Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1590
Views
1
Helpful
5
Replies

Access point doesn't join the controller

shamik
Visitor

‎05-30-2024 01:10 AM

After resetting the Access point AIR-CAP1602E-E-K9

It doesn't join the controller Cisco 2500

These are the logs from Console of the AP

*May 30 10:03:21.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 30 10:02:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.10.50 peer_port: 5246
*May 30 10:02:17.275: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 172.16.10.50
*May 30 10:02:17.275: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*May 30 10:02:17.275: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.10.50:5246
*May 30 10:02:17.275: %CAPWAP-3-ERRORLOG: Invalid event 40 & state 3 combination.

0 Helpful
5 Replies 5

Rich R
VIP
VIP

‎05-30-2024 07:46 AM

Upgrade the controller to 8.5.182.11 software (link below) and follow the procedures detailed in the field notices which Leo linked and below in my signature.

The first thing you'll have to do is disable NTP and set the date back to before the certificate(s) expired (could be AP and WLC certs expired) - that will let the AP join again.  Then upgrade the software and apply the additional config to WLC from (config ap cert-expiry-ignore mic enable).  Once WLC and AP software have been upgraded and new config applied to WLC and updated to AP then you can re-enable NTP.

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

shamik
Visitor

‎06-03-2024 11:52 PM

I cannot upgrade my cisco WLC 2500 which is running 8.2.100.0, as I don't have any support contract active. 

And I have 46 AP's currently working which is connected to the WLC, 

AP Models connected are - AIR-CAP1602E-E-K9, AIR-AP1852I-E-K9, AIR-AP1852E-E-K9

 

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to shamik

‎06-04-2024 12:00 AM

 

         >...I cannot upgrade my cisco WLC 2500 which is running 8.2.100.0, as I don't have any support contract active. 
  - Then the only thing you can do is disable NTP and set the controller time  backwards.

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Rich R
VIP
VIP
In response to shamik

‎06-17-2024 06:58 AM

Find a recent security advisory that affects 8.5 code and find the section which says "Customers without Contracts" then email TAC (don't phone). You must quote the URL of the advisory, the paragraph just mentioned and the version and URL https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7 for the software you want to download and the serial number of your WLC.  You'll have to mention which platform you need it for (2504) because they have all of them there at that URL.  Then TAC should publish the software to you directly.

This advisory should be suitable: Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability because CSCwa40778 : Bug Search Tool (cisco.com) is fixed in 8.5.182.12. (even though the advisory itself says upgrade to 8.10)

"Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade."

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Preview file
156 KB
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card