Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with WLC 4402 and Ap 1242AG

Help with WLC 4402 and Ap 1242AG

Hi I need some ideas this is the problem:

I have a small network in which I have 5 aps 1242 ( The Aps were autonomous and now there are lightweight) and a WLC 4402, and everything was working fine until the APs failed to record in controller, when I saw the loggs in the aps that indicate that the Ap can not see the controller, The controller works in Layer 2,the Aps and WLC are in the same segment,they are connect to the same switch. I put the Controller logs in the cisco output interpreter and this is what resulted:

ERROR MESSAGE NOTIFICATIONS (if any)

%SIM-3-ARP_SND_FAIL (x1): Unable to send ARP Request. Local MAC: [hex]:[hex]:[hex]:[hex]:[hex]:[hex].Ip

Addr: [int].[int].[int].[int]Interface # [dec]. Vlan Id: [dec]

Explanation: Unable to send ARP Request.

%DTL-3-ARP_SEND_FAILED (x1): Could not send [chars] to [hex]:[hex]:[hex]:[hex]:[hex]:[hex].

VLAN=[dec], Intf=[dec]. [chars].

Explanation: Could not send an ARP packet.

%SYSNET-3-INV_IF (x1): Circuit Error - vlan id & intIfNum = 0.

Explanation: Circuit Error - Both vlan id & intIfNum are 0.

%SIM-3-PORT_GETSTATE_FAIL (x1): Unable to get link state for port [dec] of interface[chars].

Explanation: Unable to get link state for a port

%LWAPP-3-DECODE_ERR (x4): Error decoding [chars] from AP [hex]:[hex]:[hex]:[hex]:[hex]:[hex]

Explanation: The LWAPP message sent by the AP was not understood by the controller,

the message was dropped. AP may not function as expected.

%LWAPP-3-DISC_OTAP_ERR (x4): Ignoring OTAP discovery request from AP [hex]:[hex]:[hex]:[hex]:[hex]:[hex],

OTAP is disabled

Recommended Action: Copy the message exactly as it appears on the console or in the system log. Research and attempt to resolve the issue using the tools and utilities provided at http://www.cisco.com/tac. With some messages, these tools and utilities will supply clarifying information. Search for resolved software issues using the Bug Toolkit at http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs.

If you still require assistance, open a case with the Technical Assistance Center via the Internet at http://tools.cisco.com/ServiceRequestTool/create/launch.do,

or contact your Cisco technical support representative and provide the representative with the information you have gathered.

**Note this recommended action its by the previously messajes

Explanation: Controller received discovery request from an AP that learnt the

controller's address over the air, but Over The Air Provisioning (OTAP) is disabled

on the controller.

Recommended Action: Enable OTAP on the controller if desired, otherwise this

message can be ignored.

%LWAPP-3-DISC_AP_MGR_ERR1 (x4): Unable to process primary discovery request

from AP on interface ([int]), VLAN ([int]), could not get AP manager [hex]:[hex]:[hex]:[hex]:[hex]:[hex]

Explanation: A discovery response could not be sent to an AP because the controller

was not able to obtain the IP address of the AP manager interface

Recommended Action: Correct the AP manager interface configuration.

No information on error code CAPWAP-3-DISC_AP_MGR_ERR1

No information on error code CAPWAP-3-DECODE_ERR

No information on error code DTLS-3-HANDSHAKE_FAILURE

the version of the wlc is AIR-WLC4400-K9-5-2-178-0.aes, the trafic betten the wlc and the aps is by the native vlan

11 REPLIES
Hall of Fame Super Silver

Re: Help with WLC 4402 and Ap 1242AG

You need to set the WLC in Layer3 mode and make sure there is a dhcp on that subnet for the ap's to obtain an ip address. Your ap's should be able to find and join the wlc now. Layer 2 mode was for support of the 1000 series AP's.

-Scott
*** Please rate helpful posts ***
New Member

Re: Help with WLC 4402 and Ap 1242AG

I try to do this, but i continue with the problem, the aps have static ip and the ip of the controller

Hall of Fame Super Silver

Re: Help with WLC 4402 and Ap 1242AG

Set it in Layer 3 and then console into the ap and post the log. I need to see what is happening after the ap boots.

-Scott
*** Please rate helpful posts ***
New Member

Re: Help with WLC 4402 and Ap 1242AG

this is the log of the ap:

*Apr 22 10:38:41.166: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 10:38:50.076: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Apr 22 10:38:59.077: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLERwtpDecodeDiscovery Response numOfCapwapDiscoveryResp = 0

wtpDecodeDiscovery Response numOfCapwapDiscoveryResp = 1

*Apr 22 10:39:09.078: capwapHandleDiscoveryTimer Expired

*Apr 22 10:39:09.078: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Apr 22 10:39:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: x.x.x.x.x peer_port: 5246

*Apr 22 10:39:23.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:1924 Max retransmission count reached!

*Apr 22 10:39:23.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for x.x.x.x.x is reached.

*Apr 22 10:40:09.054: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 22 10:40:09.065: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Apr 22 10:40:09.065: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Apr 22 10:40:09.076: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 10:40:09.076: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to upwtpDecodeDiscovery Response numOfCapwapDiscoveryResp = 0

wtpDecodeDiscovery Response numOfCapwapDiscoveryResp = 1

*Apr 22 10:40:09.078: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 10:40:09.108: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 10:40:09.109: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Apr 22 10:40:09.137: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Apr 22 10:40:09.138: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 10:40:09.168: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 10:40:19.076: capwapHandleDiscoveryTimer Expired

*Apr 22 10:40:19.076: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Apr 22 10:40:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: x.x.x.x.x peer_port: 5246

*Apr 22 10:40:33.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:1924 Max retransmission count reached!

*Apr 22 10:40:33.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for x.x.x.x.x is reached.

*Apr 22 10:41:19.054: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

Hall of Fame Super Silver

Re: Help with WLC 4402 and Ap 1242AG

This is a new install correct? Can you post your show run-config?

-Scott
*** Please rate helpful posts ***
New Member

Re: Help with WLC 4402 and Ap 1242AG

this is the configuration

Building configuration...

hostname DIRECCION

!

aaa new-model

aaa authentication login default local

aaa session-id common

eap profile lwapp_eap_profile

method fast

!

!

crypto pki trustpoint Cisco_IOS_MIC_cert

revocation-check none

rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint cisco-root-cert

revocation-check none

rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-device-root-cert

revocation-check none

rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-new-root-cert

revocation-check none

rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-old-root-cert

revocation-check none

rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki certificate chain Cisco_IOS_MIC_cert

certificate 6CB1AAF100000005B9FA

30820468 30820350 A0030201 02020A6C B1AAF100 000005B9 FA300D06 092A8648

86F70D01 01050500 30393116 30140603 55040A13 0D436973 636F2053 79737465

certificate ca 6A6967B3000000000003

308204D9 308203C1 A0030201 02020A6A 6967B300 00000000 03300D06 092A8648

86F70D01 01050500 30353116 30140603 55040A13 0D436973 636F2053 79737465

6D73311B 30190603 55040313 12436973 636F2052 6F6F7420 43412032 30343830

crypto pki certificate chain cisco-root-cert

certificate ca 5FF87B282B54DC8D42A315B568C9ADFF

30820343 3082022B A0030201 0202105F F87B282B 54DC8D42 A315B568 C9ADFF30

0D06092A 864886F7 0D010105 05003035 31163014 06035504 0A130D43 6973636F

20537973 74656D73 311B3019 06035504 03131243 6973636F 20526F6F 74204341

crypto pki certificate chain airespace-device-root-cert

certificate ca 03

3082047F 308203A8 A0030201 02020103 300D0609 2A864886 F70D0101 04050030

81A6310B 30090603 55040613 02555331 13301106 03550408 130A4361 6C69666F

726E6961 3111300F 06035504 07130853 616E204A 6F736531 17301506 0355040A

crypto pki certificate chain airespace-new-root-cert

certificate ca 00

3082045A 30820383 A0030201 02020100 300D0609 2A864886 F70D0101 04050030

81A6310B 30090603 55040613 02555331 13301106 03550408 130A4361 6C69666F

crypto pki certificate chain airespace-old-root-cert

certificate ca 00

30820406 3082032F A0030201 02020100 300D0609 2A864886 F70D0101 04050030

818F310B 30090603 55040613 02555331 13301106 03550408 130A4361 6C69666F

username cisco secret 5

!

!

ip ssh version 2

!

!

interface Dot11Radio0

no ip route-cache

mbssid

power client local

packet retries 64 drop-packet

!

interface Dot11Radio1

no ip route-cache

shutdown

mbssid

power client local

packet retries 64 drop-packet

!

interface FastEthernet0

ip address 192.168.0.240 255.255.255.0

no ip route-cache

duplex auto

speed auto

!

ip default-gateway 192.168.0.254

logging trap errors

logging origin-id string AP:001d.a1fc.ad36

logging snmp-trap notifications

logging snmp-trap informational

logging snmp-trap debugging

logging 0.0.0.0

!

Hall of Fame Super Silver

Re: Help with WLC 4402 and Ap 1242AG

Sorry... Need you to run this on the wlc cli. Put it ito a text file and post it.

Thanks

-Scott
*** Please rate helpful posts ***
New Member

Re: Help with WLC 4402 and Ap 1242AG

Show running-config

advanced 802.11b monitor Channel-list all

location rssi-half-life tags 0

location rssi-half-life client 0

location rssi-half-life rogue-aps 0

location expiry tags 5

location expiry client 5

location expiry calibrating-client 5

location expiry rogue-aps 5

Cisco Public Safety is not allowed to set in this domain

ap syslog host global 255.255.255.255

country MX

local-auth method fast server-key 73656372657

interface create datos 30

interface create voz 40

interface address ap-manager z.z.0.238 255.255.254.0 z.z.0.254

interface address dynamic-interface datos z.z.30.251 255.255.254.0 z.z.30.254

interface address management z.z.0.239 255.255.254.0 z.z.0.254

interface address service-port 2.2.2.2 255.255.255.252

interface address virtual 1.1.1.1

interface address dynamic-interface voz z.z.40.250 255.255.254.0 z.z.40.254

interface dhcp ap-manager primary z.z.0.254

interface dhcp dynamic-interface datos primary z.z.30.254

interface dhcp management primary z.z.0.254

interface dhcp service-port disable

interface dhcp dynamic-interface voz primary z.z.40.2

interface vlan datos 30

interface vlan voz 40

interface port ap-manager 29

interface port datos 29

interface port management 29

interface port voz 29

rogue ap friendly add 00:0d:54:a4:10:94

rogue ap friendly add 00:a0:f8:b2:6a:00

lag enable

load-balancing status enable

load-balancing window 5

apgroup add default-group

apgroup interface-mapping add default-group 1 datos

apgroup interface-mapping add default-group 2 voz

wlan apgroup nac disable default-group 1

wlan apgroup nac disable default-group 2

memory monitor error disable

memory monitor leak thresholds 10000 30000

mesh security rad-mac-filter disable

mesh security rad-mac-filter disable

mesh security eap

mobility dscp 0

network webmode enable

network telnet enable

network master-base enable

network mgmt-via-wireless enable

network ap-priority disabled

network otap-mode disable

network rf-network-name

port autoneg 1 disable

port physicalmode 1 1000sx

radius fallback-test mode off

radius fallback-test username cisco-probe

radius fallback-test interval 300

rogue ap classify malicious state contain 00:10:e7:b5:a2:95 1

rogue ap classify malicious state contain 00:21:7c:35:5d:61 3

rogue ap ssid alarm

rogue ap valid-client alarm

rogue adhoc enable

rogue adhoc alert

rogue ap rldp disable

snmp version v2c enable

snmp version v3 enable

spanningtree port mode off 1

spanningtree port mode off 2

sysname

trapflags mesh excessive hop count disable

trapflags mesh sec backhaul change disable

wlan create 1 xxxx xxxx

wlan create 2 yyyy yyyy

wlan nac disable 1

wlan nac disable 2

wlan interface 1 datos

wlan interface 2 voz

wlan broadcast-ssid disable 2

wlan session-timeout 1 1800

wlan session-timeout 2 1800

wlan h-reap learn-ipaddr 1 enable

wlan h-reap learn-ipaddr 2 enable

wlan wmm allow 1

wlan wmm allow 2

wlan security wpa disable 1

wlan security wpa disable 2

wlan security static-wep-key enable 1

wlan security static-wep-key enable 2

wlan security static-wep-key authentication shared-key 1

wlan security static-wep-key authentication shared-key 2

wlan security static-wep-key encryption 1 104

wlan security static-wep-key encryption 2 104

wlan security wpa akm 802.1x disable 1

wlan security wpa akm 802.1x disable 2

wlan security wpa akm ft reassociation-time 20 1

wlan security wpa akm ft over-the-air enable 1

wlan security wpa akm ft over-the-ds enable 1

wlan security wpa akm ft reassociation-time 20 2

wlan enable 1

wlan enable 2

license agent default authenticate none

Re: Help with WLC 4402 and Ap 1242AG

Can you tell us what version of code you are running?

Can you connect to the console port of an AP and ping the controller IP? You mention above that the AP's have the address of the controller - what address? Management or AP Management? Usually, once the AP's have the Management ip address set, they immediately join the controller. If they can't reach the controller, or if the controller's time is not set, then they won't be able to join.

New Member

Re: Help with WLC 4402 and Ap 1242AG

Its the show running part

Yes I can ping the ip of the wlc, the address is the management. the version of the wlc its the newest

I put a new wlc whit the newest version of software and the aps can't joint the wlc.

I made a Lab with the wlc and one Ap, I converting the Ap back to autonomous mode, I delete all de configuration and then I converting the Ap back to ligthweith and the ap can join the controller

New Member

Re: Help with WLC 4402 and Ap 1242AG

I had a similar issue with an AP not joining a controller which has recently been upgraded to version 6.0.182.0. While debugging I realized the message "Discarding discovery request in LWAPP from AP supporting CAPWAP" on the controller... While converting to autonomous mode and back to lightweight would resolve the issue, probably the easier way is to boot the AP with no network connection and sourced through an external power supply, deleting the lightweight images from the flash (leaving the recovery image on) and reloading the AP from the console - Clearing all the LWAPP config and setting the params manually - é voilà: registering at the controller and downloading its new lightweight image... Still, this is no solution for many, possible remote, APs, but as a workaround it's good enough.

6170
Views
0
Helpful
11
Replies