AP won't join 2504 WLC

jenna.agosto · ‎08-15-2016

I have six access points on my 2960 24ps. The other day four of these went down. These four all get power from the switch, the other two do not (they are still up). Looking at the switch, I am unable to see the access points connected with cdp neighbor. I power cycled the switch, and even replaced it thinking it was a PoE issue, but the same issue persists.

The 3602e access point when rebooted goes through the discovery process but fails to join the 2540 WLC and the LED consistently flashes red and green. I was unable to ping or ssh to the AP so I had to get up on a lift to get it down; consoled in and after a while I see the error message "CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP."

Looking at the controller, it does not receive a join request from the AP. The AP has a static IP address as well as the address for the WLC.

Not sure what happened to cause all four APs to drop at the same time, nor how to remediate this error message. This is my first time working with these APs, so any help would be greatly appreciated. Thank you all!

Rasika Nayanajith · ‎08-15-2016

Looking at the controller, it does not receive a join request from the AP. The AP has a static IP address as well as the address for the WLC

From AP console can you ping the WLC ? If not there should be some connectivity issues. If AP had static IP, then make sure it can reach its default gateway.

Below is sample config how you can statically set this up (modify the IP as appropriate to your setup)

capwap ap ip address 10.10.113.5 255.255.255.0
capwap ap ip default-gateway 10.10.113.1
capwap ap primary-base <wlc_name> <wlc_mgt_ip_addr>

Refer this post as well

https://mrncciew.com/2013/03/17/ap-registration/

Even with this if AP unable to register, pls attach AP console output in the next response

HTH

Rasika

*** Pls rate all useful responses ***

jenna.agosto · ‎08-15-2016

When attempting to ping the WLC from the AP I get the output "% Unrecognized host or address, or protocol not running."

capwap ap ip address x.x.x.x x.x.x.x

"You should configure Domain and Name Server from controller CLI/GUI."

After all previous commands entered the message is still received "%CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP."

Console output:

Building configuration...

Current configuration : 23043 bytes
!
! Last configuration change at 15:08:18 UTC Fri Jul 19 2013 by Cisco
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxx
!
!
logging rate-limit console 9
enable secret 5 $1$Q93C$yK1aFYEzjvnLjGHQKKj0I.
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
no ip routing
no ip cef
!
!
!
!
!
!
eap profile lwapp_eap_profile
method fast
!
!
crypto pki trustpoint cisco-m2-root-cert
revocation-check none
!
crypto pki trustpoint Cisco_IOS_M2_MIC_cert
revocation-check none
!
crypto pki trustpoint airespace-old-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint airespace-new-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint airespace-device-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint cisco-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
crypto pki trustpoint Cisco_IOS_MIC_cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
!
!
crypto pki certificate chain cisco-m2-root-cert
certificate ca 01
xxxx
quit
crypto pki certificate chain Cisco_IOS_M2_MIC_ce9:08.570:.rt
certificate ca 02

quit
crypto pki certificate chain airespace-old-root-cert
certificate ca 00

quit
crypto pki certificate chain airespace-new-root-cert
certificate ca 00

quit
crypto pki certificate chain airespace-device-root-cert
certificate ca 03

quit
crypto pki certificate chain cisco-root-cert
certificate ca
quit

crypto pki certificate chain Cisco_IOS_MIC_cert
certificate
quit
certificate ca
quit
username Cisco secret xxxxx
!
!
ip ssh version 2
lldp run
bridge irb
!
!
!
interface Dot11Radio0
no ip route-cache
antenna gain 0
stbc
mbssid
power local 17
power client local
packet retries 64 drop-packet
station-role root
no cdp enable
!
interface Dot11Radio1
no ip route-cache
antenna gain 0
peakdetect
stbc
mbssid
power client local
packet retries 64 drop-packet
station-role root
no cdp enable
!
interface GigabitEthernet0
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address 7c69.f61a.152d
ip address dhcp client-id BVI1
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
interface Virtual-WLAN0
no ip route-cache
!
ip default-gateway 10.255.65.254
ip forward-protocol nd
no ip http server
!
!
logging trap emergencies
logging origin-id string AP:7c69.f61a.152d
logging facility kern
logging host 255.255.255.255
!
!
bridge 1 protocol ieee
bridge 1 route ip
parser view capwap-config-view
secret 5 xxxx.
commands configure include all capwap
commands exec include all enable
commands exec include configure terminal
commands exec include configure
commands exec include all show capwap
commands exec include show running-config
commands exec include show
!
!
line con 0
line vty 0 4
transport input none
line vty 5 15
transport input none
!
end

Rasika Nayanajith · ‎08-15-2016

When attempting to ping the WLC from the AP I get the output "% Unrecognized host or address, or protocol not running."

Try " debug capwap console cli" command & then try to ping WLC IP from AP

ip default-gateway 10.255.65.254

Is this on the right network for AP management ? I hope your swichport connect to this AP configured as access port on the same vlan belongs to this network.

HTH

Rasika

jenna.agosto · ‎08-16-2016

Here is the config for the switch port that the AP is connected to:

interface GigabitEthernet0/22
description To ...
switchport access vlan 70
switchport mode access
srr-queue bandwidth share 1 95 2 1
srr-queue bandwidth shape 100 0 0 0
storm-control broadcast level 60.00 5.00
storm-control multicast level 80.00 20.00
spanning-tree portfast

jenna.agosto · ‎08-16-2016

The switch can ping the WLC, but it cannot ping the AP. It does not see it connected. The port is dark and the interface is down down. Even with the AP directly connected to the switch port it is dark but the AP powers up just fine.

Rasika Nayanajith · ‎08-16-2016

Did you try to change the switchport & directly connect the AP to switch ? swap the cat6 cable as well. Interface should come up

HTH

Rasika

jenna.agosto · ‎08-16-2016

Yep, that's exactly what I tried next. I swapped the cable - still down.

I tried a new port - still down.

I directly connected the AP to the switch - still down.

I then tested my spare AP on the same switch port with the same cable and both the port and the AP come up.

When I copied the config from the original AP to the new AP, it took them both down again so there is something in the config on the AP that is causing the issue.

jenna.agosto · ‎08-16-2016

Ok, so I reset the new AP and configured the IP, Gateway and primary controller IP.

I now get the error %LWAPP-3-FALLBACK_DHCP: Invalid Static Gateway, so fallback to DHCP.

Rasika Nayanajith · ‎08-16-2016

When I copied the config from the original AP to the new AP, it took them both down again so there is something in the config on the AP that is causing the issue.

Try this on the original that failed. Makesure it is connected to a switchport that has DHCP enabled (so you do not want to configure IP statically)

LAP#debug capwap console cli
LAP#erase /all nvram:
LAP#reload

Once AP reload apply below

LAP#capwap ap primary-base <wlc_name> <wlc_mgt_ip>

let's have very basic switchport config for simplicity

interface GigabitEthernet0/x
switchport access vlan x
switchport mode access

HTH

Rasika

*** Pls rate all useful responses ***