cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
449
Views
15
Helpful
14
Replies
Highlighted
Beginner

AP don't join to controller

Hi Guys,

 

I would like to made a little change and I should move some AP from the production wlc to the temporary wlc.

 

Production wlc runs 8.3.143.0, temp wlc runs 8.5.140.0, ap manager interfaces is in the same subnet. After I prepared temp wlc for that type of AP (image bundle was needed), I configured AP to join to another wlc, and made a reset. Capwap process started, but the AP cannot join to wlc, and I didn't understand why. (APs got bad IP address from option 43, I know it)

 

AP log:

*Mar  1 00:00:53.267: Currently running a Release Image

*Mar  1 00:00:53.363: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:01:03.983: AP image integrity check PASSED

*Mar  1 00:01:03.991: Non-recovery image. PNP Not required.

*Mar  1 00:01:04.079: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

*Mar  1 00:01:04.103: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:04.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resetcreating PnP template view

*Mar  1 00:01:14.127: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:01:14.135: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Mar  1 00:01:15.307: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.21.250.177, mask 255.255.255.128, hostname b2-test-ap

*Mar  1 00:01:25.139: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.5 obtained through DHCP
*Mar  1 00:01:25.139: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.20 obtained through DHCP
*Mar  1 00:01:37.207: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 24 21:18:10.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:18:10.415: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:18:10.415: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 24 21:18:10.427: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 24 21:18:16.019: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 24 21:18:16.019: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 24 21:18:16.019: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Jul 24 21:18:29.947: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:18:30.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:18:31.227: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:18:32.227: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 24 21:18:58.487: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.21.250.133:5246
*Jul 24 21:18:58.487: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface is getting down
*Jul 24 21:18:58.487: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface is getting down
*Jul 24 21:18:58.567: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Jul 24 21:18:58.567: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Jul 24 21:18:58.591: capwap_image_proc: problem extracting tar file
*Jul 24 21:18:58.595: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jul 24 21:18:58.595: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jul 24 21:18:58.595: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 24 21:18:58.599: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:18:58.611: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 24 21:18:58.651: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:18:59.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 24 21:18:59.627: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jul 24 21:18:59.635: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 24 21:19:00.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:19:00.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 24 21:19:00.663: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:19:00.671: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jul 24 21:19:00.679: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 24 21:19:01.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 24 21:19:01.671: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 24 21:19:01.703: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:19:02.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:19:08.719: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 24 21:19:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:19:09.415: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:19:09.415: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 24 21:19:09.427: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.

WLC log:

*spamApTask4: Jul 24 23:18:28.737: %CAPWAP-3-DTLS_CLOSED_ERR: capwap_ac_sm.c:7095 00:6c:bc:c2:01:f0:  DTLS connection closed forAP  172:21:250:177 (18227), Controller: 172:21:250:133 (5246) AP Message Timeout
*spamApTask4: Jul 24 23:18:28.737: %CAPWAP-3-MAX_RETRANSMISSIONS_REACHED: capwap_ac_sm.c:7642 Max retransmissions reached on AP(00:6c:bc:c2:01:f0),message (CAPWAP_IMAGE_DATA_REQUEST
),number of pending messages(1)

After I enabled some debug capwap commands on wlc, I see the wlc try to send ap image to the AP.

Debug outputs from wlc a couple of hours ago, it's the same AP:

*spamApTask6: Jul 24 18:06:30.915: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 packet received of length 24 from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Msg Type = 16 Capwap state = 10

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Image data resp: Total msgEleLen = 0 

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Image Data message element len = 1331

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Sending encrypted packet to AP 172.21.250.176(18226) 

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Releasing WTP
*spamApTask6: Jul 24 18:06:30.929: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 packet received of length 24 from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Msg Type = 16 Capwap state = 10

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Image data resp: Total msgEleLen = 0 

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Image Data message element len = 1331

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Sending encrypted packet to AP 172.21.250.176(18226) 

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Releasing WTP
*spamApTask6: Jul 24 18:06:30.948: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

What can I do/check to make it work? I can't reboot wlc or configure any other APs on any wlc because it is a factory, and wireless is mission critical.

 

Clock and images are OK on temp wlc:

(Cisco Controller) >show ap bundle primary


Primary Version : 8.5.140.0


AP Supplement Bundle : Installed

Primary AP Image        Size            Supported AP's
----------------        ----            ------------
ap1g1                   13192           AP700
ap1g2                   13652           AP1600
ap1g3                   15380           AP1530
ap1g4                   25784           AP1850/1810
ap1g5                   22208           AP1815,1540
ap3g1                   10168           AP3500
ap3g2                   15380           AP2600,3600
ap3g3                   39336           AP2800,3800,1560
ap801                   8468            AP802
ap802                   9968            AP802
c1550                   10928           AP1550(128MB)
c1570                   13052           AP1570
c3700                   14372           AP1700,2700,3700

--More-- or (q)uit

(Cisco Controller) >show boot
Primary Boot Image............................... 8.5.140.0 (default)
Backup Boot Image................................ 8.3.143.0

(Cisco Controller) >

Thanks!

 

 

 

 

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: AP don't join to controller

did you upload the AP bundle image on WLC ?

Did you reboot the WLC after upgrade ?

 

Regards

Dont forget to rate helpful posts

14 REPLIES 14
VIP Mentor

Re: AP don't join to controller

which WLC/APs are you using..

 

paste the output of these commands:

 

sh sysinfo from WLC

sh version from AP whcih is not joining to Temporary WLC

complete boot-up process from AP console.

 

Regards

Dont forget to arte helpful posts

Beginner

Re: AP don't join to controller

Production WLC: 5508

Temp WLC: 2504

AP which I used for testing: CAP1602

 

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Build Info....................................... Engineering Special
Product Version.................................. 8.5.140.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 20.0


OUI File Last Update Time........................ Sun Sep 07 10:44:07 IST 2014


Build Type....................................... DATA + WPS

System Name...................................... CiscoWLC2504
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 172.21.250.133
IPv6 Address..................................... ::
Last Reset....................................... Power on reset
System Up Time................................... 42 days 22 hrs 57 mins 57 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... HU  - Hungary
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +25 C
External Temperature............................. +29 C
Fan Status....................................... 3200 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 6
Number of Active Clients......................... 70

OUI Classification Failure Count................. 28760

Memory Current Usage............................. 42
Memory Average Usage............................. 42
CPU Current Usage................................ 0
CPU Average Usage................................ 0

Flash Type....................................... Compact Flash Card
Flash Size....................................... 1073741824

Burned-in MAC Address............................ 00:A2:89:B9:B2:60
Maximum number of APs supported.................. 75
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1/SHA2

(Cisco Controller) >
(Cisco Controller) >show ap summary

Number of APs.................................... 19

Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

AP Name                         Slots  AP Model              Ethernet MAC       Location              Country     IP Address       Clients  DSE Location
------------------------------  -----  --------------------  -----------------  --------------------  ----------  ---------------  -------  --------------
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:16:b4:a8                        HU          172.21.250.235   11       [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:20:2a:d6                        HU          172.21.250.230   1        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       74:88:bb:39:bc:f4                        HU          172.21.250.231   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       74:88:bb:fd:dc:64                        HU          172.21.250.222   2        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       6c:8b:d3:20:16:ee                        HU          172.21.250.226   1        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       6c:8b:d3:3f:79:de                        HU          172.21.250.245   1        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       6c:8b:d3:16:a2:18                        HU          172.21.250.244   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       74:88:bb:68:bc:fe                        HU          172.21.250.247   6        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       08:ec:f5:88:a3:9c                        HU          172.21.250.241   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       6c:8b:d3:20:16:de                        HU          172.21.250.234   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       74:88:bb:36:31:38                        HU          172.21.250.248   2        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:3f:8e:30                        HU          172.21.250.240   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:62:89:e0                        HU          172.21.250.239   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:87:43:de                        HU          172.21.250.237   0        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       74:88:bb:39:bd:a2                        HU          172.21.250.246   25       [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:87:44:ea                        HU          172.21.250.243   13       [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802I-E-K9       6c:8b:d3:16:b5:26                        HU          172.21.250.220   2        [0 ,0 ,0 ]
IT0xxxx                         2      AIR-AP2802E-E-K9       6c:8b:d3:3f:7a:28                        HU          172.21.250.221   1        [0 ,0 ,0 ]
b2-test-ap                      2      AIR-CAP1602E-E-K9      00:3a:7d:d4:73:1f                                    172.21.250.184   0        [0 ,0 ,0 ]
b2-test-ap#show version
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.3(3)JD16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 05-Jun-18 00:54 by prod_rel_team

ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)

b2-test-ap uptime is 3 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.153-3.JD16/ap1g2-k9w8-xx.153-3.JD16"
Last reload reason:



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP1602E-E-K9 (PowerPC) processor (revision B0) with 187386K/74672K bytes of memory.
Processor board ID FGL2019X56G
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.3.143.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:3A:7D:D4:73:1F
Part Number                          : 73-14508-04
PCB Serial Number                    : xxxxxxxxxxx
Top Assembly Part Number             : 800-38553-03
Top Assembly Serial Number           : xxxxxxxxxxx
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602E-E-K9



Configuration register is 0xF

b2-test-ap#

I cannot have phisycal access for devices, it is a remote site. I can collect sh log from AP:

b2-test-ap#sh log
Syslog logging: enabled (0 messages dropped, 4 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: level debugging, 81 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 85 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled
    Trap logging: level emergencies, 0 message lines logged
        Logging to 255.255.255.255  (udp port 514, audit disabled,
              link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:

Log Buffer (1048576 bytes):

*Mar  1 00:00:14.515: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar  1 00:00:15.511: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (1-8)
*Mar  1 00:00:15.511: Registering HW DTLS

*Mar  1 00:00:17.811: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:19.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:22.643: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar  1 00:00:22.787: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JD16/S2.bin. Class = E
*Mar  1 00:00:22.787:  record size of 3ss: 1168 read_ptr: 37F1A56

*Mar  1 00:00:29.075: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar  1 00:00:29.151: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JD16/S5.bin. Class = E
*Mar  1 00:00:29.151:  record size of 3ss: 1168 read_ptr: 37F1A56
APAVC Registering AVC licences on the AP to make sure we enable advanced PP
APAVC Protocol list already initialized.

*Mar  1 00:00:31.883: Start STILE Activation
APAVC: Succeeded to activate all the STILE protocols.
APAVC: Registering with CFT

*Mar  1 00:00:32.215: APAVC: CFT registration of delete callback succeeded
APAVC: Reattaching  Original Buffer pool for system use

*Mar  1 00:00:35.531: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Mar  1 00:00:35.531: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Mar  1 00:00:35.547: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.3(3)JD16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 05-Jun-18 00:54 by prod_rel_team
*Mar  1 00:00:35.547: %SNMP-5-COLDSTART: SNMP agent on host b2-test-ap is undergoing a cold start
*Mar  1 00:00:36.883: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Mar  1 00:00:37.515: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:37.515: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:37.515: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Mar  1 00:00:37.755: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:41.203: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar  1 00:00:48.147: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.21.250.184, mask 255.255.255.128, hostname b2-test-ap

*Mar  1 00:00:53.311: Currently running a Release Image

*Mar  1 00:00:53.403: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:01:01.855: AP image integrity check PASSED

*Mar  1 00:01:01.863: Non-recovery image. PNP Not required.

*Mar  1 00:01:01.951: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

*Mar  1 00:01:01.975: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:01.975: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resetcreating PnP template view

*Mar  1 00:01:11.999: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:01:12.007: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Mar  1 00:01:23.015: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.5 obtained through DHCP
*Mar  1 00:01:23.015: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.20 obtained through DHCP
*Mar  1 00:01:35.083: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 25 06:35:54.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 06:35:54.403: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 06:35:54.403: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 25 06:35:54.415: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 25 06:35:59.407: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 25 06:35:59.407: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 25 06:35:59.407: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Jul 25 06:36:12.863: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 06:36:13.863: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 06:36:14.143: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 06:36:15.143: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 25 06:36:42.419: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.21.250.133:5246
*Jul 25 06:36:42.419: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface is getting down
*Jul 25 06:36:42.419: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface is getting down
*Jul 25 06:36:42.499: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Jul 25 06:36:42.503: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Jul 25 06:36:42.523: capwap_image_proc: problem extracting tar file
*Jul 25 06:36:42.527: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jul 25 06:36:42.527: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jul 25 06:36:42.527: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 25 06:36:42.531: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 06:36:42.539: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 25 06:36:42.579: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 06:36:43.531: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 25 06:36:43.563: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jul 25 06:36:43.571: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 25 06:36:44.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 06:36:44.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 25 06:36:44.599: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 06:36:44.607: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jul 25 06:36:44.615: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 25 06:36:45.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 25 06:36:45.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 25 06:36:45.639: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 06:36:46.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 06:36:52.647: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 25 06:36:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 06:36:52.403: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 06:36:52.403: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 25 06:36:52.415: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
b2-test-ap#Connection to 172.21.250.184 closed by remote host.

Our main goal to make a software upgrade on production wlc in a maintenance window that supports new (type 2802) APs and old (type 1602) APs too. Temp wlc is used for new types only till the success upgrade.

Hall of Fame Community Legend

Re: AP don't join to controller

Post the WLC command "sh license".
Beginner

Re: AP don't join to controller

(Cisco Controller) >show license summary

License Store: Primary License Storage
StoreIndex:  0 Feature: base                              Version: 1.0
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
License Store: Primary License Storage
StoreIndex:  0 Feature: base-ap-count                     Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        License Count: 25 / 25 (Active/In-use)
        License Priority: Medium
License Store: Evaluation License Storage
StoreIndex:  1 Feature: base-ap-count                     Version: 1.0
        License Type: Evaluation
        License State: Inactive
            Evaluation total period: 12 weeks 6 days
            Evaluation period left: 12 weeks 6 days
        License Count: 75 / 0 (Active/In-use)
        License Priority: None


(Cisco Controller) >show license capacity


Licensed Feature    Max Count         Current Count     Remaining Count
-----------------------------------------------------------------------
AP Count            25                18                7

(Cisco Controller) >
Hall of Fame Community Legend

Re: AP don't join to controller

Remote into the AP and post the output to the command "dir".
Beginner

Re: AP don't join to controller

b2-test-ap#dir
Directory of flash:/

    2  -rwx         146  Jul 24 2019 15:58:56 +00:00  capwap-saved-config
    3  -rwx       73801  Jul 25 2019 07:49:37 +00:00  event.log
   18  drwx         512   Mar 1 1993 00:04:12 +00:00  ap1g2-rcvk9w8-mx
    4  -rwx           0   Mar 1 1993 00:00:34 +00:00  config.txt
   12  drwx          64  Jul 25 2019 07:52:12 +00:00  update
   51  drwx           0   Mar 1 1993 00:01:28 +00:00  configs
   53  -rwx          64  Jul 24 2019 15:22:36 +00:00  sensord_CSPRNG0
   54  -rwx        7192   Mar 1 1993 00:01:33 +00:00  private-multiple-fs
   55  -rwx         236  Jul 25 2019 07:51:55 +00:00  env_vars

31808000 bytes total (24742400 bytes free)
b2-test-ap#

 

b2-test-ap#dir flash:ap1g2-rcvk9w8-mx
Directory of flash:/ap1g2-rcvk9w8-mx/

   19  -rwx      123464   Mar 1 1993 00:02:49 +00:00  ap1g2-rcvk9w8-mx
   20  -rwx     6849640   Mar 1 1993 00:04:11 +00:00  ap1g2-rcvk9w8-xx
   21  -rwx         274   Mar 1 1993 00:04:11 +00:00  info
   22  -rwx         292   Mar 1 1993 00:04:11 +00:00  file_hashes
   23  -rwx         141   Mar 1 1993 00:04:11 +00:00  final_hash
   24  -rwx         513   Mar 1 1993 00:04:11 +00:00  final_hash.sig
   25  -rwx        1375   Mar 1 1993 00:04:12 +00:00  img_sign_rel.cert
   26  -rwx        1371   Mar 1 1993 00:04:12 +00:00  img_sign_rel_sha2.cert

31808000 bytes total (22869504 bytes free)
b2-test-ap#

 

Hall of Fame Community Legend

Re: AP don't join to controller

System image file is "flash:/ap1g2-k9w8-mx.153-3.JD16/ap1g2-k9w8-xx.153-3.JD16"

That's an incorrect output.  In your previous post, I can see the AP booting a CAPWAP image.  But with the "dir" output, the CAPWAP directory is missing.

Beginner

Re: AP don't join to controller

I see. This AP works great on production wlc before I move it to the temp wlc (new wlc IP address was added to the AP)

 

Old (=Production) WLC and temp WLC IPs seen in the AP config.

Production WLC: 172.21.250.132

Temp WLC: 172.21.250.133 (we use ap policy here for 2802s and for test AP)

b2-test-ap#sh capwap client config
configMagicMark         0xF1E2D3C4
chkSumV2                57090
chkSumV1                18252
swVer                   8.3.143.0
adminState              ADMIN_ENABLED(1)
name                    b2-test-ap
location                
group name              dummy-group
mwarName                CiscoWLC2504
mwarIPAddress           172.21.250.133
mwarName
mwarIPAddress           0.0.0.0
mwarName
mwarIPAddress           0.0.0.0
ssh status              Enabled
ssh config mode         SPECIFIC
Telnet status           Enabled
telnet config mode      SPECIFIC
numOfSlots              2
spamRebootOnAssert      1
spamStatTimer           180
randSeed                0x6CEA
transport               SPAM_TRANSPORT_L3(2)
transportCfg            SPAM_TRANSPORT_DEFAULT(0)
initialisation          SPAM_PRODUCTION_DISCOVERY(1)
ApMode                  Local
ApSubMode               Not Configured
Link-Encryption         Disabled
Unencrypted Data Keep Alive      Enabled
Mwar DTLS Capability    Disabled
AP Rogue Detection Mode Enabled
OfficeExtend AP         [0] Disabled
OfficeExtend AP JoinMode[0] Standard
Discovery Timer         10 secs
Heart Beat Timer        30 secs
Led State Enabled       1
Primed Interval         0
Syslog server           255.255.255.255
Prefer-mode             IPv4
AP ILP Pre-Standard Switch Support Disabled
AP Power Injector Disabled
Infrastructure MFP validation Disabled
Configured Switch 1 Addr 172.21.250.132
non-occupancy channels:
Ethernet (Duplex/Speed) auto/auto
AUX EthernetPortState   ADMIN_DISABLED
Slot 0
        adminstate              ADMIN_ENABLED(1)
        radioType               RADIO_TYPE_80211bg
        RadioMode               Local
        CleanAirAdminState      Enabled
        countryCode             HU
        countryISOCode          HU
        chanAutoCfg             CONFIG_AUTO
        channel                 1
        channel width           20
        extension channel   none(0)
        txPowerAutoCfg          CONFIG_AUTO
        txPowerLevel            1
        diversitySelection      DIVERSITY_ENABLED
        htRxAntennaSelection    07
        htTxAntennaSelection    07
        beamformCfg             03
        Antenna Mode            ANTENNA_OMNI
        antennaSelection_0      EXTERNAL_ANTENNA
        antennaSelection_1      EXTERNAL_ANTENNA
        antennaSelection_2      EXTERNAL_ANTENNA
        antennaSelection_3      EXTERNAL_ANTENNA
        twiceExtAntennaGain     0
        Profile Mode            CONFIG_AUTO
        Load Profile
         rfBusyThreshold        0
         numClientsThreshold    0
         bytesPerSecThreshold   0
        Interference Profile
         InterferenceThreshold  0
        Noise Profile
         NoiseThreshold         0
        Coverage Profile
         SNRThreshold           0
         ExceptionThreshold     0
         minClientsThreshold    0
         11gSupport             Enabled
        CCX RM Mode             CONFIG_AUTO
         CCX RM Config
         rm state              0
         rm meas interval      0
         rts enabled            0
         rts threshold          2347
         LOMM optimization 0
         LOMM Number of Channels 0
                 channel[0] = 0, channel[1] = 0, channel[2] = 0, channel[3] = 0,
         FMC HS AP Type is 0, Threshhold 0
         ATE Mode: 0
Slot 1
        adminstate              ADMIN_ENABLED(1)
        radioType               RADIO_TYPE_80211a
        RadioMode               Local
        CleanAirAdminState      Enabled
        countryCode             HU
        countryISOCode          HU
        chanAutoCfg             CONFIG_AUTO
        channel                 40
        channel width           20
        extension channel   none(0)
        txPowerAutoCfg          CONFIG_AUTO
        txPowerLevel            1
        diversitySelection      DIVERSITY_ENABLED
        htRxAntennaSelection    07
        htTxAntennaSelection    07
        beamformCfg             03
        Antenna Mode            ANTENNA_OMNI
        antennaSelection_0      EXTERNAL_ANTENNA
        antennaSelection_1      EXTERNAL_ANTENNA
        antennaSelection_2      EXTERNAL_ANTENNA
        antennaSelection_3      EXTERNAL_ANTENNA
        twiceExtAntennaGain     0
        Profile Mode            CONFIG_AUTO
        Load Profile
         rfBusyThreshold        0
         numClientsThreshold    0
         bytesPerSecThreshold   0
        Interference Profile
         InterferenceThreshold  0
        Noise Profile
         NoiseThreshold         0
        Coverage Profile
         SNRThreshold           0
         ExceptionThreshold     0
         minClientsThreshold    0
         11gSupport             Disabled
        CCX RM Mode             CONFIG_AUTO
         CCX RM Config
         rm state              0
         rm meas interval      0
         rts enabled            0
         rts threshold          2347
         LOMM optimization 0
         LOMM Number of Channels 0
                 channel[0] = 0, channel[1] = 0, channel[2] = 0, channel[3] = 0,
         FMC HS AP Type is 0, Threshhold 0
         ATE Mode: 0

 AP failure counters: LinkFailure = 2, SpamReboots = 9, ApCrashes = 0

 AP join priority = 1

 AP lsc enable = 0

 AP lsc reboot cnt = 0

 AP lsc max num of Retry = 3

 Mesh AP lsc enable = 0

 AP retransmit count = 255

 AP retransmit timer = 255

 AP vlan tag status = Disabled

 SSC Controller Hash validation enabled.
 IPv6 Capwap UDP Lite Un-configured
IPv4 Tcp MSS Adjust         :  Disabled

IPv6 TCP MSS Adjust Disabled

b2-test-ap#sh capwap ip config

LWAPP Static IP Configuration
Primary Controller 172.21.250.133

b2-test-ap#

What can I do with it? Factory reset? Or add image manually?

 

I would like to find a good solution because I need to upgrade the production WLC tomorrow which serves around 60 piece of 1602 Access Points, reset all of them is not a good solution.

Hall of Fame Community Legend

Re: AP don't join to controller

I want to see the "dir" output to the AP that isn't joining the controller.
Beginner

Re: AP don't join to controller

I understand what you wrote about system image, but the dir shown this output. (It's weird.)

(Cisco Controller) >show ap summary b2-test-ap

Number of APs.................................... 19

Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured

AP Name                         Slots  AP Model              Ethernet MAC       Location              Country     IP Address       Clients  DSE Location
------------------------------  -----  --------------------  -----------------  --------------------  ----------  ---------------  -------  --------------
b2-test-ap                      2      AIR-CAP1602E-E-K9      00:3a:7d:d4:73:1f                                   172.21.250.182   0        [0 ,0 ,0 ]

(Cisco Controller) >logoConnection closed by foreign host.
xxxx@xxxx:~$ ssh xxxx@172.21.250.182
Password:

b2-test-ap>en
Password:
b2-test-ap#dir
Directory of flash:/

    2  -rwx         146  Jul 24 2019 15:58:56 +00:00  capwap-saved-config
    3  -rwx       73801  Jul 25 2019 08:56:10 +00:00  event.log
   18  drwx         512   Mar 1 1993 00:04:12 +00:00  ap1g2-rcvk9w8-mx
    4  -rwx           0   Mar 1 1993 00:00:34 +00:00  config.txt
    5  drwx          64  Jul 25 2019 08:59:28 +00:00  update
   12  -rwx        7192  Jul 25 2019 08:59:56 +00:00  private-multiple-fs
   51  drwx           0   Mar 1 1993 00:01:28 +00:00  configs
   53  -rwx          64  Jul 24 2019 15:22:36 +00:00  sensord_CSPRNG0
   55  -rwx         236  Jul 25 2019 08:58:28 +00:00  env_vars

31808000 bytes total (19064320 bytes free)
b2-test-ap#show log
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: level debugging, 83 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging:  level debugging, 85 messages logged, xml disabled,
                    filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled
    Trap logging: level emergencies, 0 message lines logged
        Logging to 255.255.255.255  (udp port 514, audit disabled,
              link down),
              0 message lines logged,
              0 message lines rate-limited,
              0 message lines dropped-by-MD,
              xml disabled, sequence number disabled
              filtering disabled
        Logging Source-Interface:       VRF Name:

Log Buffer (1048576 bytes):

*Mar  1 00:00:14.511: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar  1 00:00:15.507: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (1-8)
*Mar  1 00:00:15.507: Registering HW DTLS

*Mar  1 00:00:17.807: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:19.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:22.639: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar  1 00:00:22.783: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JD16/S2.bin. Class = E
*Mar  1 00:00:22.783:  record size of 3ss: 1168 read_ptr: 35BA176

*Mar  1 00:00:29.075: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar  1 00:00:29.151: loading Power Tables from flash:/ap1g2-k9w8-mx.153-3.JD16/S5.bin. Class = E
*Mar  1 00:00:29.151:  record size of 3ss: 1168 read_ptr: 35BA176
APAVC Registering AVC licences on the AP to make sure we enable advanced PP
APAVC Protocol list already initialized.

*Mar  1 00:00:31.891: Start STILE Activation
APAVC: Succeeded to activate all the STILE protocols.
APAVC: Registering with CFT

*Mar  1 00:00:32.215: APAVC: CFT registration of delete callback succeeded
APAVC: Reattaching  Original Buffer pool for system use

*Mar  1 00:00:35.535: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Mar  1 00:00:35.535: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Mar  1 00:00:35.551: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.3(3)JD16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 05-Jun-18 00:54 by prod_rel_team
*Mar  1 00:00:35.551: %SNMP-5-COLDSTART: SNMP agent on host b2-test-ap is undergoing a cold start
*Mar  1 00:00:36.887: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Mar  1 00:00:36.891: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:37.523: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Mar  1 00:00:37.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:37.759: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:41.211: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar  1 00:00:53.315: Currently running a Release Image

*Mar  1 00:00:53.411: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:00:59.019: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.21.250.182, mask 255.255.255.128, hostname b2-test-ap

*Mar  1 00:01:02.483: AP image integrity check PASSED

*Mar  1 00:01:02.491: Non-recovery image. PNP Not required.

*Mar  1 00:01:02.579: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

*Mar  1 00:01:02.603: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:02.603: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resetcreating PnP template view

*Mar  1 00:01:12.627: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:01:12.635: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Mar  1 00:01:23.643: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.5 obtained through DHCP
*Mar  1 00:01:23.643: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.20 obtained through DHCP
*Mar  1 00:01:35.711: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 25 08:58:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 08:58:27.403: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 08:58:27.403: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 25 08:58:27.419: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 25 08:58:35.199: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 25 08:58:35.199: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 25 08:58:35.199: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Jul 25 08:58:46.247: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 08:58:47.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 08:58:47.527: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 08:58:48.527: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 25 08:59:15.423: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.21.250.133:5246
*Jul 25 08:59:15.423: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface is getting down
*Jul 25 08:59:15.423: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface is getting down
*Jul 25 08:59:15.451: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jul 25 08:59:15.451: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jul 25 08:59:16.311: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Jul 25 08:59:16.311: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Jul 25 08:59:16.335: capwap_image_proc: problem extracting tar file
*Jul 25 08:59:16.335: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 25 08:59:16.339: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 08:59:16.347: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 25 08:59:16.387: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 08:59:16.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 25 08:59:16.483: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jul 25 08:59:16.491: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 25 08:59:17.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 08:59:17.483: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 25 08:59:17.519: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 25 08:59:17.527: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jul 25 08:59:17.535: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 25 08:59:18.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 25 08:59:18.527: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 25 08:59:18.559: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 25 08:59:19.559: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 25 08:59:26.455: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 25 08:59:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 08:59:27.399: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 25 08:59:27.403: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 25 08:59:27.411: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
b2-test-ap#sh ver
Cisco IOS Software, C1600 Software (AP1G2-K9W8-M), Version 15.3(3)JD16, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 05-Jun-18 00:54 by prod_rel_team

ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)

b2-test-ap uptime is 6 minutes
System returned to ROM by power-on
System image file is "flash:/ap1g2-k9w8-mx.153-3.JD16/ap1g2-k9w8-xx.153-3.JD16"
Last reload reason:



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP1602E-E-K9 (PowerPC) processor (revision B0) with 187386K/74672K bytes of memory.
Processor board ID xxxxxxxxxxx
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.3.143.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:3A:7D:D4:73:1F
Part Number                          : 73-14508-04
PCB Serial Number                    : xxxxxxxxxxx
Top Assembly Part Number             : 800-38553-03
Top Assembly Serial Number           : xxxxxxxxxxx
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1602E-E-K9



Configuration register is 0xF

b2-test-ap#
VIP Mentor

Re: AP don't join to controller

Manually upload the CAPWAP IOS from a TFTP server to the AP.

 

Regards

Dont forget to rate helpful posts

Hall of Fame Community Legend

Re: AP don't join to controller

If I was to "trust" the above output, then do the following:
1. deb cap con cli
2. del /f /r flash:update
3. Reboot the AP.
VIP Mentor

Re: AP don't join to controller

did you upload the AP bundle image on WLC ?

Did you reboot the WLC after upgrade ?

 

Regards

Dont forget to rate helpful posts

Beginner

Re: AP don't join to controller

WLC was upgraded and rebooted a couple of weeks ago. (without ap bundle)

Now we would like to use 1602 APs on this WLC also so we uploaded AP bundle image (without reboot).

Yesterday we asks for a short maintenance window to made the reboot.

After the wcl reboot, AP joins successfully.

 

If I'm correct, if I need to made a wlc upgrade in non-HA environment where I should use AP bundle image, AP image pre-download isn't possible.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards