Wlan Controller Hotspot Solution

Similar Messages

• AIR-LAP1310G-E-K9 acces point not joining to 5508 wlan controller

  Hi,
  I have Cisco AIR-LAP1310G-E-K9 access point and 5508 wlan controller with version 7.0.220 and it is joining to the WLAN controller.  I have enabled dhcp in the lan controller and i dont have external dns server. How to fix this issue?  Can this LAN controller version will support this access point? 
  My Lan Controller Management IP Address is 10.10.10.5
  Please find the below configuration of 1300 access point.
  AP001d.4513.dd68#reload
  Proceed with reload? [confirm]
  %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
  %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is available.
  flashfs[0]: 4 files, 2 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 7741440
  flashfs[0]: Bytes used: 2052608
  flashfs[0]: Bytes available: 5688832
  flashfs[0]: flashfs fsck took 14 seconds.
  Base ethernet MAC Address: 00:1d:45:13:dd:68
  Initializing ethernet port 0...
  Reset ethernet port 0...
  Reset done!
  ethernet link up, 100 mbps, full-duplex
  Ethernet port 0 initialized: link is up
  Unable to get our ip address: no "IP_ADDR" variable set
  The system has been encountered and error initializing
  tftp file system. The system is ignoring the error and
  continuing boot. If you interrupt the system boot process,
  the following commands will set IP_ADDR, DEFAULT_ROUTER
  and NETMASK environment variables, initializing tftp file
  system, and finish loading the operating system software:
      set IP_ADDR
      set DEFAULT_ROUTER
      set NETMASK
      tftp_init
      boot
  Loading "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx"...############################################################################################################################################################################################
  File "flash:/c1310-rcvk9w8-mx/c1310-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
  executing...
                Restricted Rights Legend
  Use, duplication, or disclosure by the Government is
  subject to restrictions as set forth in subparagraph
  (c) of the Commercial Computer Software - Restricted
  Rights clause at FAR sec. 52.227-19 and subparagraph
  (c) (1) (ii) of the Rights in Technical Data and Computer
  Software clause at DFARS sec. 252.227-7013.
             cisco Systems, Inc.
             170 West Tasman Drive
             San Jose, California 95134-1706
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Image text-base: 0x00003000, data-base: 0x003BE9E0
  Initializing flashfs...
  flashfs[1]: 4 files, 2 directories
  flashfs[1]: 0 orphaned files, 0 orphaned directories
  flashfs[1]: Total bytes: 7741440
  flashfs[1]: Bytes used: 2052608
  flashfs[1]: Bytes available: 5688832
  flashfs[1]: flashfs fsck took 2 seconds.
  flashfs[1]: Initialization complete....done Initializing flashfs.
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco AIR-LAP1310G-E-K9R   (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
  Processor board ID FHK1133E002
  PowerPCElvis CPU at 262Mhz, revision number 0x0950
  Last reset from reload
  LWAPP image version 3.0.51.0
  1 FastEthernet interface
  32K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address: 00:1D:45:13:DD:68
  Part Number                          : 73-8960-09
  PCA Assembly Number                  : 800-24963-06
  PCA Revision Number                  : A0
  PCB Serial Number                    : FOC113000V7
  Top Assembly Part Number             : 800-28479-05
  Top Assembly Serial Number           : FHK1133E002
  Top Revision Number                  : B0
  Product/Model Number                 : AIR-LAP1310G-E-K9R
  The name for the keys will be: ap.cisco.com
  % The key modulus size is 1024 bits
  % Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
  ip ssh version 2
      ^
  % Invalid input detected at '^' marker.
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  aaa new-model
  ^
  % Invalid input detected at '^' marker.
  aaa authentication login default enable local none
  ^
  % Invalid input detected at '^' marker.
  o
  ^
  % Invalid input detected at '^' marker.
  Press RETURN to get started!
  *Mar  1 00:00:05.442: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
  *Mar  1 00:00:06.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
  *Mar  1 00:00:07.817: %SYS-5-RESTART: System restarted --
  Cisco IOS Software, C1310 Software (C1310-RCVK9W8-M), Version 12.4(10b)JA3, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2008 by Cisco Systems, Inc.
  Compiled Wed 19-Mar-08 19:09 by prod_rel_team
  Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
  transport input ssh
                   ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.860: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
  *Mar  1 00:00:33.861: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
  logging origin-id string AP:001d.4513.dd68
           ^
  % Invalid input detected at '^' marker.
  logging 255.255.255.255
          ^
  % Invalid input detected at '^' marker.
  logging trap 3
          ^
  % Invalid input detected at '^' marker.
  *Mar  1 00:00:37.440: Logging LWAPP message to 255.255.255.255.
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>

  Your debug is very telling ..
  AP001d.4513.dd68>
  %LWAPP-3-CLIENTEVENTLOG: Forcing AP to obtain IP address using DHCP
  %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.10.46, mask 255.255.255.0, hostname AP001d.4513.dd68
  Translating "CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com"...domain server (10.10.10.5)
  %LWAPP-3-CLIENTEVENTLOG: Did not get vendor specific options from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
  %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.CISCO-LWAPP-CONTROLLER.mydomain.com
  AP001d.4513.dd68>
  What are you using to tell the AP where the contoller lives ? Since you are consoled into the ap you can use the -> capwap ap controller ip address
  This will point the ap to your controller
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• WLAN Controller Required?

  Currently developing a solution to convert simple Windows wired domain to wireless.
  Considering using ten Aironet 1100 APs for 200 Windows XP clients on a single network/domain. Clients will authenticate using certificates with RADIUS (IAS) over EAP-TLS. Each Aironet will support 20 clients and will be wired back to the RADIUS server.
  What Cisco software is required on the 1100s and what WLAN controller (if any) is required?
  Thanks!

  If you plan on using the Cisco Unified Wireless Solution, you would require a controller. Different models supports different number of AP's. For 10 Ap's which would be required in your place, a 4402 controller which supports 12 AP's should be a good choice.
  The AP's download the code from the controller and hence just need a recovery image. The controller would come preloaded with the software required and you can upgrade to th latest code. Please refer toe the documentation below.
  http://cisco.com/en/US/prod/collateral/wireless/ps5678/ps6521/product_at_a_glance0900aecd805df476.pdf
  Pushkar

• WLAN Controller and Location appliance graceful shutdown?

  Does anyone know if there is a supported graceful shutdown method/command for the
  4400 series WLAN Controller and 2700 Location Appliances?
  This weekend our server room will be undergoing maintenance and will experience a total power outage for a 4 hour period.  It is our intent to manually bring all equipment down (hopefully in a graceful manner) and then back up once the maintenance is completed.  As a result does anyone know if special precaution is needed to shutdown these 2 appliances, or can we simply bring down these devices hard which is the case with most other Cisco equipment?
  Thanks in advance

  Hi Mark,
  Channel 1, 6, and 11 are just about as non-overlapping as 1, 7, and 13. There's an insignificant amount of overlap, so it's just as plausible of a solution, even in Europe. I honestly don't know why you wouldn't use the extra channels to eliminate the minor overlap - every bit helps.
  The "channel blanket" or "virtual cell" WLAN design philosophy is rapidly spreading. Cisco maintains that it's a standards violation and I've heard no talk of them purchasing the not-to-be-named company or of them adopting the same design philosophy. I sincerely hope that they do one of the two soon, however, because it's very good design that's difficult for Cisco to compete against.

• WLAN Controller Message

  Hi FREINDS,
  I am consistly receiving following message on one of my WLAN controller, please could you tell me the severity level and solution of the following message:
  IDS Signature attack cleared. Signature Type: Standard, Name: NULL probe  resp 1, Description: NULL Probe Response - Zero length SSID element,  Track: per-Mac, Detecting AP Name: KU-GF-I2-W03, Radio Type: 802.11b/g,   Preced: 2, Channel: 11
  Thanks & Regards,
  Faysal

