Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Converted Cisco Access Point (1140 AP) unable to join the 5500 series Wireless LAN Controller (5508 WLC)

 

 

Introduction

 

In this Document we will see few scenarios where Cisco AP is unable to Join the Cisco controller (WLC)

 

Scenario 1

 

Converted 1140 AP can't join the WLC 5508 1140AP.bmp

 

User bought autonomous APs AIR-AP1141N-E-K9 and converted them to the lightweight mode, but they cannot join the WLC 5508. The errors are below. There were NO problems with the LAPs that were bought before, together with the WLC.

 

AP's IP: 17x.2x.9x.2x   IOS version  12.4

WLC's IP: 17x.2x.9x.2y   IOS version 6.0.188.0

 

logs from the AP

 

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

 

*Oct 13 21:37:06.044: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Oct 13 21:37:06.045: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Oct 13 21:37:06.046: bsnInitRcbSlot: slot 1 has NO radio

*Oct 13 21:37:06.056: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Oct 13 21:37:06.066: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Oct 13 21:37:06.098: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

 

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

 

*Oct 13 21:37:15.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Oct 13 21:37:24.060: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLE

*Oct 13 21:37:34.060: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 17x.2x.9x.2y peer_port: 5246

*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Oct 13 21:38:34.822: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 17x.2x.9x.2y peer_port: 5246

*Oct 13 21:38:34.823: %CAPWAP-5-SENDJOIN: sending Join Request to 17x.2x.9x.2y

*Oct 13 21:38:34.823: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 17x.2x.9x.2y

*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Oct 13 21:38:34.825: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Oct 13 21:38:39.823: %CAPWAP-5-SENDJOIN: sending Join Request to 17x.2x.9x.2y

*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 17x.2x.9x.2y

*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Oct 13 21:38:39.823: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Oct 13 21:38:39.824: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 17x.2x.9x.2y

*Oct 13 21:39:33.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.22.90.20:5246

*Oct 13 21:39:34.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Oct 13 21:38:34.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 17x.2x.9x.2y peer_port: 5246

*Oct 13 21:38:34.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Oct 13 21:38:34.001: %DTLS-5-PEER_DISCONNECT: Peer 17x.2x.9x.2y has closed connection.

*Oct 13 21:38:34.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 172.22.90.20:5246

*Oct 13 21:38:34.001: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination

*Oct 13 21:38:34.125: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.

 

logs from the WLC

 

 

debug capwap events enable

 

 

*Dec 21 15:02:06.244: 68:bc:0c:XX:XX:XX DTLS keys for Control Plane deleted successfully for AP 17x.2x.9x.2x

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX DTLS connection closed event receivedserver (17x:2x:9x:2x/5246) client (17x:2x:9x:2x/21077)

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX Entry exists for AP (17x:2x:9x:2x/21077)

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:XX:XX:XX slot 0

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX Deregister LWAPP event for AP 68:bc:0c:XX:XX:XX slot 0

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 68:bc:0c:XX:XX:XX slot 1

*Dec 21 15:02:06.246: 68:bc:0c:XX:XX:XX Deregister LWAPP event for AP 68:bc:0c:XX:XX:XX slot 1Ble

*Dec 21 15:04:03.194: 68:bc:0c:XX:XX:XX capwap_ac_platform.c:1223 - Operation State 0 ===> 4

*Dec 21 15:04:03.194: 68:bc:0c:XX:XX:XX Register LWAPP event for AP 68:bc:0c:XX:XX:XX slot 0

*Dec 21 15:05:36.253: 68:bc:0c:XX:XX:XX Join Version: = 100711424

*Dec 21 15:05:36.253: 68:bc:0c:XX:XX:XX Join resp: CAPWAP Maximum Msg element len = 93

 

debug capwap errors enable

 

 

*Dec 21 16:16:51.879: 68:bc:0c:XX:XX:XX DTLS connection was closed

*Dec 21 16:17:09.940: 68:bc:0c:XX:XX:XX Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 12, joined Aps =5

 

debug capwap detail enable

 

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX CAPWAP Control Msg Received from 17x.2x.9x.2x:21078

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX packet received of length 281 from 17x.2x.9x.2x:21078

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Msg Type = 3 Capwap state = 5

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Join resp: Result Code message element len = 8

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX 1. 47 0

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX 2. 232 3

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX 3. 6 0

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX 4. 12 0

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Join resp: AC Descriptor message element len = 48

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX acName = Wi-Fi_Controller

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Join resp: AC Name message element len = 68

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Join resp: WTP Radio Information message element len = 77

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Join resp: CAPWAP Control IPV4 Address len = 87

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Sending encrypted packet to AP 17x:2x:9x:2x (21078)

*Dec 21 16:21:49.961: 68:bc:0c:XX:XX:XX Releasing WTP

*Dec 21 16:24:12.212: 68:bc:0c:XX:XX:XX CAPWAP Control Msg Received from 17x.2x.9x.2x:21077

*Dec 21 16:24:12.212: 68:bc:0c:XX:XX:XX DTLS connection 0x167c8b20 closed by controller

*Dec 21 16:24:12.212: DTL Deleting AP 9 - 0.0.0.0

*Dec 21 16:24:12.214: CAPWAP DTLS connection closed ms

*Dec 21 16:24:12.216: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.216: Received SPAM_MFP_RADIO_DOWN message

*Dec 21 16:24:12.218: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.220: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.222: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.224: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.226: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:XX:XX:XX(0)

*Dec 21 16:24:12.228: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'mfpSendEventReport+168' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.228: Received SPAM_MFP_RADIO_DOWN message

*Dec 21 16:24:12.230: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'l2roamInit+560' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.232: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'apfSpamCallbackInSpamContext+1224' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.234: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'apfSpamSendBlackListTable+376' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.236: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'rrmIappSendChdPacket+2320' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.238: 68:bc:0c:XX:XX:XX Sending LWAPP Event DeReg to 'asTrackInitTask+19360' for AP 68:bc:0c:XX:XX:XX(1)

*Dec 21 16:24:12.238: 68:bc:0c:XX:XX:XX Deleting and removing AP 68:bc:0c:XX:XX:XX from fast path

 

Scenario 2

 

AIR-LAP1242G-E-K9 do not work with AIR-CT5508-K9 while AIR-LAP1142N-E-K9 do

 

User is deploying AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs with two AIR-CT5508-K9 controllers with SW version 6.0.188.0.

AIR-LAP1142N-E-K9s work okay, as expected without any issue however AIR-LAP1242G-E-K9s do not and there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disappears from the controller, appear again and this repeats.

 

The APs and controllers are connected to the LAN campus. Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-vz.122-33.SXI1.bin on it. APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.

 

User performed some troubleshooting steps

 

- They have some other controllers available over WAN, tested the 1242 AP  with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version 6.0.188.0 over WAN and this worked always okay.

- They wanted to be sure that they eliminate any kind of out of sequence packet issue, so they brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.

- They also brought the second controller down to eliminate potential issue with having two of them up.

- The AP gets its IP from DHCP configured on the C6506 switch, they always able to ssh to AP, so the IP connectivity does not seem to be an issue.

- They have more 1242s, all behave in the same way. They also connected them to some other 3750 switches we have in the campus, always the same.

- As this seems to be maybe a kind of ssl issue, They tried to play with controller settings, like enabling Accept... options  under Security/AP Policy,but this did not help.

- They also tried to reboot the controller, no improvement.

- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. They still do have some of them untouched, so they can perform any troubleshooting steps with the fresh one.

 

 

AIR-LAP1242G-E-K9 10.x.1x.y log

 

*Mar  1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar  1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0

*Mar  1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)

*Mar  1 00:00:09.809: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar  1 00:00:09.874: %SYS-5-RESTART: System restarted --

 

Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Mon 02-Nov-09 18:42 by prod_rel_team

 

*Mar  1 00:00:09.874: %SNMP-5-COLDSTART: SNMP agent on host wuen4028 is undergoing a cold start

*Mar  1 00:00:09.964: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Mar  1 00:00:09.967: bsnInitRcbSlot: slot 1 has NO radio

*Mar  1 00:00:10.191: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Mar  1 00:00:10.191: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar  1 00:00:10.430: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar  1 00:00:10.818: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar  1 00:00:11.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Mar  1 00:00:18.315: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.x.1x.y, mask 2 55.255.255.0, hostname wuen4028

*Mar  1 00:00:28.988: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:00:31.456: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source

*Mar  1 00:00:31.495: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar  1 00:00:32.457: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar  1 00:00:32.457: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated

*Mar  1 00:00:38.810: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

*Mar  1 00:00:47.811: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:00:56.812: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).

*Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.x.1x.x peer_port: 5246

*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Feb 11 07:52:25.441: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.x.1x.x peer_port:  5246

*Feb 11 07:52:25.443: %CAPWAP-5-SENDJOIN: sending Join Request to 10.x.1x.x

*Feb 11 07:52:25.443: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.x.1x.x

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.x.1x.x

*Feb 11 07:52:30.441: %CAPWAP-5-SENDJOIN: sending Join Request to 10.x.1x.x

*Feb 11 07:52:30.442: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.x.1x.x

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.x.1x.x

*Feb 11 07:52:47.644: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source

*Feb 11 07:53:23.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.x.1x.x:5246

*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).

*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.x.1x.x peer_port: 5246

*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.x.1x.x has closed connection.

*Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.x.1x.x:5246

*Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

*Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.

 

wuen4028#

 

AIR-CT5508-K9 10.x.1x.x log

 

*Feb 11 09:00:54.824: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to complete DTLS handshake with peer 10.x.1x.y

*Feb 11 08:59:53.798: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:59:51.197: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:c0:a8:e1:b1:71

 

--More-- or (q)uit

 

*Feb 11 08:59:21.212: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg

*Feb 11 08:58:39.766: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to complete DTLS handshake with peer 10.x.1x.y

*Feb 11 08:57:06.131: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg

*Feb 11 08:56:24.504: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to complete DTLS handshake with peer 10.x.1x.y

*Feb 11 08:55:09.693: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:54:51.040: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg

*Feb 11 08:53:56.493: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:53:34.497: %DTL-3-OSARP_DEL_FAILED: dtl_arp.c:1380 Unable to delete an ARP entry for 10.x.1x.y from the operating system. ioctl operation failed

*Feb 11 08:52:35.936: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg

*Feb 11 08:52:26.492: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:50:07.680: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions exceeded for client 00:1f:yy:yy:yy:57

*Feb 11 08:48:37.458: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:yy:yy:yy:57

*Feb 11 08:47:37.438: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmissions exceeded for client 00:1f:yy:yy:yy:57

*Feb 11 08:47:34.438: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:16:xx:xx:xx:53

*Feb 11 08:46:32.422: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M3 retransmissions exceeded for client 00:16:xx:xx:xx:53

*Feb 11 08:46:06.790: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:xx:yy:x:bd

*Feb 11 08:46:06.789: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:1f:xx:yy:x:bd

*Feb 11 08:46:06.210: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:yy:yy:yy:57

*Feb 11 08:45:34.304: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for client 00:1f:xx:yy:x:bd

*Feb 11 08:45:34.303: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client 00:1f:xx:yy:x:bd

*Feb 11 08:45:01.298: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel lists for 802.11bg

*Feb 11 08:44:38.076: %SIM-3-PORT_UP: sim.c:9547 Physical port 2 is up!.

*Feb 11 08:44:38.037: %SIM-3-PORT_UP: sim.c:9547 Physical port 1 is up!.

 

--More-- or (q)uit

 

*Feb 11 08:44:38.009: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'cliWebInitParms.cfg'

*Feb 11 08:44:37.980: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'rrcEngineInitParms.cfg'

*Feb 11 08:44:37.980: %CNFGR-3-INV_COMP_ID: cnfgr.c:2105 Invalid Component Id :Unrecognized (81) in cfgConfiguratorInit.

*Feb 11 08:44:37.928: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'rfidInitParms.cfg'

*Feb 11 08:44:37.915: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'dhcpParms.cfg'

*Feb 11 08:44:37.903: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'bcastInitParms.cfg'

*Feb 11 08:44:37.834: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'rrmInitParms.cfg'

*Feb 11 08:44:27.331: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'apfInitParms.cfg'                                          

*Feb 11 08:44:27.226: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:903 Could not add Mobility Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, IP: 0.0.0.0

*Feb 11 08:44:27.023: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'mmInitParms.cfg'

*Feb 11 08:44:27.013: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'aaaapiInitParms.cfg'

*Feb 11 08:44:27.011: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'pemInitParms.cfg'

*Feb 11 08:44:26.898: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'dot1xInitParms.cfg'

*Feb 11 08:44:26.868: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'capwapInitParms.cfg'

*Feb 11 08:44:26.718: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read coniguration file 'spamInitParms.cfg'

*Feb 11 08:44:25.650: %SSHPM-3-FREAD_FAILED: sshpmlscscep.c:1395 Error reading file /mnt/application/lscca_pem.crt

*Feb 11 08:44:06.435: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read configuration file 'sshpmInitParms.cfg'

 

Solution

 

 

Please take a look at CSCte01087. The WLC is 10.y.1x.5 and AP is 10.y.1x.28/24 so they are on the same subnet. The AP MAC address does not begin with 00.

 

Symptom

An access point running 6.0.188.0 code may be unable to join a WLC5508. Messages similar to the following will be seen on the AP.

 

   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message

 

Conditions

 

At least one of the following conditions pertains:

 

- The high order byte of the AP's MAC address is nonzero, and the AP is in  the same subnet as the WLC5508's management (or AP manager) interface

- The WLC's management (or AP manager) interface's default gateway's  MAC address' high order byte is nonzero.

 

Workaround

 

If the MAC address of the WLC's default gateway does not begin with 00, and if all of the APs' MAC addresses begin with 00, then: you can put

the APs into the same subnet as the WLC's management (or AP manager) interface.

 

 

In the general case, for the situation where the WLC's default gateway's MAC does not begin with 00, you can address this by changing it to begin

with 00. Some methods for doing this include:

 

-- use the "mac-address" command on the gateway, to set a MAC address  that begins with 00

-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this  IP as the WLC's gateway.

 

For the case where the APs' MAC addresses do not begin with 00, then make  sure that they are *not* in the same subnet as the WLC's management

(AP manager) interface, but are behind a router.

 

Another workaround is to downgrade to 6.0.182.0.  However, after downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS

(i.e. 12.4(21a)JA2) still installed on them will be unable to join. Therefore, after downgrading the WLC, the APs will need to have a

pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

 

Some users also upgrade controllers to 6.0.196.0 which resolved the issue.

 

 

Reference

 

https://supportforums.cisco.com/thread/2122282

 

https://supportforums.cisco.com/thread/2004491

5669
Views
0
Helpful
0
Comments