cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31065
Views
10
Helpful
13
Replies

AIR-LAP1242G-E-K9 do not work with AIR-CT5508-K9 while AIR-LAP1142N-E-K9 do

vladakoci
Level 1
Level 1

Hello,

we do have a site where we need to deploy AIR-LAP1142N-E-K9 and AIR-LAP1242G-E-K9 APs. We have two AIR-CT5508-K9 controllers with SW version                  6.0.188.0.

AIR-LAP1142N-E-K9s work okay, as expected, we do not have any problems with them.

However AIR-LAP1242G-E-K9s do not, there is a problem with establishing CAPWAP tunnel with the controller.The AP is seen on the controller for a while, with 0 time up-time, cannot change any settings on the AP via controller, and after a while it disapears from the controller, apears again and this repeats.

The APs and controllers are connected to the LAN campus.

Controllers via two 1G links configured as Etherchannel to WS-C6506-E VSS switch with s72033-ipservicesk9_wan-vz.122-33.SXI1.bin on it.

APs to WS-C3750G-48PS with c3750-ipbasek9-mz.122-50.SE2.bin on it. 3750 is connected to the C6505 via two 1G links configured as Etherchannel.

Below I copied the log I captured on 1242 and the controller. Highlighted ones are the ones which I think might bring a clue.

I performed some troubleshooting steps.

- As we have some other controllers available over WAN, I  tested the 1242 AP  with 2100, 4400 and also with the same model AIR-CT5508-K9 with SW version                  6.0.188.0 over WAN and this worked always okay.

- I wanted to be sure that I eliminate any kind of out of sequence packet issue, so I brought down all redundancy L2 links so that the L2 path from the AP to the controller was only through one leg links.

- I also brought the second controller down to eliminate potential issue with having two of them up.

- The AP gets its IP from DHCP configured on the C6506 switch, I am always able to ssh to AP, so the IP connectivity does not seem to be an issue.

- I have more 1242s, all behave in the same way. I also connected them to some other 3750 switches we have in the campus, always the same.

- As this seems to be maybe a kind of ssl issue, I tried to play with controller settings, like enabling Accept... options  under Security/AP Policy,but this did not help.

- I also tried to reboot the controller, no improvement.

- The APs came from the factory, so in the beginning everything was factory default in them. They were always able to download the image from the controller in the very initial phase. I still do have some of them untouched, so I can perform any troubleshooting steps with the fresh one.

I can reproduce this, can also send debugging logs if needed.

Any idea on what could be wrong is highly appreciated.

Thank you.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

AIR-LAP1242G-E-K9 10.0.13.28 log

*Mar  1 00:00:05.922: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar  1 00:00:07.536: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot1 1Radio 0

*Mar  1 00:00:07.672: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 304 messages)

*Mar  1 00:00:09.809: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar  1 00:00:09.874: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Mon 02-Nov-09 18:42 by prod_rel_team

*Mar  1 00:00:09.874: %SNMP-5-COLDSTART: SNMP agent on host wuen4028 is undergoing a cold start

*Mar  1 00:00:09.964: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Mar  1 00:00:09.967: bsnInitRcbSlot: slot 1 has NO radio

*Mar  1 00:00:10.191: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Mar  1 00:00:10.191: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar  1 00:00:10.430: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar  1 00:00:10.818: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Mar  1 00:00:11.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Mar  1 00:00:18.315: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.0.13.28, mask 2 55.255.255.0, hostname wuen4028

*Mar  1 00:00:28.988: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:00:31.456: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source

*Mar  1 00:00:31.495: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar  1 00:00:32.457: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar  1 00:00:32.457: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated

*Mar  1 00:00:38.810: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

*Mar  1 00:00:47.811: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER

*Mar  1 00:00:56.812: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER

*Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).

*Mar  1 00:01:07.815: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246

*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Feb 11 07:52:25.441: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.13.5 peer_port:  5246

*Feb 11 07:52:25.443: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5

*Feb 11 07:52:25.443: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Feb 11 07:52:25.445: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5

*Feb 11 07:52:30.441: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.13.5

*Feb 11 07:52:30.442: %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message from 10.0.13.5

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Feb 11 07:52:30.443: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.13.5

*Feb 11 07:52:47.644: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source

*Feb 11 07:53:23.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246

*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'wuen4001'(index 0).

*Feb 11 07:53:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Feb 11 07:52:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.13.5 peer_port: 5246

*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.

*Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246

*Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

*Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.

wuen4028#

AIR-CT5508-K9 10.0.13.5 log

*Feb 11 09:00:54.824: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c

omplete DTLS handshake with peer 10.0.13.28

                                           *Feb 11 08:59:53.798: %DOT1X-3-MAX_EA

P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for

client 00:1f:3b:93:dd:4f

*Feb 11 08:59:51.197: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:c0:a8:e1:b1:71

--More-- or (q)uit

*Feb 11 08:59:21.212: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di

rector: Could not find valid channel lists for 802.11bg

*Feb 11 08:58:39.766: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c

omplete DTLS handshake with peer 10.0.13.28

                                           *Feb 11 08:57:06.131: %RRM-3-RRM_LOGM

SG: rrmChanUtils.c:292 RRM LOG: Airewave Director: Could not find valid channel

lists for 802.11bg

*Feb 11 08:56:24.504: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to c

omplete DTLS handshake with peer 10.0.13.28

                                           *Feb 11 08:55:09.693: %DOT1X-3-MAX_EA

P_RETRIES: 1x_auth_pae.c:2862 Max EAP identity request retries (3) exceeded for

client 00:1f:3b:93:dd:4f

*Feb 11 08:54:51.040: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di

rector: Could not find valid channel lists for 802.11bg

*Feb 11 08:53:56.493: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis

sions exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:53:34.497: %DTL-3-OSARP_DEL_FAILED: dtl_arp.c:1380 Unable to delete a

n ARP entry for 10.0.13.28 from the operating system. ioctl operation failed

*Feb 11 08:52:35.936: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di

rector: Could not find valid channel lists for 802.11bg

*Feb 11 08:52:26.492: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis

sions exceeded for client 00:1f:3b:93:dd:4f

*Feb 11 08:50:07.680: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis

sions exceeded for client 00:1f:3b:93:e6:57

*Feb 11 08:48:37.458: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:1f:3b:93:e6:57

*Feb 11 08:47:37.438: %DOT1X-3-MAX_EAP_RETRANS: 1x_ptsm.c:426 Max EAP retransmis

sions exceeded for client 00:1f:3b:93:e6:57

*Feb 11 08:47:34.438: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:16:44:1d:0f:53

*Feb 11 08:46:32.422: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-ke

y M3 retransmissions exceeded for client 00:16:44:1d:0f:53

*Feb 11 08:46:06.790: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:1f:3b:95:61:bd

*Feb 11 08:46:06.789: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor

ted for client 00:1f:3b:95:61:bd

*Feb 11 08:46:06.210: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:1f:3b:93:e6:57

*Feb 11 08:45:34.304: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2862 Max EAP ident

ity request retries (3) exceeded for client 00:1f:3b:95:61:bd

*Feb 11 08:45:34.303: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication abor

ted for client 00:1f:3b:95:61:bd

*Feb 11 08:45:01.298: %RRM-3-RRM_LOGMSG: rrmChanUtils.c:292 RRM LOG: Airewave Di

rector: Could not find valid channel lists for 802.11bg

*Feb 11 08:44:38.076: %SIM-3-PORT_UP: sim.c:9547 Physical port 2 is up!.

*Feb 11 08:44:38.037: %SIM-3-PORT_UP: sim.c:9547 Physical port 1 is up!.

--More-- or (q)uit

*Feb 11 08:44:38.009: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'cliWebInitParms.cfg'

*Feb 11 08:44:37.980: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'rrcEngineInitParms.cfg'

*Feb 11 08:44:37.980: %CNFGR-3-INV_COMP_ID: cnfgr.c:2105 Invalid Component Id :

Unrecognized (81) in cfgConfiguratorInit.

*Feb 11 08:44:37.928: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'rfidInitParms.cfg'

*Feb 11 08:44:37.915: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'dhcpParms.cfg'

*Feb 11 08:44:37.903: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'bcastInitParms.cfg'

*Feb 11 08:44:37.834: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'rrmInitParms.cfg'

*Feb 11 08:44:27.331: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'apfInitParms.cfg'                                            

*Feb 11 08:44:27.226: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:903 Could not add Mobili

ty Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, I

P: 0.0.0.0

*Feb 11 08:44:27.023: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'mmInitParms.cfg'

*Feb 11 08:44:27.013: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'aaaapiInitParms.cfg'

*Feb 11 08:44:27.011: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'pemInitParms.cfg'

*Feb 11 08:44:26.898: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'dot1xInitParms.cfg'

*Feb 11 08:44:26.868: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'capwapInitParms.cfg'

*Feb 11 08:44:26.718: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'spamInitParms.cfg'

*Feb 11 08:44:25.650: %SSHPM-3-FREAD_FAILED: sshpmlscscep.c:1395 Error reading f

ile /mnt/application/lscca_pem.crt

*Feb 11 08:44:06.435: %SYSTEM-3-FILE_READ_FAIL: nvstore.c:422 Failed to read con

figuration file 'sshpmInitParms.cfg'  

13 Replies 13

Leo Laohoo
Hall of Fame
Hall of Fame

Ok, it's good that you have 6.0.188.0 firmware.

Console into the LAP and in enable mode, enter the command "clear lwapp private-" and reload the LAP.
If you still can't join, enter the command "lwapp ap controller ".

How many APs can your WLC support and how many APs are currently joined?

Thanks for such quick response and suggestions.

Yes, I seem not to to be 100% perfect as for the list of troubleshooting steps I took.

I had already tried the two commands you mentioned. I tried again, this time with some other 1242, but these do not help.

Yes, I was already thinking that this could be in theory a licensing issue. The controller is bougth with 25 licenses.

In the beginnign I had one 1142 on it and tried to enable 1242s which did not work. Now I have five 1142s on it, as this worked okay, I guess it could not be a licensing issue.

I think that I can see in the log files that the machines communicate to each other, L2 or L3 paths seem to be working okay. I forgot to mention that I am using option 43 on the DHCP server, so the AP clearly finds its way to the controller. What's more both APs and the controllers are in the same VLAN, so they are in the same broadcast domain.

Below is sho ver from the AP. The AP seems to have Certificate type - manufacture installed, so I guess there should not be a problem with the certificate, especially knowing that the AP works with other controllers over WAN.

My guess these messages seen on AP especially "Invalid event 38 & state 3 combination" might tell us what's wrong.

*Feb 11 07:52:24.001: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Feb 11 07:52:24.001: %DTLS-5-PEER_DISCONNECT: Peer 10.0.13.5 has closed connection.

*Feb 11 07:52:24.001: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.0.13.5:5246

*Feb 11 07:52:24.002: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

*Feb 11 07:52:24.123: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.

Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(21a)JA2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 02-Nov-09 18:42 by prod_rel_team

ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.4(13d)JA, RELEASE SOFTWARE (fc2)

AP9caf.ca00.1c78 uptime is 17 minutes
System returned to ROM by power-on
System image file is "flash:/c1240-k9w8-mx.124-21a.JA2/c1240-k9w8-mx.124-21a.JA2"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-LAP1242G-E-K9    (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ135082GH
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 6.0.188.0
1 FastEthernet interface
1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 9C:AF:CA:00:1C:78
Part Number                          : 73-11479-01
PCA Assembly Number                  : 800-30493-01
PCA Revision Number                  : A0
PCB Serial Number                    : FOC13484GYY
Top Assembly Part Number             : 800-29589-03
Top Assembly Serial Number           : FCZ135082GH
Top Revision Number                  : A0
Product/Model Number                 : AIR-LAP1242G-E-K9

Configuration register is 0xF

AP9caf.ca00.1c78#

vladakoci.....

     Please ensure that that you have both "cisco-lwapp-controller.domain name" and "cisco-capwap-controller.domain name" registered in dns as your default 5508 controller.  Also, the 1142's use CAPWAP and the 1242's use LWAPP, so if 1142 works and the 1242 doesn't there could be an issue with the establishment of the LWAPP tunnel.  If you have firewalls or acls in your network please make sure that you open the TCP/UDP ports for both CAPWAP and LWAPP.  Hope this helps.

Troubleshoot a Lightweight Access Point Not Joining a Wireless LAN Controller
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

Matthew Fowler
Level 1
Level 1

Hi,

Please take a look at CSCte01087.

I see that your WLC is 10.0.13.5 and your AP is 10.0.13.28/24 so they are on the same subnet. I also see your AP MAC address does not begin with 00. This is why I believe it is relevant.

Please try the workaround or open a TAC case if you need a fix.

-Matt

 Symptom:
An access point running 6.0.188.0 code may be unable to join a WLC5508.
Messages similar to the following will be seen on the AP.

   %CAPWAP-3-ERRORLOG: Invalid AC Message Type 4.
   %CAPWAP-3-ERRORLOG: Unencrypted non-discovery CAPWAP Control Message
  
Conditions:
At least one of the following conditions pertains:

- The high order byte of the AP's MAC address is nonzero, and the AP is in
the same subnet as the WLC5508's management (or AP manager) interface

- The WLC's management (or AP manager) interface's default gateway's
MAC address' high order byte is nonzero.
  
Workaround:

If the MAC address of the WLC's default gateway does not begin with 00,
and if all of the APs' MAC addresses begin with 00, then: you can put
the APs into the same subnet as the WLC's management (or AP manager)
interface.

In the general case, for the situation where the WLC's default gateway's
MAC does not begin with 00, you can address this by changing it to begin
with 00. Some methods for doing this include:

-- use the "mac-address" command on the gateway, to set a MAC address
that begins with 00

-- then enable HSRP on the gateway (standby ip ww.xx.yy.zz) and use this
IP as the WLC's gateway.

For the case where the APs' MAC addresses do not begin with 00, then make
sure that they are *not* in the same subnet as the WLC's management
(AP manager) interface, but are behind a router.
  
Another workaround is to downgrade to 6.0.182.0.  However, after
downgrading the WLC to 6.0.182.0, any APs that have 6.0.188.0 IOS
(i.e. 12.4(21a)JA2) still installed on them will be unable to join.
Therefore, after downgrading the WLC, the APs will need to have a
pre-12.4(21a)JA2 rcvk9w8 or k9w8 image installed on them.

Hi Matt,

yes, this is most likely the cause. All 1242s I have at that site have MAC addresses that do not begin with 00 and I have them in the same VLAN as the controllers.

Before you posted your message, I  had tried one 1242 that I have at some other remote site to join the 5508 controller over WAN and this had worked okay.

I am going to move  all 1242s to another VLAN - IP subnet .

Questions.

-How did you find CSCte01087, I am trying to google it, and search for it on Cisco while being logged in, but nothing like this appears.

Is this an internal Cisco material?

Do you have a link to it?

- As our global standard is to have all APs in the same VLAN as controllers, would you recommend not to do that and better have them in a separate VLAN?

I guess this is not needed as this particular issue is a bug in current version and hopefully will be resolved in a new version, right?

Thank you.

Vladimir

I moved one 1242 with the MAC address that does not begin with 00 to another VLAN/IP Subnet and this works fine.

Many thanks to Matt and all others for helping me to resolve.

Does anyone know, can the MAC address of lightweight AP be changed?

I am trying, this works

conf t
int f0
mac-address H.H.H

but cannot store the config.

My guess is the MAC address cannot be changed on lightweight AP, I guess the certificate and maybe some other settings are linked with the MAC  address and it is not possible to change the MAC address, but not 100% sure.

Thanks.

I know this sounds crazy but do you have the proper regulatory domain set in the 5508 controller? These APs are ETSI domain registered. You must run the ETSI regulatory domain on the controller. Also, the date and time on the controller must be accurate. This is how the certificate validates.

Thanks, good point.

Yes, I have country set so that it corresponds with the AP's regulatory domain .

Time is synchronized through ntp, this is okayas well.

I am asking if MAC address can be changed just because of the bug reported above. One of the options to get rid of it would be to change MAC address of the AP so that it does begin with 00. This is probably the easiest method ( seen from my perspective ) but it is not mentioned in Cisco material. So my guess is this cannot be done, I am just not 100% sure.

Thanks again.

did you sort this out?

I seem to be having the same issue...

Yes, we made a decision to upgrade all our controllers to 6.0.196.0 and this resolved.

Vinay Sharma
Level 7
Level 7

This Discussion has been converted into document:- https://supportforums.cisco.com/docs/DOC-23054

Thanks,

Vinay Sharma

Thanks & Regards
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: