×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Aironet APs not joining the 4402 controller

Unanswered Question
Jan 31st, 2014
User Badges:

     Got a strange one here.


I have six Aironet a/b/g access points that wont join my 4402 Wireless

Lan Controller. They are getting IP s from my DHCP server. I have

set up the scope with the Vendor description and Option 43 info

that has the ip of the controller embedded. The controller can ping

the APs no problem but when I reboot them they do not join the controller


Any ideas?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (5 ratings)
Loading.
Stephen Rodriguez Fri, 01/31/2014 - 13:15
User Badges:
  • Purple, 4500 points or more

What type of AP's do you have, and what code are you running on the WLC?



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

ethutchinson Fri, 01/31/2014 - 13:50
User Badges:

They are Cisco Aironet 802.11a/b/g Access points. The Cisco Wireless Lan Controller

is running 7.0.235.3. The whole setup is used. It used to work for a different department

in my organization. There network does not connect to mine.

Stephen Rodriguez Fri, 01/31/2014 - 14:09
User Badges:
  • Purple, 4500 points or more

ok, but what is the model name of the AP?  1130, 1240 1600 etc.



HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Sandeep Choudhary Sat, 02/01/2014 - 00:09
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Paste the output of these commands:


From WLC: sh sysinfo

From AP: sh version


Also connect your AP with console cable and paste the entire bootprocess here.


Regards

Scott Fella Sat, 02/01/2014 - 09:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Just to add.... because it worked before, doesn't mean it will work after changing things around.  I would either put the AP's on the same subnet as the WLC management is on.... this is temporary and is fast.  Once they join the WLC and download code if necessary, you can then move them to a different vlan.  Or you can create a DNS entry and don't worry about the whole option 43 and the hex thing which many have issues with.


cisco-capwap-controller..com

cisco-lwapp-controller..com


Make sure these entries point to the management ip address of the WLC.


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Rasika Nayanajith Fri, 01/31/2014 - 13:16
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Post the output of AP console when you reboot it & trying to register for a WLC


Rasika

ethutchinson Tue, 02/04/2014 - 06:21
User Badges:

Sorry for the delay. We need more help here.


Here is the boot log of one of my APs


Xmodem file system is available.
flashfs[0]: 9 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 6976512
flashfs[0]: Bytes available: 9022464
flashfs[0]: flashfs fsck took 28 seconds.
Base ethernet MAC Address: 00:1b:d4:c1:6c:1a
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1240-k9w8-mx.v124_25e_jam.201303281206/c1240-k9w8-mx.v124_25e_#####################################################

File "flash:/c1240-k9w8-mx.v124_25e_jam.201303281206/c1240-k9w8-mx.v124_25e_jam.201303281206" uncompressed and installed, entry poi0
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software, C1240 Software (C1240-K9W8-M), Experimental Version 12.4(20130328:192659) [BLD-WNBU_V124_25E_JAM_BASELINE_20130]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 28-Mar-13 12:33 by wnbubld


Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...

flashfs[2]: 9 files, 4 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 15740928
flashfs[2]: Bytes used: 6976512
flashfs[2]: Bytes available: 8764416
flashfs[2]: flashfs fsck took 4 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.

Radio0  present A506 7100 E8000000 A0000000 80000000 3
Rate table has 12 entries (0 SGI/0 BF variants)

Radio1  present A506 6700 E8000100 A0040000 80010000 2
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

cisco AIR-LAP1242AG-A-K9    (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FTX1120B4HZ
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.4.100.6
1 FastEthernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1B:D4:C1:6C:1A
Part Number                          : 73-9925-06
PCA Assembly Number                  : 800-26579-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC11171ZC7
Top Assembly Part Number             : 800-29232-01
Top Assembly Serial Number           : FTX1120B4HZ
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1242AG-A-K9  
% Please define a domain-name first.


Press RETURN to get started!


*Mar  1 00:00:06.207: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:07.819: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:08.294: %LINK-6-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:09.483: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:09.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar  1 00:00:09.581: %LWAPP-4-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1028 messages)

*Mar  1 00:00:11.778: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Experimental Version 12.4(20130328:192659) [BLD-WNBU_V124_25E_JAM_BASELINE_20130]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 28-Mar-13 12:33 by wnbubld
*Mar  1 00:00:11.779: %SNMP-5-COLDSTART: SNMP agent on host AP001b.d4c1.6c1a is undergoing a cold start
*Mar  1 00:00:12.046: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:12.046: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:12.046: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:12.282: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:00:12.283: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to resetlwapp_crypto_init: MIC Present and Parsed Succey

*Mar  1 00:00:13.049: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:00:13.049: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:00:14.855: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:20.169: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.10.147, mask 255.255.255.0, hostname AP0a

*Mar  1 00:00:30.750: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-CAPWAP-CONTROLLER.AD.NEWTONMA.GOV"...domain server (192.9.202.207)
*Mar  1 00:00:41.795: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.9.200.141 obtained through DHCP [OK]

Translating "CISCO-LWAPP-CONTROLLER.AD.NEWTONMA.GOV"...domain server (192.9.202.207) [OK]

*Mar  1 00:00:41.795: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar  1 00:00:51.805: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb  4 13:46:11.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.2 peer_port: 5246
*Feb  4 13:46:51.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count !
*Feb  4 13:46:52.919: %CDP_PD-4-POWER_OK: Full power - NON_CISCO-NO_CDP_RECEIVED inline power source
*Feb  4 13:46:53.953: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb  4 13:46:54.953: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Feb  4 13:46:54.992: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb  4 13:46:55.992: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Feb  4 13:47:10.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.2:5246
*Feb  4 13:47:13.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb  4 13:46:11.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.2 peer_port: 5246
*Feb  4 13:46:51.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count !
*Feb  4 13:47:10.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.2:5246
*Feb  4 13:47:14.046: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Feb  4 13:47:14.075: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Feb  4 13:47:14.075: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Feb  4 13:47:14.077: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb  4 13:47:14.129: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb  4 13:47:15.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Feb  4 13:47:15.104: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Feb  4 13:47:15.109: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Feb  4 13:47:16.097: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Feb  4 13:47:16.104: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Feb  4 13:47:16.134: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb  4 13:47:16.139: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Feb  4 13:47:16.144: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Feb  4 13:47:17.134: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Feb  4 13:47:17.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Feb  4 13:47:17.163: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb  4 13:47:18.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Feb  4 13:47:24.127: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb  4 13:48:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.2 peer_port: 5246

User Access Verification

Sandeep Choudhary Tue, 02/04/2014 - 07:23
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Can you paste the output of this command from WLC: sh sysinfo



Regards

Sandeep Choudhary Tue, 02/04/2014 - 07:38
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi,

its look your AP is not able to establish a secure connection to the controller..


You can do these:

simply set the AP back to factory settings

or

Update WLC software.



Regards

ethutchinson Tue, 02/04/2014 - 09:32
User Badges:

How do I reset them back to factory settings? Is that

what the mode button is for?

Scott Fella Tue, 02/04/2014 - 09:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You can either use the mode button or clear the nvram

Factory reset
http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note...

Erase NVRAM

debug lwapp console cli
debug capwap console cli
erase /all nvram

*******************************************************
Example:

Entered the username and password
debug capwap console cli
erase /all nvram:
[confirm]
undebug all
reload
[confirm]


Sent from Cisco Technical Support iPhone App

Sandeep Choudhary Tue, 02/04/2014 - 09:58
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi,


Unplug the AP then hold in the mode button (use a paper clip or pen tip). While still holding the button down plug the device back in and wait for the light(s) to go steady red. If your AP has a console port you should be good to go


In other words:


Resetting to Default Settings Using the MODE Button



  • Disconnect power (the power jack for external power or the Ethernet cable for in-line power) from the access point.
  • Press and hold the MODE button while you reconnect power to the access point.
  • Hold the MODE button until the Status LED turns amber (approximately 1 to 2 seconds), and release the button. All access point settings return to factory defaults.

Reagrds

Sandeep Choudhary Tue, 02/04/2014 - 10:06
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi,

Befor reset the AP to factory default I will request you put the output from WLC: sh sysinfo


Reagrds

ethutchinson Tue, 02/04/2014 - 10:53
User Badges:

Here you go


(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 4.0.219.0
Emergency Image Version.......................... N/A
Build Type....................................... DATA + WPS

System Name...................................... Cityhall Wireless controller
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 192.9.200.141
System Up Time................................... 0 days 20 hrs 25 mins 19 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US )

Configured Country............................... US  - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +33 C


--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:24:C4:E6:19:E0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50

(Cisco Controller) >

Sandeep Choudhary Tue, 02/04/2014 - 10:58
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Ok, Your country and AP regualtery domain is matching so it can not be a problem.


Now you can try to reset one AP and try to join again.(Is AP are in one subnet as WLC management IP?).


Also:

it  seem like something is blocking udp 5246 & or 5247. If that AP doesn't join, then something is indeed blocking.



Regards

ethutchinson Tue, 02/04/2014 - 11:16
User Badges:

Well after I reset the AP according to the instructions it is in a constant state of resetting. Here is the output from the boot.


Initializing flashfs...

flashfs[1]: 9 files, 4 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 6976512
flashfs[1]: Bytes available: 9022464
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.
cisco AIR-AP1242AG-A-K9    (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FTX1120B4HZ
PowerPCElvis CPU at 266Mhz, revision number 0x0950
Last reset from reload
LWAPP image version 3.0.51.0
1 FastEthernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1B:D4:C1:6C:1A
Part Number                          : 73-9925-06
PCA Assembly Number                  : 800-26579-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC11171ZC7
Top Assembly Part Number             : 800-29232-01
Top Assembly Serial Number           : FTX1120B4HZ
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1242AG-A-K9  


Press RETURN to get started!


*Mar  1 00:00:06.220: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1240 Software (C1240-RCVK9W8-M), Version 12.3(11)JX1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 17-Jul-06 11:44 by alnguyen
*Mar  1 00:00:07.156: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:08.156: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar  1 00:00:25.229: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar  1 00:00:33.365: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.10.3, mask 255.255.255.0, hostna

Translating "CISCO-LWAPP-CONTROLLER.AD.NEWTONMA.GOV"...domain server (192.9.202.207) [OK]

*Mar  1 00:00:46.639: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar  1 00:00:54.640: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response

*Mar  1 00:00:54.640: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.

*Mar  1 00:01:02.649: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response

*Mar  1 00:01:02.649: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.

*Mar  1 00:01:02.674: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET JOIN RESPONSE.
*Mar  1 00:01:02.674: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
*Mar  1 00:01:07.018: %CDP_PD-4-POWER_OK: Full power - NON_CISCO-NO_CDP_RECEIVED inline power sourceXmodem file system is available.
flashfs[0]: 9 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 6976512
flashfs[0]: Bytes available: 9022464
flashfs[0]: flashfs fsck took 28 seconds.
Base ethernet MAC Address: 00:1b:d4:c1:6c:1a
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up


It looks like the option 43 stuff is not getting to the ap. It was before because the controller ip was getting installed as you can see from my previous post.

ethutchinson Tue, 02/04/2014 - 11:20
User Badges:

How do you know udp 5246 and 5247 are being blocked? If that is the case then where does the ap need to communicate to over those ports?

Sandeep Choudhary Tue, 02/04/2014 - 11:32
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

I asked you because something is blocking AP to join WLC.


Just for info:


The CAPWAP UDP ports 5246 and 5247 (similar to the LWAPP UDP ports 12222 and 12223) are enabled and are not blocked by an intermediate device that could prevent an access point from joining the controller.

The access points use a random UDP source port to reach these destination ports on the controller. In controller software release 5.2, LWAPP was removed and replaced by CAPWAP, but if you have a new out-of-the-box access point, it could try to use LWAPP to contact the controller before it downloads the CAPWAP image from the controller.


Regards

Scott Fella Tue, 02/04/2014 - 11:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Place the AP on the same subnet as the WLC management and see if the AP joins.  If not, post the output from the console of the AP, but post everything from rebooting until about 5 minutes worth of data.


Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Sandeep Choudhary Tue, 02/04/2014 - 11:24
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

HI,


This is the output from console port,



*Mar  1 00:01:02.649: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the Join response

*Mar  1 00:01:02.649: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.


This is a clear indication that the LAP is not part of the AP authorization list on the controller.

You can view the status of the AP authorization list using this command:


(Cisco Controller) >show auth-list


Authorize APs against AAA ....................... enabled

Allow APs with Self-signed Certificate (SSC) .... disabled


Via GUI: Security > AP Policies


Solution is to:  To add an LAP to the AP authorization list, use the config auth-list add mic command.


Regards

Dont forget to rate helpful posts

Scott Fella Tue, 02/04/2014 - 14:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You can add the base Mac on the GUI or CLI.

Sent from Cisco Technical Support iPhone App

Sandeep Choudhary Tue, 02/04/2014 - 22:15
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

HI You can do by GUI or CLI:


GUI:

Login to WLC:

Go to Security > AP Policies, enter the AP MAC address under Add AP to Authorization List and click Add


In my above post I told u about CLI way to add AP mac.


Regards

Dont forget to rate helpful posts

Sandeep Choudhary Tue, 02/04/2014 - 22:59
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Is Now AP joining to WLC ??



If this is resolved then please mark this question as answered, it may help others.


Reagrds

Dont forget to rate helpful posts

Sandeep Choudhary Tue, 02/04/2014 - 23:16
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Kamal,

I dont know. is you are facing this issue or this guy ethutchinson ?


If you are facing the similier or bit diff issue then you can create a new thread with problem description.

** I also replied on your personal message.


Regards

KAMAL MISHRA Tue, 02/04/2014 - 23:18
User Badges:

Ealier i have tried but it will not work and its a remote issue i can not take console right now but i think it will resolve my issue because i have not tried GUI steps.

Sandeep Choudhary Tue, 02/04/2014 - 23:22
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Hi Kamal,

No problem, Alwayas ready for help.

Create a new fresh thread so that we can know the exact problem.


Regards

KAMAL MISHRA Tue, 02/04/2014 - 23:19
User Badges:

Dear Sandeep,


thanks a lot for your valuable help.



*******


Message was edited by: KAMAL MISHRA

KAMAL MISHRA Tue, 02/04/2014 - 23:28
User Badges:

Dear Sandip,


My earlier doubts was very much cleared from ur side.


and u have give me solution for all my queries i got nice and prompt support from you.


Thanks.....

Sandeep Choudhary Tue, 02/04/2014 - 23:33
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Glad that kuch to kam aaya

If you any doubts then posts a thread.


Regards

Dont forget to rate all helpful posts

Sandeep Choudhary Tue, 02/04/2014 - 23:53
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

see this image:

Unbenannt.png


Regards

ethutchinson Mon, 02/10/2014 - 04:55
User Badges:

Sorry to not get back you. I was involved in another setup. I will try to

add the base ethernet Mac address to day to the GUI as you have

suggested and I will get back to you.

ethutchinson Mon, 02/10/2014 - 05:37
User Badges:

Sandeep,


There are three options for certificate when I go to

add the MAC address. mic, ssc, lsc. Which one do I want?

Sandeep Choudhary Mon, 02/10/2014 - 05:52
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Select MIC.

If still fail then paste the. Boot process from AP.

Regards

Sent from Cisco Technical Support iPhone App

ethutchinson Mon, 02/10/2014 - 09:32
User Badges:

I think I bricked the one I was testing with by pressing the mode button on the back. My bad. Well I grabbed another one from the pile and plugged it in to my switch. This time it grabs an IP ( no option 43 though ) but dumps on these lines.


*Feb 10 17:18:41.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!

*Feb 10 17:18:41.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.10.2 is reached.

*Feb 10 17:19:01.046: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.2:5246 *Feb 10 17:18:41.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!
*Feb 10 17:18:41.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.10.2 is reached.
*Feb 10 17:19:01.046: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.2:5246


I wonder if it thinks 192.168.10.2  is my WLC. Because it is not. Is there a way to see what controller address if any has been assigned to the AP?


