10-06-2022 12:31 PM
Hi,
I have a 2802i that will not sustain a connection to a 9800-CL. The WLC is running version 17.03.04 software release. The AP join the WLC and broadcasts SSID for a few seconds but then drops the connection.
I have trustpoint configured on WLC:
WLC#show wireless management trustpoint
Trustpoint Name : WLC_WLC_TP
Certificate Info : Available
Certificate Type : SSC
Certificate Hash : 5e470c136e2b1ecd0fee05dac60f057742ba12f0
Private key Info : Available
FIPS suitability : Not Applicable
Output from AP:
[*10/06/2022 12:19:39.0788] Discovery Response from 192.168.1.201
[*10/06/2022 12:19:39.0792] Discovery Response from 192.168.1.201
[*10/06/2022 12:19:48.0003]
[*10/06/2022 12:19:48.0003] CAPWAP State: DTLS Setup
[*10/06/2022 12:19:48.8927] First connect to vWLC, accept vWLC by default
[*10/06/2022 12:19:48.8927]
[*10/06/2022 12:19:48.9447]
[*10/06/2022 12:19:48.9447] CAPWAP State: Join
[*10/06/2022 12:19:48.9479] Sending Join request to 192.168.1.201 through port 5264
[*10/06/2022 12:19:49.0494] Join Response from 192.168.1.201
[*10/06/2022 12:19:49.0494] AC accepted join request with result code: 0
[*10/06/2022 12:19:49.0730] Received wlcType 0, timer 30
[*10/06/2022 12:19:49.2144]
[*10/06/2022 12:19:49.2144] CAPWAP State: Image Data
[*10/06/2022 12:19:49.2148] AP image version 17.3.5.43 backup 17.6.4.56, Controller 17.3.5.43
[*10/06/2022 12:19:49.2148] Version is the same, do not need update.
[*10/06/2022 12:19:49.2434] upgrade.sh: Script called with args:[NO_UPGRADE]
[*10/06/2022 12:19:49.3012] do NO_UPGRADE, part2 is active part
[*10/06/2022 12:19:49.3079]
[*10/06/2022 12:19:49.3079] CAPWAP State: Configure
[*10/06/2022 12:19:50.4192] DOT11_CFG[1]: Starting radio 1
[*10/06/2022 12:19:51.1120] DOT11_DRV[1]: Started Radio 1
[*10/06/2022 12:19:51.1126] DOT11_CFG[0]: Starting radio 0
[*10/06/2022 12:19:51.7759] DOT11_DRV[0]: Started Radio 0
[*10/06/2022 12:19:52.0913] Null cert id for TLV_AP_CACERTS_CONFIG_PAYLOAD
[*10/06/2022 12:19:52.2590]
[*10/06/2022 12:19:52.2590] CAPWAP State: Run
[*10/06/2022 12:19:52.2887] AP has joined controller
[*10/06/2022 12:19:53.8342] Previous AP mode is 0, change to 0
[*10/06/2022 12:19:54.0608] chpasswd: password for user changed
[*10/06/2022 12:19:54.2214]
[*10/06/2022 12:19:54.2214] Same LSC mode, no action needed
[*10/06/2022 12:19:54.2215] TLV ID 2584 not found
[*10/06/2022 12:19:54.2215] TLV-DEC-ERR-1: No proc for 2584
[*10/06/2022 12:19:54.8366] TLV ID 1356 not found
[*10/06/2022 12:19:54.8366] TLV-DEC-ERR-1: No proc for 1356
[*10/06/2022 12:19:55.7979] Got WSA Server config TLVs
[*10/06/2022 12:19:56.6013] AP tag change to Lab_TAG
[*10/06/2022 12:19:56.6816] flags value is 1
[*10/06/2022 12:19:57.1770] Powering down BLE radio
[*10/06/2022 12:20:19.9320] set cleanair [slot0][band0] enabled
[*10/06/2022 12:20:19.9736] set cleanair [slot0][band1] enabled
[*10/06/2022 12:20:19.9969] set cleanair [slot1][band1] enabled
[*10/06/2022 12:21:43.2191] FOUND CONFIGURED WLC (Primary) REDISCOVER TO CONNECT WITH THAT.
[*10/06/2022 12:21:43.2926]
[*10/06/2022 12:21:43.2926] CAPWAP State: DTLS Teardown
[*10/06/2022 12:21:43.3625] DOT11_DRV[0]: Stopped Radio 0
[*10/06/2022 12:21:43.3824] DOT11_DRV[1]: Stopped Radio 1
[*10/06/2022 12:21:44.4663] upgrade.sh: Script called with args:[ABORT]
[*10/06/2022 12:21:44.5233] do ABORT, part2 is active part
[*10/06/2022 12:21:44.5387] upgrade.sh: Cleanup tmp files ...
[*10/06/2022 12:21:44.5728] Dropping dtls packet since session is not established. Peer 192.168.1.201-5246, Local 192.168.1.207-5264, conn (nil)
[*10/06/2022 12:21:44.5730] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*10/06/2022 12:21:44.5730] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
Can someone please advise?
Thanks
10-06-2022 02:16 PM
Do other APs join the WLC?
10-06-2022 02:23 PM
I only have this AP to hand, as its part of a Lab setup
10-06-2022 03:14 PM
"sh run | include wireless management". Is there an output to this command?
10-06-2022 10:23 PM
check this thread if you are in scenario like flex connect or highly overloaded network.
https://community.cisco.com/t5/wireless/capwap-state-dtls-teardown/td-p/4160587
10-07-2022 12:25 AM
[*10/06/2022 12:21:43.2191] FOUND CONFIGURED WLC (Primary) REDISCOVER TO CONNECT WITH THAT.
According to that message I would assume that there is primary controller configured on the AP and it's tying to connect to this controller instead of 192.168.1.201
Did you check that on the AP?
10-07-2022 06:49 AM
Yep I thought the same as @reccon - check the primary/secondary/tertiary controllers set on the AP.
Or just do a factory default reset on the AP to clear out whatever is set.
10-07-2022 08:32 AM
Thank you for all the replies. I have now sorted the issue, basically I had created the certificate on the vwlc before configuring NTP. Therefore, I think there was some sort of mismatch with the date and time stamp. Adding NTP and then re-creating the certificate has now rectified the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide