Solved: Re: AP AIR-CAP3502I-N-K9 is not joining wlc (8.3.143) after giving dhcp option 43 on switch although...

CSCO11844255 · ‎07-17-2019

SW configuration-

ip dhcp pool AP_Pool
network 172.16.64.0 255.255.255.0
default-router 172.16.64.1
option 43 hex f104.ac10.2068
dns-server 172.16.32.40

interface Vlan64
description AP_Mgmt
ip address 172.16.64.1 255.255.255.0

Logs on AP

*Mar 1 00:00:16.231: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:17.622: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:17.628: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:17.748: loading Power Tables from ram:/Z2.bin. Class = A
*Mar 1 00:00:17.748: record size of 2ss: 404 read_ptr: 274D1B8

*Mar 1 00:00:20.953: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:21.000: loading Power Tables from ram:/Z5.bin. Class = N
*Mar 1 00:00:21.000: record size of 2ss: 404 read_ptr: 274D1B8

*Mar 1 00:00:21.026: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar 1 00:00:21.029: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Jul 14 10:15:16.091: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.3(3)JD16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 05-Jun-18 01:49 by prod_rel_team
*Jul 14 10:15:16.091: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Jul 14 10:15:16.220: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Jul 14 10:15:16.223: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Jul 14 10:15:16.226: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Jul 14 10:15:16.226: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Jul 14 10:15:16.251: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 14 10:15:16.254: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 14 10:15:16.257: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface resetlwapp_crypto_init: MIC Present and Parsed Successfully

*Jul 14 10:15:17.157: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Jul 14 10:15:25.276: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.64.139, mask 255.255.255.0, hostname AP44d3.ca59.7b25

*Jul 14 10:15:33.600: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Jul 14 10:15:33.622: Using SHA-1 signed certificate for image signing validation.%Default route without gateway, if not a point-to-point interface, may impact performance
*Jul 14 10:15:39.325: AP image integrity check PASSED

*Jul 14 10:15:39.379: Non-recovery image. PNP Not required.

*Jul 14 10:15:39.394: validate_sha2_block:No SHA2 Block present on this AP.

*Jul 14 10:15:39.426: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 14 10:15:39.426: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
%Error opening flash:/capwap-saved-config (No such file or directory)
%Error opening flash:/capwap-saved-config-bak (No such file or directory)
*Jul 14 10:15:49.451: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Jul 14 10:15:50.452: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.32.40)
*Jul 14 10:16:00.468: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.32.104 obtained through DHCP
*Jul 14 10:16:08.146: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 14 10:16:08.146: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 14 10:16:08.146: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Jul 14 10:16:09.238: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 14 10:16:10.238: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 14 10:16:10.333: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 14 10:16:11.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Jul 14 10:17:08.528: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
Not in Bound state.
*Jul 14 10:17:13.986: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Jul 14 10:17:24.182: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.64.140, mask 255.255.255.0, hostname AP44d3.ca59.7b25

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.32.40)
*Jul 14 10:17:34.987: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.32.104 obtained through DHCP

Not in Bound state.
*Jul 14 10:18:28.502: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Jul 14 10:18:38.694: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.64.141, mask 255.255.255.0, hostname AP44d3.ca59.7b25

Logs on WLC:

Nothing I am getting expect these logs after enabling both packet and event debug -

(Cisco Controller) >*osapiBsnTimer: Jul 18 00:50:28.129: Same gateway prevails
*osapiBsnTimer: Jul 18 00:50:38.305: Same gateway prevails
*osapiBsnTimer: Jul 18 00:50:48.545: Same gateway prevails
*osapiBsnTimer: Jul 18 00:50:58.771: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:09.021: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:19.131: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:29.397: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:39.555: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:49.769: Same gateway prevails
*osapiBsnTimer: Jul 18 00:51:59.943: Same gateway prevails

CSCO11844255 · ‎07-20-2019

Hi Leo & All,

Thanks for your all reply. I did a very silly mistake. I did not enable routing on my Physical switch thats the reason why my AP was not abler to communicate with WLC. After making that change everything is working fine.
Thanks for your time and sharing your all stuff.

Regards,
Sumit Singh

View solution in original post

CSCO11844255 · ‎07-17-2019

Any Clue?? need expert advice please

Daniel Ordóñez Flores · ‎07-17-2019

Hi @CSCO11844255

can you Ping 172.16.32.104 from vlan 64?

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

CSCO11844255 · ‎07-17-2019

yes, I can

SW1#ping 172.16.32.104 source vlan 64

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.32.104, timeout is 2 seconds:
Packet sent with a source address of 172.16.64.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
SW1#

CSCO11844255 · ‎07-17-2019

But I am not able to ping WLC from AP and vice versa.

Leo Laohoo · ‎07-18-2019

@CSCO11844255 wrote:

*Jul 14 10:17:13.986: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.

DHCP Option 43 is either not configured or configured incorrectly.

What happens if the command is entered on the AP: capwap ap primary-base <WLC name> <WLC ip address>

CSCO11844255 · ‎07-18-2019

neither of them work I have tried all option.

Regarding the DHCP option 43 ..it is correctly defined under the pool for Vlan 64 as shared in the configuration

Leo Laohoo · ‎07-18-2019

So if the AP can connect to the WLC when it's on the same subnet but stops working when its on a different subnet then it all points to a FW issue.

CSCO11844255 · ‎07-18-2019

There is no any firewall in between the welcome and AP

Leo Laohoo · ‎07-18-2019

Exactly how many controllers do you have?
Look at the logs from the AP. The time and date are wrong.
Look at the logs from the WLC. The time and date are correct.
APs don't "retain" time and date. The AP has attempted to join a controller and was handed the wrong time and date.
Post the complete output to the following commands:
1. WLC: sh sysinfo;
2. WLC: sh time; and
3. AP: sh version

CSCO11844255 · ‎07-18-2019

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.2.170.0
RTOS Version..................................... 8.2.170.0
Bootloader Version............................... 8.3.15.96
Emergency Image Version.......................... 8.3.143.0

Build Type....................................... DATA + WPS

System Name...................................... WLC1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 172.16.32.104
IPv6 Address..................................... ::
System Up Time................................... 0 days 1 hrs 21 mins 39 secs
System Timezone Location......................... (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... IN - India

--More-- or (q)uit

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 50:00:00:01:00:01
Maximum number of APs supported.................. 200
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1
Licensing Type................................... RTU
vWLC config...................................... Small

(Cisco Controller) >
(Cisco Controller) >show time

Time............................................. Thu Jul 18 22:04:49 2019

Timezone delta................................... 0:0
Timezone location................................ (GMT +5:30) Colombo, New Delhi, Chennai, Kolkata

NTP Servers
NTP Polling Interval......................... 3600

Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ----------------------------------------------------------------------------------------------
1 1 172.16.32.1 Not Synched AUTH SUCCESS

(Cisco Controller) >show interface

Incorrect usage. Use the '?' or <TAB> key to list commands.

(Cisco Controller) >show interface summary

Number of Interfaces.......................... 3

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 1 32 172.16.32.104 Static Yes N/A
service-port N/A N/A 192.168.10.104 Static No N/A
virtual N/A N/A 1.1.1.1 Static No N/A

(Cisco Controller) >
(Cisco Controller) >

AP44d3.ca59.7b25#show ver
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.3(3)JC15, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Thu 07-Jun-18 16:12 by prod_rel_team

ROM: Bootstrap program is C3500 boot loader
BOOTLDR: C3500 Boot Loader (AP3G1-BOOT-M), Version 15.3 [vtoky-imagetype 106]

AP44d3.ca59.7b25 uptime is 15 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g1-k9w8-mx.153-3.JC15/ap3g1-k9w8-xx.153-3.JC15"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3502I-N-K9 (PowerPC460exr) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FGL1530S3D4
PowerPC460exr CPU at 666Mhz, revision number 0x18A8
Last reset from power-on
LWAPP image version 8.2.170.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 44:D3:CA:59:7B:25
Part Number : 73-12175-05
PCB Serial Number : FOC15292ASA
Top Assembly Part Number : 800-32891-01
Top Assembly Serial Number : FGL1530S3D4
Top Revision Number : A0
Product/Model Number : AIR-CAP3502I-N-K9

Configuration register is 0xF

Daniel Ordóñez Flores · ‎07-18-2019

Hi again @CSCO11844255

I'm not tottale sure but I did a quick look for your AP and your country code domain -N and I can't find your model of AP and the regulatory domain, not sure if your APs in local site are -N too. Try this... Add a new country code, you can try whit USA or MX and check whats going on.

If you want to do by yourself the serch I leave the link right here

https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"

**Please rate the answer if this information was useful***

**Por favor si la información fue util marca esta respuesta como correcta**

*Tu reconocimiento nos alienta a seguir participando en los foros *

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

CSCO11844255 · ‎07-18-2019

Hi, Thnaks for your reply. It did not work after adding the said countries as well.

My concern is that why the AP start joining WLC if I put them in vlan 32 but when I put them in Vlan 64 which is the different vlan from the controller management subnet- (Vlan 32) it stopped AP to join. Do i need to configure vlan 64 on thw WLC as well ??
AP can see the controller through DHCP option 43 but can't reach out to him. seems like complete path is not establishing.

Daniel Ordóñez Flores · ‎07-18-2019

Hi @CSCO11844255

sorry heard that. About your question the answer is not, you don't need to have a interface with vlan 64, just need to be reachable. I have similar deployment and I use DHCP 43. So, just try this.. add a ip helper address in your vlan 64 with the WLC ip address and check.

I did in my network check this out

interface GigabitEthernet0/0/1.13

description Wireless NEW

encapsulation dot1Q 13

ip address 172.17.1.254 255.255.255.0

ip helper-address 10.100.254.100

end

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"

**Please rate the answer if this information was useful***

**Por favor si la información fue util marca esta respuesta como correcta**

*Tu reconocimiento nos alienta a seguir participando en los foros *

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

CSCO11844255 · ‎07-19-2019

Can I give you remote of my laptop through team-viewer ..it is my lab setup. nothing is secure... my mail is searchtosumit@gmail.com

AP AIR-CAP3502I-N-K9 is not joining wlc (8.3.143) after giving dhcp option 43 on switch although it was working when AP are in the same subnet.. Please help me