Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Moving APs from 2504 to 3650

Hello

I am trying to move 9 APs (1142s) from a 2504 WLC to a 3650 switch.  The APs will join and register with the 3650, but will immediately drop and cycle to the next AP.

Snagged the SysLogs and the config of our 3650.

Any help greatly appreciated

 

Aug  6 21:02:50.597: *%CAPWAP-3-ECHO_ERR: 1 wcm:  Did not receive heartbeat reply; AP: 08d0.9fb4.4e60  
Aug  6 21:05:45.598: *%LWAPP-3-VALIDATE_ERR: 1 wcm:  Validation of SPAM Vendor Specific Payload failed - AP  

08:d0:9f:b4:4e:60  
Aug  6 21:05:45.603: %CAPWAP-3-AP_PORT_CFG: AP connected port Gi1/1/4 is not an access port.
Aug  6 21:05:45.604: *%LOG-3-Q_IND: 1 wcm:  Validation of SPAM Vendor Specific Payload failed - AP  08:d0:9f:b4:4e:60  
Aug  6 21:05:45.604: *%CAPWAP-3-DATA_TUNNEL_CREATE_ERR2: 1 wcm:  Failed to create CAPWAP data tunnel with interface id: 

0xe100c000000004 for AP: 08d0.9fb4.4e60 Error Reason: Capwap Data Tunnel create retry exceeded max retry count.  
Aug  6 21:06:08.740: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP 

Join Response) combination  
Aug  6 21:07:14.622: *%LOG-3-Q_IND: 1 wcm:  Invalid AP event (CAPWAP Discovery Request) and state (CAPWAP Join Response) 

combination[...It occurred 3 times.!]   
Aug  6 21:07:14.622: *%CAPWAP-3-INVALID_STATE_EVENT: 1 wcm:  Invalid AP event () and state (CAPWAP Join Response) 

combination

Current configuration : 5982 bytes
!
! Last configuration change at 20:00:14 UTC Wed Aug 6 2014 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname Switch20
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging console emergencies
enable secret 4 p/P4drR6/hug7kKcdCbk2D0VZGX6pk/Q9xsiDKuvktc
enable password 7 070724404206140A1A
!
username admin privilege 15 password 7 153A0E000825262B2562
no aaa new-model
clock timezone EST -5 0
clock summer-time UTC recurring
switch 1 provision ws-c3650-48ts
!
ip device tracking
!
!
!
crypto pki trustpoint TP-self-signed-2957043778
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2957043778
 revocation-check none
 rsakeypair TP-self-signed-2957043778
!
!
crypto pki certificate chain TP-self-signed-2957043778
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32393537 30343337 3738301E 170D3134 30383036 32333134
  34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39353730
  34333737 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E5BB AC4CB973 378249C6 FC203FE8 5B92418A 93FF2D67 05D5F2E0 3EEF1CF9
  B7948419 D5D65498 4D6313BB C55F1A13 0A062BA3 79CF95ED B4EA8F04 EF5BF159
  FDB4DC7A 3DA5E740 C72AA848 545F7ACB 565B4BE0 64CD5D6C 42630B9B 374F57F9
  ACFF6F2A 756EB22A 8038E64B 5F2C4D7B E1A4F111 C6EEDDFB 1B936141 593559C5
  0EBF0203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
  551D1104 0C300A82 08537769 74636832 30301F06 03551D23 04183016 80143FB6
  2BB5C661 DC4D55FF D2914D0D 7E5007BF D073301D 0603551D 0E041604 143FB62B
  B5C661DC 4D55FFD2 914D0D7E 5007BFD0 73300D06 092A8648 86F70D01 01040500
  03818100 CD429391 9F9451B7 018B37EF 89C032A7 4AB8BF9F E4CC6632 BEE2F33E
  D385FCCA EF12E656 E192FB55 8313FF80 39C463C4 F16DB7AE B1B29408 1C7B4062
  2524DDF1 1BCABC8E FF22D136 B12E38F7 CE949225 C4AC6D1D 7F0A40D0 E7F63FDB
  7FC4E57E F68664CC 17AD3D04 95ACBCD8 D1A5933E 37A2FB63 FDC17E94 87798D3E 0F62C9BD
        quit
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
  match non-client-nrt
!
policy-map port_child_policy
 class non-client-nrt-class
    bandwidth remaining ratio 10
!
!
!
!
!
!
interface GigabitEthernet0/0
 description Management
 vrf forwarding Mgmt-vrf
 ip address 192.168.20.23 255.255.255.0
 ip mtu 832
 ip igmp version 1
 negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 description Management
 ip address 192.168.20.20 255.255.255.0
 ip helper-address 192.168.20.59
!
interface Vlan2
 description WirelessMngmnt
 ip address 192.168.40.5 255.255.255.0
!
ip default-gateway 192.168.20.1
ip http server
ip http authentication local
ip http secure-server
!
!
!
snmp-server location 
snmp-server contact 
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password 7 10660C1509181F040155
 login
line vty 5 15
 password 7 052303032D4343061454
 login
!
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
 keepalive 600
!
wsma profile listener httpslistener
 transport https
wireless mobility controller
wireless management interface Vlan2
wlan Pelham-WIFI 1 Pelham-WIFI
 channel-scan defer-priority 2
 channel-scan defer-priority 3
 client vlan Wireless-MB-PD-FD
 ip dhcp server 192.168.20.59
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 session-timeout 1800
 no shutdown
ap led
ap mgmtuser 
ap group default-group
ap group 
end

2 REPLIES
VIP Purple

HiYou haven't connect AP

Hi

You haven't connect AP directly to your 3650 & configure those ports on vlan 2 (wireless management). Unless AP directly connected to 3650/3850 you cannot register AP to NGWC (except 5760).

Also 3650 should be configured as Mobility Controller (MC) if you do not have any other WLC acting as MC.

Below should give some good understanding. Even though it refer 3850 should applicable to 3650 as well

http://mrncciew.com/2013/09/29/getting-started-with-3850/

 

HTH

Rasika

**** Pls rate all useful responses ****

Cisco Employee

Well According to your

Well According to your scenario what I believe is that you are moving form unified Wireless to Converge Access Network setup. If it is the case then you must have MA and MC properly placed, if not then you need 3650 to behave like Wireless controller.

 

Further more your LAP will register to new WLC ,so you should have Management ip and security properly inplace.

 

Just for your knowledge in Converge access your AP gets wired connection with MA on access port and MA connection to MC is via trunk to carry all SSID/VLAN traffic.

 

LAstly you can also you debug command on WLC to see whats the behavious of AP when i get disconnected from WLC.

 

I hope this will help you in resolving the problem.

 

464
Views
0
Helpful
2
Replies