  The null signature alarm is really nothing. I disabled this alarm on my wlcs.
  Device can send different types of probe request. For example they ca. Send a direct probe request from your laptop to an ap. they can send broadcasted probe request from your laptop to everyone. And some device are programmed to send null probe reuest. Often if you run net stumbler that program sends null probes.
  Some manufactures, not Cisco gear though, when they see a null probe request will respond with their hidden (non broadcasted) ssids.
  These alerts are informing you that a device(s) are sending nulls ..
  I hope this helps..
  Sent from Cisco Technical Support iPhone App
  Sent from Cisco Technical Support iPhone App

• Wlan Controller 2500

  Hi my friends:
  Its posible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0, because i dont have this option in my wlan controller.
  thank.
  Marco

  Hello,
  As per your query i can suggest you the following solution-
  Yes it is possible to implement feature H-reap in wlan controller 2504 with iso version7.2.103.0.This is known as flex-connect.
  For more details on how to configure flex-connect please refer to the link-
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
  Hope this will help you.

• WLAN Controller configuration help needed

  Hi,
  I need to configure AP with WLAN controller for guest access. we have 2 vlans. vlan 1 - guess vlan (internet only access) and vlan 2 - all access.
  while configuring wlan controller. which vlan should i configure as native vlan? I have radius server which would check health of the user and would direct wlan controller to put in user in vlan 1 or 2 depending on its credentials.
  please advise how to implement it. what would be initial steps.

  Hi,
  I have couple of doubts before going further for solution to implement ?
  What model of wlan controller & AP , you are using ?
  to configure the Controller , initially you need to configure the interface ( which are virtual ) .
  You need to connect controller to your existing LAN set-up may be one of the port of your core switch ............
  below are the interface which you need to configure in controller .......
  1) Management interface with IP ( which will be used to access your controller from lan ... ) this is ip should be able to ping from the network.
  2) AP manager IP ( this is again depend on model ) if it is 5500 , this is not required ..
  3) Virtual IP : this is should the IP address which is not at all there in your lan eq.1.1.1.1
  4) dynamic interface with IP : this is the interface which will map your vlan to WLAN
  once you create the mentioned interfaces , you need to create the wlan and map the above dynamic interface with respective wlan.if required you can configure the DHCP pool as well in controller for Wlan.
  let me know , whether this information helped  you ........................

• Wlan controller and branch office AP (vlan config)

  Hi,
  Our wlan controller is located in HQ office and we have APs in branch office. Is it possible to implement two different SSIDs and they should be in two different vlans? So should we configure the AP trunk?
  REAP does not support IEEE 802.1Q VLAN tagging. As such, it does not support multiple VLANs. Traffic from all the service set identifiers (SSID) terminates on the same subnet, but H-REAP supports IEEE 802.1Q VLAN tagging. Traffic from each SSID can be segmented to a unique VLAN.
  Thanks

  Hello,
  As per your query i can suggest you the following solution-
  Yes, it possible to implement two different SSIDs and they can be in two different vlans.
  For more information please refer to the link-
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml
  Hope this will help you.

• Communication between : AP and WLAN controller

  Hi,
  The communication between AP and WLAN Controller is ( Data and Control ) UDP.
  Source port 1024 and destination port 12222 and 12223. Actually which device listen to which port or both should listen as control and data can be generated from both the devices.
  How does the user ( wireless client) traffic is switched - if user traffic is a TCP traffic. It will be sent to WLANC and then WLANC forwards it to respective VLAN or default gateway ( depending upon the destination in the packet ).
  Please explain / share the experience.
  any link on cisco.com
  Thanka in advance
  Subodh

  "the LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point's IP address and the WLC's AP Manager interface IP address as endpoints. The AP Manager interface is explained in further detail in the
  implementation section. On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.
  The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
  Taken from "Cisco 440X Series Wireless LAN Controllers Deployment Guide"

• How can I copy a PSK from one WLAN Controller to another

  I'm trying to replace a WLAN controller with a new one.  One WLAN is configured with WPA-PSK.  Nobody seems to know the key that was used.
  Anyone know if there is a way to extract the encrypted key out of a controller and put it into the new WLAN Controller?
  Thanks in advance.

  No can do ...
  https://supportforums.cisco.com/discussion/11364566/view-psks-wlans-wlc 
  However, if any users are on a MAC Book and has iCloud enabled you can see the key under the "keys". If you have a windows 7 box and uses the native supplicant you can expose the key on the supplicant ..

• WAP4410N Access point and 4404 WLAN Controller.

  Hello to all,
  I am planning to setup a new WLAN using WAP4410N Wireless N Access Point. Is it possible to manage the AP using 4404 WLAN controller ?
  I need to buy arround 42 AP for covering the entire building.
  Regards,
  Aslam

  leolaohoo
  Could u please tell me which series can be used with 4404 WLANC ?
  Also the AP Should support Bridging or Mesh.

• Can Wlan Controller work with Third party Aps

  Can Cisco Wlan Controller work for 3rd party Aps which does not have LWAPP running. If yes How.If no then how we can manage existing Ap's of say 3com in the network...

  Hi Friend,
  No, Cisco WLC will not support any third party APs. Even if Cisco APs are not lwapp AP then WLC will not be able to manage them.
  We need to have Cisco Lwapp APs only for wireless lan controller to manage them.
  For 3com Aps you need to talk to 3com guys or any third party tool if available to manage these APs.
  HTH
  Ankur

• Cisco LWAP & WLAN Controller Flexconnect Across HP Switches

  Hello All, I'm looking for a little guidance in making the needed routing and switching configuration changes on our Corporate Network to accomadate flex connect functionality for Cisco Lightweight Access Points (LWAPs).  The LWAPs that are currently configured on our network only work when our WLAN Controller is up and running and I need for them to be disconnectable so that we can move the WLAN Controller to our virtual co-lo.  It should be known that I inhereted this network from the previous admin and have been working hard to map everything out to the best of my ability.  Also, the WLAN controller is already operating in our production network so it limits my ability to do much testing. 
  Just FYI, I'm a new Systems Admin promoted from a Desktop Support role and have my CCENT (Currently working on CCNA & MCITP Server Admin) so I have some knowledge but it is limited on the networking and switching side of things.  Unfortunately, the Senior Systems Admin has even less knowledge of networking than me and I don't really have anyone to turn to which is why I'm posting here.  I would have utilized GNS to help me simulate the configuration however there are HP switches in the mix and no means of emulating them.
  -Relevant Device List-
  (CONSA251) Sonicwall  NSA 240 - 10.1.1.251
    Interface Information 
  Interface    IP Address    Description   
  X0  ->  LAN
    10.1.1.251   LAN Interface  
  X1  ->  WAN
    *************   Time Warner WAN  
  X2  ->  DMZ
    *************   DMZ Interface  
  X3  ->  WAN
    *************   Sprint WAN  
  X0-V20  ->  LAN
    10.1.101.1   Corporate WLAN  
  X0-V30  ->  LAN
    192.168.1.1   Guest WLAN 
  (CORT250) Cisco 3845 - 10.1.1.250
  (CO-WLAN-CTRLER) Cisco 5508 Wireless Controller - 10.1.1.2
  (COSW240) HP Procurve 4108GL - 10.1.1.240
  (COSW238) HP Procurve 2510B-24 - 10.1.20.238
  (CORP-AP-MIS) AIR-LAP1131AG-A-K9 - 10.1.1.79
  (COSW239) HP1810G-24 - No IP (Inaccesible but being replaced)
  I will now go on to explain our network topology as it pertains to the WAPs and WLAN Controller and how I believe it needs to be configured in order to operate from my perspective. 
  Our Corporate and Guest Wireless Access is provided via the Sonicwall CONSA251 through a connection from the X0 interface to HP Switch COSW239 which is then connected to WLAN Controller CO-WLAN-CTRLER as detailed below:
  Device - Interface Name/Port
  CONSA251 - X0
  COSW239  - 2
  COSW239  - 18,19
  CO-WLAN-CTRLER - 2,3
  The WLAN Controller currently communicates with all the LWAPs via Layer 3 TCP\IP as I understand it and then routes all DHCP requests and traffic destine for the 10.1.101.1 (corporate WLAN) and 192.168.1.1 (Guest WLAN) to the Sonicwall and vice versa.
  Now what I am trying to do is VLAN the LWAP CORP-AP-MIS across the HP Switches to the X0 interface on the Sonicwall NSA240 where it will be able to route traffic via VLAN 20 & 30.  The problem lies in my inexperience with HP VLAN configurations and how the ports need to be configured on each device so it can route traffic to the Sonicwall when the WLAN Controller is shutdown.
  The LWAP CORP-AP-MIS layer 2 trace to the WLAN Controller is as shown below:
  Device - Interface Name/Port
  CORP-AP-MIS -  FA/0
  COSW238     - 16
  COSW238     - 25
  COSW240     - B4
  COSW240     - H6
  CORT250     - GigabitEthernet0/0
  CORT250     - Se1/0
  CONSA251    - X0
  Now for all intesive purposes the Corporate Router CORT250 should probably be handling the routing for our Corporate and Guest Wireless network however that was not the way it was originally setup and I have to work with what was inhereted.  The Corporate Router CORT250 has a default route to the Sonicwall and the Sonicwall CONSA251 has all the routing already in place for the Corporate & Guest WLANs.
  What I would like to do is VLAN off the X0-V20&V30 accross multiple switches and switchports to each LWAP in our building.  I do have the LWAP I'm testing on configured with Flex Connect which I understand is required for it to be disconnectable.
  Any guidance on how I would go about configuring this accross devices would be appreciated.  I know there are some difference between HP and Cisco Switching terms and how tagging, untagging, and trunking works however I lack the experience to apply this in practice especially in a production environment. 
  I will be happy to provide any additional information or clarification that is needed.  Thank you in advance for the help.

  Just to add about the ISE... you can profile, but having only one ssid might or might not work in your situation.  Also if you end up with remote sites or ap's in h-reap mode, currently ISE cant do any profiling.  If you go with the 7500 or 5508/WiSM2, they don't really do an active-active or active backup. They are both up and you can split the load or put all ap's on one, its up to you.  I usually split the load just to make sure both are working.  I don't want to all of a sudden loose the primary and then find out my secondary/backup is not working.

• I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller

  I need to bridge a printer off a wireless bridge using a 4402 WLAN Controller.  Would I need to make any changes on the 4402 WLAN Controller?

  One options is to take a cisco autonmous access point and configure it as a WGB. And no, you would not have to do anything special to the WLC in thay deisgn. The WGB would act as a wireless client.
  Make sense?

• Data flow using a WLAN controller

  Can someone explain the flow of data from wireless client to some destination in the internal network (or the Internet) using a WLAN Controller? Use a 4402 as an example.
  Specifically, I am wondering if client traffic actually passes thru the WLAN Controller (4402). I am reading the configuration guide and it doesn't seem to be explicitly stated one way or the other.

  Hi Ken,
  This is a very common question these days.
  Here is a recent thread as well as an excerpt from a good doc:
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Getting%20Started%20with%20Wireless&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddaca5d
  In the Cisco Centralized WLAN architecture, LWAPP-enabled access points operate in the lightweight mode (as opposed to the autonomous mode). The access points associate to a Cisco WLAN controller. The controller manages the configuration, firmware, and control transactions such as 802.1x authentication. In addition, all wireless traffic is tunneled through the controller.
  LWAPP is an IETF draft protocol that defines the control messaging for setup and path authentication and run-time operations. LWAPP also defines the tunneling mechanism for data traffic.
  In an LWAPP environment, a Cisco Aironet LWAPP-enabled access point discovers a controller by using LWAPP discovery mechanisms and then sends it an LWAPP join request. The controller sends the access point an LWAPP join response allowing the access point to join the controller. When the access point is joined, the controller downloads its software if the versions on the access point and controller do not match.
  LWAPP secures the control communication between the access point and controller by means of a secure key distribution, utilizing X.509 certificates on both the access point and controller.
  From this doc:
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_quick_start09186a00805100f5.html#wp47092
  Hope this helps!
  Rob
  Please remember to rate helpful posts.........