Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
3
Replies

Aironet 1815i Access Point Setup Issue

adhalford
Level 1
Level 1

‎08-05-2020 10:57 AM - edited ‎07-05-2021 12:21 PM

Hello,

 

I recently purchased three Aironet 1815i Access Points.

 

I was able to get them configured out of the box and it appeared everything was up and running.

 

I am using version 8-5-161-0 and using Mobility Express.

 

I was adding additional Cisco SG350 switches to my network and re-configuring the system to include multiple VLANs so I decided to factory reset the AP’s and install them on to the final infrastructure.

 

I disconnected all three units and then did a factory reset (over 20s but under 60s on the mode button during power up) to start the process.

 

The router came up and I connected to the default SSID to perform the initial configuration which all went well.

 

After the restart the router remains in the Red/Amber/Green flashing mode and whilst the IP address (set by static in the initial config) is responding to a ping there is no Web GUI available.

 

I can login to the CLI with the credentials I setup during the initial setup but I can not work out why it is not working and why it is operating differently than the first time after a factory reset. - Isn't a factory reset a true factory reset?

 

I captured the CLI trace during the entire setup and reboot process and also captured the show run-config command which I have attached to this message.

 

Can anybody please help me to work out why I cannot get back into the GUI to finish the setup and configure the other two AP’s as part of this WIFI setup?

 

Many Thanks

Andrew

Preview file
61 KB
Preview file
158 KB
0 Helpful
3 Replies 3

Rich R
VIP
VIP

‎08-06-2020 08:42 AM

What actually happens when you try to connect to the GUI? Have you tried http:// and https://
We've seen on AireOS WLC before after upgrade the GUI didn't work on https until the self signed cert was regenerated.
config certificate generate webadmin
From your run-config:
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode SSL Protocol................ Disable
So try enable http (config network webmode enable) and ciper-option high enabled?
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

adhalford
Level 1
Level 1
In response to Rich R

‎08-07-2020 09:30 AM

Thanks for the reply.

When I try to pull up the GUI I get a "This site can't be reached" error:  ERR_CONNECTION_TIMED_OUT

This occurs for both http and https requests.

 

I performed the two commands you listed; executed a save command and then after reboot checked the run-config. 

Network Information
RF-Network Name............................. Halford-AP1
DNS Server IP1.............................. 75.75.75.75
DNS Server IP2.............................. 75.75.76.76
DNS Server IP3.............................. 208.67.222.222
DNS Server IP4.............................. 208.67.220.220
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode SSL Protocol................ Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Secure Shell (ssh) Cipher-Option High....... Disable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 0.0.0.0
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ::
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds


The web mode (http) is now enabled but the Secure options are still disabled.

I repeated the commands but now I get:


(Cisco Controller) >config network web-auth secureweb cipher-option high enable
Request failed - already in the requested state.

 

Response to the Web GUI call up remains the same - pingable IP but no connection on http or https

 

What am I missing?

Thanks

Andrew

 

0 Helpful

Rich R
VIP
VIP
In response to adhalford

‎08-08-2020 02:14 AM

There are a few bugs with the behaviour of cipher-option high - see CSCvq39439, CSCvs29183 although TAC engineer said (based on our observations) "in my opinion the fix for disabling weak options listed under CSCvs29183 is not complete. ☺ So, it might be changed in newer release depending on outcome of our internal discussions. "
You can try:
- factory reset again
- convert to CAPWAP then convert back to ME
- open a TAC case with Cisco
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card