05-25-2022 01:04 AM
Hi, I have a 2106 wireless lan controller and two 1142N-N-K9 LAPs. I am building a lab and am trying to get the APs to form a CAPWAP tunnel with the controller, however, this is not succeeding. So far the APs receive IP addresses from the pool configured on my switch and send a CAPWAP discovery request and receive a discovery response from the WLC. But then they don't do through with the joining process. When looking on the WLC GUI under the Monitor > Statistics > AP Join the APs show up here, but with status: 'Not Joined'. When looking under Wireless > Access Points > All APs they aren't shown.
I am thinking there might be a country code mismatch. I live in Australia and have set the WLC country code as AU. But I'm unable to determine the APs country code as I cannot reach the APs console CLI interface. Maybe I can't console into the APs because they are lightweight?
- The WLC is running version 7.0.251.2
- I don't know what version the APs are running because I can't reach their console.
Any feedback would be really appreciated! Thanks.
Solved! Go to Solution.
05-25-2022 01:37 AM
- Most likely these old ap's have expired certificates : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html , countermeasures for that are available but not for your current version on the WLC , which is too old for that too.
M.
05-25-2022 01:35 AM
Hi
The regulatory domain is indicated on the AP - 1142N-N-K9 LAPs. The N represents the regulatory domain. N is South America.
For APAC, it should be Z. However, as you are just building a Lab, you can enable the South America on the WLC.
Make sure also the licesing is active and data/time is correct.
For version looks ok as the AP support from version 5 up to 8 and the wlc up to 7.
05-25-2022 01:37 AM
- Most likely these old ap's have expired certificates : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html , countermeasures for that are available but not for your current version on the WLC , which is too old for that too.
M.
05-25-2022 05:27 AM
Hey, thanks for the quick reply! This seems to be the case. I have set a ton of country codes as Flavio Miranda suggested - didn't work. Looking at debugs from the WLC, there seems to be a problem with DTLS which is linked to the certificate problem I suppose?
And I can't enter these commands because of my old version:
For 7.0.252.0:
(WLC)>config ap lifetime-check {mic|ssc} enable
For 7.4.140.0 and later:
(WLC)>config ap cert-expiry-ignore {mic|ssc} enable
Guess there's nothing I can do then? Does anyone have any files they could give me for the 7.0.252.0 and upward versions? Can't download it from cisco anymore!
Thanks so much for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide