cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7782
Views
15
Helpful
8
Replies

Autonomous 1252 converted to CAPWAP will not join 5508 WLC

sjohnson
Level 1
Level 1

WLC 5508 firmware is v6.0.188.0

I've tried updating the autonomous 1252 via both the upgrade tool 3.4 and 'archive download-sw' from the CLI

I've tried multiple recovery images

c1250-rcvk9w8-tar.124-21a.JA2.tar

c1250-rcvk9w8-tar.124-10b.JDA.tar

After AP reboots with recovery image it joins WLC and downloads new CAPWAP image then reboots again

AP will not rejoin WLC with updated CAPWAP firmware

Any help with this is greatly appreciated!

Thanks in advance and happy holidays,

Scott

Error Msg from 1252 console

*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246

*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2

*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2

Additional info

WLC Debugs Enabled:

MAC address ................................ c4:7d:4f:39:31:e2

Debug Flags Enabled:

  aaa detail enabled.

  capwap error enabled.

  capwap critical enabled.

  capwap events enabled.

  capwap state enabled.

  dtls event enabled.

  lwapp events enabled.

  lwapp errors enabled.

  pm pki enabled.

WLC Debug Output:

*Dec 18 10:51:51.575: dtls_conn_hash_search: Connection not found in hash table - Table empty.

*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: called to get cert for CID 154c7072

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: called to get key for CID 154c7072

*Dec 18 10:51:51.575: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<

*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<

*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<

*Dec 18 10:51:51.576: sshpmGetSshPrivateKeyFromCID: match in row 2

*Dec 18 10:51:51.692: acDtlsCallback: Certificate installed for PKI based authentication.

*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=0

*Dec 18 10:51:51.693: local_openssl_dtls_record_inspect:   msg=ClientHello len=44 seq=0 frag_off=0 frag_len=44

*Dec 18 10:51:51.693: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:51.693: local_openssl_dtls_send: Sending 60 bytes

*Dec 18 10:51:51.694: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=1

*Dec 18 10:51:51.694: local_openssl_dtls_record_inspect:   msg=ClientHello len=76 seq=1 frag_off=0 frag_len=76

*Dec 18 10:51:51.695: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes

*Dec 18 10:51:51.695: local_openssl_dtls_send: Sending 544 bytes

*Dec 18 10:51:51.696: local_openssl_dtls_send: Sending 314 bytes

*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=2

*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=0 frag_len=519

*Dec 18 10:51:51.712: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:51.712: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=3

*Dec 18 10:51:51.712: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=519 frag_len=519

*Dec 18 10:51:51.713: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:51.713: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=4

*Dec 18 10:51:51.713: local_openssl_dtls_record_inspect:   msg=Certificate len=1146 seq=2 frag_off=1038 frag_len=108

*Dec 18 10:51:51.714: sshpmGetIssuerHandles: locking ca cert table

*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_alloc() for user cert

*Dec 18 10:51:51.714: sshpmGetIssuerHandles: calling x509_decode()

*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <subject> C=US, ST=California, L=San Jose, O=Cisco Systems, CN=C1250-c47d4f3931e2, MAILTO=support@cisco.com

*Dec 18 10:51:51.719: sshpmGetIssuerHandles: <issuer>  O=Cisco Systems, CN=Cisco Manufacturing CA

*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Mac Address in subject is c4:7d:4f:39:31:e2

*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert Name in subject is C1250-c47d4f3931e2

*Dec 18 10:51:51.719: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.

*Dec 18 10:51:51.719: sshpmGetCID: called to evaluate <cscoDefaultMfgCaCert>

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.719: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: called to get cert for CID 2ab15c0a

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.719: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.719: ssphmUserCertVerify: calling x509_decode()

*Dec 18 10:51:51.730: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (current): 2009/12/18/15:51:51

*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotBefore): 2009/11/03/00:47:36

*Dec 18 10:51:51.730: sshpmGetIssuerHandles: ValidityString (NotAfter): 2019/11/03/00:57:36

*Dec 18 10:51:51.730: sshpmGetIssuerHandles: getting cisco ID cert handle...

*Dec 18 10:51:51.730: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<

*Dec 18 10:51:51.730: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<

*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: called with 0x1f1f3b8c

*Dec 18 10:51:51.731: sshpmFreePublicKeyHandle: freeing public key

*Dec 18 10:51:51.731: openssl_shim_cert_verify_callback: Certificate verification - passed!

*Dec 18 10:51:51.732: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:52.155: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=5

*Dec 18 10:51:52.155: local_openssl_dtls_record_inspect:   msg=ClientKeyExchange len=258 seq=3 frag_off=0 frag_len=258

*Dec 18 10:51:52.269: openssl_dtls_process_packet: Handshake in progress...

*Dec 18 10:51:52.269: dtls_conn_hash_search: Searching hash for Local 192.168.100.2:5246  Peer 192.168.100.54:62227

*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=0 seq=6

*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=CertificateVerify len=258 seq=4 frag_off=0 frag_len=258

*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=ChangeCipherSpec epoch=0 seq=7

*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect: record=Handshake epoch=1 seq=0

*Dec 18 10:51:52.269: local_openssl_dtls_record_inspect:   msg=Unknown or Encrypted

*Dec 18 10:51:52.273: openssl_dtls_process_packet: Connection established!

*Dec 18 10:51:52.273: acDtlsCallback: DTLS Connection 0x167c5c00 established

*Dec 18 10:51:52.273: openssl_dtls_mtu_update: Setting DTLS MTU for link to peer 192.168.100.54:62227

*Dec 18 10:51:52.273: local_openssl_dtls_send: Sending 91 bytes

*Dec 18 10:53:06.183: sshpmLscTask: LSC Task received a message 4

Aironet 1252 Console Debug:

*Dec 16 11:07:12.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 18 15:51:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246

*Dec 18 15:51:40.999: %CAPWAP-5-CHANGED: CAPWAP changed state to 

*Dec 18 15:51:41.695: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246

*Dec 18 15:51:41.699: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2

*Dec 18 15:51:41.699: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2

*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 18 15:51:41.699: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2

*Dec 18 15:51:46.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2

*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2

*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 18 15:51:46.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2

*Dec 18 15:52:39.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.100.2:5246

*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Dec 18 15:52:40.039: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Dec 18 15:52:40.051: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Dec 18 15:52:40.059: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Dec 18 15:52:40.063: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Dec 18 15:52:40.079: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 18 15:52:40.079: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Dec 18 15:52:50.059: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 18 15:52:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.100.2 peer_port: 5246

*Dec 18 15:52:50.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 

*Dec 18 15:52:50.691: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.100.2 peer_port: 5246

*Dec 18 15:52:50.695: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2

*Dec 18 15:52:50.695: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 18 15:52:50.695: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.100.2

*Dec 18 15:52:55.691: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.100.2

*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 192.168.100.2

*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 18 15:52:55.691: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 192.168.1

8 Replies 8

jeff.kish
Level 7
Level 7

So the 1252 associates to the controller and downloads the code?  That's very strange.  Does this happen for all 1252s, or just this one?

I would advise opening a TAC case.  They're generally well-equipped to evaluate errors messages like the ones you supplied.


Sorry I can't be of more help!


Jeff

Jeff,

I only have one 1252 in this deployment.

The rest are 10 lightweight 1142s and are working great.

We ordered the 1252 with IOS by accident.

Thanks,

Scott

Leo Laohoo
Hall of Fame
Hall of Fame

Try the following:

1.  Console into the AP and in enable mode enter the command "clear lwapp private" and reboot;
2.  Console into the AP and in enable mode enter the command "clear lwapp ap controller ip address" and reboot;
3.  Console into the AP and in enable mode enter the command "lwapp ap controller ip address "
4.  If all else fails, convert the AP to autonomous and reboot.  Once the AP boots up the autonomous IOS, copy the LWAP rcv image and change the boot settings of the AP to boot the LWAP rcv image.  Once the AP has boot up to the LWAP rcv image see if it can join the WLC.

Hope this helps.

Hi,

did you find a solution for this? -i have the same problem!

Hi Marcus,

If all else fails, raise a Cisco TAC and get the AP RMA-ed.

nathan.a.reeves
Level 1
Level 1

Have you tried the AP on a vlan seperate to the WLC management ip address?

Leo Laohoo
Hall of Fame
Hall of Fame

Does the LAP's MAC address start with a "00" or not?

Nathan and Leo are alluding to CSCte01087. Basically the caveat is that DTLS fails on a non-00:xx:xx:xx:xx:xx L2 first hop. e.g. if the APs are on the same VLAN as the management interface, they must have 00 MACs; if they are on a different VLAN, the WLC/AP gateway must have a 00 MAC. If the workaround below does not suit your environment, open a TAC case for an image with the fix.

  Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.

   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
  
Conditions:
At least one of the following conditions pertains:

- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface

- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
  
Workaround:

If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.

In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:

-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00

-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.

For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
  
Another workaround is to downgrade to 6.0.182.0.  However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: