08-20-2019 09:35 PM
Hello Everyone,
I have installed Embedded Wireless on catalyst 9300 switch, now I am trying to register the Access point (Model numbers : 3702 and 1852i) but I am unable to do the same as it is registering for a minute and trying to download the EWLC image from Catalyst 9300 Switch and with that image the AP was unable to joining the EWLC.
We have configured L3 Vlan as Management on Cat9K switch and same has been passed in one of the interface and we have made that interface as Access and we have directly connected the AP to that particular port.
However we are able to access the GUI of the controller as well.
Below are the logs which we have received on the Access point:
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Discovery Request sent to 172.17.233.1 with discovery type set to 1
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Discovery Request sent to 172.17.233.1 with discovery type set to 1
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG:
SENDING DISCOVERY REQUEST wtpStartAcDiscovery:1809, Controller : IP Address 172.17.233.1
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Discovery Request sent to 255.255.255.255 with discovery type set to 0
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Send broadcast discovery request
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Failed to send packet to destination FF01::18C
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Discovery Request sent to FF01::18C with discovery type set to 0
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Discovery Response from 172.17.233.1
*Aug 20 12:04:48.003: %CAPWAP-3-EVENTLOG: Entered wtpDecodeDiscoveryResponse: numOfCapwapDiscoveryResp 0
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Calling wtpGetAcToJoin from timer expiry.
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: !mwarname
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: !mwarname
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: !mwarname
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Found the discovery response from MASTER Mwar.
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Selected MWAR 'MG_R_C_B_E_Node_' (index 0).
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Ap mgr count=1
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Controller: MG_R_C_B_E_Node_. ApMgr count is 1 ipTransportTried 0 prefer-mode 0
*Aug 20 12:04:58.003: %CAPWAP-3-EVENTLOG: Adding Ipv4 AP manager 172.17.233.1 to least load
*Aug 20 12:04:58.003: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Aug 20 12:04:58.231: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.17.233.1 peer_port: 5246
*Aug 20 12:04:58.231: %CAPWAP-3-EVENTLOG: Dtls Session Established with the AC 172.17.233.1,port= 5246
*Aug 20 12:04:58.231: %CAPWAP-3-EVENTLOG: CAPWAP State: Join.
*Aug 20 12:04:58.231: %CAPWAP-3-EVENTLOG: Join request: version=269091202
*Aug 20 12:04:58.231: %CAPWAP-3-EVENTLOG: Join request: hasMaximum Message Payload
*Aug 20 12:04:58.231: %CAPWAP-3-EVENTLOG: Sending Join Request Path MTU payload, Length 1376
*Aug 20 12:04:58.231: %CAPWAP-5-SENDJOIN: sending Join Request to 172.17.233.1
*Aug 20 12:04:58.235: %DTLS-5-ALERT: Received WARNING : Close notify alert from 172.17.233.1
*Aug 20 12:04:58.235: %CAPWAP-3-EVENTLOG: Ignoring callback message Close alert received..
*Aug 20 12:04:58.235: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
Thanks!!!
Regards,
Vinay
08-20-2019 10:12 PM
Team,
This is bit urgent we are in a implementation phase, can someone please address this query ASAP.
Regards,
Vinay
08-21-2019 03:49 AM
08-21-2019 06:46 AM
The running version on cat9k is 16.10.1e and we have installed the below WLC package as well.
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 64 C9300-48U 16.10.1e CAT9K_IOSXE INSTALL
Active PKG Information:
State (St): C - Committed, U - Uncommitted
--------------------------------------------------------------------------------
Type Package_Type Version St Filename
--------------------------------------------------------------------------------
PKG C9800-Wireless 16.10.1e. C C9800-SW-iosxe-wlc.16.10.01e.SPA.bin
--------------------------------------------------------------------------------
08-21-2019 04:14 AM
Are you running SDA or NonSDA network ?
you can only deploy 9800 wireless package on 9300 for SDA deployment, refer to Datasheet for more info.
You will need DNA advantage minimum to run this feature.
08-21-2019 06:48 AM
This is a SDA network and we have already installed the 9800 Wireless package on cat 9300 switch.
We too have DNA advantage license available in cat9k.
08-21-2019 07:35 AM
Can you try enabling jumbo frames, or manually set the MTU to 1562, I saw an MTU log in your initial response.
08-21-2019 09:19 PM
I have tried the same but its not working and also one thing to highlight here that Netconf is showing as Failure in Cisco DNAC GUI but however we are able to login to netconf through maglev with port number 830.
08-21-2019 10:29 PM
There have been some odd Netconf issues with the 9800 and 9300 recently (CSCvn64192). You might have to enable:
aaa authorization exec default local
And rediscover the switch.
See here for more details.
08-21-2019 11:24 PM
I have enabled the same command in switch by still Netconf is showing as Failure in GUI. I have also upgraded my switch and WLC package to 16.11.01.c version.
Below are the commands which is already present in switch:
aaa new-model
aaa authorization exec default local
aaa session-id common
08-21-2019 11:58 PM
You definitely need Netconf to show as "green" during a Discovery for Cisco DNA Center to be able to configure everything else properly.
I suggest disabling Netconf on the switch "no netconf ssh" "no netconf-yang" and letting DNA Center enable it to see if that helps. Then run a Discovery again and see what happens.
If that doesn't work, I would remove the cert and let the "netconf-yang" process create it.
As I mentioned, there have been a few weird issues with Netconf in IOS-XE recently. CSCvo82246 may also be related.
08-22-2019 05:15 AM
Thank you for your response.
Netconf is showing as GREEN now in GUI. However AP are still not getting registered to the Embedded WLC.
08-23-2019 02:36 AM
At this point, I'd do a resync and reprovision of the 9300 and then see if that helps, now that Netconf is properly enabled. Keep an eye out for any errors during these two steps.
If that doesn't help, I'd suggest a TAC case.
03-10-2020 05:23 PM
Hello Kommineni,
Did you get this work ?
I am facing the same issue, AP has an IP Address with option 43 towards the WLC/Border IP address but never registers...
Thank you,
Léo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide