WLC - AP 1252

We have a strange issue.. AP 1252 came up with Autonomous IOS, and we had converted it to LWAPP usign 12.4(10) OS.. We have defined the dhcp configurations on the core 6500 switches, for it to return option 43 and 60 to the LAP. 6500 trunks to 3750-E switches, to which the AP's are connected.
Now, the AP boots up, gets an IP address, finds the WLC, ad tries to get associated with it.. nothing happens after that ! we get an error that there is no heartbeat back from the AP !
Jan 09 18:20:39.367 spam_tmr.c:585 LWAPP-3-ECHO_ERR: Did not receive heartbeat reply; AP: 00:21:a0:40:31:b4
Jan 09 18:17:27.363 dhcp_support.c:365 DHCP-3-BIND_SRPORT_ERR: Binding service port failed.
Jan 09 18:09:07.134 dhcp_support.c:365 DHCP-3-BIND_SRPORT_ERR: Binding service port failed.
Jan 09 18:00:46.946 dhcp_support.c:365 DHCP-3-BIND_SRPORT_ERR: Binding service port failed.
Anyone seen this error ? there arent much info about this, on CCO..
Regards
Raj

4404 controllers with 5.0.x software.. 1252 LWAPP's.. we were just going through the release notes of 5.0.x IOS and did not see any mention on the 1252 AP's.. hence we are upgrading to 5.1-5.2 (WLC's).. hopefully that should solve the issue.. will let ya know..
Raj

Similar Messages

Autonomous 1252 converted to CAPWAP will not join 5508 WLC

WLC 5508 firmware is v6.0.188.0
I've tried updating the autonomous 1252 via both the upgrade tool 3.4 and 'archive download-sw' from the CLI
I've tried multiple recovery images
c1250-rcvk9w8-tar.124-21a.JA2.tar
c1250-rcvk9w8-tar.124-10b.JDA.tar
After AP reboots with recovery image it joins WLC and downloads new CAPWAP image then reboots again
AP will not rejoin WLC with updated CAPWAP firmware
Any help with this is greatly appreciated!
Thanks in advance and happy holidays,
Scott
Error Msg from 1252 console
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
Additional info
WLC Debugs Enabled:
MAC address ................................ c4:7d:4f:39:31:e2
Debug Flags Enabled:
aaa detail enabled.
capwap error enabled.
capwap critical enabled.
capwap events enabled.
capwap state enabled.
dtls event enabled.
lwapp events enabled.
lwapp errors enabled.
pm pki enabled.
WLC Debug Output:
*Dec 18 10:51:51.575: dtls_conn_hash_search: Connection not found in hash table - Table empty.
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: called to get cert for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: called to get key for CID 154c7072
*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: match in row 2
*Dec 18 10:51:51.692: acDtlsCallback: Certificate installed for PKI based authentication.
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=0
*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect:   msg=ClientHello len=44 seq=0 frag_off=0 frag_len=44
*Dec 18 10:51:51.693: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.693: local_openssl_dtls_send: Sending 60 bytes
*Dec 18 10:51:51.694: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=1
*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect:   msg=ClientHello len=76 seq=1 frag_off=0 frag_len=76
*Dec 18 10:51:51.695: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes
*Dec 18 10:51:51.696: local_openssl_dtls_send: Sending 314 bytes
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=2
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=0 frag_len=519
*Dec 18 10:51:51.712: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=3
*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=519 frag_len=519
*Dec 18 10:51:51.713: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:51.713: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=4
*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=1038 frag_len=108
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: locking ca cert table
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_decode()
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <subject> C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1250-c47d4f3931e2, [email protected]
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <issuer> O=Cisco Systems, CN=Cisco Manufacturing CA
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Mac Address in subject is c4:7d:4f:39:31:e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert Name in subject is C1250-c47d4f3931e2
*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*Dec 18 10:51:51.719: sshpmGetCID: called to evaluate <cscoDefaultMfgCaCert>
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: called to get cert for CID 2ab15c0a
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.719: ssphmUserCertVerify: calling x509_decode()
*Dec 18 10:51:51.730: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (current): 2009/12/18/15:51:51
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotBefore): 2009/11/03/00:47:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotAfter): 2019/11/03/00:57:36
*Dec 18 10:51:51.730: sshpmGetIssuerHandles: getting cisco ID cert handle...
*Dec 18 10:51:51.730: sshpmGetCID: called to evaluate <cscoDefaultIdCert>
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: called with 0x1f1f3b8c
*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: freeing public key
*Dec 18 10:51:51.731: openssl_shim_cert_verify_callback: Certificate verification - passed!
*Dec 18 10:51:51.732: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.155: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=5
*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect:   msg=ClientKeyExchange len=258 seq=3 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: openssl_dtls_process_packet: Handshake in progress...
*Dec 18 10:51:52.269: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246 Peer 192.168.100.54:62227
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=6
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=CertificateVerify len=258 seq=4 frag_off=0 frag_len=258
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=ChangeCipherSpec epoch=0 seq=7
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=1 seq=0
*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=Unknown or Encrypted
*Dec 18 10:51:52.273: openssl_dtls_process_packet: Connection established!
*Dec 18 10:51:52.273: acDtlsCallback: DTLS Connection 0x167c5c00 established
*Dec 18 10:51:52.273: openssl_dtls_mtu_update: Setting DTLS MTU for link to peer 192.168.100.54:62227
*Dec 18 10:51:52.273: local_openssl_dtls_send: Sending 91 bytes
*Dec 18 10:53:06.183: sshpmLscTask: LSC Task received a message 4
Aironet 1252 Console Debug:
*Dec 16 11:07:12.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:51:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:40.999: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:51:41.695: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:51:41.699: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:39.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.100.2:5246
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Dec 18 15:52:40.059: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Dec 18 15:52:40.063: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Dec 18 15:52:40.079: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Dec 18 15:52:40.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Dec 18 15:52:50.059: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 18 15:52:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246
*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.1

Nathan and Leo are alluding to CSCte01087. Basically the caveat is that DTLS fails on a non-00:xx:xx:xx:xx:xx L2 first hop. e.g. if the APs are on the same VLAN as the management interface, they must have 00 MACs; if they are on a different VLAN, the WLC/AP gateway must have a 00 MAC. If the workaround below does not suit your environment, open a TAC case for an image with the fix.
Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.
   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
Conditions:
At least one of the following conditions pertains:
- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface
- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
Workaround:
If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.
In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:
-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00
-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.
For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
Another workaround is to downgrade to 6.0.182.0. However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

1252 AP wont stay associated 5508 wlc

Hi,
I have a newly configured 5508 and a test 1252 ap. The ap connects to the controller and then drops off repeatedly. I have pasted the errors that I am seeing on the ap below.
*Sep 17 17:22:01.807: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Sep 17 17:22:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.200.25.34 peer_port: 5246
*Sep 17 17:22:02.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Sep 17 17:22:02.719: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.200.25.34 peer_port: 5246
*Sep 17 17:22:02.719: %CAPWAP-5-SENDJOIN: sending Join Request to 10.200.25.34
*Sep 17 17:22:02.719: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*Sep 17 17:22:02.791: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*Sep 17 17:22:13.463: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C3750-48P (0027.0c8b.3d9d)
., 1)17 17:22:20.791: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_TYPE (5)
*Sep 17 17:22:20.791: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Sep 17 17:22:20.791: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.200.25.34 5246
*Sep 17 17:22:20.827: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Sep 17 17:22:20.827: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Sep 17 17:22:20.827: bsnInitRcbSlot: slot 0 has NO radio
*Sep 17 17:22:20.827: bsnInitRcbSlot: slot 1 has NO radio
Thanks,
D

Thanks for the reply,
I have checked the time on the wlc and it is correct, it didnt have an ntp source but I have added one. The sw version is 6.0.199.0. I turned debugging on for the wlc and get the below output over and over again. There is no duplicate AP as this is the only one connected.
Many Thanks,
D
*Sep 18 09:37:00.662: %CAPWAP-3-DUP_AP_NAME: capwap_ac_decode.c:1077 AP with same name APd0d0.fded.30a2 exist. Using default name APd0d0.fded.30a2 for this AP.
*Sep 18 09:36:31.840: %CAPWAP-3-DUP_AP_NAME: capwap_ac_decode.c:1077 AP with same name APd0d0.fded.30a2 exist. Using default name APd0d0.fded.30a2 for this AP.
*Sep 18 09:35:42.026: %CAPWAP-3-DUP_AP_NAME: capwap_ac_decode.c:1077 AP with same name APd0d0.fded.30a2 exist. Using default name APd0d0.fded.30a2 for this AP.
*Sep 18 09:35:37.417: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:35.417: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:31.327: %LWAPP-6-CAPWAP_SUPP_VER: spam_lrad.c:1723 Discarding discovery request in LWAPP from AP d0:d0:fd:ed:30:a2 supporting CAPWAP
*Sep 18 09:35:31.283: %DTLS-5-PEER_DISCONNECT: openssl_dtls.c:659 DTLS peer 10.112.3.10 has closed connection.
*Sep 18 09:35:25.415: %SNTP-7-NO_ACCEPTABLE_PKTS: sntp_main.c:1004 No acceptable packets received.
*Sep 18 09:35:25.415: %SNTP-7-TOO_MANY_BAD_PKTS: sntp_main.c:960 Too many bad or lost packets.
*Sep 18 09:35:25.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:23.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:21.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:19.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:17.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select system call failed.Error Code: 0
*Sep 18 09:35:15.415: %SNTP-7-SELECT_FAILED: socket.c:369 The select

1252 LAP won't join WLC

Hi all
I'm having an issue with a 1252 LAP that is connected to the WLC over a WAN link.
Basically, it won't associate. The following is taken from a console into the LAP:
*Mar 1 00:00:07.799: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:08.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:26.851: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:27.003: Logging LWAPP message to 255.255.255.255.
%CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
%CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
%DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.148.x.x, mask 255.255.255.0, hostname AP002
2.90a3.533a
Translating "CISCO-LWAPP-CONTROLLER.nation.radix"...domain server (10.x.x.x)
%LWAPP-3-CLIENTEVENTLOG: Controller address 10.x.x.x obtained through DHCP
%LWAPP-3-CLIENTEVENTLOG: Did not get log server settings from DHCP.
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
%LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER.nation.radix
%LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER.nation.radix
%LWAPP-5-CHANGED: LWAPP changed state to JOIN
%LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - Fxxxxxxx)
%LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
%LWAPP-5-CHANGED: LWAPP changed state to DOWN
IOS Bootloader - Starting system.
Xmodem file system is available.
The ap-manager interface is configured correctly and there isn't a duplicate IP address.
The LAP was initially stand alone and was converted to LWAPP.
The MTU over the WAN link is 1500 bytes.
All I'm getting from the WLC debugs is:
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Received LWAPP DISCOVERY REQUEST from AP 00:22:xx:xx:xx:xx to 00:19:xx:xx:xx:xx on port '29'
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx LWAPP Discovery Request AP Software Version: 0x3003300
Mon Jul 20 11:42:59 2009: 00:22:xx:xx:xx:xx Successful transmission of LWAPP Discovery Response to AP 00:22:xx:xx:xx:xx on port 29
So basically the join messages don't seem to reach the WLC. In fact they don't even seem to reach the local router on the remote subnet. The discovery packets are seen on the local router but the joins don't seem to appear at all.
I'm not sure if it's a latency issue. Average latency over the WAN link is under 70ms.
I'm assuming the certificate on the WAP is MIC and the MAC details have been entered into the WLC AP Security policies for authentication. I'm not seeing any debugging messages relating to bad authentication at all.
I can't debug from the LAP as it's LWAPP, obviously.
I've been through many Cisco documents trying to troubleshoot the problem, including this http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml, but can't find a solution.
We're running WLC version 4.2.130.0.
Can anyone help?
Thanks
Brodie

I assume you have connected to router's AUX and doing reverse telnet. You should be getting Password: prompt on your LAP's console. Password and Enable are both Cisco. Below is console output from my lab's 1250 LAP after erasing configuration (which can only be initiated from controller). In my case, the vlan is not configured with Option 43 and no proper DNS, so LAP doesn't join the controller.
By the way, your best bet might be to convert this LAP back to IOS and then back to LAP again. Use this method:
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
Do you have "Authorize APs against AAA" checked under Security > AP Policies in any of your WLCs ?
Press RETURN to get started!
*Mar 1 00:00:07.099: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:07.619: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:08.595: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*May 10 23:17:25.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*May 10 23:17:26.155: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1250 Software (C1250-K9W8-M), Version 12.4(10b)JDC, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 01-May-09 10:49 by prod_rel_team
*May 10 23:17:26.155: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*May 10 23:17:27.183: %SSH-5-ENABLED: SSH 2.0 has been enabled
*May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*May 10 23:17:27.387: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*May 10 23:17:28.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*May 10 23:17:30.783: %LWAPP-3-CLIENTERRORLOG: ../lwapp/lwapp_l2.c:152 - discarding msg type 12 in state 0
*May 10 23:17:30.783: %CDP_PD-4-POWER_OK: Full power - AC_ADAPTOR inline power source
*May 10 23:17:30.795: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 16 seconds
*May 10 23:17:44.571: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*May 10 23:17:44.731: Logging LWAPP message to 255.255.255.255.
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
%LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
%DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.8.3, mask 255.255.255.0, hostname AP0022.558e.24bc
User Access Verification
Password:
AP0022.558e.24bc>en
Password:
AP0022.558e.24bc#show lwapp ?
client LWAPP Client Information
ids LWAPP IDS Information
ip LWAPP IP configuration
mcast LWAPP Mcast Information
reap LWAPP REAP Information
rm LWAPP RM Information
AP0022.558e.24bc#show lwapp client config
AP0022.558e.24bc#
AP0022.558e.24bc#ping 3.45.47.143
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.45.47.143, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
AP0022.558e.24bc#

What is the recommended wlc image when running 1252 AP's

Hi,
we are about to setup a bunch of N accesspoints Cisco 1252 AP.
What is the recommended image to use on the wlc to get the best stability, least bugs and highest functionality?

Hi
I would recommend to go the latest version from series 5:
5-2-193-0.aes as the main image and 5-2-157-0-ER.aes as the emergency image.
It s stable in everything I tested personnally.
Thanks,
Elie

WLC cannot see 1252 LWAP

I have a 64 AP with WLC install, 56 APs we can see in the WLC, 8 we cannot, the 8 APs were visible and hour ago, WLC can ping APs. Reboot APs, same results, What could be the cause.

So you are saying that 8 ap's are not joined with the WLC? But you can ping the ap's from the WLC? Console into one of the ap's and look at the log. What model wlc and firmware?

Cisco AIR-LAP1041N-E-K9 not working with WLC 4402 version 7.0.116.0

Hi All,
appreciate your support for a problem i started facing today. i have a Cisco WLC 4402 running version 7.0.116.0 and it is working great with 25 Cisco 1252 APs. we have recieved a new 20 Cisco 1041N APs today and i installed one in our site but it doesn't work. it worked fine and loaded the image from flash and got the WLC ip address through DHCP option and started showing the below error:
*Mar 1 00:00:10.021: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:10.033: *** CRASH_LOG = YES
*Mar 1 00:00:10.333: Port 1 is not presentSecurity Core found.
Base Ethernet MAC address: C8:9C:1D:53:57:5E
*Mar 1 00:00:11.373: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:11.465: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1088 messages)
*Mar 1 00:00:11.494: status of voice_diag_test from WLC is false
*Mar 1 00:00:12.526: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.594: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:13.647: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1040 Software (C1140-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:50 by prod_rel_team
*Mar 1 00:00:13.647: %SNMP-5-COLDSTART: SNMP agent on host APc89c.1d53.575e is undergoing a cold start
*Mar 1 00:08:59.062: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:08:59.062: bsnInitRcbSlot: slot 1 has NO radio
*Mar 1 00:08:59.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:59.837: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:09:00.145: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:09:09.136: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 172.16.26.81, mask 255.255.255.0, hostname APc89c.1d53.575e
*Mar 1 00:09:17.912: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:09:17.912: status of voice_diag_test from WLC is false
*Mar 1 00:09:17.984: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:09:19.865: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:09:19.886: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:09:20.874: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
Translating "CISCO-CAPWAP-CONTROLLER.atheertele.com"...domain server (172.16.40.240)
*Mar 1 00:09:29.029: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.100.102 obtained through DHCP
*May 25 08:27:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:03.175: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:03.177: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:03.177: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:03.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:03.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:03.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:03.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:03.378: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:03.448: status of voice_diag_test from WLC is false
*May 25 08:27:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:14.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:15.185: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:15.186: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:15.186: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:15.330: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:15.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:15.334: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:15.334: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:15.379: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:15.450: status of voice_diag_test from WLC is false
*May 25 08:27:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:27.182: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:27.183: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:27.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:27.329: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:27.333: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:27.333: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:27.333: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:27.377: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:27.433: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:27.446: %PARSER-4-BADCFG: Unexpected end of configuration file.
*May 25 08:27:27.447: status of voice_diag_test from WLC is false
*May 25 08:27:27.448: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*May 25 08:27:27.456: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*May 25 08:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:39.183: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:39.184: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:39.184: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:39.326: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:39.329: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:39.329: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:39.330: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:39.375: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:39.446: status of voice_diag_test from WLC is false
*May 25 08:27:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:49.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*May 25 08:27:50.179: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.100.101 peer_port: 5246
*May 25 08:27:50.180: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.100.101
*May 25 08:27:50.180: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN
*May 25 08:27:50.323: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG
*May 25 08:27:50.326: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.16.100.101
*May 25 08:27:50.326: %DTLS-5-PEER_DISCONNECT: Peer 172.16.100.101 has closed connection.
*May 25 08:27:50.326: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.100.101:5246
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*May 25 08:27:50.370: bsnInitRcbSlot: slot 1 has NO radio
*May 25 08:27:50.425: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*May 25 08:27:50.438: %PARSER-4-BADCFG: Unexpected end of configuration file.
i searched for the regulatory domains difference between AIR-LAP1041N-E-K9 and AIR-LAP1041N-A-K9 and didn't find any difference that may affect the operation of this AP.
just to mention that our configuration in WLC for regulatory domains is:
Configured Country Code(s) AR
Regulatory Domain 802.11a: -A
802.11bg: -A
My question is, should i only include my country in the WLC (IQ) to add the requlatry domain (-E) to solve this problem? or changing the country will affect the operation of all working APs??
Appreciate your kind support,
Wisam Q.

Hi Ramon,
thank you for the reply but as shown in the below link:
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html#wp233793
the WLC in version 7.0.116.0 supports Cisco 1040 seiries APs.
Thanks,
Wisam Q.

Is there any limitation of firmware or hardware for QoS configuration (4400 controller & 1252 AP's)

Hi Experts,
Before proceeding for adding AP model 1131 and 1252 into my set-up , I need to know whether any limitation of firmware or hardware for QoS configuration in wireless set-up .
I have 4400 controller and 1130 & 1250 AP models.

Hi Vinod,
Since you have 4400 controllers, you can run upto WLC 7.0.x code. Refer this for more detail
http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
there is no specific limitation to 1131/1252 AP model as such, everything is WLC software dependent.
From later software 7.4.x,7.6.x,8.x, lots of improvement for QoS configuration & bandwidth control, but since your controller is old hardware, you cannot have those latest features.
here is a reference post on how QoS works in wireless environment
http://mrncciew.com/2012/11/28/understanding-wireless-qos-part-1/
HTH
Rasika
*** Pls rate all useful responses ****

WLC 5508 and 1242 associating

I have a 5508 running 6.0.196.0 and have a few 1142's currently associated to it. I've been trying to get a 1242 to associate but it will not.
My WLC hands out DHCP to a wireless VLAN (950) and the 1242 gets an IP in this VLAN, but will not associate or showup as an AP.
Additionally, I have a console cable connected and attached the output from the boot, but cannot get my settings to allow (via Hyperterm) to let me CLI. I'm set at 9600, 8,N,1 and tried a few other settings.
Layer 1 - Good
Layer 2 - Good
Layer 3 - Good
1142
1142
1142
1252
The DHCP leases are above and can ping any of these, but only show the three 1142s in the controller.
Any thoughts as to why this won't showup? How bout my hyperterm settings?
Thanks!

Most likely the you have flow control enabled in hyperterm which is why the AP won't respond to your input. Make sure the terminal emulation program has flow control set to off.
As far as the 1252 not joining, the reason is because it is running an autonomous AP image, not a LWAPP/CAPWAP image. This is seen if you look at the image name. This has k9w7 which is autonomous images. K9w8 are lightweight images. You just need to convert this AP to lightweight.

WLC 5508 H-REAP config problem

Hello,
I have a problem with H-REAP configuration.
I have a 5508 controller in HQ and a lot of 1242 lap in remote sites.
I have only one SSID (used only in remote sites) and only default vlan 1 in all sites.(a big subnet for every site).
I created only one WLAN on WLC, map it to the management interface (cause there is no need for a dynamic interface cause i will not use SSID locally, i want clients to receive an ip address from the subnet they are trying to connect to), I enabled "H-REAP switching local" from Advanced tab and also from Wireless Tab -> AP->Details-> enable vlan mapping with native vlan 1.
The problem is the AP are registered with the controller, i have L3 connectivity btw controller and AP and also clients cant see any SSID when trying to connect to AP.
The DHCP server is in HQ.
The port where APs are plugged in are trunk.
Am I missing smth?
Any help will be really appreciated.
Best regards,

The problem that we ran into was having the WLAN ID above 8 apparently the 1131, 1242, 1252 cant use WLAN IDs above 8 when utilizing HREAP. Try pulling the WLAN ID down to 8 or below and see if that fixes things.
Local Switching:
A WLAN on H-REAP is said to operate in local switching mode if the data traffic of that WLAN terminates locally at the wired interface of the LAP itself, without getting tunneled to the WLC.
Note: Only WLANs 1 through 8 can be configured for H-REAP Local Switching because only these WLANs can be applied to the 1130, 1240 and 1250 Series APs that support H-REAP functionality.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807cc3b8.shtml#conf

Guest configuration with WLC

i am using WLC 4402 with firmware 5.1 and 1252 Access Point.
i am in trouble to configure guest access with the WLC.
i have configured interface in WLC under CONTROLLER->INTERFACES->GUEST.
WHEN I SELECT THIS INTERFACE AS GUEST IT DOESN'T TAKE IP ADDRESS INFORMATION. IN THIS CASE I HAVE TO UNCHECK GUEST SELECTION BOX.
AND I GOT DYNAMIC INTERFACE WITHOUT IP ADDRESS.
AFTER DOING THIS I CREATE WLAN NAMED GUEST AND ENABLED IT.
i have put guest interface as a ingress interface and management as egress interface and applied web auth successfully but still it is not showing me guest SSID when i try to search it.
help me
plz
thanks

Have you gone through these documents yet?
Wired Guest Access using Cisco WLAN Controllers Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml
Guest WLAN and Internal WLAN using WLCs Configuration Example
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
Hope these will help you.

WLC/Roaming

Hello,
I have more different client networks with one ssid, when a client is in another network gets an ip it still from the old network.
How can I to the wlc change this so he gets one right address.
I have a Cisco WLC 5508 and 1262/1252 Access point
thanks

Perhaps I'm missing the point of your post......
But we need to clarify what you are asking for.
From the few posts here, I understand that Client 1 at Site A gets an IP address from site A. When Client 1 roams to Site B, they continue to have the IP address from Site A. You don't want this?
So what is happening:
Layer 3 mobility.
When you roam from Site A to Site B, you should be anchored back to your original controller and should function with your IP address. So from client perspective, absolutely nothing should be wrong.
Now, are you trying to say that Clients that Roamed from Site A to Site B, cannot talk to Site B resources with the Site A address? That would be the only reason I can think of where you'd "not work".
If you absolutely don't want Layer 3 roaming, then you have two options:
1) Do not allow your WLCs to be mobility aware. If they do not have each other in the mobility domain, no mobility will take place and your client will stay Layer 2.
2) (theory) Change your Virtual IP address between the two controllers. Mobility Handoff is rejected if the Virtual IP does not match. So when your client is handed off layer 3, the Site A WLC will not accept it and will remove the client instead of anchor.
The problem with that above however is that you need a client that is stupid enough to re-DHCP as soon as it roams....
If you have IP 10.10.1.10, and you roam to a new stie, with no L3 roaming, you're going to need a client that will either always re-dhcp, or will quickly learn 10.10.1.10 is not valid.....
Long Story short:
L3 Mobility is there for a reason and there is no "disable" button. Either allow your network to function with L3 clients, or configure it so L3 mobility will not happen.

5508 WLC + 3702I APs /w a Windows 2012 DHCP Server

All,
I am in the process of a new WLC install with five 3702I APs. The configuration was gone well up till now..... I am having issues with DHCP pulling IPs from the correct scope. The WLC is in a different VLAN (10) than the APs (142). What am I missing in the configuration? We have multiple autonomous 1252s that pull the correct scope. Any suggestions would be greatly appreciated.
Dave

Are you having issues with client getting IP when they connect to 3702 ? or AP itself not taking IP ?
Either case I would check switch SVI is configured with "ip helper-address x.x.x.x" pointing to your DHCP server.
Also for dynamic interface configuration of WLC I would check all interfaces correctly configured with DHCP server address.
You can run " debug client <mac_address>" on WLC CLI for a single client & post that output if you still facing the issue
HTH
Rasika
**** Pls rate all useful responses ****

Anyone solved the blinking statusleds on 1252

Hi,
have anyone solved the blinking statuslights on the 1252? -it always blinks status blinks red,green,blue when on 15,4w, 802.3af compliant switch!
Im now running the 1252 lightweight on controller 4402 with firmware 6.0.182.0, i have administratively shut down the 5ghz radio and rebooted. still blinkning!!
The only solution seems to be to physically remove the 5ghz radio.
i have noticed that when 2.4 & 5ghz is inserted but 5ghz is shutdown it draws 10019mW.
when 5ghz radio i physically removed it draws 7555mW.

If you are using firmware 6.X, then this code will upgrade the firmware of the radios to version 2.0.0 which allows both radios to operate but at a lower rate.
The lights blinking red, blue, green at a pace of about 1 per seconds means that the LAP can't find the WLC. If the light is red all the time then it means that it's gone into ROMmon.
If the light is BLUE only that means that a client has successfully associated to it. If it's green it means that it's joined a WLC but no client has associated to it.
Hope this helps.

Is it possible to Change IOS of 1252 LWAP AP to Autonomous AP?

Hi,
Is it possible to Change IOS of 1252 LWAP AP to Autonomous AP? I have seen some documents for changing Autonomous AP to LWAP and change back procedures.
Please suggest... Thanks.

Is it possible to Change IOS of 1252 LWAP AP to Autonomous AP
Yes. There are two ways of doing it.
The first way is doing it off-line or away from the WLC. The process is called Using a TFTP Server to Return to a Previous Release.
The second way is to use the WLC CLI command "config ap tftp ".

WLC - AP 1252

Similar Messages

Maybe you are looking for