cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
45
Helpful
11
Replies
Highlighted
Beginner

AP1815m wont join WLC5520, but joins WLC5508 with same Firmware

Hi
migrated today many APs to some new WLC 5520 with 8.5.151.0.
All these APs did run on a 5508 with same firmware.

ONLY this model 1815m wont join.

No AP autorization list, no fw blocking ports, ap licenses ok, system time is OK per NTP.
Maybe the 5520 needs some "AP Software Bundle" to be installed?
But did not find it at Cisco download side (like i did before in prior releases..)

Ideas?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Remember, capwap traffic is UDP, depending on the firewall it doesn't log it.

View solution in original post

Highlighted

Simple Reason (ARGGGAAAAHH!!!)  :-)

Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.

View solution in original post

11 REPLIES 11
Highlighted
Hall of Fame Community Legend

On the new WLC, post the complete output to the following command: 

sh ap join stats detail <AP MAC ADDRESS>
Highlighted
Hall of Fame Master

So what you are saying is that the 1815m will join the 5508 but not the 5520? You might need to look at the output on the console and see what is happening.
-Scott
*** Please rate helpful posts ***
Highlighted

Thanks for your reply!

Tested now with another 1815m from another location, and it JOINED perfectly the 5520.
Only 1815m from a some different location wont join.

So its not problem of the AP, WLC or Firmware, it must be something else i would say.

Investigating Monday what the heck. Maybe some FW i dont know blocking in the path?
Or MTU Issue..

The command i dont see any join entries for the MAC of that AP that wont join.

Highlighted

Have you power cycled the affected AP? Maybe it's hanging.
Highlighted

The first thing that pops into my mind is a certificate problem. Had this issue a long time ago and as I recall, I had to add the AP's MAC under MAC filtering.
Highlighted

Hi ..


well, as written befor, from ANOTHER LOCATION a 1815m CAN join the WLC.

So no problem with AP Model, compatibility, licenses, ap-bundle, firmware - all OK.
And no AP autorization list etc, no NTP time issue.

So seems like Firewall problem blocking CAPWAP between that location and WLC.

But i checked all Firewalls and traffic is coming and passing Firewall, and also traffic from WLC comes back.
But the AP WILL NOT join from specific locations. 

I will contact TAC. Curious what it is this time!

Highlighted

Remember, capwap traffic is UDP, depending on the firewall it doesn't log it.

View solution in original post

Highlighted

It goes through Firewall.

On the WLC i get some output:

(Cisco Controller) >debug capwap errors enable

(Cisco Controller) >d*spamApTask5: Jun 15 14:41:45.086: 7c:31:0e:8a:3e:40 ApMode l: AIR-AP1815M-E-K9

*spamApTask3: Jun 15 14:42:11.540: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9

e*spamApTask5: Jun 15 14:42:17.175: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 2) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:42:22.336: sshpmLscTask: LSC Task received a message 4

(Cisco Controller) debug>
(Cisco Controller) debug>*spamApTask5: Jun 15 14:43:39.138: 7c:31:0e:8a:3e:40 ApModel: AIR-AP1815M-E-K9

*spamApTask3: Jun 15 14:44:05.595: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9

*spamApTask5: Jun 15 14:44:16.429: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 1) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:44:22.476: sshpmLscTask: LSC Task received a message 4

 

Highlighted

Can you check if there are still free licenses on the wlc with:
show license summary
Highlighted


Feature name: ap_count (adder)
License type: Permanent
License state: Active, In-use
RTU License Count: 250


247 APs connected, 3 AP Licenses left. So its OK.

Opened TAC Case. Curios!!!! :-)

Highlighted

Simple Reason (ARGGGAAAAHH!!!)  :-)

Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.

View solution in original post