 192.168.0.132 version 4
    address-family ipv4 vrf NET-INTERNET
    neighbor 172.31.254.2 remote-as 65534
    neighbor 172.31.254.2 activate
    Best regards
    /Peter

    For VPN routes to be exchanged between the two PEs, you first need to configure VPNv4 address family on each one of the PEs.
    Carrying the full Internet routing table over VPNv4 will work but it is not very scalable since all PE routers have to hold the full Internet routing table in the VRF context in addition to potentially full Internet routing table in the global routing table. If you want to exchange full Internet routing table between the two CEs, it would be preferable to use something Carrier Supporting Carrier (CSC).
    Please refer to the following URL for additional information on CSC:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fscscl23.htm
    Hope this helps,

  • Error in Cisco 2500 series Wireless Controller

    I have this error in Cisco 2500 series  Wireless Controller 
    The AP type Cisco AIR-CAP35021-A-K9
    I cann't connect the client to AP when i try to connect i get this error on Cisco 2500 series  Wireless Controller  But the AP get ip .
    Please can any on help me . 
    Client Excluded: MACAddress:Base Radio MAC : Slot: 0 User Name: unknown Ip Address: unknown Reason:802.11 Association failed repeatedly. ReasonCode: 

    Duplicate posts.  
    Go here:   http://supportforums.cisco.com/discussion/12142556/cisco-2500-series-wireless-controller

Maybe you are looking for

  • Unable to install Adobe Digital Editions and Windows 8

    help - I keep trying to install Adobe Digital Editions on Windows 8 - icon appears; program is in "programs" but ADE isn't there - I've installed, uninstalled several times - and still not up and running - need help- is ADE not compatible with Window

  • Problem in downlaoding the attachment from the transaction iw33

    Hi experts , I am facing problem in downlaoding the attachment from the transaction iw33 where we have attached a presentation. when i tried to debug it at the function module GUI_DOWNLOAD its returning sy-subrc = 5 which is no authorization . there

  • IPhone 4 Bumper Question

    How many people here have had incidents where the Apple Bumper has scratched their phone? I'm asking this because I'm eventually going to order one but I need to know if this scratching problem is only in a small % of defective bumpers. Thanks.

  • Using a fillable PDF with a FormsCentral Link collection.

    I want to inport a fillable PDF and then use the Forms Central link distribution to collect responses vs sending out the fillable PDF with a submit button. How do I do that ?

  • Displaying Months in Matrix Report like Jan-01  Feb-01

    How can I display Months like Jan-01 Feb-01 in Matrix Report of Oracle Report 6i. I tried using to_char(myDate,'Mon-YY') but it displayed months in Alphabetical Order like Apr-01 Aug-01 and so on. I need something like this. Item Jan-01 Feb-01 Mar-01