Introduction

This document discuss about how to resolve the issues on getting the 600 Series OfficeExtend Access Points (AIR-OEAP600) registered  to 5508 Wireless LAN Controller.

Unable to register Aironet 600 AP to 5508 WLC

First check if any data encryption licence installed. To find that from the WLC CLI, issue the following commands
Config paging disable
Show run-config

• Try to Join  OEAP 600  with the WLC on the local network and not via the internet.
• Make sure UDP ports 5246 and 5247 are open on firewall to allow CAPWAP data.

Show license all

Here is the output:
(Cisco Controller) >Show license all

License Store: Primary License Storage
StoreIndex:  0  Feature: base                              Version: 1.0
        License Type: Permanent
        License State: Active, Not in Use
        License Count: Non-Counted
        License Priority: Medium
License Store: Primary License Storage
StoreIndex:  1  Feature: base-ap-count                     Version: 1.0
        License Type: Permanent
        License State: Active, In Use
        License Count: 12 /10 (Active/In-use)
        License Priority: Medium
License Store: Evaluation License Storage
StoreIndex:  0  Feature: base-ap-count                     Version: 1.0
        License Type: Evaluation
        License State: Inactive
            Evaluation total period:  8 weeks  4 days
            Evaluation period left:  8 weeks  4 days
        License Count: 500 / 0 (Active/In-use)
        License Priority: None

Now to resolve this issue, DTLS license needs to be installed.  

Follow the steps below to Obtain a Data DTLS License:
Step 1 - Browse to http://cisco.com/go/license 

Step 2 - On the Product License Registration page, choose Licenses Not Requiring a PAK.
Step 3 - Choose Cisco Wireless Controllers DTLS License under Wireless.
Step 4 - Complete the remaining steps to generate the license file.  

The license will be provided online or via email.

If the issue persists after installing the DTLS license,  grab the message log 

from the OEAP AP and run the following debugs from the WLC CLI
Debug mac addr <Mac address of OEAP>
Debug capwap events enable
Debug capwap errors enable

The Debug output is as shown below:

*spamApTask5: May 07 17:03:56.167: %LWAPP-3-VALIDATE_ERR: spam_lrad.c:9649 Validation of
SPAM_VENDOR_SPECIFIC_PAYLOAD failed - AP  ec:c8:82:c3:f9:80
*spamApTask5: May 07 17:03:56.167: %LWAPP-3-RD_ERR8: spam_lrad.c:9795 Country code (CN)
not configured for AP ec:c8:82:c3:f9:80

It looks like the WLC isn't allowing it to connect since the country code isn't configured. To configure country code, go to Wireless -> Country and enable the country code for the OEAP AP.

OEAP AP unable to join WLC across WAN

Follow the steps below to resolve the issue:

•    Check the IP connectivity between WLC from AP, use ping to confirm..
•    Login to OEAP and collect the logs from logs section.
•    Run the following commands on WLC

           # debug capwap events enable

           # debug capwap errors enable

From WLC GUI navigate to Monitor > AP statistics > select the AP name.

This will show last successful or unsuccessful attempt of AP join.

From logs it was shown that AP is not able to join because of regulatory domain mismatch.

However this was not right as the country was set correctly and regulatory domain was right.

*spamApTask1: Oct 13 18:45:53.289: e0:5f:b9:de:f5:c0 Regulatory Domain Mismatch: AP e0:5f:b9:de:f5:c0 not allowed to join. Regulatory Domain check failed  - 

The resolution for this bug is to upgrade WLC code.  Once you upgrade the AP join issue on OEAP will be resolved.

This is documented in the Cisco internal Bug  

but fixed in 

Summary

If OEAP is unable to fully join the WLC try the following solution.

• Install the DTLS license.
• upgrade the WLC code

Related Information

• Aironet 600 Series OfficeExtend Access Point Configuration Guide
• Unable to join  600 Series AP to WLC