Re: AP1131 can't connect to vWLAN Controller

John Bachman · ‎02-01-2019

Hello experts, I am setting up a new vWLAN Controller version 8.0.152.0 with AP1131AG access points.

The controller address is 172.16.10.5

the 2811 router is configured as

ip dhcp pool AP

network 172.16.10.0 255.255.255.0

default-gateway 172.16.10.1

option 43 hex f104.ac10.oa05

option 60 ascii "Cisco AP 1131"

dns-server 172.16.10.1

The error I get is: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

here is the boot log: Can you please assist ? thank you.

Username:
Username: Xmodem file system is available.
flashfs[0]: 26 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 5280256
flashfs[0]: Bytes available: 10718720
flashfs[0]: flashfs fsck took 28 seconds.
Base ethernet MAC Address: 00:24:97:6e:2d:74
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1130-k9w8-mx.124-25e.JAP12/c1130-k9w8-mx.124-25e.JAP12"...#########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################

File "flash:/c1130-k9w8-mx.124-25e.JAP12/c1130-k9w8-mx.124-25e.JAP12" uncompressed and installed, entry point: 0x3000
executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(25e)JAP12, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Fri 20-Oct-17 23:02 by prod_rel_team

Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...

flashfs[2]: 26 files, 8 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 15740928
flashfs[2]: Bytes used: 5280256
flashfs[2]: Bytes available: 10460672
flashfs[2]: flashfs fsck took 4 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.

Radio0 present A506 7100 E8000000 A0000000 80000000 3
Rate table has 12 entries (0 SGI/0 BF variants)

Radio1 present A506 6700 E8000100 A0040000 80010000 2
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

%Error opening flash:/c1130-rcvk9w8-mx/info (No such file or directory)cisco AIR-LAP1131AG-A-K9 (PowerPCElvis) processor (revision B0) with 27638K/5120K bytes of memory.
Processor board ID FTX1315T21N
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 8.0.141.32
1 FastEthernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:24:97:6E:2D:74
Part Number                          : 73-8962-14
PCA Assembly Number                  : 800-24818-13
PCA Revision Number                  : A0
PCB Serial Number                    : FOC13142Q02
Top Assembly Part Number             : 800-29230-02
Top Assembly Serial Number           : FTX1315T21N
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1131AG-A-K9
% Please define a domain-name first.

Press RETURN to get started!

*Mar 1 00:00:05.456: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:07.070: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:07.546: %LINK-6-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:08.734: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:00:08.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:08.834: %LWAPP-4-CLIENTEVENTLOG: Read and initialized AP event log (contains, 986 messages)

*Mar 1 00:00:11.116: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(25e)JAP12, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Fri 20-Oct-17 23:02 by prod_rel_team
*Mar 1 00:00:11.117: %SNMP-5-COLDSTART: SNMP agent on host AP0024.976e.2d74 is undergoing a cold start
*Mar 1 00:55:23.257: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar 1 00:55:23.257: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:55:23.257: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:55:23.493: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:55:23.493: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to resetlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar 1 00:55:24.257: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:55:24.257: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar 1 00:55:26.061: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:55:31.383: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.10.93, mask 255.255.255.0, hostname AP0024.976e.2d74

*Mar 1 00:55:41.877: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.10.1) [OK]

Translating "CISCO-LWAPP-CONTROLLER"...domain server (172.16.10.1) [OK]

*Mar 1 00:55:52.919: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.10.5 obtained through DHCP
*Mar 1 00:55:52.919: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:55:55.582: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:55:56.614: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:55:57.614: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:55:57.653: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:55:58.654: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Not in Bound state.

The AP recycles and assign itself a new dhcp address each time/cycle...

Haydn Andrews · ‎02-01-2019

Hi John

Not sure if your DHCP option 43 actual is: f104.ac10.oa05 but remove the dots out of it should be one full string "f104ac100a05 for the controller of 172.16.10.5

Now the DHCP option 60, unless your trying to get one AP model to go to one controller and another model another controller just remove it. The DHCP option 43 will take care of it. I also can not find a VCI for the 1131 so it probably actually is 1130

Good refernce here: https://www.cisco.com/c/en/us/td/docs/wireless/access_point/1550/installation/guide/1550hig/1550_axf.html#23993

If doing that doesnt fix the issue can you post output from

debug lwapp events enable

from the controller so we can look to see if the join request is making it to the controller.

A good guide to troubleshooting AP join issues is here:

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

John Bachman · ‎02-01-2019

Thank you for your reply

For the option 43, the dots between the hex values are added by the router. They show up only when you show run.

When you add the command you don't put the dots.

And we can see that the correct address is obtained : Controller address 172.16.10.5 obtained through DHCP

I will remove option 60, I also believe we don't need it.

For the lwapp debug command. the systems replays that it's been replaced by debug catwap

debug catwap events enable

When I run this command on the controller, I have no events showing as the AP boots...

Leo Laohoo · ‎02-01-2019

I agree with Haydn and the DHCP Option 43 string is incorrect. "ac10oa05" actually means "0.0.172.16".

John Bachman · ‎02-01-2019

Thank you Leo, I'm not sure what you mean by incorrect.?

I see ac10oa05

ac = 172

10 = 16

0a=10

05=5

for 172.16.10.5, exactly what the AP is reporting in the logs: Controller address 172.16.10.5 obtained through DHCP

Why is de debug command not showing any events when the AP is connecting ???

Daniel Ordóñez Flores · ‎02-01-2019

Hi @John Bachman

If you copy and paste your option 43 command, you're wrong

option 43 hex f104.ac10.oa05

It looks like a letter o

It must be f1040.ac10.0a05

Can you see the difference?

**Please rate the answer if this information was useful***

**Por favor si la información fue util marca esta respuesta como correcta**

*Tu reconocimiento nos alienta a seguir participando en los foros *

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**

John Bachman · ‎02-02-2019

Thank you Daniel, yes it's a typo on this web page, the actual config is correct, and the AP confirms it sees the correct address Controller address 172.16.10.5 obtained through DHCP

Leo Laohoo · ‎02-02-2019

If that is the case, the post the complete vWLC output to the following commands:
1. sh sysinfo; and
2. sh time

Haydn Andrews · ‎02-01-2019

Got to ask, is that the full output before the AP starts again?

Do you have any other APs associated to the controller?

Can from the router you ping the vWLC?

That being said, the AP is on the same subnet as the vWLC you shouldn't need DHCP option 43 or 60 at all to discover the WLC. The AP should be able to discover the controller via the broadcast method.

You could also try manually adding the WLC details to the AP and see if that works:

AP# capwap ap primary-base <WLC Name> <WLC IP>

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

John Bachman · ‎02-02-2019

Thank you.

Yes, this is the full output. And when running the debug capwap on the controller, no events are showing, that's odd...

Np other AP associated. This is a LAB and it's the first time I'm triyng to add an AP on the WLAN. These 3 AP1131 came as Autonomous, I'm just done converting the first one to Lightweight AP.

The Router pings the vWLAN management port, at 172.16.10.5, the service port is at 10.100.10.151

The APs are meant to be in VLAN 20, I just put them in VLAN 10 as a test to illiminate a potential VLAN trunking issue.

Leo Laohoo · ‎02-02-2019

@John Bachman wrote:

Yes, this is the full output.

I still want to see the full output from the vWLC.

Reading back at the thread, I can see logs from the AP and the time and date is at 01 March. This is a strong indication that the vWLC doesn't have the correct time and date or NTP configured. If this is the case, what else is not configured correctly, hence, we want to see the output to the commands requested.

John Bachman · ‎02-02-2019

ok Leo, I will get the the 2 commands.

1. sh sysinfo; and
2. sh time

Do you want to see the boot messages from the virtual WLC as it comes up ? or the configuration I did with the Wizard Configutation tool ? (the autoinstall)

The time is not set. I do not have a NTP server yet available in the LAB, I once set the time manuallly on the WLANC...

I understand it could be important for the certificate. I will post all this for you, thank you.

John Bachman · ‎02-02-2019

Time and date are good in the 2811 router, the AP and the vWLAN Controller (set manually)

Show time gives correct time on all 3 devices

This is the message I get from the AP

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (172.16.10.1) [OK]

Translating "CISCO-LWAPP-CONTROLLER"...domain server (172.16.10.1) [OK]

*Feb  2 14:50:52.944: %CAPWAP-5-DHCP_OPTION_43: Controller address 172.16.10.5 obtained through DHCP
*Feb  2 14:50:52.944: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Feb  2 14:56:39.533: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
Not in Bound state.
*Feb  2 14:56:49.467: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Feb  2 14:56:473: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination.
*Feb  2 14:56:54.594: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.16.10.40, mask 255.255.255.0, hostname AP0024.976e.2d74

Then the AP keeps requesting a new IP address from DHCP!

Something the 2811 router is not sending with DHCP ?

How come there is no events showing on the vWLAN console?

Leo, not sure how to post the full output from the vWLC. Any command or file a can look at ?

I took pictures as the logs were scrolling, but there must be a better way...

Leo Laohoo · ‎02-02-2019

Copy and past the output (from the vWLC) into a Notepad and then attach to your response.

Can we see the output to the command "sh time" and "sh license"?

John Bachman · ‎02-03-2019

Thank you, here is the link to look at the booting sequence:

https://1drv.ms/f/s!AiF7zdow1fIdgtAHqc8KKzCQwYxmiw

Sorry, I just realized I could SSH into the controller...

(Cisco Controller) show>license all

License Store: Evaluation License Storage
StoreIndex: 0 Feature: base-ap-count                     Version: 1.0
        License Type: Evaluation
        License State: Active, Not in Use, EULA not accepted
            Evaluation total period: 8 weeks 4 days
            Evaluation period left: 8 weeks 4 days
        License Count: 200 / 0 (Active/In-use)
        License Priority: None

(Cisco Controller) show>time

Time............................................. Sun Feb 3 10:58:06 2019

Timezone delta................................... 0:0
Timezone location................................

NTP Servers
NTP Polling Interval......................... 86400

Index NTP Key Index NTP Server NTP Ms g Auth Status
------- ------------------------------------------------------------------- ---------------

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.0.152.0
RTOS Version..................................... 8.0.152.0
Bootloader Version............................... 8.3.15.96
Emergency Image Version.......................... 8.0.152.0

Build Type....................................... DATA + WPS

System Name...................................... Cisco_1e:ca:ad
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 172.16.10.5
IPv6 Address..................................... ::
System Up Time................................... 0 days 0 hrs 18 mins 56 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... US - United States

--More-- or (q)uit

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:1E:CA:AD
Maximum number of APs supported.................. 200
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1

(Cisco Controller) >