11-18-2020 09:53 AM - edited 07-05-2021 12:48 PM
Greetings,
I have a 5508 WLC and 3602i APs that I need to reconfigure on a "rebuilt" network, but I have no experience with Cisco wireless. I figured it would be best to start fresh with the WLC and reconfig it operate on 192.168.1.1 coming from a small business router.
After some reading and watching a few videos on initial configurations, I had a few questions before I jump in. I understand what the service IP is for (GUI access), but the management interface IP, default router, DHCP server IP address, and AP manager interface IP address is what is holding me up. Is the default router my small business router in the back? Does the WLC need to be configured as a DHCP server for the access points? This is all unfamiliar to me.
Thank you.
Solved! Go to Solution.
11-19-2020 09:34 PM
Glad to hear. Better to configure one of these command to ignore the cert expiry.
configure the necessary command to have the WLC and APs ignore certificate expiration.
For Version 7.0.252.0, use this command:
(WLC)>config ap lifetime-check {mic|ssc} enable
For Versions 7.4.140.0 and later, use this command:
(WLC)>config ap cert-expiry-ignore {mic|ssc}
Regards
Dont forget to rate helpful posts
11-18-2020 10:19 AM
Hi,
The Service Port is used for Out Of Bound (OOB) Management. Whilst the default configuration on the WLC allows for access via the management interface, it is better practice to have the service port configured on a different VLAN and use that to reach the WLC via SSH / HTTPS.
Step1: Connect WLC to your switch (as per our diagram) and configure switchport with required vlans
Step2: Connect WLC via console and configure...
https://www.networkstraining.com/cisco-wireless-lan-controller-configuration/
Step3: Connect APs in same vlan as WLC
That's all
Regards
Dont forget to rate helpful posts
11-18-2020 10:43 AM
Thanks for the reply. After looking over the provided link, I did have additional questions.
Management Interface IP Address: 192.168.10.10
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.10.1
Management Interface VLAN Identifier (0 = untagged): 10
Management Interface DHCP Server IP Address: 192.168.1.3
Is the Management Interface IP Address the assigned IP for the WLC?
Is the Management Interface DHCP Server IP Address the IP of my router, or is this the Management Interface Default Router?
11-18-2020 10:47 AM - edited 11-18-2020 10:53 AM
You have to assign a mgmt IP address to WLC so that you can access it via GUI and AP can also join using this IP.
Yes you can put router IP as Mgmt DHCP server.
Regards
Dont forget to arte helpful posts
11-18-2020 11:18 AM
Alright, starting from the top.
Putty
user: recover-config
Would you like to terminate autoinstall: yes
Enter administrative user name: ###
Enter administrative password: ###
Re-enter password: ###
Service interface IP address configuration: (static) 192.168.10.100
Enable LAG: no
Management Interface IP Address: (WLC IP) 192.168.5.10
Management Interface Mask: 255.255.255.0
Management Interface Default Router: 192.168.5.1
Management Interface VLAN Identifier: 5
Management Interface Port Num: 1
Management Interface DHCP Server IP: 192.168.1.1 (router IP)
Enable HA: no
Virtual Gateway IP Address: 1.1.1.1
Mobility/RF Group Name: ###
Network Name: ###
Configure DHCP Bridging Mode: no
Allow Static IP addresses: no
Configure a RADIUS server: no
Country code: US
Enable 802.11b/a/g: yes/yes/yes
enable Auto-RF: yes
configure NTP server: no
Configure system time: yes
Enter Date: ###
Enter Time: ###
Configuration correct: yes
Now, after reboot, I am able to GUI in using the service port. I have a switch with ports 25-48 dedicated to the WLC and APs. Set to vlan5. I have the WLC port 1 going to switch port 47. Switch port 48 to router. AP connected to switch port 46.
In the GUI, there are no APs detected. The AP seems to boot to solid green at first, then cycles green/red/amber.
Did I miss a configuration?
11-18-2020 10:05 PM
Hi,
As the access point attempts to connect to the controller, the LEDs cycle through a green, red, and amber sequence, which can take up to 5 minutes.
If the access point remains in this mode for more than five minutes, the access point is unable to find the Master Cisco wireless LAN controller. Check the connection between the access point and the Cisco wireless LAN controller and be sure that they are on the same subnet.
1. If the access point shuts down, check the power source.
2. After the access point finds the Cisco wireless LAN controller, it attempts to download the new operating system code if the access point code version differs from the Cisco wireless LAN controller code version. While this is happening, the Status LED blinks dark blue.
3. If the operating system download is successful, the access point reboots.
Please also paste the output of these commands:
From WLC: shs sysinfo
Frpm AP: show versiono
AP bootup process from console: paste all the logs here
Regards
Dont forget to rate helpful posts
Regards
11-19-2020 06:52 AM
Good Morning Sandeep and thank you for your continued assistance,
The APs remain on. I have a total of nine of them already mounted, with 2 taken down so I can get all this figured out. All 9 remain on, but cycle green/red/amber (discovery process). The switch in use is a POE+ switch. I would like to note that all of these were in use and operational (APs and WLC), just on a different IP scheme. Appliance failure caused a network rebuild/overhaul/reconfiguration.
I've attached a .txt with show sysinfo.
I am unable to get any output from the two APs in Putty. COM3, Baud 9600, Data Bits 8, Stop Bits 1, Parity None, Flow Control none.
11-19-2020 07:08 AM - edited 11-19-2020 07:10 AM
Hi,
Can you tell me the model number/name of these AP?
wlC Software Version is :7.4.121.0 (too old)
also check the compatibility matrix of AP& WLC:
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
Regards
Don’t forget to rate helpful posts
11-19-2020 07:37 AM
The APs are AIR-CAP3602I-A-K9
The WLC and APs were functional prior to appliance failure (old router), so a new appliance has been reinstalled and the network reconfigured.
11-19-2020 10:21 AM
Without debug logs from AP console, it’s really hard to findout the rootcause.
Do you know what version of Software was running on old wlc?
11-19-2020 10:49 AM - edited 11-19-2020 10:54 AM
(edit: added AP boot log.txt)
Same WLC, same version.
I was able to dig up a different usb to rs232 adapter and can get into the AP. I am also using a POE injector at the moment, with the AP going straight into Port 1 (management port) of the WLC. I had to reset the username/PW, but below are the logs. The AP keeps sending an error:
*Mar 1 00:06:55.411: %CAPWAP-3-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
*Mar 1 00:07:05.411: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not have an Ip !!
The time/date is way off. The AP cannot discovery the WLC.
APfc99.47b0.f499>show version
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.2(2)JB3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 19-Dec-13 04:30 by prod_rel_team
ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(23c)JY, RELEASE SOFTWARE (fc1)
APfc99.47b0.f499 uptime is 6 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.152-2.JB3/ap3g2-k9w8-xx.152-2.JB3"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP3602I-A-K9 (PowerPC) processor (revision A0) with 180214K/81920K bytes of memory.
Processor board ID FTX1644GH59
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 7.4.121.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: FC:99:47:B0:F4:99
Part Number : 73-14521-02
PCA Assembly Number : 800-37501-02
PCA Revision Number : A0
--More--
*Mar 1 00:06:25.411: %CAPWAP-3-ERRORLOG: Not sending discovery request AP does not havePCB Serial Number : FOC16376E75
Top Assembly Part Number : 800-35852-02
Top Assembly Serial Number : FTX1644GH59
Top Revision Number : C0
Product/Model Number : AIR-CAP3602I-A-K9
Configuration register is 0xF
11-19-2020 11:21 AM
ok.
1. Make sure that you have correct date and time settings on WLC.
2. Connect AP to switchport and then paste the bootup process from AP console.
Regards
Sandeep
11-19-2020 11:52 AM
11-19-2020 01:21 PM
I found this article. It says that rolling back the time to a certificate-valid time will work to establish a connection between APs and the WLC.
https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
I set the date back to 2019 (before the 1 Jan 2020 expiration) and all of my APs came up.
11-19-2020 09:34 PM
Glad to hear. Better to configure one of these command to ignore the cert expiry.
configure the necessary command to have the WLC and APs ignore certificate expiration.
For Version 7.0.252.0, use this command:
(WLC)>config ap lifetime-check {mic|ssc} enable
For Versions 7.4.140.0 and later, use this command:
(WLC)>config ap cert-expiry-ignore {mic|ssc}
Regards
Dont forget to rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide