06-12-2020 11:46 AM - edited 07-05-2021 12:10 PM
Hi
migrated today many APs to some new WLC 5520 with 8.5.151.0.
All these APs did run on a 5508 with same firmware.
ONLY this model 1815m wont join.
No AP autorization list, no fw blocking ports, ap licenses ok, system time is OK per NTP.
Maybe the 5520 needs some "AP Software Bundle" to be installed?
But did not find it at Cisco download side (like i did before in prior releases..)
Ideas?
Solved! Go to Solution.
06-15-2020 07:38 AM
06-16-2020 02:38 AM
Simple Reason (ARGGGAAAAHH!!!) :-)
Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.
06-12-2020 06:28 PM
On the new WLC, post the complete output to the following command:
sh ap join stats detail <AP MAC ADDRESS>
06-13-2020 09:22 AM
06-13-2020 01:11 PM
Thanks for your reply!
Tested now with another 1815m from another location, and it JOINED perfectly the 5520.
Only 1815m from a some different location wont join.
So its not problem of the AP, WLC or Firmware, it must be something else i would say.
Investigating Monday what the heck. Maybe some FW i dont know blocking in the path?
Or MTU Issue..
The command i dont see any join entries for the MAC of that AP that wont join.
06-15-2020 06:42 AM
06-15-2020 07:02 AM
06-15-2020 07:11 AM
Hi ..
well, as written befor, from ANOTHER LOCATION a 1815m CAN join the WLC.
So no problem with AP Model, compatibility, licenses, ap-bundle, firmware - all OK.
And no AP autorization list etc, no NTP time issue.
So seems like Firewall problem blocking CAPWAP between that location and WLC.
But i checked all Firewalls and traffic is coming and passing Firewall, and also traffic from WLC comes back.
But the AP WILL NOT join from specific locations.
I will contact TAC. Curious what it is this time!
06-15-2020 07:38 AM
06-15-2020 07:46 AM
It goes through Firewall.
On the WLC i get some output:
(Cisco Controller) >debug capwap errors enable
(Cisco Controller) >d*spamApTask5: Jun 15 14:41:45.086: 7c:31:0e:8a:3e:40 ApMode l: AIR-AP1815M-E-K9
*spamApTask3: Jun 15 14:42:11.540: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9
e*spamApTask5: Jun 15 14:42:17.175: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 2) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:42:22.336: sshpmLscTask: LSC Task received a message 4
(Cisco Controller) debug>
(Cisco Controller) debug>*spamApTask5: Jun 15 14:43:39.138: 7c:31:0e:8a:3e:40 ApModel: AIR-AP1815M-E-K9
*spamApTask3: Jun 15 14:44:05.595: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9
*spamApTask5: Jun 15 14:44:16.429: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 1) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:44:22.476: sshpmLscTask: LSC Task received a message 4
06-15-2020 08:15 AM
06-15-2020 08:22 AM
Feature name: ap_count (adder)
License type: Permanent
License state: Active, In-use
RTU License Count: 250
247 APs connected, 3 AP Licenses left. So its OK.
Opened TAC Case. Curios!!!! :-)
06-16-2020 02:38 AM
Simple Reason (ARGGGAAAAHH!!!) :-)
Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: