Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1123
Views
0
Helpful
4
Replies

Test 9800-CL Wireless Controller setup and configuration as a third controller

Group IT
Level 1
Level 1

‎10-23-2019 06:08 AM - edited ‎07-05-2021 11:11 AM

Hi All,

 

I thought I was getting to grips with the wireless world but I am finding that I am a little out of my depth setting up a test Cisco Catalyst 9800-CL Wireless Controller.

 

This will be my third controller, this one I am testing in a VMWare ESXi environment which sits on my live network.

So I have controller one at our HQ "CISCO-CAPWAP-CONTROLLER" is on 10.11.0.230, controller two is in a datacentre "CISCO-CAPWAP-CONTROLLER" and is on 10.11.202.230. I have introduced controller three which is the test 9800-CL Wireless Controller at our HQ also "CISCO-CAPWAP-CONTROLLER" and is on IP 10.11.0.199.

 

I have a test C9120AXI-E which is plugged into a trunked port. Quite rightly so, the older controllers are rejecting it, but it never seems to attempt to connect to the 9800-CL. It seems to just repeat the following process:

 

 CAPWAP State: Discovery
[*10/23/2019 14:04:17.6470] IP DNS query for CISCO-CAPWAP-CONTROLLER.mydomain.local
[*10/23/2019 14:04:17.6500] DNS resolved CISCO-CAPWAP-CONTROLLER.mydomain.local
[*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.0.199
[*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.0.230
[*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.202.230
[*10/23/2019 14:04:17.6510] Discovery Request sent to 10.11.0.199, discovery type DNS(3)
[*10/23/2019 14:04:17.6520] Discovery Request sent to 10.11.202.230, discovery type DNS(3)
[*10/23/2019 14:04:17.6530] Discovery Request sent to 10.11.0.230, discovery type DNS(3)
[*10/23/2019 14:04:17.6540] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*10/23/2019 14:04:17.6560] Discovery Response from 10.11.0.230
[*10/23/2019 14:04:17.6610] Discovery response from MWAR 'wlc-h003214' running version 8.5.151.0 is rejected.
[*10/23/2019 14:04:17.6610] Failed to decode discovery response(status = 4).
[*10/23/2019 14:04:17.6610] CAPWAP SM handler: Failed to process message type 2 state 2.
[*10/23/2019 14:04:17.6610] Failed to handle capwap control message from controller - status 4
[*10/23/2019 14:04:17.6610] Failed to process unencrypted capwap packet 0x55a0066000 from 10.11.0.230
[*10/23/2019 14:04:17.6610] Failed to send message to CAPWAP state machine, msgId 0
[*10/23/2019 14:04:17.6610] Failed to send capwap message 0 to the state machine. Packet already freed.
[*10/23/2019 14:04:17.6610] IPv4 wtpProcessPacketFromSocket returned 4
[*10/23/2019 14:04:17.6620] Discovery Response from 10.11.202.230
[*10/23/2019 14:04:17.6650] Discovery response from MWAR 'wlc-h000453' running version 8.5.151.0 is rejected.
[*10/23/2019 14:04:17.6650] Failed to decode discovery response(status = 4).
[*10/23/2019 14:04:17.6650] CAPWAP SM handler: Failed to process message type 2 state 2.
[*10/23/2019 14:04:17.6650] Failed to handle capwap control message from controller - status 4
[*10/23/2019 14:04:17.6650] Failed to process unencrypted capwap packet 0x55a0064000 from 10.11.202.230
[*10/23/2019 14:04:17.6650] Failed to send message to CAPWAP state machine, msgId 0
[*10/23/2019 14:04:17.6650] Failed to send capwap message 0 to the state machine. Packet already freed.
[*10/23/2019 14:04:17.6650] IPv4 wtpProcessPacketFromSocket returned 4

So from what I can see, DNS is configured correctly so that the AP can see all of the available controllers but I doesn't seem to be requesting to join the 9800-CL.

Can anyone advise what step I have missed or where I can check whats going wrong?

 

Thanks in advance.

 

 

0 Helpful
4 Replies 4

MrDude
Level 1
Level 1

‎10-24-2019 01:17 AM

Hi,

Can you check the wireless management trustpoint?

show wireless management trustpoint

It should look something like:
Trustpoint Name : CISCO_IDEVID_SUDI
Certificate Info : Available
Certificate Type : MIC
Private key Info : Available
FIPS suitability : Not Applicable

If this isn't the case you can generate it with: wireless config vwlc-ssc key-size 2048 signature-algo sha256 password ThisisaPassword01
0 Helpful

Group IT
Level 1
Level 1
In response to MrDude

‎10-24-2019 03:41 AM

Hi Mr Dude,

Thanks for the suggestion. I ran the command as you suggested and indeed I do not have any Trustpoint listed. However, I can't seem to get the controller into config mode. Config t. conf t. doesn't seem to work and enable isn't accepted either. I tried to run it and got the following:

v000002>wireless config vwlc-ssc key-size 2048 signature-algo sha256 password superpassword
^
% Invalid input detected at '^' marker.

Am I doing something really silly?

Thanks.
0 Helpful

MrDude
Level 1
Level 1
In response to Group IT

‎10-25-2019 05:00 AM - edited ‎10-25-2019 05:01 AM

Hi, it looks like you need to go in to enable mode first. You shouldn't have to go in to configuration terminal to run the command. 

0 Helpful

Group IT
Level 1
Level 1
In response to MrDude

‎12-03-2019 02:15 AM

Hey sorry! I have only just got back round to taking a look at this.

 

I think the problem was the the command to generate certificate had not specified an encryption level but still after it does not report any trustpoint.

 

wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 7 ThisisaPassword0

wlc>show wireless management trustpoint
Trustpoint Name :
Certificate Info : Not Available
Private key Info : Not Available
FIPS suitability : Not Applicable
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card