Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

AP failover to a HA-SKU 5508 controller failing

rick505d3
Level 1
Level 1

‎05-12-2014 03:55 AM - edited ‎07-05-2021 12:48 AM

Hi,

I am not able to join a Cisco 1242AG access point to register to failover from a 5508 (50 lic) controller to a 5508 HA-SKU controller. Both the controllers are running code version 7.4.121.0. Both WLC part of same mobility group with an active mobility tunnel between them.

 

(Cisco Controller) >show redundancy summary 
 Redundancy Mode = SSO DISABLED 
     Local State = ACTIVE 
      Peer State = N/A 
            Unit = Primary
         Unit ID = 3C:08:F6:CA:52:20
Redundancy State = N/A 
    Mobility MAC = 3C:08:F6:CA:52:20

Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0

 

(Cisco Controller) >show redundancy summary 
 Redundancy Mode = SSO DISABLED 
     Local State = ACTIVE 
      Peer State = N/A 
            Unit = Secondary - HA SKU
         Unit ID = 3C:08:F6:CA:53:C0
Redundancy State = N/A 
    Mobility MAC = 3C:08:F6:CA:53:C0

Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0

 

 

Temporary set the Primary Controller for the AP to the HA Controller. The AP attempts to join to HA WLC, fails and then joins the main 50 licensed controller. Debug from the AP below.

....

*May 12 06:49:11.633: %CAPWAP-3-ERRORLOG: Selected MWAR 'CAMWC7310'(index 0).
*May 12 06:49:11.633: %CAPWAP-3-ERRORLOG: Go join a capwap controller 

*May 12 06:50:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.31.210 peer_port: 5246
*May 12 06:50:42.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
*May 12 06:51:11.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.31.210:5246
*May 12 06:51:12.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'CAMWC7309'(index 1).
*May 12 06:51:12.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller 
*May 12 06:50:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.30.210 peer_port: 5246
*May 12 06:50:13.488: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.1.30.210 peer_port: 5246
*May 12 06:50:13.489: %CAPWAP-5-SENDJOIN: sending Join Request to 10.1.30.210
*May 12 06:50:13.492: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*May 12 06:50:13.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*May 12 06:50:13.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*May 12 06:50:13.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.1.30.210
*May 12 06:50:13.586: Starting Ethernet promiscuous mode
*May 12 06:50:14.002: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*May 12 06:50:14.238: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller CAMWC7309
*May 12 06:50:14.920: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*May 12 06:50:14.921: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*May 12 06:50:14.921: %LWAPP-3-CLIENTERRORLOG: Switching to Connected mode
*May 12 06:50:16.747: %LWAPP-4-CLIENTEVENTLOG: SSID cp_corpd01 added to the slot[0]
*May 12 06:50:16.914: %LWAPP-4-CLIENTEVENTLOG: SSID cp_corpv01 added to the slot[0]
*May 12 06:50:17.704: %LWAPP-4-CLIENTEVENTLOG: SSID cp_Resident added to the slot[0]
*May 12 06:50:17.871: %LWAPP-4-CLIENTEVENTLOG: SSID cp_companyguest added to the slot[0]
*May 12 06:50:18.037: %LWAPP-4-CLIENTEVENTLOG: SSID cp_corpd01 added to the slot[1]
*May 12 06:50:18.202: %LWAPP-4-CLIENTEVENTLOG: SSID cp_corpv01 added to the slot[1]
*May 12 06:50:18.991: %LWAPP-4-CLIENTEVENTLOG: SSID cp_Resident added to the slot[1]
*May 12 06:50:19.161: %LWAPP-4-CLIENTEVENTLOG: SSID cp_companyguest added to the slot[1]
*May 12 06:50:20.560: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*May 12 06:53:23.198: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*May 12 06:53:23.226: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.30.210:5246
*May 12 06:53:23.283: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*May 12 06:53:33.287: %CAPWAP-3-ERRORLOG: Selected MWAR 'CAMWC7310'(index 0).

 

This is what I get on the HA controller: 

*spamApTask5: May 12 16:48:10.935: c4:64:13:bd:f6:59 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  10.1.30.107:33618)since DTLS session is not established 
*spamApTask5: May 12 16:50:12.264: 00:22:0c:96:72:a0 Primary Discovery Request from 10.1.30.107:33618
*spamApTask5: May 12 16:50:12.264: 00:22:0c:96:72:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
*spamApTask5: May 12 16:50:12.264: 00:22:0c:96:72:a0 Primary Discovery Response sent to  10.1.30.107:33618
*spamApTask4: May 12 16:50:12.409: 00:22:0c:96:72:a0 Discovery Request from 10.1.30.107:33617
*spamApTask4: May 12 16:50:12.410: 00:22:0c:96:72:a0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 500, joined Aps =0
*spamApTask0: May 12 16:50:12.410: 00:22:0c:96:72:a0 Received LWAPP DISCOVERY REQUEST to 3c:08:f6:ca:53:cf on port '13'
*spamApTask0: May 12 16:50:12.410: 00:22:0c:96:72:a0 Refusing Discovery Request from AP 00:22:0c:96:72:a0 - limit for maximum AP downloads 0 reached
*spamApTask4: May 12 16:50:12.410: 00:22:0c:96:72:a0 Discovery Response sent to 10.1.30.107:33617
*spamApTask4: May 12 16:50:12.410: 00:22:0c:96:72:a0 Discovery Response sent to 10.1.30.107:33617
*spamApTask4: May 12 16:50:22.411: c4:64:13:bd:f6:59 DTLS connection not found, creating new connection for 10:1:30:107 (33617) 10:1:31:210 (5246)
*spamApTask4: May 12 16:50:22.411: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107:33617
*spamApTask4: May 12 16:50:22.411: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107.33617
*spamApTask4: May 12 16:50:24.410: c4:64:13:bd:f6:59 DTLS connection not found, creating new connection for 10:1:30:107 (33617) 10:1:31:210 (5246)
*spamApTask4: May 12 16:50:24.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107:33617
*spamApTask4: May 12 16:50:24.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107.33617
*spamApTask4: May 12 16:50:28.410: c4:64:13:bd:f6:59 DTLS connection not found, creating new connection for 10:1:30:107 (33617) 10:1:31:210 (5246)
*spamApTask4: May 12 16:50:28.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107:33617
*spamApTask4: May 12 16:50:28.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107.33617
*spamApTask4: May 12 16:50:36.410: c4:64:13:bd:f6:59 DTLS connection not found, creating new connection for 10:1:30:107 (33617) 10:1:31:210 (5246)
*spamApTask4: May 12 16:50:36.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107:33617
*spamApTask4: May 12 16:50:36.410: c4:64:13:bd:f6:59 Failed to create DTLS connection for 10.1.30.107.33617

 

 

 

Thanks, 

Rick.

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic