Core Issue
The MAC address of the bridge is not added to the MAC filter list. When this issue occurs the date time [ERROR] spam_lrad.c 4451: LWAPP Join-Request AUTH_STRING_PAYLOAD, invalid BRIDGE key hash AP 00:00:00:00:00:00 error message appears.
Resolution
Add the MAC address of the bridge to the MAC filter list. In order to do this, choose Security > Mac Filter. With the invalid BRIDGE key hash error, set the bridge shared secret back to the default through the GUI, or use the config network bridged-shared-secret command in order to clear this error in addition to the config network allow-old-bridge-aps disable command line interface (CLI) command. None of these commands affect the other access points (APs) in the network, if present. Also, if no bridge key is entered, or is the bridge MAC addresses in either the MAC filter or AP authorization list, this configuration does not work.
Add the Access Point MAC Addresses to the Controller Filter List
Refer to the Adding Access Point MAC Addresses to the Controller Filter List section of Cisco Aironet 1500 Series Lightweight Outdoor Mesh Access Point Mounting Instructions for information on the configuration of the AP MAC addresses in the controller list.
Controller MAC Filter List
Before the APs are activated, ensure that the access point MAC address is added to the controller MAC filter list. In order to view the MAC addresses that are added to the controller MAC filter list, use the controller CLI or the controller GUI:
Refer to Wireless LAN Controller Mesh Network Configuration Example for more information on Mesh AP Deployment. Issue the config network bridging-shared-secret command in order to add the shared secret key:
(Cisco Controller) >config network bridging-shared-secret Cisco
Problem Type
Client / Device cannot authenticate
Error message
Products
Access point
Wireless LAN Controllers
Mesh Access Point 1500
Security Options
Authentication
SW Features
Lightwieght Access Point Protocol (LWAPP)