ā04-06-2017 06:04 PM - edited ā07-05-2021 06:49 AM
Hi guys finally got my vWLC working and now I'm stuck with these Lightweight AP's that don't want to join. I got 3 all same models except one is equipped with AIR-RM3000M either way non of them wants to join my vWLC. Before I had some certificate issue so after while messing with them I finally reload all APs with fresh recovery image ... that fix the certificate issue but now I'm stuck on this....
192.168.75.80 = vWLC Management IP
This is the section that repeats over and over on the AP with WS
*Apr 7 08:45:44.231: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:45:49.231: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:46:43.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.75.80:5246
*Apr 7 08:46:44.143: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Apr 7 08:46:44.171: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Apr 7 08:46:44.171: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Apr 7 08:46:44.171: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 7 08:46:44.171: %LINK-5-CHANGED: Interface Dot11Radio2, changed state to administratively down
*Apr 7 08:46:44.179: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 7 08:46:44.187: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 7 08:46:44.219: %LINK-6-UPDOWN: Interface Dot11Radio2, changed state to up
*Apr 7 08:46:45.175: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 7 08:46:45.203: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 7 08:46:45.211: %LINK-5-CHANGED: Interfaoce Dot11Radio1, changed state to reset
*Apr 7 08:46:46.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 7 08:46:46.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 7 08:46:46.231: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 7 08:46:46.239: %LINK-5-CHANGED: Interface Dot11Radio2, changed state to reset
*Apr 7 08:46:47.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 7 08:46:47.239: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 7 08:46:47.247: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 7 08:46:48.239: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 7 08:46:48.267: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 7 08:46:49.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 7 08:46:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:46:55.239: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:46:55.239: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:47:00.239: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
and this is the section that repeats on the other two
*Apr 7 08:54:12.207: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:54:17.207: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:55:11.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.75.80:5246
*Apr 7 08:55:11.999: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 3AFD390. -Process= "CAPWAP CLIENT", ipl= 0, pid= 73
-Traceback= 119AF80z 12A89C8z 12AA11Cz 16F51BCz 1764BB0z 16FF460z 172856Cz 1729E14z 17205BCz 1720684z 1720948z 171827Cz 172FB00z 1730BBCz 1324C90z 1309B58z
*Apr 7 08:55:11.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Apr 7 08:55:12.003: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Apr 7 08:55:12.003: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default config
*Apr 7 08:55:12.015: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Apr 7 08:55:12.919: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established. 192.168.75.80, 147E, 192.168.75.115, B3BF, 0
*Apr 7 08:55:22.015: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Apr 7 08:55:22.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:55:22.207: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:55:22.207: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:55:27.207: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:56:21.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.75.80:5246
*Apr 7 08:56:21.999: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 3AFD390. -Process= "CAPWAP CLIENT", ipl= 0, pid= 73
-Traceback= 119AF80z 12A89C8z 12AA11Cz 16F51BCz 1764BB0z 16FF460z 172856Cz 1729E14z 17205BCz 1720684z 1720948z 171827Cz 172FB00z 1730BBCz 1324C90z 1309B58z
*Apr 7 08:56:21.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Apr 7 08:56:22.003: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Apr 7 08:56:22.003: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default config
*Apr 7 08:56:22.015: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg
*Apr 7 08:56:22.839: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established. 192.168.75.80, 147E, 192.168.75.115, B3BF, 0
*Apr 7 08:56:32.015: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Apr 7 08:56:32.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:56:32.211: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.75.80 peer_port: 5246
*Apr 7 08:56:32.211: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
*Apr 7 08:56:37.211: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.75.80
Solved! Go to Solution.
ā04-06-2017 11:24 PM
if you do "debug capwap error enable" & "debug capwap events enable" you should get an clear idea.
HTH
Rasika
ā04-06-2017 06:22 PM
Post the complete output to the following commands:
ā04-06-2017 08:12 PM
AP Info:
sh version
Cisco IOS Software, C3600 Software (AP3G2-RCVK9W8-M), Version 15.2(4)JB6, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 22-Aug-14 11:58 by prod_rel_team
ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(23)JY, RELEASE SOFTWARE (fc1)
AP uptime is 18 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP3602I-A-K9 (PowerPC) processor (revision A0) with 204790K/57344K bytes of memory.
Processor board ID FCW1812J0CC
PowerPC CPU at 800MHz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.6.100.0
1 Gigabit Ethernet interface
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: B8:38:61:FB:3B:E7
Part Number : 73-14521-02
PCA Assembly Number : 800-37501-02
PCA Revision Number : A0
PCB Serial Number : FOC18116RZ3
Top Assembly Part Number : 800-43506-01
Top Assembly Serial Number : FCW1812J0CC
Top Revision Number : A0
Product/Model Number : AIR-CAP3602I-A-K9
Configuration register is 0xF
sh ip int brief
Interface IP-Address OK? Method Status Protocol
BVI1 192.168.75.128 YES DHCP up up
GigabitEthernet0 unassigned NO unset up up
GigabitEthernet0.1 unassigned YES unset up up
vWLC Info
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.2.110.0
RTOS Version..................................... 8.2.110.0
Bootloader Version............................... 8.2.110.0
Emergency Image Version.......................... 8.2.110.0
Build Type....................................... DATA + WPS
System Name...................................... CyberNet-WLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.75.200
IPv6 Address..................................... ::
System Up Time................................... 0 days 0 hrs 1 mins 58 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... US - United States
--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ 00:0C:29:3C:36:31
Maximum number of APs supported.................. 200
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1
Licensing Type................................... RTU
vWLC config...................................... Small
(Cisco Controller) >show time
Time............................................. Fri Apr 7 10:46:05 2017
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 600
Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ----------------------------------------------------------------------------------------------
ā04-06-2017 08:35 PM
NTP is missing.
I am suspecting the WLC time is incorrect, hence, the AP won't join.
Strongly recommend NTP be enabled on the controller.
ā04-06-2017 08:54 PM
Yeah NTP is not enabled and I just set the time manually so let me see what i can do with that and I will report back. Thanks for the quick reply...
PS: Assuming NTP needs to be set on both WLC and AP right?
ā04-06-2017 09:21 PM
Assuming NTP needs to be set on both WLC and AP right?
No, only on the WLC.
ā04-06-2017 10:23 PM
OK WLC is set and it shows correct time but the AP shows 4 hours difference :-( Sorry for being stupid but still in learning process...
Note: Did some testing and the AP gets it's time from WLC but it shows the time in UTC so 4hrs difference and since this is LWAPP AP there is no way to change anything so what else could prevent those AP to join WLC?
ā04-06-2017 11:24 PM
if you do "debug capwap error enable" & "debug capwap events enable" you should get an clear idea.
HTH
Rasika
ā04-07-2017 05:18 AM
That will be my next step once I get back home from work. I will get back with this thread to report back....
ā04-07-2017 02:24 PM
Finally figured out my problem after I run some debug which on my unit they are formulated a little bit differently:
debug capwap client error
debug capwap client event
Anyway I was scrolling through the log one thing really stand out it was this line:
*Apr 7 20:51:14.219: LWAPP_CLIENT_EVENT: Dropping discovery in LWAPP. This AP model is not supported by LWAPP WLC.
I know that this AP is supported so i did some digging and found out that this error could be related to the WLC licensing. So I telnet in to my WLC and run:
show license
I look through and then i spot it this one line:
License Eula: Not Accepted
so while in telnet session I type
license activate ap-count eval
and after it accepted license eula. Everything start working immediately. By the time I turn around in my chair AP restarted and start downloading new image and update.
Who would think this was related at all :-( Especially since web gui was already showing that I have 200 AP's supported so i thought the eval license was already accepted automatically.
ā04-07-2017 02:33 PM
Glad to see you finally got it working. By the way two debug commands I gave should work on WLC (I think you may tried it on AP)
Have a nice weekend.
Rasika
ā04-07-2017 02:40 PM
Oh yeah you right I was applying those on my AP.... like I said still in self learning process ... maybe one day I will get a job in filed so i don't have to spend all my free time doing this at home... it will probably make my wife happy too :-)
Anyway thanks all of you guy for the support and hints....
ā04-07-2017 02:45 PM
I am sure one day you will be master of it. Keep below link bookmarked when it comes to AP registration issues with Cisco WLC
Rasika
ā06-14-2019 10:26 AM
have made my 5 hour pain come to an end.Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: