Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

New 3600 Series Access Points Cannot Join a WLC

Symptom

A new, out-of-the-box 3600 series access point may be unable to join a WLC.  The AP will be able to get an address from DHCP, but if you ping the AP from another subnet, every other packet will be dropped.

Cause

3600 series APs manufactured in the first quarter of CY 2013 have the 12.4(25e)JAL1 recovery image (rcvk9w8) factory installed.  This software has a bug via which two default routes are installed in the AP's routing table: one to the default gateway, and the other to the interface. The latter route works only if proxy ARP is enabled on the gateway.  As a result, without proxy ARP, every other IP packet transmitted by the AP is dropped.

Workarounds

Any one of the following workarounds should allow the AP to join its controller:

  1. Enable proxy ARP (in IOS, "ip proxy-arp" - this is enabled by default) on the APs' subnet's default gateway
  2. If console access is available on the AP, then disable IP routing - then it should be able to join, and download the new IOS image: 
    ap#debug capwap console cli

    ap#configure terminal
    ap(config)#no ip routing

    (do not reboot, just wait a few minutes)
  3. Replace the 12.4(25e)JAL1 recovery image with a different lightweight (rcvk9w8 or k9w8) IOS image

Fix

This bug is CSCue56163, which is fixed in the 12.4(25e)JAL1a recovery image, which is installed on newly manufactured 3600 series APs, as of March 20, 2013.

Affected Serial Number Range

This bug affects AIR-CAP3602 models in the following serial number range:

xxx1701zzzz through xxx1712zzzz

Version history
Revision #:
1 of 1
Last update:
‎03-11-2013 08:24 AM
Updated by:
 
Comments
New Member

How does something like this happen? Seriously, this is complete BS on Cisco's part.

New Member

I agree complete BS

New Member

i had this problem today, it was a complete nightmare to fix... I realised proxy-arp fixes that which made no sense until i found this post....Proxy Arp was disabled as part of our standard practice.