AP NOT GETTING JOIN RESPONSE??

Answered Question
Jun 4th, 2008

Hi, I have just connected my 1130ag ap to the network noticed that it can not get a Join response. as follows;

bymydesk#

*Mar 1 00:00:25.294: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

*Mar 1 00:00:35.698: LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found the disco

very response from MASTER Mwar

*Mar 1 00:00:35.707: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

*Mar 1 00:00:40.707: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the J

oin response

*Mar 1 00:00:40.707: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.

*Mar 1 00:00:40.746: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID

NOT GET JOIN RESPONSE.

*Mar 1 00:00:40.746: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is

I have looked in the forum and other people have had the problem and have indicated it could be a date time issue. I have set the date and time but when I do a "show Auth-list" i get nothing back like the following;

(Cisco Controller) >show auth-list

(Cisco Controller) >

can anyone help please, i am not sure what else to do

I have this problem too.
0 votes
Correct Answer by Scott Fella about 8 years 5 months ago

Glad to help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mbaylis Thu, 06/05/2008 - 01:13

Hi Rob,

Thanks for the advice, looked into great detail on these docs but still no joy. When I do a sh auth-list the controller comes back blank, I have checked and ssc is enabled but when trying to add the AP mac and key hash, i'm having problems, as i can not find the the key hash using the "debug pm pki enable". as per below;

(Cisco Controller) >Thu Jun 5 09:55:41 2008: Received a message from AP of length 83 on i

nteface = 1

Thu Jun 5 09:55:41 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**

Thu Jun 5 09:55:41 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19

:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'

Thu Jun 5 09:55:41 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**

Thu Jun 5 09:55:41 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res

ponse to AP 00:19:06:73:30:90 on Port 1

Thu Jun 5 09:57:04 2008: Received a message from AP of length 83 on inteface = 1

Thu Jun 5 09:57:04 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**

Thu Jun 5 09:57:04 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19

:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'

Thu Jun 5 09:57:04 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**

Thu Jun 5 09:57:04 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res

ponse to AP 00:19:06:73:30:90 on Port 1

Thu Jun 5 09:57:29 2008: sshpmExtKeyCallback: called with Event 5, Keypath software://0/,

Flags 00000000

Thu Jun 5 09:57:36 2008: sshpmExtKeyCallback: called with Event 5, Keypath software://0/,

Flags 00000000

Thu Jun 5 09:58:26 2008: Received a message from AP of length 83 on inteface = 1

Thu Jun 5 09:58:26 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**

Thu Jun 5 09:58:26 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19

:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'

Thu Jun 5 09:58:26 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**

Thu Jun 5 09:58:26 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res

ponse to AP 00:19:06:73:30:90 on Port 1

Thu Jun 5 09:59:49 2008: Received a message from AP of length 83 on inteface = 1

Thu Jun 5 09:59:49 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**

Thu Jun 5 09:59:49 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19

:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'

Thu Jun 5 09:59:49 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**

Thu Jun 5 09:59:49 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res

ponse to AP 00:19:06:73:30:90 on Port 1

The "show crypto ca certificates" confirmed that the date is within the stated time period of the certificate.

I am using a cisco 875 as the dhcp server with the option 43 commands.

??? please help

rob.huffman Thu, 06/05/2008 - 05:12

Hi Martin,

Sorry for the delay as I have many things on the go today :) Just so I can understand;

this was an upgraded AP (from Autonomous)?

I made some assumptions on my first post (I know) but just need to be sure.

Rob

mbaylis Thu, 06/05/2008 - 05:20

Hi rob,

this was not upgraded, this was just an out of the box AP its an 1131AG -E.

mbaylis Thu, 06/05/2008 - 02:41

also rob, this is the config for the layer 3 switch and the 875 i an using for the dhcp server, basically i want to setup a bsic wirelss lan in a test enviroment, can you point me in the write direct to a docuemnt which shows a good example of setting something up? or have a look at this config, can you see anything wrong

your help is appriciated!!!

Switch#sh ru

Switch#sh running-config

Building configuration...

Current configuration : 2298 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

no aaa new-model

switch 2 provision ws-c3750-24ts

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet2/0/1

description Access port Connection to Cisco AP

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface FastEthernet2/0/2

switchport access vlan 60

switchport mode access

speed 100

duplex full

spanning-tree portfast

!

interface FastEthernet2/0/3

switchport access vlan 2

speed 100

duplex full

!

interface FastEthernet2/0/4

!

interface FastEthernet2/0/5

!

interface FastEthernet2/0/6

!

interface FastEthernet2/0/7

!

interface FastEthernet2/0/8

!

interface FastEthernet2/0/9

!

interface FastEthernet2/0/10

!

interface FastEthernet2/0/11

!

interface FastEthernet2/0/12

!

interface FastEthernet2/0/13

!

interface FastEthernet2/0/14

!

interface FastEthernet2/0/15

!

interface FastEthernet2/0/16

!

interface FastEthernet2/0/17

!

interface FastEthernet2/0/18

!

interface FastEthernet2/0/19

!

interface FastEthernet2/0/20

!

interface FastEthernet2/0/21

!

interface FastEthernet2/0/22

!

interface FastEthernet2/0/23

!

interface FastEthernet2/0/24

!

interface GigabitEthernet2/0/1

description Trunk Port to Cisco WLC

switchport trunk encapsulation dot1q

switchport trunk native vlan 60

switchport trunk allowed vlan 2-5,60

switchport mode trunk

!

interface GigabitEthernet2/0/2

!

interface Vlan1

no ip address

!

interface Vlan2

description LAN

ip address 10.1.1.254 255.255.255.0

!

interface Vlan3

description secure Auth_1

ip address 10.3.3.1 255.255.255.0

!

interface Vlan4

description secure Auth_2

ip address 10.4.4.1 255.255.255.0

!

interface Vlan5

description AP VLan

ip address 10.5.5.1 255.255.255.0

ip helper-address 10.1.1.2

!

interface Vlan60

description Managment & AP Managment Interface

ip address 192.168.60.1 255.255.255.0

!

router eigrp 10

network 10.1.1.0

network 10.5.5.0

no auto-summary

eigrp stub connected summary

!

ip classless

ip http server

!

!

control-plane

!

!

line con 0

password cisco

login

line vty 0 4

password cisco

login

line vty 5 15

no login

!

end

***************************************************

also this is the cisco 875 config i am using for the dhcp server for option 43

vice timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

no ip dhcp use vrf connected

!

ip dhcp pool vlan5pool

network 10.5.5.0 255.255.255.0

default-router 10.5.5.1

option 60 ascii "Cisco AP c1130"

option 43 hex f104.c0a8.3c02

!

!

ip cef

!

!

!

!

!

!

!

!

interface Ethernet0

ip address 10.1.1.2 255.255.255.0

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

ip http server

no ip http secure-server

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!

scheduler max-task-time 5000

end

Scott Fella Thu, 06/05/2008 - 05:48

For now, place the ap on vlan 60 and place a temporary dhcp scope for that vlan and see if the ap joins the controller. Then if it does, change it back and the ap will be able to join from vlan 5.

mbaylis Thu, 06/05/2008 - 06:38

hi,

doing what u have told me it now assigns a dhcp address but still fails on the same place.

*Mar 1 00:00:07.149: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:08.149: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, chang

ed state to up

*Mar 1 00:00:25.197: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY

*Mar 1 00:00:35.336: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP addres

s 192.168.60.21, mask 255.255.255.0, hostname bymydesk

*Mar 1 00:00:46.617: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

*Mar 1 00:00:54.617: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the J

oin response

*Mar 1 00:00:54.617: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.

*Mar 1 00:00:54.644: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID

NOT GET JOIN RESPONSE.

*Mar 1 00:00:54.644: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is a

vailable.

the scop i have made is as follows;

ip dhcp pool WLAN

network 192.168.60.0 255.255.255.0

default-router 192.168.60.1

option 60 ascii "Cisco AP c1130"

option 43 hex f104.c0a8.c0a8.3c02

** NOTICE** i dont have the DNS server address. I have not put one in because i dont have a dns server on this test network. What is that used for in this instance please????

Scott Fella Thu, 06/05/2008 - 06:54

you can take out the option 60 and option 43. Not needed when tha ap's are on the same subnet as the ap-manager.

mbaylis Thu, 06/05/2008 - 07:06

hi,

this again has made no difference, can you see anything in the controller config, i have attached this, please take a look, the only thing i can see is that maybe the ap manager interface should not be tagged, because i had a problem earlier were i could not connect to the managment interface, and I got round this by changing the tagging to 0???

may try this, what do you reckon? sorry see one below i have attached the controller sh run

thanks

mbaylis Thu, 06/05/2008 - 07:07

hi,

this again has made no difference, can you see anything in the controller config, i have attached this, please take a look, the only thing i can see is that maybe the ap manager interface should not be tagged, because i had a problem earlier were i could not connect to the managment interface, and I got round this by changing the tagging to 0???

may try this, what do you reckon?

Scott Fella Thu, 06/05/2008 - 07:13

YOur ap-manager interface is set to vlan 60. This should be untagged. Also configure the service port to an ip address not on your network... like 2.2.2.2 or 192.168.237.x or something.

Scott Fella Thu, 06/05/2008 - 07:17

go to Controller tab then interfaces on the left and then click on the ap-manager interface. Then set the vlan to uptagged "0".

You should also upgrade to 4.1.185

mbaylis Thu, 06/05/2008 - 07:21

done, brilliant, thanks for that mate, got it to associate!! Thank you very much, appriciated!!!

mbaylis Thu, 06/05/2008 - 07:29

just noticed that the operatioanl status of the radios are showing down? why is this?

Scott Fella Thu, 06/05/2008 - 18:31

You have it disabled on the raidos. Telnet/SSH or console into the WLC and cut and paste these commands:

config 802.11a enable network

config 802.11b enable network

config 802.11b 11gSupport enable

y

save config

y

kadambari.beelw... Tue, 07/01/2008 - 09:03

Rob,

I have an issue with WLC 4400.It rebooted due to power failure and now it does not see AP.

How do I troubleshoot the issue.

Thanks

Kads

richologbo Thu, 07/03/2008 - 02:54

Hi, can you connect the APs directly to the controller and lets see what happens.

richologbo Thu, 07/03/2008 - 03:39

Hi, can you connect the APs directly to the controller and lets see what happens

Scott Fella Thu, 07/03/2008 - 03:53

You should start a new thread. This way others don't over look your post.

Leandro Nunes Tue, 07/01/2008 - 14:17

We have a wlc 4402 (IOS 4.1.185.0) with a few LAP1131 associated to it.

All the APs are located in different cities (one per city) and every AP is connected to a trunked Fa0 of an 877 router, that provides to the APs its IP address as well as the IP address of the wlc's management interface.

The problem is that for some cities, the following happens:

1 - AP sends DISCOVERY_REQUEST;

2 - WLC receives the request and sends the DISCOVERY_RESPONSE;

3 - AP receives the DISCOVERY_REPLY;

4 - AP sends the JOIN_REQUEST;

5 - AP reloads as it DID NOT GET JOIN RESPONSE.

In other cities, the AP associates, equalizes the firmware, downloads all the wlans configurations without a glitch.

In all the cities envolved, we have the same AP, with the same IOS, the same 877 router all with the same IOS, and this is driving us crazy, as the problem does not occur for all the sites.

Can anybody out there shed some light into this issue?

We already digged the forum, but could not get any hint that would help us to solve this puzzle.

Thanks in advance,

Leandro Nunes

Scott Fella Tue, 07/01/2008 - 15:00

How is your ap's setup... as H-REAP I would assume. You should run a debug lwapp events on the WLC to see what fails. So from above, you have consoled into the ap to verify that the ap never gets a join response.

Also is this the first time the ap tried to join the wlc?

Leandro Nunes Tue, 07/01/2008 - 15:24

Hi, thanks for your quick response.

Yes, these APs are in H-REAP mode, and we did debug on the WLC and on the AP as well.

The AP is behaving this way since its very first connection to the router. We already tried a hard reset on the AP with the same results.

Once again, thanks for your reply.

Scott Fella Tue, 07/01/2008 - 15:43

The only thing I can see that some sites work and others may not is the connectivity between the site and the site where the wlc sits. the fail safe way is to stage the ap's locally so that the ap has joined the wlc. Configure the ap as much as you can. Then ship the ap's out and finish the vlan mappings.

Leandro Nunes Wed, 07/02/2008 - 09:38

Hi, We primed the AP configuration in one city (that was working) and moved it back to the original site and guess what: it did not work.

Any other hint?

Thanks for your help.

Scott Fella Wed, 07/02/2008 - 09:57

There is no nat'ing going on is there. Port 12222 and 12223 need to be allowed both ways from your remote site to the site your wlc resides in.

Scott Fella Thu, 07/03/2008 - 03:55

Well if the ap's and the wlc is not behind a NAT, then you have to look at connectivity between the two site. Cisco has their recommendation of what is required if your ap's are across the WAN.

Have you reviewed this doc?

http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtml#t8

http://www.cisco.com/en/US/products/ps6521/products_tech_note09186a0080736123.shtml

Actions

This Discussion