Solved: 2602AP's Won't Register with 5508 Controller

dgood1234 · ‎12-13-2012

Hello everyone -

We have a 5508 controller that manages AP's at approximately 20 branches - each branch has their own subnet. We have a single branch (subnet) with new 2602 AP's that will not register with the controller. All communications to this subnet appear normal and there are no ACL's in place between the AP's and the controller. The AP's are able to resolve the controller IP address via DNS and begin the registration process but then timeout. We have successfully installed 2602 AP's at other branch locations and they register with no problems - this is only a problem at a single branch. I've attached some debug messages below for a single AP (this is a production environment so I parsed un-necessary info) and also included the console messages from a different AP (the console messages on the AP's are the same). There are currently 9 AP's at this location and none of them will register. Any ideas??

Debug Capwap Events:

*spamApTask0: Dec 11 14:39:32.904: 44:2b:03:9a:d1:10 Discovery Request from 10.29.9.190:44306

*spamApTask0: Dec 11 14:39:32.904: 44:2b:03:9a:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 300, joined Aps =272

*spamApTask0: Dec 11 14:39:32.904: 44:2b:03:9a:d1:10 Discovery Response sent to 10.29.9.190:44306

*spamApTask0: Dec 11 14:39:32.992: 44:2b:03:9a:d1:10 Received LWAPP DISCOVERY REQUEST to 68:ef:bd:8e:48:6f on port '13'

*spamApTask0: Dec 11 14:39:32.992: 44:2b:03:9a:d1:10 Discarding discovery request in LWAPP from AP supporting CAPWAP

*spamApTask0: Dec 11 14:39:42.903: 44:2b:03:9a:d1:10 DTLS connection not found, creating new connection for 10:29:9:190 (44306) 10:5:13:4 (5246)

*spamApTask0: Dec 11 14:57:52.301: e8:ba:70:dc:d1:c0 DTLS connection closed event receivedserver (10:5:13:4/5246) client (10:29:9:190/44306)

*spamApTask0: Dec 11 14:57:52.301: e8:ba:70:dc:d1:c0 No entry exists for AP (10:29:9:190/44306)

*spamApTask0: Dec 11 14:57:52.301: e8:ba:70:dc:d1:c0 No AP entry exist in temporary database for 10.29.9.190:44306

*spamApTask0: Dec 11 14:57:53.828: 44:2b:03:9a:d1:10 Discovery Request from 10.29.9.190:44306

*spamApTask0: Dec 11 14:57:53.828: 44:2b:03:9a:d1:10 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 300, joined Aps =272

*spamApTask0: Dec 11 14:57:53.828: 44:2b:03:9a:d1:10 Discovery Response sent to 10.29.9.190:44306

*spamApTask0: Dec 11 14:57:53.916: 44:2b:03:9a:d1:10 Received LWAPP DISCOVERY REQUEST to 68:ef:bd:8e:48:6f on port '13'

*spamApTask0: Dec 11 14:57:53.916: 44:2b:03:9a:d1:10 Discarding discovery request in LWAPP from AP supporting CAPWAP

*spamApTask0: Dec 11 14:58:03.824: 44:2b:03:9a:d1:10 DTLS connection not found, creating new connection for 10:29:9:190 (44306) 10:5:13:4 (5246)

Debug Capwap Errors:

*spamApTask0: Dec 11 15:17:33.715: e8:ba:70:dc:d1:c0 Deleting AP 10.29.9.190 which has not been plumbed

*spamApTask0: Dec 11 15:17:33.716: e8:ba:70:dc:d1:c0 DTLS connection was closed

Debug Capwap Details:

*spamApTask0: Dec 11 15:24:29.419: 44:2b:03:9a:d1:10 CAPWAP Control Msg Received from 10.29.9.190:44306

*spamApTask0: Dec 11 15:24:35.542: 44:2b:03:9a:d1:10 CAPWAP Control Msg Received from 10.29.9.190:44306

*spamApTask0: Dec 11 15:24:41.555: 44:2b:03:9a:d1:10 CAPWAP Control Msg Received from 10.29.9.190:44306

*spamApTask0: Dec 11 15:24:49.555: 44:2b:03:9a:d1:10 CAPWAP Control Msg Received from 10.29.9.190:44306

*spamApTask0: Dec 11 15:25:29.420: 44:2b:03:9a:d1:10 CAPWAP Control Msg Received from 10.29.9.190:44306

*spamApTask0: Dec 11 15:25:29.420: 44:2b:03:9a:d1:10 DTLS connection 0x1a1703c8 closed by controller

*spamApTask0: Dec 11 15:25:29.421: CAPWAP DTLS connection closed msg

AP Console log:

Translating "CISCO-CAPWAP-CONTROLLER.ad.pps.k12.va.us"...domain server (10.29.8.3)

*Mar 1 00:00:57.511: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP. [OK]

*Mar 1 00:01:10.511: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 11 16:05:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 11 16:06:17.495: %CDP_PD-2-POWER_LOW: All radios disabled - NEGOTIATED WS-C3560E-24PD (68bc.0c03.8015)

*Dec 11 16:06:28.231: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

*Dec 11 16:06:55.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.5.13.4:5246

*Dec 3 16:06:55.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Dec 11 16:07:06.367: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 11 16:07:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 11 16:07:39.151: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

*Dec 11 16:08:06.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.5.13.4:5246

*Dec 11 16:08:06.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Dec 11 16:08:17.367: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 11 16:08:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

Leo Laohoo · ‎12-17-2012

*Dec 17 15:53:47.463: %CAPWAP-3-ERRORLOG: Selected MWAR 'IRC-WLC-5508'(index 0).

*Dec 17 15:53:47.463: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 17 15:53:47.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 17 15:54:23.131: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

Getting alot better.

The WAP has selected the 5508 with the correct firmware. The WAP sends a JOIN Request to 10.5.13.4 but cannot get anything back.

Firewall? Routing loop?

This so-called "remote site", how is it connected back to your office? Dark fibre? ISP?

Y'know what? Can you post the output to the following commands:

1. WAP: sh inventory;

2. WLC: sh sysinfo

Nuts, I should've asked for these info before.

View solution in original post

Scott Fella · ‎12-13-2012

You running 7.2.110.0 or higher. That is what is required for these AP's.

http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html#wp97700

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

dgood1234 · ‎12-13-2012

Yes, we are running 7.3.101.0. Also note we have other 2602 AP's that have registered with this controller and are working properly.

Scott Fella · ‎12-13-2012

Well... it does seem like something is blocking udp 5246 & or 5247. I would take a good AP that has joined and put it out on that remote site to test. If that AP doesn't join, then something is indeed blocking.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

dgood1234 · ‎12-13-2012

Scott - that is my next move. I have an AP here that has already joined and I hope to have it on site later today. Will post any findings / results.

Scott Fella · ‎12-13-2012

Let us know what you find.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

dgood1234 · ‎12-13-2012

OK - I registered a new 2602 AP with the controller at our central location, then moved it out to the branch site with the problem. The access point will not join the controller from the remote site even though it joined before I took it out. A parsed portion of the cosole log is below:

*Mar 1 00:01:23.819: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 13 19:39:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 13 19:39:58.131: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

*Dec 13 19:40:25.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.5.13.4:5246

*Dec 13 19:40:26.059: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Dec 13 19:40:26.199: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Dec 13 19:40:26.199: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Dec 13 19:40:26.451: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 13 19:40:26.471: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

I have not run any debugs on the controller since taking this AP on site but I would guess the messages are similar to the original posting. Thoughts??

Leo Laohoo · ‎12-13-2012

Post the entire bootup process.

So you have H-REAP/FlexConnect enabled on the WAP?

dgood1234 · ‎12-14-2012

Below is the entire boot process on the AP that joined from our central location, but now won't join at the remote site. Yes, we have H-REAP/FlexConnect enabled on one of our WLANS - although it isn't currently in use.

IOS Bootloader - Starting system.

flash is writable

FLASH CHIP: Numonyx Mirrorbit (0089)

Xmodem file system is available.

flashfs[0]: 37 files, 9 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 31997952

flashfs[0]: Bytes used: 18247680

flashfs[0]: Bytes available: 13750272

flashfs[0]: flashfs fsck took 18 seconds.

Reading cookie from SEEPROM

Base Ethernet MAC address: 44:2b:03:9a:dd:00

Ethernet speed is 1000 Mb - FULL Duplex

Loading "flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-mx.152-2.JA"...#########################

File "flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-mx.152-2.JA" uncompressed and installed, entry point: 0x2003000

executing...

Secondary Bootloader - Starting system.

Xmodem file system is available.

flashfs[0]: 37 files, 9 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 31997952

flashfs[0]: Bytes used: 18247680

flashfs[0]: Bytes available: 13750272

flashfs[0]: flashfs fsck took 8 seconds.

Reading cookie from SEEPROM

Base Ethernet MAC address: 44:2b:03:9a:dd:00

Boot CMD: 'boot flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-xx.152-2.JA;flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-xx.152-2.JA'

Loading "flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-xx.152-2.JA"...############################

File "flash:/ap3g2-k9w8-mx.152-2.JA/ap3g2-k9w8-xx.152-2.JA" uncompressed and installed, entry point: 0x2003000

executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706

Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Version 15.2(2)JA, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 23-Aug-12 02:29 by prod_rel_team

Initializing flashfs...

flashfs[3]: 37 files, 9 directories

flashfs[3]: 0 orphaned files, 0 orphaned directories

flashfs[3]: Total bytes: 31997952

flashfs[3]: Bytes used: 18247680

flashfs[3]: Bytes available: 13750272

flashfs[3]: flashfs fsck took 9 seconds.

flashfs[3]: Initialization complete.

flashfs[4]: 0 files, 1 directories

flashfs[4]: 0 orphaned files, 0 orphaned directories

flashfs[4]: Total bytes: 12257280

flashfs[4]: Bytes used: 1024

flashfs[4]: Bytes available: 12256256

flashfs[4]: flashfs fsck took 0 seconds.

flashfs[4]: Initialization complete....done Initializing flashfs.

Warning: the compile-time code checksum does not appear to be present.

Radio0 present 8764 8000 0 A8000000 A8010000 0

Rate table has 244 entries (64 SGI/104 BF variants)

Radio1 present 8764 8000 0 88000000 88010000 4

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Warning: the compile-time code checksum does not appear to be present.

cisco AIR-CAP2602I-A-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.

Processor board ID FGL1640Z00A

PowerPC CPU at 800Mhz, revision number 0x2151

Last reset from power-on

LWAPP image version 7.3.101.0

1 Gigabit Ethernet interface

2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 44:2B:03:9A:DD:00

Part Number : 73-14588-02

PCA Assembly Number : 800-37899-01

PCA Revision Number : A0

PCB Serial Number : FOC16337KKT

Top Assembly Part Number : 800-38356-01

Top Assembly Serial Number : FGL1640Z00A

Top Revision Number : A0

Product/Model Number : AIR-CAP2602I-A-K9

% Please define a domain-name first.

Press RETURN to get started!

*Mar 1 00:00:10.231: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar 1 00:00:13.723: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up

*Mar 1 00:00:17.287: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0

*Mar 1 00:00:23.543: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1

*Mar 1 00:00:25.867: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Version 15.2(2)JA, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 23-Aug-12 02:29 by prod_rel_team

*Mar 1 00:00:25.867: %SNMP-5-COLDSTART: SNMP agent on host TestAP1 is undergoing a cold start

*Mar 1 00:00:26.299: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Mar 1 00:00:26.299: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resetlwapp_crypto_init: MIC Present and Parsed Successfully

*Mar 1 00:00:26.439: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Mar 1 00:00:26.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up

*Mar 1 00:00:29.827: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed

*Mar 1 00:00:29.827: DPAA Initialization Complete

*Mar 1 00:00:29.827: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited

*Mar 1 00:00:30.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance

*Mar 1 00:00:54.815: Logging LWAPP message to 255.255.255.255.

*Mar 1 00:00:57.867: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source

*Mar 1 00:00:58.963: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Mar 1 00:00:59.911: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.29.8.163, mask 255.255.248.0, hostname TestAP1

*Mar 1 00:00:59.963: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Mar 1 00:01:00.055: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Mar 1 00:01:01.055: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

Translating "CISCO-CAPWAP-CONTROLLER.ad.pps.k12.va.us"...domain server (10.29.8.3)

*Mar 1 00:01:10.839: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP. [OK]

*Mar 1 00:01:13.843: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'IRC-WLC'running version 7.0.98.0 is rejected.

*Mar 1 00:01:13.843: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.

*Mar 1 00:01:13.843: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.

*Mar 1 00:01:13.843: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Mar 1 00:01:13.843: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.5.13.3

*Mar 1 00:01:23.839: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 14 13:07:43.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 14 13:08:19.131: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

*Dec 14 13:08:42.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.5.13.4:5246

*Dec 14 13:08:43.063: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Dec 14 13:08:43.199: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Dec 14 13:08:43.199: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Dec 14 13:08:43.451: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 14 13:08:43.471: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Dec 14 13:08:43.475: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'IRC-WLC'running version 7.0.98.0 is rejected.

*Dec 14 13:08:43.475: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.

*Dec 14 13:08:43.475: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.

*Dec 14 13:08:43.475: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 14 13:08:43.475: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.5.13.3

*Dec 14 13:08:44.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Dec 14 13:08:44.231: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down

*Dec 14 13:08:44.239: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Dec 14 13:08:45.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Dec 14 13:08:45.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down

*Dec 14 13:08:45.259: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Dec 14 13:08:45.267: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down

*Dec 14 13:08:45.275: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Dec 14 13:08:46.259: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Dec 14 13:08:46.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Dec 14 13:08:46.295: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 14 13:08:47.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Dec 14 13:08:53.467: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 14 13:08:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

*Dec 14 13:09:29.131: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!

*Dec 14 13:09:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.5.13.4:5246

*Dec 14 13:09:53.059: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Dec 14 13:09:53.199: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Dec 14 13:09:53.199: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Dec 14 13:09:53.447: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 14 13:09:53.459: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Dec 14 13:09:53.467: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'IRC-WLC'running version 7.0.98.0 is rejected.

*Dec 14 13:09:53.467: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.

*Dec 14 13:09:53.467: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.

*Dec 14 13:09:54.199: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Dec 14 13:09:54.231: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down

*Dec 14 13:09:54.239: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Dec 14 13:09:55.223: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Dec 14 13:09:55.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down

*Dec 14 13:09:55.259: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up

*Dec 14 13:09:55.267: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down

*Dec 14 13:09:55.275: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Dec 14 13:09:56.259: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Dec 14 13:09:56.267: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Dec 14 13:09:56.295: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up

*Dec 14 13:09:57.295: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Dec 14 13:10:03.459: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Dec 14 13:10:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.5.13.4 peer_port: 5246

Leo Laohoo · ‎12-14-2012

*Mar  1 00:01:13.843: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'IRC-WLC'running version 7.0.98.0 is rejected.

Thanks for the logs. Very useful.

So what's this? The WAP is trying to join a controller (IRC-WLC) with a 7.0.98.0 code. I think this could be the issue.

George Stefanick · ‎12-14-2012

Yea, i was following the thread and that stuck out for me as well ..

Was this AP joined to another WLC or did you have another WLC in this controllers mob group ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

minnkhank089 · ‎01-25-2017

Cann't connect to AP 2602I to WLC 5520

%DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.10.5:5246
*Jan 24 22:11:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.10.5 peer_port: 5246
*Jan 24 22:11:48.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x896C710!

Please let me know if you have a answer to solve this issue.

Sandeep Choudhary · ‎01-25-2017

First, create a completely new thread.

and paste the output of these commands:

sh version from AP

sh sysinfo from WLC

Also paste the complete boot-up process from AP console.

Regards

Dont forget to rate helpful posts

Scott Fella · ‎12-14-2012

Didn't see it, but I'm assuming the AP did get an ip address?

Moving the AP from a location in which it was able to join to another location and then the AP fails to join means that UDP 5246 and or UDP 5247 is being blocked. Check to see if it might be blocked going out or coming back. Since you know it's a good AP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

dgood1234 · ‎12-14-2012

I put a sniffer inline and can confirm that traffic from the AP in question is reaching the controller on UDP port 5246 but I see nothing on UDP port 5247. At what point would traffic start on UDP 5247? I'm checking ACL's and so far I have found nothing. Our WAN is managed by our ISP and I am having them check any ACLs they may have in place as well.