Solved: Access point 3502i not joining the Virtual wireless controller

g_parmar83 · ‎07-04-2013

i try to install the two 3502i access points to the virtual wireless controller

but unable to join them to controller.

the lightwieght image running on 3502i is

" ap3g1-rcvk9w8-tar.124-23c.JA2.tar "

need help

and getting error

*Jul 4 13:16:39.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.30.100.200 peer_port: 5246

*Jul 4 13:16:39.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Jul 4 13:16:39.015: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed

*Jul 4 13:16:39.015: %CAPWAP-3-ERRORLOG: Certificate verification failed!

*Jul 4 13:16:39.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:348 Certificate verified failed!

*Jul 4 13:16:39.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 172.30.100.200

*Jul 4 13:16:39.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 172.30.100.200:5246

*Jul 4 13:16:39.015: %DTLS-3-BAD_RECORD: Erroneous record received from 172.30.100.200: Malformed Certificate

*Jul 4 13:16:39.015: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.30.100.200:5246

*Jul 4 13:16:39.015: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

*Jul 4 13:17:44.103: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Jul 4 13:17:44.166: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Jul 4 13:17:44.166: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Jul 4 13:17:44.176: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Jul 4 13:17:44.185: status of voice_diag_test from WLC is false

*Jul 4 13:17:44.185: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Jul 4 13:17:44.195: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Jul 4 13:17:44.204: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Jul 4 13:17:44.220: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Jul 4 13:17:54.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.30.100.200 peer_port: 5246

*Jul 4 13:17:54.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Jul 4 13:17:54.015: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed

*Jul 4 13:17:54.015: %CAPWAP-3-ERRORLOG: Certificate verification failed!

*Jul 4 13:17:54.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:348 Certificate verified failed!

*Jul 4 13:17:54.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 172.30.100.200

*Jul 4 13:17:54.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 172.30.100.200:5246

*Jul 4 13:17:54.015: %DTLS-3-BAD_RECORD: Erroneous record received from 172.30.100.200: Malformed Certificate

*Jul 4 13:17:54.015: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.30.100.200:5246

*Jul 4 13:17:54.015: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

the time is set properly on the WLC

thanks in advance

Scott Fella · ‎07-04-2013

Try this software: ap3g1-rcvk9w8-tar.152-2.JB.tar

With the code you have on the 3502i, you would need to join that AP to a WLC that is running v7.3 or later before you can have it join the vWLC.

http://www.cisco.com/en/US/products/ps12723/products_tech_note09186a0080bd2d04.shtml#hash

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎07-04-2013

If that doesn't work, then boot the AP in ROMMON and upload the code that way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎07-04-2013

Try this software: ap3g1-rcvk9w8-tar.152-2.JB.tar

With the code you have on the 3502i, you would need to join that AP to a WLC that is running v7.3 or later before you can have it join the vWLC.

http://www.cisco.com/en/US/products/ps12723/products_tech_note09186a0080bd2d04.shtml#hash

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

g_parmar83 · ‎07-04-2013

thanks scott for your quick reply, i will try the new software that you mentioned and the WLC is running on 7.3

Scott Fella · ‎07-04-2013

The vWLC can be running either on v7.3 or v7.4. Just read the link that I posted as you might also have to disable the hash.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

g_parmar83 · ‎07-04-2013

Need help again

unable to upload the new image on 3502i because there is no archive command available and

it is not joining the virtual Wireless LAN controller.

thanks in adavnce

Scott Fella · ‎07-04-2013

Use the debug capwap console cli

Don't do a ? As it will not show up. Just issue the command from the cli. Then you can do the archive.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

g_parmar83 · ‎07-04-2013

i follow your steps

first i issue the "debug capwap console cli"

and then issue the followong command

archive download-sw/overwrite tftp://172.30.100.46/name of file

and get invalid input detected at archive

thanks again

Scott Fella · ‎07-04-2013

Can you post the error.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

g_parmar83 · ‎07-04-2013

first of all i gonna thanks for keep replying to my posts

here is command and error:

and it is exact samething i copied from the securecrt

archive dowload-sw/overwrite tftp://172.30.100.46/ap3g1-rcvk9w8-tar.152-2.JB.tar

^

% Invalid input detected at '^' marker.

thanks

Scott Fella · ‎07-04-2013

Well after you did the debug capwap console cli, can you issue a config t?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

g_parmar83 · ‎07-04-2013

yes i can issue the conf t and right now i am in Configure mode

Scott Fella · ‎07-04-2013

Okay well then you are in the debug successfully. The archive command isn't run from the configuration mode but should be allowed in the global mode.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Leo Laohoo · ‎07-04-2013

yes i can issue the conf t and right now i am in Configure mode

What????

The command "debug capwap console cli" is invalid in configuration mode. It has to be entered in ENABLE mode.

Please try again.

g_parmar83 · ‎07-08-2013

Thanks everyone for help

Like scott said as soon as i update the firmware with the latest one the access points joins the Virtual controller

and now my Wireless network working very well

Thanks again

Scott Fella · ‎07-04-2013

If that doesn't work, then boot the AP in ROMMON and upload the code that way.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***