Symptom
A new, out-of-the-box 3600 series access point may be unable to join a WLC. The AP will be able to get an address from DHCP, but if you ping the AP from another subnet, every other packet will be dropped.
Cause
3600 series APs manufactured in the first quarter of CY 2013 have the 12.4(25e)JAL1 recovery image (rcvk9w8) factory installed. This software has a bug via which two default routes are installed in the AP's routing table: one to the default gateway, and the other to the interface. The latter route works only if proxy ARP is enabled on the gateway. As a result, without proxy ARP, every other IP packet transmitted by the AP is dropped.
Workarounds
Any one of the following workarounds should allow the AP to join its controller:
- Enable proxy ARP (in IOS, "ip proxy-arp" - this is enabled by default) on the APs' subnet's default gateway
- If console access is available on the AP, then disable IP routing - then it should be able to join, and download the new IOS image:
ap#debug capwap console cli
ap#configure terminal
ap(config)#no ip routing
(do not reboot, just wait a few minutes) - Replace the 12.4(25e)JAL1 recovery image with a different lightweight (rcvk9w8 or k9w8) IOS image
Fix
This bug is CSCue56163, which is fixed in the 12.4(25e)JAL1a recovery image, which is installed on newly manufactured 3600 series APs, as of March 20, 2013.
Affected Serial Number Range
This bug affects AIR-CAP3602 models in the following serial number range:
xxx1701zzzz through xxx1712zzzz