Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

sam
New Member

1131 unable to join 2106 WLC

On the AP I get:

%LWAPP-5-CHANGED: LWAPP changed state to JOIN

%LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

%LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

%LWAPP-5-CHANGED: LWAPP changed state to CFG

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Response: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Process Secure Msg: decrypting with CCM returned failur

e

%LWAPP-3-CLIENTERRORLOG: Config Command: error processing secure message

%LWAPP-3-CLIENTERRORLOG: Config Request Timer: did not recieve config response (

controller - WLC-2106)

%SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID NOT GET CONF

IG RESPONSE.

%LWAPP-5-CHANGED: LWAPP changed state to DOWN

On the controller logs I get:

Oct 12 06:00:07.987 spam_l2.c:760 LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP 00:1a:30:7e:89:10 for CONFIGURE_COMMAND

(number of pending messages is 6)

Oct 12 06:00:01.724 spam_lrad.c:8043 LWAPP-3-RD_ERR9: APs 00:1a:30:7e:89:10 country code changed from () to (US )

Oct 12 06:00:01.723 spam_lrad.c:7715 LWAPP-3-RD_ERR7: Invalid country code () for AP 00:1a:30:7e:89:10

Oct 12 06:00:01.719 spam_lrad.c:8043 LWAPP-3-RD_ERR9: APs 00:1a:30:7e:89:10 country code changed from () to (US )

Oct 12 06:00:01.718 spam_lrad.c:7715 LWAPP-3-RD_ERR7: Invalid country code () for AP 00:1a:30:7e:89:10

Oct 12 05:58:02.787 spam_l2.c:760 LWAPP-3-TX_ERR3: Max retransmissions for LWAPP control message reached on AP 00:1a:30:7e:89:10 for CONFIGURE_COMMAND

The AP hardware version is:

cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision A0) with 24566K/81

92K bytes of memory.

Processor board ID FTX1102T29R

PowerPCElvis CPU at 262Mhz, revision number 0x0950

Last reset from reload

LWAPP image version 4.2.130.0

1 FastEthernet interface

2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:1A:A1:73:B4:DC

Part Number : 73-8962-11

PCA Assembly Number : 800-24818-10

PCA Revision Number : A0

PCB Serial Number : FOC105107E6

Top Assembly Part Number : 800-25544-06

Top Assembly Serial Number : FTX1102T29R

Top Revision Number : B0

Product/Model Number : AIR-LAP1131AG-A-K9

and on the Country page of the controller it shows:

Regulatory Domain 802.11a: -AB

802.11bg: -AB

The AP's will never join the controller despite having the correct regulatory domain set. I'm at a loss as to what could be going on. Has anyone seen something like this before?

Thanks in advance!

-Sam

12 REPLIES
Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

So when you do a show country on the wlc it shows United States? Is the management and ap-manager on the same subnet and are set to untagged "0" with the native vlan set on the trunk port as native valn .

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

Thanks for the reply!

You are correct. Below is the output:

(Cisco Controller) >show country

Configured Country............................. US - United States

Configured Country Codes

US - United States............................. 802.11a / 802.11b / 802

.11g

(Cisco Controller) >show interface summ

Interface Name Port Vlan Id IP Address Type Ap Mgr Gu

est

-------------------------------- ---- -------- --------------- ------- ------ --

---

ap-manager 1 untagged 192.168.3.20 Static Yes No

management 1 untagged 192.168.3.2 Static No No

From the port on the asa going to port 1 on the controller:

!

interface Ethernet0/1

switchport trunk allowed vlan 2,12

switchport trunk native vlan 2

switchport mode trunk

!

The port feeding the AP:

!

interface Ethernet0/7

switchport access vlan 2

!

The vlan config on the asa:

!

interface Vlan2

nameif inside

security-level 100

ip address 192.168.3.1 255.255.255.0

!

Any other information you think would be helpful, please ask! By the way, I've also tried joining a 1242 (US) and got the same error messages on the controller so I'm quite confident that we're looking at a controller issue here. Thanks again for the response! I look forward to any other suggestions you may have.

-Sam

Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

Try this for now... Connect the wlc to a switch and place the ap's on the same clan. Create a dhcp scope so the ap's get an ip address and see if that works.

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

I did previously have the AP's and controllers on a dumb switch. The AP's got addresses and located the controller (even did the code update just fine!). This errors posted above occur after the AP comes up the second time. I noticed that my bootloader was very old so I tried to update it just now. Now I'm getting:

grub>

when I boot the WLC. I fear the worst...

Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

What code are you running? Upgrading the bootloader should not cause any issues.

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

My bootloader was:

Cisco Bootloader (Version 4.0.191.0)

and my controller code release was 4.2.130.0 or 5.1.151.0 (I tried both)... The only reason I suspected an issue with the bootloader was that when I tried to upgrade it through the GUI, it would never take. On reboot the controller showed the same old version. I also tried to uncheck 'US' on the Country page and reselect something else like UK or Sweeden and it would always revert back to 'US'.

Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

You have to upgrade the wlc to 4.1 then to 4.2. I would go with 4.2.130 with bootloader 4.2.112.

Also the issue you have might be due to the wlc and the ap on the asa.

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

Hmm... I didnt have any troubles with running the 4.2 code (it was running that when I started this mess). I also tried having the AP plugged into port 8 on the controller with the same results.

-Sam

Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

Your best bet is to put the wlc and the ap on a switch. Since there can be up to 6 ap's, that should be no issue. Why do you have them in the dmz?

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

I'll give that a go when I get the controller up and running. Do you still think that would be an issue despite the fact that the AP's can clearly communicate with the controllers (proved by the fact that they get an updated image from it)? I have them in a different vlan for testing only... As soon as I get everything going, I'll probably move them into a different vlan. Thanks for all of the advice! As soon as I get a working unit, I'll let you know what I find!

-Sam

-Sam

Hall of Fame Super Silver

Re: 1131 unable to join 2106 WLC

Sam,

You shouldn't have any issues as long as you don't put the ap's or wlc in the dmz. What you can do is put the wlc and ap on the same subnet and test.... then move the ap's to a different subnet and test again.... all the testing above not using the asa. Then place it back on the dmz and see if that breaks it.

-Scott
*** Please rate helpful posts ***
sam
New Member

Re: 1131 unable to join 2106 WLC

Will do! It looks like RMA time for this controller however. They don't have an onsite fix for the grub> prompt. I'll try again as soon as I get a working unit in hand. :(

Thanks for all of the advice!

-Sam

758
Views
0
Helpful
12
Replies