Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1273
Views
45
Helpful
11
Replies

AP1815m wont join WLC5520, but joins WLC5508 with same Firmware

Go to solution
d.novakovic
Level 1
Level 1

‎06-12-2020 11:46 AM - edited ‎07-05-2021 12:10 PM

Hi
migrated today many APs to some new WLC 5520 with 8.5.151.0.
All these APs did run on a 5508 with same firmware.

ONLY this model 1815m wont join.

No AP autorization list, no fw blocking ports, ap licenses ok, system time is OK per NTP.
Maybe the 5520 needs some "AP Software Bundle" to be installed?
But did not find it at Cisco download side (like i did before in prior releases..)

Ideas?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to d.novakovic

‎06-15-2020 07:38 AM

Remember, capwap traffic is UDP, depending on the firewall it doesn't log it.

View solution in original post

Go to solution
d.novakovic
Level 1
Level 1
In response to d.novakovic

‎06-16-2020 02:38 AM

Simple Reason (ARGGGAAAAHH!!!)  :-)

Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎06-12-2020 06:28 PM

On the new WLC, post the complete output to the following command: 

sh ap join stats detail <AP MAC ADDRESS>

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎06-13-2020 09:22 AM

So what you are saying is that the 1815m will join the 5508 but not the 5520? You might need to look at the output on the console and see what is happening.
-Scott
*** Please rate helpful posts ***

Go to solution
d.novakovic
Level 1
Level 1
In response to Scott Fella

‎06-13-2020 01:11 PM

Thanks for your reply!

Tested now with another 1815m from another location, and it JOINED perfectly the 5520.
Only 1815m from a some different location wont join.

So its not problem of the AP, WLC or Firmware, it must be something else i would say.

Investigating Monday what the heck. Maybe some FW i dont know blocking in the path?
Or MTU Issue..

The command i dont see any join entries for the MAC of that AP that wont join.

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to d.novakovic

‎06-15-2020 06:42 AM

Have you power cycled the affected AP? Maybe it's hanging.

Go to solution
Wes Schochet
Level 3
Level 3
In response to patoberli

‎06-15-2020 07:02 AM

The first thing that pops into my mind is a certificate problem. Had this issue a long time ago and as I recall, I had to add the AP's MAC under MAC filtering.

Go to solution
d.novakovic
Level 1
Level 1
In response to Wes Schochet

‎06-15-2020 07:11 AM

Hi ..


well, as written befor, from ANOTHER LOCATION a 1815m CAN join the WLC.

So no problem with AP Model, compatibility, licenses, ap-bundle, firmware - all OK.
And no AP autorization list etc, no NTP time issue.

So seems like Firewall problem blocking CAPWAP between that location and WLC.

But i checked all Firewalls and traffic is coming and passing Firewall, and also traffic from WLC comes back.
But the AP WILL NOT join from specific locations. 

I will contact TAC. Curious what it is this time!

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to d.novakovic

‎06-15-2020 07:38 AM

Remember, capwap traffic is UDP, depending on the firewall it doesn't log it.

Go to solution
d.novakovic
Level 1
Level 1
In response to patoberli

‎06-15-2020 07:46 AM

It goes through Firewall.

On the WLC i get some output:

(Cisco Controller) >debug capwap errors enable

(Cisco Controller) >d*spamApTask5: Jun 15 14:41:45.086: 7c:31:0e:8a:3e:40 ApMode l: AIR-AP1815M-E-K9

*spamApTask3: Jun 15 14:42:11.540: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9

e*spamApTask5: Jun 15 14:42:17.175: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 2) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:42:22.336: sshpmLscTask: LSC Task received a message 4

(Cisco Controller) debug>
(Cisco Controller) debug>*spamApTask5: Jun 15 14:43:39.138: 7c:31:0e:8a:3e:40 ApModel: AIR-AP1815M-E-K9

*spamApTask3: Jun 15 14:44:05.595: 2c:4f:52:1c:42:a0 ApModel: AIR-AP1815M-E-K9

*spamApTask5: Jun 15 14:44:16.429: 68:86:a7:7e:9b:d0 Received replay error(slot = 0, vapId = 1, count = 1) from AP 68:86:a7:7e:9b:d0
*sshpmLscTask: Jun 15 14:44:22.476: sshpmLscTask: LSC Task received a message 4

 

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to d.novakovic

‎06-15-2020 08:15 AM

Can you check if there are still free licenses on the wlc with:
show license summary

Go to solution
d.novakovic
Level 1
Level 1
In response to patoberli

‎06-15-2020 08:22 AM


Feature name: ap_count (adder)
License type: Permanent
License state: Active, In-use
RTU License Count: 250


247 APs connected, 3 AP Licenses left. So its OK.

Opened TAC Case. Curios!!!! :-)

0 Helpful

Go to solution
d.novakovic
Level 1
Level 1
In response to d.novakovic

‎06-16-2020 02:38 AM

Simple Reason (ARGGGAAAAHH!!!)  :-)

Not only the AP need to access WLC, but also WLC must initiate Traffic towards Access Points.
So Firewall Policies in the path blocked some traffic from WLC to Access Points.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card