1131 unable to join 2106 WLC

Unanswered Question

On the AP I get:

%LWAPP-5-CHANGED: LWAPP changed state to JOIN

%LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

%LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

%LWAPP-5-CHANGED: LWAPP changed state to CFG

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Response: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Config Request Timer: did not recieve config response (

controller - WLC-2106)

%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET CONF

IG RESPONSE.

%LWAPP-5-CHANGED: LWAPP changed state to DOWN


On the controller logs I get:

Oct 12 06:00:07.987 spam_l2.c:760 LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP 00:1a:30:7e:89:10 for CONFIGURE_COMMAND

(number of pending messages is 6)

Oct 12 06:00:01.724 spam_lrad.c:8043 LWAPP-3-RD_ERR9: APs 00:1a:30:7e:89:10 country code changed from () to (US )

Oct 12 06:00:01.723 spam_lrad.c:7715 LWAPP-3-RD_ERR7: Invalid country code () for AP 00:1a:30:7e:89:10

Oct 12 06:00:01.719 spam_lrad.c:8043 LWAPP-3-RD_ERR9: APs 00:1a:30:7e:89:10 country code changed from () to (US )

Oct 12 06:00:01.718 spam_lrad.c:7715 LWAPP-3-RD_ERR7: Invalid country code () for AP 00:1a:30:7e:89:10

Oct 12 05:58:02.787 spam_l2.c:760 LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP 00:1a:30:7e:89:10 for CONFIGURE_COMMAND



The AP hardware version is:

cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 24566K/81

92K bytes of memory.

Processor board ID FTX1102T29R

PowerPCElvis CPU at 262Mhz, revision number 0x0950

Last reset from reload

LWAPP image version 4.2.130.0

1 FastEthernet interface

2 802.11 Radio(s)


32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:1A:A1:73:B4:DC

Part Number : 73-8962-11

PCA Assembly Number : 800-24818-10

PCA Revision Number : A0

PCB Serial Number : FOC105107E6

Top Assembly Part Number : 800-25544-06

Top Assembly Serial Number : FTX1102T29R

Top Revision Number : B0

Product/Model Number : AIR-LAP1131AG-A-K9



and on the Country page of the controller it shows:

Regulatory Domain 802.11a: -AB

802.11bg: -AB


The AP's will never join the controller despite having the correct regulatory domain set. I'm at a loss as to what could be going on. Has anyone seen something like this before?

Thanks in advance!

-Sam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Sun, 10/12/2008 - 08:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

So when you do a show country on the wlc it shows United States? Is the management and ap-manager on the same subnet and are set to untagged "0" with the native vlan set on the trunk port as native valn .

Thanks for the reply!

You are correct. Below is the output:


(Cisco Controller) >show country



Configured Country............................. US - United States

Configured Country Codes

US - United States............................. 802.11a / 802.11b / 802

.11g


(Cisco Controller) >show interface summ


Interface Name Port Vlan Id IP Address Type Ap Mgr Gu

est

-------------------------------- ---- -------- --------------- ------- ------ --

---

ap-manager 1 untagged 192.168.3.20 Static Yes No


management 1 untagged 192.168.3.2 Static No No




From the port on the asa going to port 1 on the controller:

!

interface Ethernet0/1

switchport trunk allowed vlan 2,12

switchport trunk native vlan 2

switchport mode trunk

!


The port feeding the AP:

!

interface Ethernet0/7

switchport access vlan 2

!


The vlan config on the asa:

!

interface Vlan2

nameif inside

security-level 100

ip address 192.168.3.1 255.255.255.0

!


Any other information you think would be helpful, please ask! By the way, I've also tried joining a 1242 (US) and got the same error messages on the controller so I'm quite confident that we're looking at a controller issue here. Thanks again for the response! I look forward to any other suggestions you may have.

-Sam

Scott Fella Sun, 10/12/2008 - 09:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Try this for now... Connect the wlc to a switch and place the ap's on the same clan. Create a dhcp scope so the ap's get an ip address and see if that works.

I did previously have the AP's and controllers on a dumb switch. The AP's got addresses and located the controller (even did the code update just fine!). This errors posted above occur after the AP comes up the second time. I noticed that my bootloader was very old so I tried to update it just now. Now I'm getting:

grub>

when I boot the WLC. I fear the worst...

Scott Fella Sun, 10/12/2008 - 09:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What code are you running? Upgrading the bootloader should not cause any issues.



My bootloader was:

Cisco Bootloader (Version 4.0.191.0)


and my controller code release was 4.2.130.0 or 5.1.151.0 (I tried both)... The only reason I suspected an issue with the bootloader was that when I tried to upgrade it through the GUI, it would never take. On reboot the controller showed the same old version. I also tried to uncheck 'US' on the Country page and reselect something else like UK or Sweeden and it would always revert back to 'US'.

Scott Fella Sun, 10/12/2008 - 09:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You have to upgrade the wlc to 4.1 then to 4.2. I would go with 4.2.130 with bootloader 4.2.112.


Also the issue you have might be due to the wlc and the ap on the asa.

Scott Fella Sun, 10/12/2008 - 10:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Your best bet is to put the wlc and the ap on a switch. Since there can be up to 6 ap's, that should be no issue. Why do you have them in the dmz?

I'll give that a go when I get the controller up and running. Do you still think that would be an issue despite the fact that the AP's can clearly communicate with the controllers (proved by the fact that they get an updated image from it)? I have them in a different vlan for testing only... As soon as I get everything going, I'll probably move them into a different vlan. Thanks for all of the advice! As soon as I get a working unit, I'll let you know what I find!

-Sam

-Sam

Scott Fella Sun, 10/12/2008 - 10:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Sam,


You shouldn't have any issues as long as you don't put the ap's or wlc in the dmz. What you can do is put the wlc and ap on the same subnet and test.... then move the ap's to a different subnet and test again.... all the testing above not using the asa. Then place it back on the dmz and see if that breaks it.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode