08-06-2019 04:12 AM - edited 07-05-2021 10:48 AM
Hi!
I have a 2800 AP in mobility express mode but I cannot get my other 2700 AP to join the controller. I have the time right but the 2700 ap do not want to join the mobility express controller. Everything is reachable l2 and l3. I see the 2700 ap in the controller but It will not join. I have just reinstalled the ap3g2-k9w8-tar.152-4.JB6 image on the Lightweight ap and the AIR-AP2800-K9-ME-8-5-151-0 software on the 2800 mobility express AP.
192.168.10.251 is the IP of the controller(2800AP)
I get these messages from the 2700 AP:
*Aug 6 11:04:42.811: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 6 11:05:42.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.251 peer_port: 5246
*Aug 6 11:05:42.215: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.10.251 peer_port: 5246
*Aug 6 11:05:42.215: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.10.251perform archive download capwap:/ap3g2 tar file
*Aug 6 11:05:42.219: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Aug 6 11:05:42.223: Loading file /ap3g2...
ERROR: Image is not a valid IOS image archive.
Download image failed, notify controller!!! From:7.6.100.0 to 0.0.0.0, FailureCode:3
archive download: takes 80 seconds
*Aug 6 11:07:02.223: %CAPWAP-3-ERRORLOG: capwap ifs: read error or timeout
*Aug 6 11:07:02.223: capwap_image_proc: problem extracting tar file
*Aug 6 11:07:02.223: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.251:5246
*Aug 6 11:07:02.287: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Aug 6 11:07:02.307: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Aug 6 11:07:02.307: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Aug 6 11:07:02.311: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Aug 6 11:07:02.331: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Aug 6 11:07:03.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Aug 6 11:07:03.339: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Aug 6 11:07:03.347: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Aug 6 11:07:04.331: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Aug 6 11:07:04.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Aug 6 11:07:04.363: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Aug 6 11:07:04.371: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 6 11:07:04.379: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 6 11:07:05.363: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Aug 6 11:07:05.371: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Aug 6 11:07:05.399: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Aug 6 11:07:06.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Aug 6 11:07:12.331: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 6 11:07:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.10.251 peer_port: 5246
*Aug 6 11:07:13.215: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.10.251 peer_port: 5246
*Aug 6 11:07:13.215: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.10.251
*Aug 6 11:07:18.215: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.10.251
And I get this on the debug on the WLC:
(Cisco Controller) >*spamApTask0: Aug 06 12:56:29.072: e8:65:49:35:6d:a0 Failed to parse CAPWAP packet from 192.168.10.132:45521
*spamApTask0: Aug 06 13:09:22.613: 00:00:00:00:00:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 192.168.10.132:45521)since DTLS session is not established
*spamApTask0: Aug 06 13:09:22.721: e8:65:49:35:6d:a0 ApModel: AIR-CAP2702I-E-K9
*spamApTask0: Aug 06 13:09:22.721: e8:65:49:35:6d:a0 we already missed the echo from this AP. Echo time 37 time value 1565089762, last echo 1565089613
*spamApTask0: Aug 06 13:09:22.721: e8:65:49:35:6d:a0 Echo Timer Expiry: Missing Echo from APe8:65:49:35:6d:a0, Closing dtls Connection.
*spamApTask0: Aug 06 13:09:22.722: e8:65:49:35:6d:a0 ApModel: AIR-CAP2702I-E-K9
*spamApTask0: Aug 06 13:11:03.268: e8:65:49:35:6d:a0 Invalid event Capwap_join_request & state Capwap_image_data combination
*spamApTask0: Aug 06 13:11:03.268: e8:65:49:35:6d:a0 State machine handler: Failed to process msg type = 3 state = 10 from 192.168.10.132:45521
*spamApTask0: Aug 06 13:11:03.268: e8:65:49:35:6d:a0 Failed to parse CAPWAP packet from 192.168.10.132:45521
*spamApTask0: Aug 06 13:11:08.266: e8:65:49:35:6d:a0 Invalid event Capwap_join_request & state Capwap_image_data combination
*spamApTask0: Aug 06 13:11:08.266: e8:65:49:35:6d:a0 State machine handler: Failed to process msg type = 3 state = 10 from 192.168.10.132:45521
*spamApTask0: Aug 06 13:11:08.266: e8:65:49:35:6d:a0 Failed to parse CAPWAP packet from 192.168.10.132:45521
Any help or pointers is very much appriciated!!
Solved! Go to Solution.
08-11-2019 05:54 AM
>I have upgraded the 2700 AP to ver LWAPP image version 8.8.120.0. The controller has Product >Version.................................. 8.5.151.0.
I think you should upgrade your AP to the same version as ME, if you didn't set tftp on ME.
08-06-2019 05:02 AM
08-06-2019 05:34 AM
Hi,
8.5 and later versions need to use c3700 to join ME. If your AP version is lower than 8.5,
you need to upgrade to ap3g2 and then upgrade to c3700. After that, you can successfully join.
I hope this will help you.
Best regards,
Haifeng
08-10-2019 02:19 AM - edited 08-10-2019 03:10 AM
Thanks a lot for the help and pointers. My 2700 AP had software version 7.6.100.0.
I have upgraded the 2700 AP to ver LWAPP image version 8.8.120.0. The controller has Product Version.................................. 8.5.151.0.
I get IP from DHCP but I do not discover WLC. Is there any manual way to set WLC on the AP?
*Aug 10 10:02:22.755: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Aug 10 10:02:28.899: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.10.132, mask 255.255.255.0, hostname AP54a2.741b.1cfc
I enabled Debug on the WLC and get this:
*spamApTask0: Aug 10 12:10:18.222: e8:65:49:35:6d:a0 Unable to get Ap mode in Join request
*spamApTask0: Aug 10 12:10:18.223: e8:65:49:35:6d:a0 Controller Image Upgrade in Progress: Cannot accept Join Request from e8:65:49:35:6d:a0, controller is upgrading whil
*spamApTask0: Aug 10 12:10:18.223: e8:65:49:35:6d:a0 State machine handler: Failed to process msg type = 3 state = 0 from 192.168.10.132:61904
*spamApTask0: Aug 10 12:10:18.223: e8:65:49:35:6d:a0 Failed to parse CAPWAP packet from 192.168.10.132:61904
*spamApTask0: Aug 10 12:10:18.224: 00:00:00:00:00:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 192.168.10.132:61904)since DTLS session is not established
08-10-2019 04:11 PM - edited 08-10-2019 04:12 PM
Hi,
You may need to use the following commands.
1. Set ip address and gateway
2602#capwap ap ip address 10.127.209.200 255.255.255.0
2602#capwap ap ip default-gateway 10.127.209.129
2. Set the address of the controller
2602#capwap ap controller ip address 10.127.209.201
3. Check configuration
2602#show ip int brief 2602#show capwap client config 2602#show capwap client rcb
4. For debugging.
(1) WLC debug capwap event enable debug capwap error enable debug capwap packet enable debug dtls all enable (2) AP debug dtls client error debug dtls client event debug capwap client error debug capwap client event debug capwap client packet
Best regards,
Haifeng
08-11-2019 04:54 AM
I have tried the debug commands now and I change the clock but It just jumps back 2-3 hours after I have done this. The clock on the WLC is good. I have one working 1815 and 2800 AP that has joined the WLC so I know the problem is this 2700 AP. I do not understand what can be wrong here, but I post the error messages I get. Thanks again for the great help! :)
Aug 11 13:51:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 11:51:51 UTC Sun Aug 11 2019 to 13:51:00 UTC Sun Aug 11 2019, configured from console by cisco on console.
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Echo Interval Expired.
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Sending packet to AC
Aug 11 13:51:02.611: CAPWAP Control mesg Sent to 192.168.10.251, Port 5246
Aug 11 13:51:02.611: Msg Type : CAPWAP_ECHO_REQUEST
Aug 11 13:51:02.611: Msg Length : 0
Aug 11 13:51:02.611: Msg SeqNum : 3
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Echo Request sent to 192.168.10.251
Aug 11 13:51:02.611: CAPWAP Control mesg Recd from 192.168.10.251, Port 5246
Aug 11 13:51:02.611: HLEN 2, Radio ID 0, WBID 1
Aug 11 13:51:02.611: Msg Type : CAPWAP_ECHO_RESPONSE
Aug 11 13:51:02.611: Msg Length : 0
Aug 11 13:51:02.611: Msg SeqNum : 3
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Resetting reTransmissionCnt to 0
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Queue Empty.
Aug 11 13:51:02.611: %CAPWAP-3-EVENTLOG: Echo Response from 192.168.10.251
Aug 11 13:51:03.539: %CAPWAP-3-EVENTLOG: No changes in lwapp configs
AP54a2.741b.1cfc#
ERROR: Image is not a valid IOS image archive.
Download image failed, notify controller!!! From:8.5.131.0 to 0.0.0.0, FailureCode:3
archive download: takes 80 seconds
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
Aug 11 13:51:22.615: %CAPWAP-3-EVENTLOG: capwap ifs: restart discovery
Aug 11 13:51:22.615: capwap_image_proc: problem extracting tar file
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: wtpCloseAllDtlsConnections:
DISCONNECTING DTLS Session: 0xDCE1C28 - CTRL connection
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: dtls_disconnect: Disconnecting DTLS connection 0xDCE1C28
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: dtls_free_connection: Free Called... for Connection 0xDCE1C28
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: dtls_send_Alert: Sending FATAL : Close notify Alert
Aug 11 13:51:22.619: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.10.251:5246
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: wtpDtlsCallback: DTLS-Ctrl Connection 0xDCE1C28 closed
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: dtls_free_connection: Free Done... for Connection 0xDCE1C28
Aug 11 13:51:22.619: DTLS_CLIENT_EVENT: dtls_connectionDB_del_connection: Deleted Connection 0xDCE1C28, Server 192.168.10.251:5246, Client 192.168.10.132:61904, Count 0
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: CAPWAP State: DTLS Teardown.
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: Discarding msg type 9 in CAPWAP state: 4.
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: WTP Event Message Sent
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: DTLS session cleanup completed. Restarting capwap state machine.
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: Discarding msg type 9 in CAPWAP state: 4.
Aug 11 13:51:22.619: %CAPWAP-3-EVENTLOG: Configuration update for Power Mode sent to192.168.10.251
Aug 11 13:51:22.619: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface is getting down
Aug 11 13:51:22.763: CAPWAP Control mesg Sent to 192.168.10.251, Port 5246
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_REQUEST
Aug 11 13:51:22.763: Msg Length : 165
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Sent to 192.168.10.251, Port 5246
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_REQUEST
Aug 11 13:51:22.763: Msg Length : 165
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Sent to 255.255.255.255, Port 5246
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_REQUEST
Aug 11 13:51:22.763: Msg Length : 165
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Sent to 255.1.0.0, Port 5246
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_REQUEST
Aug 11 13:51:22.763: Msg Length : 165
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Recd from 192.168.10.251, Port 5246
Aug 11 13:51:22.763: HLEN 2, Radio ID 0, WBID 1
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_RESPONSE
Aug 11 13:51:22.763: Msg Length : 111
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Recd from 192.168.10.251, Port 5246
Aug 11 13:51:22.763: HLEN 2, Radio ID 0, WBID 1
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_RESPONSE
Aug 11 13:51:22.763: Msg Length : 111
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.763: CAPWAP Control mesg Recd from 192.168.10.251, Port 5246
Aug 11 13:51:22.763: HLEN 2, Radio ID 0, WBID 1
Aug 11 13:51:22.763: Msg Type : CAPWAP_DISCOVERY_RESPONSE
Aug 11 13:51:22.763: Msg Length : 111
Aug 11 13:51:22.763: Msg SeqNum : 0
Aug 11 13:51:22.767: CAPWAP Control mesg Recd from 192.168.10.251, Port 5246
Aug 11 13:51:22.767: HLEN 2, Radio ID 0, WBID 1
Aug 11 13:51:22.767: Msg Type : CAPWAP_DISCOVERY_RESPONSE
Aug 11 13:51:22.767: Msg Length : 111
Aug 11 13:51:22.767: Msg SeqNum : 0
Aug 11 13:51:23.719: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
Aug 11 13:51:23.735: %CAPWAP-3-EVENTLOG: LRAD state down. Skip sending PHY_TX_POWER_LEVEL_PAYLOAD
Aug 11 13:51:23.747: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
Aug 11 13:51:23.755: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
Aug 11 13:51:24.739: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Aug 11 13:51:24.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
Aug 11 13:51:24.771: %CAPWAP-3-EVENTLOG: LRAD state down. Skip sending PHY_TX_POWER_LEVEL_PAYLOAD
Aug 11 13:51:24.775: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
Aug 11 13:51:24.783: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
Aug 11 13:51:24.791: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
Aug 11 13:51:25.775: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Aug 11 13:51:25.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
Aug 11 13:51:25.807: %CAPWAP-3-EVENTLOG: LRAD state down. Skip sending PHY_TX_POWER_LEVEL_PAYLOAD
Aug 11 13:51:25.811: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
Aug 11 13:51:26.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: Calling wtpGetAcToJoin from timer expiry.
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: !mwarname
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: !mwarname
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: !mwarname
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: Selected MWAR 'MasterAP' (index 0).
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: Ap mgr count=1
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: Controller: MasterAP. ApMgr count is 1 ipTransportTried 0 prefer-mode 0
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: Adding Ipv4 AP manager 192.168.10.251 to least load
Aug 11 13:51:32.763: %CAPWAP-3-EVENTLOG: IPv4 Pref mode. Choosing AP Mgr with index 0, IP = 192.168.10.251, load = 3 ap ip: (192.168.10.132)
Aug 11 13:51:32.763: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
Aug 11 11:52:25.000: DTLS_CLIENT_EVENT: dtls_connectionDB_add_connection: Added Connection 0xDCE1C28 Server 192.168.10.251:147E, Client 192.168.10.132:F1CF
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing...
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest:
dtls_process_HelloVerifyRequest: cookie_len = 32
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_process_ServerHello: Processing...
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_connection_set_cipher: Setting cipher to TLS_RSA_WITH_AES_128_CBC_SHA
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session:
DTLS connection database is initialized
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session:
DTLS connection database is initialized
Aug 11 11:52:25.007: DTLS_CLIENT_EVENT: dtls_process_Certificate: Processing...
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: wtpDtlsCallback: Certificate verified ok!
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: dtls_process_CertificateRequest: Processingt...
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: dtls_process_ServerHelloDone: Processing...
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: wtpDtlsCallback: Certificate installed for PKI based authentication.
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: dtls_send_Certificate: Sending 1 certificates
Aug 11 11:52:25.015: DTLS_CLIENT_EVENT: dtls_handshake_fragment_and_send: Re-aligning the last fragmenti by 1
Aug 11 11:52:25.211: DTLS_CLIENT_EVENT: dtls_connection_is_resumed_session:
DTLS connection database is initialized
08-11-2019 05:54 AM
>I have upgraded the 2700 AP to ver LWAPP image version 8.8.120.0. The controller has Product >Version.................................. 8.5.151.0.
I think you should upgrade your AP to the same version as ME, if you didn't set tftp on ME.
08-11-2019 08:43 AM
08-11-2019 09:07 AM
08-11-2019 08:03 PM - edited 08-11-2019 08:05 PM
Hi,
I am so glad to hear that your problem has been solved.
Let me share some knowledge points with you, because you are still using your ME,
these may be useful in the future.
1. ME is different from WLC, it is more like a simplified version of WLC.
ME does not have ap image in it, so AP can't automatically download image from ME,
you need some extra operations.
A. Gui(ME)
Adding an Access Point to Mobility Express Network
B. Cli(AP)
archive(Cos AP)
Using the force-reload Option with archive download-sw Command(ios AP)
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/ios/release/notes/aap-rn-89.html
* You may also need to use the "debug capwap console cli" command beforehand.
2. If you don't know which version of the AP corresponds to the ME version, please check the link below.
Table 4 Cisco WLC Software Releases, AP IOS Releases, and Supported Access Points
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
3. If you are confused about which version your AP should download, please check the link below.
Understanding Access Point OS Images
Best regards,
Haifeng
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide