WLC (4402) Controller Redundancy

I currently have 1 x 4402 Controller setup in the HQ. This has a failry extensive wireless environment.
If there was to be a failure then the HQ has lost all Wireless communications.
I would like to implement another controller and use this as a backup.
Anyone have any implementation thoughts surrounding this? best practice and anything I need to consider?
Thanks

1. Add a second controller that is the same size controller that you currently have. Be careful to never exceed the total capacity of a single controller, or else you lose your full redundancy.
2. Keep the controller at the same site, but connect it to a different switch in your core. If you are connecting it to a chassis switch, connect the two cables to different blades for highest redundancy.
3. Configure each controller to use LAG (Etherchannel).
4. Split your access points between the two controllers. Best practice is to group APs together that are physically close, so roaming occurs between APs that are on the same controller. Don't "checkboard" your APs when assigning primary controllers.
I hope this helps!
Jeff

Similar Messages

WLC-4402+AIR-LAP1142N problem

Hello all,
I've got a following problem with bringing up simple wireless configuration. There is a WLC-4402 controller and several remote locations (I am testing one so far). Two WLAN configured (one for employee and the other for guest access - no mobility anchoring used, guest is just mapper to VLAN restricted on the firewall). WLC serves DHCP pools for wireless clients. Problem I am experiencing at the moment is that user with laptop is able to connect to guest WLAN, got an IP but can communicate (ping) only its own IP, the controller IP in guest subnet and default gateway (which is the firewall interface). Traffic to any other destinations never hit gateway (I am running tcpdump on it to confirm). I double checked controller config but no luck so far. Could that be caused by missconfigured tunnel? No ACL or restriction set on WLC - see attached config.
Thank you in advance,
Peter

Is this an open network or have you enabled layer 3 security? Web Auth? I can see you have created a lobby admin account so expect that you use this for guest account creation with web auth..
When you associate/receieve IP address to the open guest network have you then opened a web browser and authenticated? Until you enter your login details created on the WLC I would imagine that you wouldn't be able to send any data.
If you have authenticated already, can you check on the WLC that the client is associated/authenticated and is the Corp network ok? Also what is the topology between the WLC/Firewall/Remote sites.
Cheers
Mat

Need Information For Connecting Access point to WLC 4402

Hi Friends
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) Controller
In our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC
My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective)
I need to Know what I need to do in AP to connect to the Controller
Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
Do i Need to Configure my AP with default gateway(the switch to which is connected ?) & DO i need to configure the AP with Controller Ip address ??
Pls Assist
Regards
Safwan

Hi Scot...
We tried Connecting the Access Point yesterday, but it failed....
We are using Cisco 3500 Access point ...
when we connected , first it automatically got an ip address using DHCP but following error occurred
P70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
Not in Bound state.
*Mar 1 00:13:56.539: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Mar 1 00:13:56.555: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.50.11.26, mask 255.255.0.0, hostname AP70ca.9bd5.77c6
*Mar 1 00:14:04.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:14.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported version 6.0
.182.0 on WLC USSTLController01
*Mar 1 00:14:24.564: %CAPWAP-3-UNSUPPORTED_WLC_VERSION: Unsupported
version 6.0
.182.0
version 6.0
.182.0
on WLC USSTLController01
version 6.0
.182.0
Then I COnfigured Ap with Static ip address & default gateway & controller Ip but tht too didnt work...
.182.0 on WLC USSTLController01
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
AP70ca.9bd5.77c6#
P70ca.9bd5.77c6>
*Mar 1 00:13:40.908: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C
3750X-48P (e05f.b907.9a20)
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>
AP70ca.9bd5.77c6>en
Password:
AP70ca.9bd5.77c6#
*Mar 1 00:13:48.033: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP
. Renewing DHCP IP.
I also Need to Know Cisco Access point 3500 can be associated with WLC 4402 ( version 6.0.182.0) ??
Pls Advice How to proceed further

Wlc 4402 fine tuning

Hello,
In one of our building we have a wlc 4402 controller with 50 1130 APs.
This setup is mainly used for VOIP Wireless with a 7921 phone.
I need advices on how i can fine tune the APs to obtain the very maximum
coverage for the 7921 phone.
thanks

there is no tweaks i can do to obtain better coverage ?
i can do some trade-off on wifi signal since the setup is used only for the one 7921 telephone.
thanks again

Rolling upgrade of WLC 4402 controllers and APs

In need to upgrade the software on two WLC 4402 controller in a hospital. Both WLCs have the same config and one is primary (has all APs connected) and the other backup (no APs connected.) The APs are placed so there is still coverage if one goes down in an area. My question - is it possible to do a rolling upgrade to have no downtime for the wireless clients? My plan would be to upgrade the backup WLC then selectively move APs to it. If I swap the primary and secondary controllers in the high availability tab on each AP, do I need to do a reset (General - Hardware Reset) or will it automatically reboot and connect to the upgraded backup controller? When I'm done, I'd upgrade the primary controller and now call that backup. Does this make sense?

I've done this same sort of thing on a slightly larger scale about 5 times now at the hospital I work at. Quick answer is "Yes, it is possible to do a rolling upgrade and have no downtime for wireless clients."
I've got 5 WLC's, and I use the high availability tab to move all the AP's off one, upgrade it, and move all the AP's from the next WLC over to it, upgrade that one, etc.
The thing you need to be careful of is your timing and your choice of APs to move.
It generally takes about a minute to move an AP between WLCs running the same version. But if there's a version change that makes the AP upgrade, you're looking at about 6 minutes.
I do them one at a time, and when they show up in the WLC as being up, running and happy for 1 minute, I do the next one. And so on. Takes me about 3 days to go through all 5 WLCs and 375 APs. Not once have I had a user notice the move.
Also, in order to test, after I do the first upgrade, I move just one area's APs into that WLC for a day and then test the various flavors of gear we have (phones, infusion pumps, laptops, etc.) to confirm that the new version doesn't have any trouble. Sometimes it does and I work with TAC to get things resolved before I do the whole hospital.
jh

Wlc 4402 errors when trying to join ap

Hello,
I have a wlc 4402 controller with software version 6.0.199.4
now i have problems adding 1131 aps to my controller.
in the pas i added 15 access points (withouts problems) but
now doesn't seems to work anymore.
here's what i got from controller when trying to join
*Nov 11 12:24:37.739: %LWAPP-3-RADIUS_ERR: spam_radius.c:138 Could not send join reply, AP authorization failed; AP:00:13:c4:93:c1:58
here's what i got on the AP (console cable on my pc when booting)
%LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init (SSC): no certs in the SSC Private File
Got an idea on this ?
thanks for help

Was the AP in automatic mode before? Did you copy the LWAPP recovery image to the AP using tftp?
All APs manufactured before 2005 or 2006 do not have MIC (manfacture install MIC) installed. You need to use LWAPP conversion tool to convert the AP to LWAPP/CAPWAP; so that the conversion tool will install SSC (Self Signed Certificates) to build the encrypt the LWAPP/CAPWAP control traffic:
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html
As LWAPP discovery image is already there, you need to convert the AP back to autonomous mode and use LWAPP conversion tool to conver the AP:
http://www.cisco.com/en/US/docs/wireless/access_point/12.3_8_JA/configuration/guide/s38trb.html#wp1058472
I hope that the mode button is not disable on the AP. if it does, I hope that the break key is not disable. If both the mode button and break key are disable, you need to RMA the AP.

Netbios over tcp/ip and over wlc-4402

dear gentlemen,
i have one wlc-4402 controller and some clients. how to configure the netbios over tcp/ip in the controller, so that the clients can assiciate the network.
thank?s in advance
michael

Nothing, you dont have to configure anything regarding Netbios. Regards

Can WLC 4402 support AIR-CAP1602E-S-K9?

Hi
I had 1 end of life WLC 4402 controller. Can it support AIR-CAP1602E-S-K9 access point? If cannot, what is the supported access points for WLC 4402.
Thanks

Hi Steve
Thanks for the reply. Another question if i use the below access point with smartnet and configure as standalone AP. But in future if I want to configure to lightweight AP, can i request the firmware from CISCO TAC to flash the AP and make it lightweight? Thanks
AIR-SAP1602E-S-K9
802.11a/g/n Standalone AP, Ext Ant, S Reg Domain

Upgrade of 4402 Controller to 7.0.98.0 or 7.0.22.0 breaks WLC ability to display 1130 series APs

Almost a year ago we upgraded our 4402 Controller to 7.0.98.0 to support our 1262 APs. This allowed them to be in our network. We recently realized that we are unable to access the 1130 APs directly from the WLC. We can still access them from the controller GUI, but not the WLC gui. If we downgrade to the 6.0.202.0, it fixes the issue with the 1130's, but we can longer have the 1262's on our network. The error we get when we try to connect to 1130's while on 7.0.98.0 or 7.0.220.0 is as follows:
7.0.98.0 error
Error: Object "LradMeshNode" does not exist
7.0.220.0 error
Error: Object "Child of Lrad#302675 (Lrad00:15:c7:2a:20:c0) class LradMeshNode" does not exist.
Any suggestions?
thanks,
Steve

do you mean you can't see the 1131 on wcs ?
If so, is your wcs on the same code rev as your wlc or a head ? Wcs should always be at or a head in code than your wlc ..
Sent from Cisco Technical Support iPhone App

Wireless controller ha between wlc5508 and wlc 4402

We have 2 wlc: a wlc 5508 ( license 100 AP ) and wlc 4402 ( license 12AP).
We try to setup when 5508 down, 12 identify AP (important AP -Group A) will join 4402 and all other AP (not improtan AP -Group B)
wont joint wlc 4402.
First, all AP join wlc 5508, 2 WLC have same mobility group.
After that, we config 12 APs belongto group A have primary and secondary wlc, group B only has primary wlc.
When wlc 5508 down, some of APs of GroupA and some of APs of GroupB join wlc 4402. We test many times and we have differnet result each times.
is theare any way to resolve our problem?
Thanks.

Just to add, make sure that the WLC is running the same code, if not, then make sure the ap is supported on the code that is running on the 5508. The issue with mixed code is the ap will upgrade and downgrade very time they switch to a different WLC.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App

Inter-Controller and Inter-Subnet Roaming between WLC 4402 and 5508?

Hi!
Will it support roaming between WLC 5508 ver. 7.0 and WLC 4402 ver. 4.2?

Here is the matrix for support of IRCM, but the answer is yes.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp116668
Sent from Cisco Technical Support iPhone App

WLC 4402 LAG connection to 2 different chassis of 6509 VSS switch system

Hi,
I have inherited a 6509 VSS switch system as the network core and have the task of ensuring proper redundancy and redesign of the directly connected data center devices. One of the connected devices (WLC 4402) physically appears to be connected to both switches - the WLC is in the same rack as VSS-Chassis1 so I can trace the fiber from WLC port 1 to gi1/1/22, the other fiber from the WLC port 2 goes into the floor and presumably over to VSS-Chassis2 gi2/1/22 (there is fiber connected there, I have link lights on both sides, and the port channel, Po200, on the VSS switch which is configured on gi1/1/22 is also configured on gi2/1/22). My question pertains to the CDP neighbor output I get on the VSS switch: (truncated to include just the WLC)
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/2
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 LAGInterface0/3/1
NCMECHQWiFi1     Gig 1/1/22        137               H    AIR-WLC44 Gig 0/0/1
It looks like both WLC ports are physically connected to Gi1/1/22, which they are quite obviously not.
This is confirmed on the WLC's sho cdp entry all output:
(Cisco Controller) >show cdp entry all
Device ID: ncmec-vsscoresw1.ncmec.org
Entry address(es): 100.1.0.254
Platform: cisco WS-C6509-E, Capabilities: Router Switch IGMP
Interface: LAGInterface0/3/1, Port ID (outgoing port): GigabitEthernet1/1/22
Holdtime : 160 sec
I believe that the multi chassis etherchannel is set up correctly on the VSS:
vsscoresw1#sho run int gi1/1/22
interface GigabitEthernet1/1/22
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 200 mode on
end
vsscoresw1#sho run int gi2/1/22
interface GigabitEthernet2/1/22
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
channel-group 200 mode on
end
vsscoresw1#sho run int po200
interface Port-channel200
description WLC-Management
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
end
And yet when I show the details of port channel 200, I expect to see "mode on" but get instead see LACP which is unsupported on the WLC:
vsscoresw1#sho etherchannel 200 detail
Group state = L2
Ports: 2   Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol:    -
Minimum Links: 0
                Ports in the group:
Port: Gi1/1/22
Port state    = Up Mstr In-Bndl
Channel group = 200         Mode = On      Gcchange = -
Port-channel = Po200       GC   =   -         Pseudo port-channel = Po200
Port index    = 0           Load = 0xFF        Protocol =    -
Mode = LACP
Age of the port in the current state: 180d:19h:47m:01s
Port: Gi2/1/22
Port state    = Up Mstr In-Bndl
Channel group = 200         Mode = On      Gcchange = -
Port-channel = Po200       GC   =   -         Pseudo port-channel = Po200
Port index    = 1           Load = 0xFF        Protocol =    -
Mode = LACP
Age of the port in the current state: 180d:19h:47m:02s
                Port-channels in the group:
Port-channel: Po200
Age of the Port-channel   = 354d:12h:47m:27s
Logical slot/port   = 46/19          Number of ports = 2
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Fast-switchover     = disabled
Load share deferral = disabled
Ports in the Port-channel:
Index   Load      Port          EC state       No of bits
------+------+------------+------------------+-----------
0      FF       Gi1/1/22                 On   8
1      FF       Gi2/1/22                 On   8
Time since last port bundled:    173d:17h:06m:34s    Gi2/1/22
Time since last port Un-bundled: 173d:17h:06m:34s    Gi2/1/22
Last applied Hash Distribution Algorithm: Fixed
>>> So my question, arising at least partly from the apparently misleading CDP information, is this: How can I confirm that the WLC is correctly dual homed to both core switches? (short of tracing the cable) I ask because there are several other devices (not WLCs) that need to have the dual homed connections confirmed.
I tried a layer 2 trace route but for all macs associated with the WLC, the trace abborts with the error "Device has Multiple CDP neighbours on destination port."
Thanks in advance!
Sue

PS: It is critical that I confirm the redundancy, since as a part of the data center redesign we will be moving the second VSS chassis to the same rack with the first to simplify the dual connections. I need to verify all the redundant connections before I take it offline and move it. Thanks!

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

AIR-CAP1602i cannot join a WLC 5508 controller

Hello,
I'm managing a large number of access points on a Cisco wlc 5508 controller.
We've recently purchased a bunch of new AIR-CAP1602I-E-K9.
note that we already have AIR-CAP1602I-E-K9 and other models in production.
These A.P are not able to join the controller for some reason, I've tried a lot of different things but I am now at a loss.
I have checked the regulatory domain, upgraded the FUS, manually upgraded the software version of the LAP to match the version on the other A.P.
I even downgraded/upgraded the WLC code (version 7.4.x and 8.0)
I use the dhcp option 43 to to send the controller IP.
Here are the info that can help:
errors:
#on A.P
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
#on WLC
Lwapp join request rejected (WLC version 7.6.130.0)
Failed to add database entry (WLC version 8.0)
WLC sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.130.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... XXX
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... XXX
Last Reset....................................... Software reset
System Up Time................................... 6 days 4 hrs 16 mins 27 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CA,FR
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +41 C
External Temperature............................. +22 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 7
Number of Active Clients......................... 1977
Burned-in MAC Address............................ A4:93:4C:B0:E4:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 250
AP sh version
AP58f3.9cb8.3701#sh version
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 22-Aug-14 10:56 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
AP58f3.9cb8.3701 uptime is 31 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.152-4.JB6/ap1g2-k9w8-mx.152-4.JB6"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco AIR-CAP1602I-E-K9 (PowerPC) processor (revision B0) with 229366K/32768K bytes of memory.
Processor board ID FGL1832X5QU
PowerPC CPU at 533MHz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.6.100.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 58:F3:9C:B8:37:01
Part Number                          : 73-14671-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC183171L4
Top Assembly Part Number             : 800-38552-01
Top Assembly Serial Number           : FGL1832X5QU
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602I-E-K9
AP sh inventory
NAME: "AP1600", DESCR: "Cisco Aironet 1600 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP1602I-E-K9 , VID: V01, SN: FGL1832X5QU
Thanks for your help !

Hi Olivier,
The error messages that you have on the debugs:
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 12 09:24:49.659: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
It is related to the bug: CSCuh46442
https://tools.cisco.com/bugsearch/bug/CSCuh46442/?referring_site=ss
This bug is resolved in version : 8.0.100.0
http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn80.html#pgfId-1163951
Can you please paste here "show ap auth-list" from the controller CLI?
I suggest to enable MIC if it is not enabled, and then check if the AP's will join or not.
Kind Regards
Mohammad Setan

WLC 4402-50 with ACS 3.3

Hi,
We want to use ACS to authenticate an ssh or http connection to a WLC 4403-50 4.2.99 using TACACS+. On our ACS 4.2 test server it works fine. Configured identically on an ACS 3.3 appliance we are not able to log in although we do see a successful login in the Passed Authentications report withing ACS.
Is there an incompatability between the WLC 4402-50 with ACS 3.3?
thanks
Bob

The Cisco Secure Access Control Server (ACS) provides authentication, authorization, and accounting (AAA) services for users of the wireless network.
It is also possible to employ a WLC controller strategy that uses an N+1 approach. When using N+1 architecture, each WLC is configured with a WLC that is designated as a backup WLC in the event of a failure. This controller is not used until there is a failure event upon which all APs using the failed controller switch to the backup WLC. This cost-effective approach provides a high level of availability in the event of a single WLC failure scenario.

WLC (4402) Controller Redundancy

Similar Messages

Maybe you are looking for