AP801 admin status is disable automatically after router reload

Answered Question
Dec 25th, 2013
User Badges:

We've got cisco 887VGW with wireless AP801GN and registering to the controller 7510, 

ap801 admin status is disable automatically after router reload.

Is there any opportunity to fix it?


AIR-CT7510-K9 os version: 7.6.100

Correct Answer by Leo Laohoo about 3 years 7 months ago
Product/Model Number                 : AP801GN-A-K9     


Ok, here's the deal.  Your AP has a regulatory domain of "-A".

Configured Country............................... Multiple Countries:CN,HK,TH,US

Next, your WLC is configured with CONFLICTING Regulatory Domain. 


The behaviour of your AP is NORMAL.  This is because in some countries, 802.11b rules are not the same with other countries.  In your case, US 802.11b rules and channels are not the same as CN/HK therefore it is disabled.


So when you have multiple country codes enabled and these country codes or regulatory domain are in conflict with each other, what happens is only the COMMON channels, radios and frequencies are allowed.  In  your particular case, only 802.1a radio is enabled while 802.11b is disabled.


You have two solutions to take back to your boss:


1.  Get another WLC and group your AP based on the Regulatory Domain. 

2.  Configure US, which is having a problem, as autonomous IOS.


Kindly refer to Wireless LAN Compliance Status.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Leo Laohoo Thu, 12/26/2013 - 01:08
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

There's got to be a reason why the admin status is "disabled".  Can you post the "sh logs" from the AP?

Wen Yu Zhai Thu, 12/26/2013 - 02:56
User Badges:

Thank you for your reply,


*Mar  1 00:00:07.623: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (11)

*Mar  1 00:00:08.775: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)

*Mar  1 00:00:11.195: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up

*Mar  1 00:00:11.711: %SYS-5-RESTART: System restarted --

Cisco IOS Software, AP801 Software (AP801-K9W8-M), Version 15.2(4)JB3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 18-Dec-13 21:56 by prod_rel_team

*Mar  1 00:00:11.711: %SNMP-5-COLDSTART: SNMP agent on host NST6839 is undergoing a cold start

*Mar  1 00:00:12.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up

*Mar  1 00:00:13.939: c3600_scp_set_dstaddr2_idb(224)add = 15 name is GigabitEthernet0

*Mar  1 00:00:15.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up

*Mar  1 00:00:24.959: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:00:33.959: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:00:33.959: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Mar  1 00:00:33.959: bsnInitRcbSlot: slot 1 has NO radio

*Mar  1 00:00:33.979: %CAPWAP-3-ERRORLOG: Binding Config Initialization failed for binding 1



*Mar  1 00:00:34.795: Starting Ethernet promiscuous mode

*Mar  1 00:00:34.979: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Mar  1 00:00:34.979: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully



*Mar  1 00:00:35.123: Logging LWAPP message to 255.255.255.255.



*Mar  1 00:00:35.151: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar  1 00:00:36.167: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar  1 00:00:37.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar  1 00:00:54.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:01:03.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:01:22.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:01:31.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:01:50.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:01:59.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:02:18.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:02:27.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:02:46.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:02:55.139: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:03:05.139: %CAPWAP-3-ERRORLOG: Selected MWAR 'CNDGIDCWLC01'(index 0).

*Mar  1 00:03:05.139: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 26 01:40:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.15.131.46 peer_port: 5246

*Dec 26 01:40:50.507: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.15.131.46 peer_port: 5246

*Dec 26 01:40:50.507: %CAPWAP-5-SENDJOIN: sending Join Request to 10.15.131.46

*Dec 26 01:40:55.507: %CAPWAP-5-SENDJOIN: sending Join Request to 10.15.131.46

*Dec 26 01:40:55.599: Starting Ethernet promiscuous mode

*Dec 26 01:40:56.019: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash

*Dec 26 01:40:56.087: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Dec 26 01:40:56.199: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller CNDGIDCWLC01

*Dec 26 01:40:56.239: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file

*Dec 26 01:40:56.239: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file

*Dec 26 01:40:56.239: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file

*Dec 26 01:40:56.239: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration fileWLAN id 1, SSID stickyvelcro, L2ACL , L2ACL AP

WLAN id 2, SSID LuxotticaRetail, L2ACL , L2ACL AP



*Dec 26 01:40:57.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Dec 26 01:40:58.451: %WIDS-6-ENABLED: IDS Signature is loaded and enabled

Wen Yu Zhai Thu, 12/26/2013 - 17:21
User Badges:

There is a 'shutdown' command in dot11radio0. It can resume nomral when we enable admin status in wlc. But the problem still exists after reload the router.


Btw, AP802 is working fine.


interface Dot11Radio0

no ip route-cache

shutdown

no cdp enable

Leo Laohoo Thu, 12/26/2013 - 19:41
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Ok, so you got a WLC.


Go to the WLC, choose the AP in the list and make sure the AP is not "Disabled".

Wen Yu Zhai Thu, 12/26/2013 - 19:56
User Badges:

Yes, the ap is enable in wlc. I have save this configuration. But it will change to disable automatically after 887 router reload.

Sent from Cisco Technical Support iPad App

Leo Laohoo Thu, 12/26/2013 - 20:38
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Can you post the following output:


1.  WLC:  sh sysinfo;

2.  AP:   sh version

Wen Yu Zhai Thu, 12/26/2013 - 21:28
User Badges:

(Cisco Controller) >show sysinfo


Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.6.100.0

RTOS Version..................................... 7.6.100.0

Bootloader Version............................... 7.3.101.0

Emergency Image Version.......................... 7.3.101.0


Build Type....................................... DATA + WPS


System Name...................................... CNDGIDCWLC01

System Location..................................

System Contact...................................

System ObjectID.................................. 1.3.6.1.4.1.9.1.1295

Redundancy Mode.................................. SSO (Both AP and Client SSO)

IP Address....................................... 10.15.131.46

System Up Time................................... 3 days 3 hrs 40 mins 22 secs

System Timezone Location......................... (GMT +8:00) HongKong, Bejing, Chongquing

System Stats Realtime Interval................... 5

System Stats Normal Interval..................... 180


Configured Country............................... Multiple Countries:CN,HK,TH,US


--More-- or (q)uit

Operating Environment............................ Commercial (10 to 35 C)

Internal Temp Alarm Limits....................... 10 to 38 C

Internal Temperature............................. +22 C

Fan Status....................................... OK

RAID Volume Status............................... OK


State of 802.11b Network......................... Enabled

State of 802.11a Network......................... Enabled

Number of WLANs.................................. 2

Number of Active Clients......................... 6


Burned-in MAC Address............................ 64:9E:F3:65:2A:80

Power Supply 1................................... Present, OK

Power Supply 2................................... Present, OK

Maximum number of APs supported.................. 300


(Cisco Controller) >




Cisco IOS Software, AP801 Software (AP801-K9W8-M), Version 15.2(4)JB3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Wed 18-Dec-13 21:56 by prod_rel_team


ROM: Bootstrap program is AP801 boot loader

BOOTLDR: AP801 Boot Loader (AP801-BOOT-M) Version 12.4(23c)JX, RELEASE SOFTWARE (fc1)


NST6839 uptime is 4 hours, 32 minutes

System returned to ROM by power-on

System image file is "flash:/ap801-k9w8-mx.152-4.JB3/ap801-k9w8-mx.152-4.JB3"

Last reload reason:


This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.


A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html


If you require further assistance please contact us by sending email to

[email protected].


cisco AP801GN-A-K9 (PowerPC 8343) processor (revision B0) with 49142K/16384K bytes of memory.

Processor board ID FGL164624AL

PowerPC 8343 CPU at 400Mhz, revision number 0x0031

Last reset from power-on

LWAPP image version 7.6.100.0

1 Gigabit Ethernet interface

1 802.11 Radio


32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 70:CA:9B:2F:49:30

Part Number                          : 73-11027-11

PCA Assembly Number                  : 800-28807-11

PCA Revision Number                  : B0

PCB Serial Number                    : FOC1634C1G6

Top Assembly Part Number             : 800-33059-04

Top Assembly Serial Number           : FGL164624AL

Top Revision Number                  : B0

Product/Model Number                 : AP801GN-A-K9       


Configuration register is 0xF

Correct Answer
Leo Laohoo Thu, 12/26/2013 - 21:35
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Product/Model Number                 : AP801GN-A-K9     


Ok, here's the deal.  Your AP has a regulatory domain of "-A".

Configured Country............................... Multiple Countries:CN,HK,TH,US

Next, your WLC is configured with CONFLICTING Regulatory Domain. 


The behaviour of your AP is NORMAL.  This is because in some countries, 802.11b rules are not the same with other countries.  In your case, US 802.11b rules and channels are not the same as CN/HK therefore it is disabled.


So when you have multiple country codes enabled and these country codes or regulatory domain are in conflict with each other, what happens is only the COMMON channels, radios and frequencies are allowed.  In  your particular case, only 802.1a radio is enabled while 802.11b is disabled.


You have two solutions to take back to your boss:


1.  Get another WLC and group your AP based on the Regulatory Domain. 

2.  Configure US, which is having a problem, as autonomous IOS.


Kindly refer to Wireless LAN Compliance Status.

Wen Yu Zhai Thu, 12/26/2013 - 23:41
User Badges:

These two solutions were not accepted by our boss. Can we solve this problem by adjusting the country code in wlc?

Sent from Cisco Technical Support iPad App

Leo Laohoo Thu, 12/26/2013 - 23:44
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

These two solutions were not accepted by our boss. Can we solve this problem by adjusting the country code in wlc?

LOL.  NOT possible.


You've got four conflicting Regulatory Domain.  There is no possible way other than the options I've provided.


You are not the first person to have this problem and you won't be the last. 

Wen Yu Zhai Fri, 12/27/2013 - 00:05
User Badges:

I am going to just configure US for test tonight. Thank you very much!


Sent from Cisco Technical Support iPad App

Jing Hong Li Thu, 12/26/2013 - 23:42
User Badges:

Dear Leo,


I am confused, It means the WLC can not support different Regulatory domain at the same time ?


Can the WLC setup different Regulator domain base on individual AP ?

Leo Laohoo wrote:


Product/Model Number                 : AP801GN-A-K9    


Ok, here's the deal.  Your AP has a regulatory domain of "-A".

Configured Country............................... Multiple Countries:CN,HK,TH,US

Next, your WLC is configured with CONFLICTING Regulatory Domain. 


The behaviour of your AP is NORMAL.  This is because in some countries, 802.11b rules are not the same with other countries.  In your case, US 802.11b rules and channels are not the same as CN/HK therefore it is disabled.


So when you have multiple country codes enabled and these country codes or regulatory domain are in conflict with each other, what happens is only the COMMON channels, radios and frequencies are allowed.  In  your particular case, only 802.1a radio is enabled while 802.11b is disabled.


You have two solutions to take back to your boss:


1.  Get another WLC and group your AP based on the Regulatory Domain. 

2.  Configure US, which is having a problem, as autonomous IOS.


Kindly refer to Wireless LAN Compliance Status.

Leo Laohoo Thu, 12/26/2013 - 23:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

I am confused, It means the WLC can not support different Regulatory domain at the same time ?

Yes and no.  The WLC will allow you to enable multiple country codes.  But COMMON SENSE dictates that if there are two (or more) conflicting channels (as an example), what's the middle line?  So the middle line is to disable the conflicting channels and enabling the COMMON CHANNELS allowed.

Can the WLC setup different Regulator domain base on individual AP ?

Yes and no.  Your WLC has four country codes:  CN, HK, US, TH.  If, say, you only enable CN, this means AP with CN Regulatory Domain will join the controller while the other three won't. 

Jing Hong Li Fri, 12/27/2013 - 00:26
User Badges:
Can the WLC setup different Regulator domain base on individual AP ?

Yes and no.  Your WLC has four country codes:  CN, HK, US, TH.  If, say, you only enable CN, this means AP with CN Regulatory Domain will join the controller while the other three won't. 


Dear Leo,


Yes, if just select CN, the other AP without CN can not join the controller.


I mean if enable the the four country codes, and appoint corresponding country code in different AP such as below:

to let the AP own the right country code to resolve this porblem ?


So, the problem is, is there a country code that compatible with CN/HK and also support -A Regulatory domain ?

Leo Laohoo Fri, 12/27/2013 - 00:39
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

So, the problem is, is there a country code that compatible with CN/HK and also support -A Regulatory domain ?

None. 

Yes, if just select CN, the other AP without CN can not join the controller.


I mean if enable the the four country codes, and appoint corresponding country code in different AP such as below:

Not going to work.  At the end of the day, the AP's regulatory domain is hard coded.  No amount of software will fix this.  It's either you get a different WLC and assign per region or you configure the AP for autonomous.  There's no other way around this other than changing the law of the countries. 

Wen Yu Zhai Sun, 12/29/2013 - 18:41
User Badges:

Dear Leo,


The issue has been resolved. Thank you for your help.

Leo Laohoo Mon, 12/30/2013 - 05:17
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

What did you have to do?

Wen Yu Zhai Mon, 12/30/2013 - 08:18
User Badges:

Uncheck country code:US,TH, just select CN,HK. AP801 and AP802 are working fine.

Leo Laohoo Mon, 12/30/2013 - 16:13
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

So what is going to happen with your APs for US and TH?

Wen Yu Zhai Wed, 01/01/2014 - 21:40
User Badges:

We don't test the US and TH, just test CN and US, CN and HK, both are working fine.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode