Solved: Re: Cisco AP 1852E-B-K9

mirco@olli.com · ‎06-22-2019

Hi all,

I've just bought a Cisco AP Aironet 1852. I'm trying to configure it but I can't in any way:

- Cable console seems not working (using putty, used a lot of times before. The cable is not the Cisco official cable, but it's a RS232 to RJ45 cable connected to a RS232 to USB adapter, properly installed)

- I don't understand if it is CAPWAP or Mobility Express Mode, the supplier doesn't know it

- When I plug the cable in it starts with a green still light, but in 1 minute it starts blinking green-red-amber (the manual says that it's trying to connect to the WLC, that I have)

- If I try to connect it directly to one of the WLC ports, I can see it in 'Direct APs' but not in 'All APs'. The sonicwall gives it a DHCP IP but it doesn't work and continues blinking green-red-amber

- If I connect it to my network, my sonicwall gives it a DHCP IP, that I can ping, but I can't reach it in https

Any suggestions??

Thank you

patoberli · ‎06-26-2019

What kind of controller are you using?
Do you have accepted the license agreement?
Do you have select the correct country for your APs?
Did you enable at least two licenses on the controller (if using a model with RTU)?

View solution in original post

Jonas Kalldert · ‎06-22-2019

Hi,

If it is 1852E-B-K9 then it is most likely in capwap mode. TO have cisco ship it in ME mode then it should be named 1852E-B-K9C.

Here is how to verify what image type is running and how to change mode:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-5/b_cisco_mobility_express_8_5/b_cisco_mobility_express_8_5_chapter_01.html

Regarding the console cable. Test another one, preferably a cisco to make sure its not a faulty cable.

The Vlan configured on the switch you connect the AP to does it have option 43 configured to point to the WLC or do you have the DNS record cisco-capwap-controller in your DNS? It sounds like the AP cant find the WLC. But we need a working console cable to verify that.

regards,
Jonas
**Don't forget to rate helpful posts**

mirco@olli.com · ‎06-22-2019

Thank you for your reply.
I will wait for the new cable that I’ve just bought.
I read something about the DHCP option 43 enabled, but being my dhcp
releaser a sonicwall router and usually setting a static ip for APs I
thought it was not necessary.
I’ll read better about dhcp option 43. Is it also for all devices that
connect to the AP?

mirco@olli.com · ‎06-25-2019

I set up on the sonicwall the dhcp option 43. Anyway it doesn't work.
I bought a new cable from Cisco, checked that are both CAPWAP and now I'm
trying to install a Cisco AP 1600 series with a 15.3 firmware and a Cisco
AP 1852 with a 8.3 fw
They found themselves the controller (broadcasting 255.255.255.255 they
find the 192.168.155.10) but then they show this errors and I can't see
them on the controller(8.5 fw).

This is what shows the console on the 1852:
[*06/25/2019 22:16:30.0299] CAPWAP State: Join
[*06/25/2019 22:16:30.0299] Sending Join request to 192.168.155.10 through
port 5264
[*06/25/2019 22:16:41.2565] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9)
in CAPWAP state: Join(5).
[*06/25/2019 22:16:41.2865] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9)
in CAPWAP state: Join(5).
[*06/25/2019 22:17:27.0322]
[*06/25/2019 22:17:27.0322] CAPWAP State: DTLS Teardown
[*06/25/2019 22:17:27.0322] Dropping dtls packet since session is not
established. Peer 192.168.155.10-5246, Local 192.168.155.20-5264, conn (nil)
[*06/25/2019 22:17:31.7807]
[*06/25/2019 22:17:31.7807] CAPWAP State: Discovery
[*06/25/2019 22:17:31.7807] Discovery Request sent to 255.255.255.255,
discovery type UNKNOWN(0)
[*06/25/2019 22:17:31.7807] Discovery Response from 192.168.155.10
[*06/25/2019 22:17:41.0000]
[*06/25/2019 22:17:41.0000] CAPWAP State: DTLS Setup
[*06/25/2019 22:17:41.0199] dtls_load_ca_certs: LSC Root Certificate not
present
[*06/25/2019 22:17:41.0199]

And this is what the 1602 shows:
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Jun 25 22:28:25.755: %DTLS-5-ALERT: Received WARNING : Close notify alert
from 192.168.155.10
*Jun 25 22:28:25.755: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert
to 192.168.155.10:5246
*Jun 25 22:29:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent
peer_ip: 192.168.155.10 peer_port: 5246
*Jun 25 22:29:55.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created
sucessfully peer_ip: 192.168.155.10 peer_port: 5246
*Jun 25 22:29:55.315: %CAPWAP-5-SENDJOIN: sending Join Request to
192.168.155.10
*Jun 25 22:30:00.315: %CAPWAP-5-SENDJOIN: sending Join Request to
192.168.155.10
*Jun 25 22:30:54.635: %DTLS-5-ALERT: Received WARNING : Close notify alert
from 192.168.155.10
*Jun 25 22:30:54.635: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert
to 192.168.155.10:5246
*Jun 25 22:30:54.707: AP has SHA2 MIC certificate - Using SHA2 MIC
certificate for DTLS.

And then they cycle again all this.
I tried with clock settings, setting a static IP on the APs, but with no
results.
We have no licenses for now, but the controller says that we have 12 weeks
for evaluation.
[image: image.png]

Do you have any suggestions?

Thank you

patoberli · ‎06-26-2019

What kind of controller are you using?
Do you have accepted the license agreement?
Do you have select the correct country for your APs?
Did you enable at least two licenses on the controller (if using a model with RTU)?

mirco@olli.com · ‎06-26-2019

I got it. Thank you.
It was just that I had to accept the terms for licenses.
Thank you so much for your help.