Thanks

Sandeep Choudhary Mon, 02/10/2014 - 09:58
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Can you paste the full bootup process....reboot it and paste all logs.



Reagrds

ethutchinson Mon, 02/10/2014 - 10:54
User Badges:

Sorry bout that, Here you go


Xmodem file system is available.
flashfs[0]: 10 files, 3 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 6869504
flashfs[0]: Bytes available: 9129472
flashfs[0]: flashfs fsck took 28 seconds.
Base ethernet MAC Address: 00:1b:d4:c1:6a:b8
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1240-k9w8-mx.124-23c.JA6/c1240-k9w8-mx.124-23c.JA6"...#############################################################

File "flash:/c1240-k9w8-mx.124-23c.JA6/c1240-k9w8-mx.124-23c.JA6" uncompressed and installed, entry point: 0x3000
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706


Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(23c)JA6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Sep-12 14:23 by prod_rel_team


Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...

flashfs[1]: 10 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15740928
flashfs[1]: Bytes used: 6869504
flashfs[1]: Bytes available: 8871424
flashfs[1]: flashfs fsck took 4 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.

Radio0  present A506 7100 E8000000 A0000000 80000000 3
Radio1  present A506 6700 E8000100 A0040000 80010000 2
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

cisco AIR-LAP1242AG-A-K9    (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FTX1120B4MH
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.0.235.3
1 FastEthernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:1B:D4:C1:6A:B8
Part Number                          : 73-9925-06
PCA Assembly Number                  : 800-26579-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC11171ZBY
Top Assembly Part Number             : 800-29232-01
Top Assembly Serial Number           : FTX1120B4MH
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1242AG-A-K9  
% Please define a domain-name first.


Press RETURN to get started!


*Mar  1 00:00:05.566: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:07.171: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:08.769: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:08.866: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)

*Mar  1 00:00:08.896:  status of voice_diag_test from WLC is false
*Mar  1 00:00:11.001: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:11.061: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(23c)JA6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 05-Sep-12 14:23 by prod_rel_team
*Mar  1 00:00:11.061: %SNMP-5-COLDSTART: SNMP agent on host AP001b.d4c1.6ab8 is undergoing a cold start
*Mar  1 00:00:11.141: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar  1 00:00:11.320: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:11.321: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:11.321: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:11.560: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:00:11.560: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:00:12.004: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar  1 00:00:12.330: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:00:12.330: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:00:19.445: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 192.168.10.5, mask 255.255.255.0, hostn8

*Mar  1 00:00:29.994:  status of voice_diag_test from WLC is false
*Mar  1 00:00:30.070: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-CAPWAP-CONTROLLER.AD.NEWTONMA.GOV"...domain server (192.9.202.207) [OK]

Translating "CISCO-LWAPP-CONTROLLER.AD.NEWTONMA.GOV"...domain server (192.9.202.207) [OK]

*Feb 10 17:18:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.2 peer_port: 5246
*Feb 10 17:18:04.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 
*Feb 10 17:18:25.333: %CDP_PD-4-POWER_OK: Full power - NON_CISCO-NO_CDP_RECEIVED inline power source
*Feb 10 17:18:25.366: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb 10 17:18:25.405: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb 10 17:18:26.335: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Feb 10 17:18:26.335: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Feb 10 17:18:26.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Feb 10 17:18:41.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!
*Feb 10 17:18:41.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.10.2 is reached.
*Feb 10 17:19:01.046: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.2:5246
*Feb 10 17:19:04.093: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 10 17:19:04.093: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 10 17:19:04.153: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Feb 10 17:19:04.153: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Feb 10 17:19:04.154: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb 10 17:19:04.184:  status of voice_diag_test from WLC is false
*Feb 10 17:19:04.185: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb 10 17:19:04.187: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down
*Feb 10 17:19:04.192: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Feb 10 17:19:04.219: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb 10 17:19:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.2 peer_port: 5246

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode