Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
5
Helpful
3
Replies

1142 APs not joining with 2106 WLC

Go to solution
oatmeel
Level 1
Level 1

‎05-25-2022 01:04 AM

Hi, I have a 2106 wireless lan controller and two 1142N-N-K9 LAPs. I am building a lab and am trying to get the APs to form a CAPWAP tunnel with the controller, however, this is not succeeding. So far the APs receive IP addresses from the pool configured on my switch and send a CAPWAP discovery request and receive a discovery response from the WLC. But then they don't do through with the joining process. When looking on the WLC GUI under the Monitor  > Statistics > AP Join the APs show up here, but with status: 'Not Joined'. When looking under Wireless > Access Points > All APs they aren't shown. 

 

I am thinking there might be a country code mismatch. I live in Australia and have set the WLC country code as AU. But I'm unable to determine the APs country code as I cannot reach the APs console CLI interface. Maybe I can't console into the APs because they are lightweight?

 

- The WLC is running version 7.0.251.2

- I don't know what version the APs are running because I can't reach their console. 

 

Any feedback would be really appreciated! Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎05-25-2022 01:37 AM

 

 - Most likely these old ap's have expired certificateshttps://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html , countermeasures for that are available but not for your current version on the WLC , which is too old for that too.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

3 Replies 3

Go to solution
Flavio Miranda
VIP
VIP

‎05-25-2022 01:35 AM

Hi

 The regulatory domain is indicated on the AP - 1142N-N-K9 LAPs. The N represents the regulatory domain. N is South America. 

 For APAC, it should be Z. However, as you are just building a Lab, you can enable the South America on the WLC. 

 Make sure also the licesing is active and data/time is correct. 

 For version looks ok as the AP support from version 5 up to 8 and the wlc up to 7.

 

0 Helpful

Go to solution
marce1000
VIP
VIP

‎05-25-2022 01:37 AM

 

 - Most likely these old ap's have expired certificateshttps://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html , countermeasures for that are available but not for your current version on the WLC , which is too old for that too.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
oatmeel
Level 1
Level 1
In response to marce1000

‎05-25-2022 05:27 AM

Hey, thanks for the quick reply! This seems to be the case. I have set a ton of country codes as Flavio Miranda suggested - didn't work. Looking at debugs from the WLC, there seems to be a problem with DTLS which is linked to the certificate problem I suppose?

And I can't enter these commands because of my old version:

 

For 7.0.252.0:
(WLC)>config ap lifetime-check {mic|ssc} enable

For 7.4.140.0 and later:
(WLC)>config ap cert-expiry-ignore {mic|ssc} enable

 

Guess there's nothing I can do then? Does anyone have any files they could give me for the 7.0.252.0 and upward versions? Can't download it from cisco anymore!

 

Thanks so much for your help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card