03-27-2019 09:35 AM - edited 07-05-2021 10:08 AM
Hi all,
I have the problem that my APs wont join my WLC for some reason.
On the DHCP server I can tell that all 4 APs get an IP address and I also can ping them but dont see them on my WLC.
When I look at the WLC log I can see the following messages:
*fp_main_task: Mar 27 15:33:36.004: %SSHPM-4-AES_AP_ONLY: sshpmcert.c:4919 Cisco APs will not be able to join this controller
*fp_main_task: Mar 27 15:33:36.004: %LOG-6-Q_IND: sshpmcert.c:4561 Found Manufacturing-installed device certificates
*fp_main_task: Mar 27 15:33:36.001: %SSHPM-6-MANUF_CERT_INFO: sshpmcert.c:4561 Found Manufacturing-installed device certificates
Unfortunately, I couldnt find anything about the first message online.
I configured Option 43 on the DHCP server and used the MGMT IP of the WLC in hex.
Any ideas? The first log message is somehow suspucious!?
Thanks!
03-27-2019 12:23 PM
- Which software version is the controller running ?. Make sure it is compatible with the AP-type.
M.
03-27-2019 02:49 PM
Which software version are you running on the WLC.
The 1700 is only compatible with 8.0.x and above.
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
Do you have any other 1700 series APs on the WLC?
Is the time on the WLC correct?
Try adding the AP Ethernet mac address to the AP Policies and see how you go as well
Can you console the AP and provide the logs from it when it tries to join.
03-28-2019 05:30 AM
Hi all,
thanks for all your replies!
FW running on the WLC is 8.1.x, which should be compatible to the APs.
Time is correct on the WLC.
I can ping all the AP IPs from the WLC.
When I turn on debugging for CAPWAP I dont see any related packets on the WLC?
There is another backup WLC in my mobility group to which I cannot connect yet. Might this be the problem? It says "Control and Data Path Down" for the connection to the other WLC. But I would think that this has nothing to do with the APs not joing the controller, right!?
At the moment I dont have any access to the APs.
BR
03-28-2019 06:20 AM
03-28-2019 07:00 AM - edited 03-28-2019 08:53 AM
Hi Scott,
thanks for your reply!
Here the "cdp neig detail" output from the switch the APs are connected to:
Device ID: XXX-AP001
Entry address(es):
IP address: 172.29.x.x
IPv6 address: FE80::7A72:x:x:x:x (link-local)
Platform: cisco AIR-CAP1702I-E-K9, Capabilities: Trans-Bridge Source-Route-Bridge IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0
Holdtime : 158 sec
Version :
Cisco IOS Software, C1700 Software (AP3G2-K9W8-M), Version 15.3(3)JD14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Fri 23-Mar-18 09:21 by prod_rel_team
advertisement version: 2
Duplex: full
Power drawn: 15.400 Watts
Power request id: 51247, Power management id: 2
Power request levels are:15400 13000 0 0 0
Management address(es):
IP address: 172.29.x.x
From the switch the WLC is connected to:
Device ID: XXX
Interface address(es):
IPv4 Address: 172.29.X.X
IPv6 Address: fe80::ba38:x:x:x:x
Platform: AIR-CT2504-K9, Capabilities: Host
Interface: Ethernet1/18, Port ID (outgoing port): GigabitEthernet0/0/1
Holdtime: 160 sec
Version:
Manufacturer's Name: Cisco Systems Inc. Product Name: Cisco Controller Product Version: 8.1.131.0 RTOS Version: Erro Bootloader Version: 1.0.20 Build Type: DATA + WPS
Advertisement Version: 2
Duplex: full
The WLC is connected via a trunk and the APs are connected as access ports to VLAN 100. The trunk to the WLC is allowed to carry VLAN 100.
Unfortunately, I cannot connect them together directly.
Just as info for you, I also included now the string "Cisco AP c1700" as option 60 with my DHCP server.
According to the "setup guide" its necessary.
BR
03-28-2019 09:32 AM
03-29-2019 07:08 AM
Hi Scott,
thanks for your help.
I will do this and see what happens.
One last question, what FW version is getting pushed down to the APs from the WLC?
When I look at the WLCs flash there are only the active and backup FW versions.
But that are not the FW versions used for the APs, right? How can I tell the WLC which FW version to use for the APs?
Thanks!
03-29-2019 08:58 AM
03-27-2019 10:59 PM
paste the output of these commands:
From WLC: sh sysinfo
FRom AP: sh version
Also boot the AP and paste the complete bootup process here .
Reagards
Dont forget to rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide