09-08-2019 04:10 PM - edited 07-05-2021 10:57 AM
Hi,
Because of some vWLC limitations I decided to test 9800-CL (16.11.1c) and after initial configuration I am stuck with AP not joining the controller. I followed all guides I could find and all discussions here I could find but nothing worked so far. Also tried to factory reset the AP with MODE button and clearing AP with following command:
delete flash:private-multiple-fs clear capwap private-multiple-fs
As I want to migrate AP from vWLC to 9800 before factory resetting the AP I also tried to disable SSC and set authentication token on AP (through vWLC) and also on the 9800 side. That didn't work either.
Initial configuration completed:
- access (passwords, SSH, etc.)
- interfaces
- AP country
- wireless management interface
- wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 <pwd>
AP (DHCP - 192.168.1.8):
*Sep 8 21:31:35.003: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg *Sep 8 21:31:35.015: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg *Sep 8 21:31:45.015: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS. *Sep 8 21:31:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.151 peer_port: 5246 *Sep 8 21:31:45.000: DTLS_CLIENT_EVENT: dtls_connectionDB_add_connection: Added Connection 0x57FC158 Server 192.168.1.151:147E, Client 192.168.1.8:2531 *Sep 8 21:31:45.000: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing... *Sep 8 21:31:45.000: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: dtls_process_HelloVerifyRequest: cookie_len = 20 *Sep 8 21:31:45.003: DTLS_CLIENT_EVENT: dtls_process_ServerHello: Processing... *Sep 8 21:31:45.003: DTLS_CLIENT_EVENT: dtls_connection_set_cipher: Setting cipher to TLS_RSA_WITH_AES_128_CBC_SHA *Sep 8 21:31:45.003: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.003: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.003: DTLS_CLIENT_EVENT: dtls_process_Certificate: Processing... *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: wtpDtlsCallback: Certificate verified ok! *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: dtls_process_CertificateRequest: Processingt... *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: dtls_process_ServerHelloDone: Processing... *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: wtpDtlsCallback: Certificate installed for PKI based authentication. *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: dtls_send_Certificate: Sending 1 certificates *Sep 8 21:31:45.023: DTLS_CLIENT_EVENT: dtls_handshake_fragment_and_send: Re-aligning the last fragmenti by 1 *Sep 8 21:31:45.219: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.219: DTLS_CLIENT_EVENT: dtls_prf: Called... *Sep 8 21:31:45.219: DTLS_CLIENT_EVENT: dtls_prf: Called... *Sep 8 21:31:45.219: DTLS_CLIENT_EVENT: dtls_prf: Called... *Sep 8 21:31:45.219: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_process_Finished: Processing... *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_prf: Called... *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session: DTLS connection database is initialized *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: dtls_connection_established: Connection established! *Sep 8 21:31:45.231: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.151 peer_port: 5246 *Sep 8 21:31:45.231: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.151 *Sep 8 21:31:45.231: DTLS_CLIENT_EVENT: wtpDtlsCallback: DTLS-Ctrl Connection 0x57FC158 established *Sep 8 21:31:50.231: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.151
9800-CL (static - 192.168.1.151):
Sep 8 21:31:45.592: %CAPWAPAC_SMGR_TRACE_MESSAGE-3-EWLC_GEN_ERR: Chassis 1 R0/0: wncd: Error in Session-IP:192.168.1.8[9521] CAPWAP DTLS session closed for AP, cause: DTLS handshake error
2019/09/08 21:05:55.067 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping 2019/09/08 21:05:55.067 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping 2019/09/08 21:05:55.067 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping 2019/09/08 21:05:55.084 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.097 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Request received 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c IP:192.168.1.8[9521], Discovery Response sent 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [ewlc-infra-evq] [23098]: (debug): instance :0 port:11585MAC: 4b39.0001.000b 2019/09/08 21:05:55.098 {wncmgrd_R0-0}{1}: [capwapac-srvr] [23098]: (info): MAC: 80e0.1d92.530c Source IP:192.168.1.8[9521], Discovery handling completed for AP. 2019/09/08 21:06:05.082 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.082 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS client hello 2019/09/08 21:06:05.083 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.083 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS client hello 2019/09/08 21:06:05.083 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.083 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS client hello 2019/09/08 21:06:05.084 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.084 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS client hello 2019/09/08 21:06:05.085 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): IPv4: 192.168.1.8Failed to Process DTLS Hello message from loadbalancer server 2019/09/08 21:06:05.085 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): IPv4: 192.168.1.8Failed to Process DTLS Hello message from loadbalancer server 2019/09/08 21:06:05.303 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.303 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.303 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 0, unknown type 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 0, unknown type 2019/09/08 21:06:05.304 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.305 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.305 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.305 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 0, unknown type 2019/09/08 21:06:05.305 {wncd_x_R0-0}{1}: [ewlc-infra-evq] [23645]: (info): DTLS record type: 22, handshake 2019/09/08 21:06:05.308 {wncd_x_R0-0}{1}: [ewlc-dtls-sessmgr] [23645]: (info): Remote Host: 192.168.1.8[9521] Completed cert verification, status:CERT_VALIDATE_SUCCESS 2019/09/08 21:06:05.314 {wncd_x_R0-0}{1}: [capwapac-smgr-sess-fsm] [23645]: (info): Session-IP: 192.168.1.8[9521] Mac: Close CAPWAP DTLS session. 2019/09/08 21:06:05.314 {wncd_x_R0-0}{1}: [capwapac-smgr-sess-fsm] [23645]: (note): Session-IP: 192.168.1.8[9521] Mac: Last Control Packet information not available.AP terminated in DTLS phase. 2019/09/08 21:06:05.314 {wncd_x_R0-0}{1}: [capwapac-smgr-sess-fsm] [23645]: (note): Session-IP: 192.168.1.8[9521] Mac: Last Data Keep Alive Packet information not available.Data session was not established 2019/09/08 21:06:05.314 {wncd_x_R0-0}{1}: [apmgr-db] [23645]: (ERR): 80e0.1d92.530c Mismatch in session handles.Record already deleted and recreated 2019/09/08 21:06:10.312 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping 2019/09/08 21:06:10.312 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping 2019/09/08 21:06:10.312 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [23645]: (ERR): Unknown message type from load balancer, dropping
Thanks,
Mikolaj
09-08-2019 11:20 PM
please try this command on AP:
clear capwap ap all-config
Regards
Dont forget to rate helpful posts
09-08-2019 11:28 PM
Hi Sandeep,
Does the AP need to be in specific mode for that? I have it currently registered to vWLC and I have this:
When I was trying previously with recovery mode (MODE button) I had "clear capwap ap" command available but "all-config" was not there. There were only "clear capwap ap controller", "clear capwap ap ip" but not "clear capwap ap all-config".
09-09-2019 12:17 AM
first run this command:
debug capwap console cli
Regards
Dont forget to rate helpful posts
09-09-2019 05:43 AM
These two commands are not available now when the AP is registered to vWLC. Does it need to be factory reset? When I did the factory reset with MODE button for the last time I did not see "clear capwap ap all-config" there either.
09-09-2019 06:29 AM
you need to copy and paste the command on AP console.(Its a hidden command)
debug capwap console cli
without this command you cant go in config mode.
Regards
Dont forget to rate helpful posts
09-09-2019 06:38 PM - edited 09-09-2019 06:44 PM
That command worked after using "debug capwap console cli" but it did not solve the issue. I am still having the same "DTLS handshake" error on the controller side.
09-09-2019 07:12 PM
Try whit "erase /all nvram: " and reload the AP
09-10-2019 08:39 AM - edited 09-10-2019 08:40 AM
So that wasn't really an AP or WLC configuration issue. Below commands were doing what they were supposed to.
debug capwap console cli clear capwap ap all-config erase /all nvram:
The reason for getting "DTLS handshake" error was because I misconfigured the interfaces and put all of them into single port group on ESXi side. Once changing it AP instantly registered to the WLC.
Thanks everyone for your assistance.
12-25-2019 09:27 AM - edited 12-25-2019 09:55 AM
I'm noticing the same issue with a 9800-CL on ESXi...but I've verified that my interfaces are in different port groups.
Also, I've shut Gig1 on my 9800-CL. Only using Gig2, and have it configured as a trunk.
Thanks
12-25-2019 09:58 AM
I replied too soon - the command:
clear capwap ap all-config
Fixed the issue for me.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide