ā08-27-2024 04:41 AM
AIR-CAP2702I-E-K9 40 AP are online in production running on an old AIR-CT5508-K9 we want to migrate them to an new controller Cisco Catalyst 9800-L Wireless Controller 17.9.5 but we cant see how they get there info of the old controller so we can tip them over.
see below for reboot of one of the APs
*Aug 27 10:53:42.031: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 11
*Aug 27 10:53:42.031: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 11
*Aug 27 10:53:42.039: %SYS-5-RELOAD: Reload requested by admin on console. Reloa d Reason: Reload Command.
*Aug 27 10:53:42.055: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
*Aug 27 10:53:42.255: %CLEANAIR-6-STATE: Slot 0 down
*Aug 27 10:53:42.259: %CLEANAIR-6-STATE: Slot 1 down
Write of event.log done
IOS Bootloader - Starting system.
flash is writable
Antigua Board
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 78 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 22048256
flashfs[0]: Bytes available: 19110400
flashfs[0]: flashfs fsck took 20 seconds.
Base Ethernet MAC address: 38:0e:4d:9e:65:38
Ethernet speed is 1000 Mb - FULL Duplex
Loading "flash:/ap3g2-k9w8-mx.ap_umr8_esc.202212141728/ap3g2-k9w8-mx.ap_umr8_esc.202212141728"...#########################
File "flash:/ap3g2-k9w8-mx.ap_umr8_esc.202212141728/ap3g2-k9w8-mx.ap_umr8_esc.202212141728" uncompressed and installed, entry point: 0x2003000
executing...
Secondary Bootloader - Starting system.
Antigua Board Pre-Pilot
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 78 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 22048256
flashfs[0]: Bytes available: 19110400
flashfs[0]: flashfs fsck took 22 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 0 seconds.
Base Ethernet MAC address: 38:0e:4d:9e:65:38
Boot CMD: 'boot flash:/ap3g2-k9w8-mx.ap_umr8_esc.202212141728/ap3g2-k9w8-xx.ap_umr8_esc.202212141728;flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx'
Loading "flash:/ap3g2-k9w8-mx.ap_umr8_esc.202212141728/ap3g2-k9w8-xx.ap_umr8_esc.202212141728"...#################################################
File "flash:/ap3g2-k9w8-mx.ap_umr8_esc.202212141728/ap3g2-k9w8-xx.ap_umr8_esc.202212141728" uncompressed and installed, entry point: 0x1003000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Experimental Version 15.3(20221215:041014) [EZCommit 239]
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Wed 14-Dec-22 20:13 by aut
Antigua Board Pre-Pilot
40MB format
Tide XL MB - 40MB of flash
Initializing flashfs...
flashfs[2]: 78 files, 9 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 40900608
flashfs[2]: Bytes used: 22048256
flashfs[2]: Bytes available: 18852352
flashfs[2]: flashfs fsck took 18 seconds.
flashfs[2]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCCCC
Copy in progress...CCC
Copy in progress...CCCC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...CCCCCCCC
Copy in progress...CCCC
Copy in progress...CC
Copy in progress...C
Uncompressing radio files...
...done Initializing flashfs.
Radio0 present 8764 8000 0 A8000000 A8010000 0
Rate table has 650 entries (20 legacy/224 11n/406 11ac)
POWER TABLE FILENAME = ram:/U2.bin
Radio1 present 8864 8000 0 80000000 80100000 4
POWER TABLE FILENAME = ram:/U5.bin
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP2702I-E-K9 (PowerPC) processor (revision A0) with 376814K/134656K bytes of memory.
Processor board ID FCW2201NN2A
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.5.182.7
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 38:0E:4D:9E:65:38
Part Number : 73-15824-04
PCB Serial Number : FOC22012C6R
Top Assembly Part Number : 068-100379-02
Top Assembly Serial Number : FCW2201NN2A
Top Revision Number : B0
Product/Model Number : AIR-CAP2702I-E-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:23.819: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:24.279: Registering HW DTLS
*Mar 1 00:00:25.143: Starting Ethernet promiscuous mode
*Mar 1 00:00:27.459: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:27.459: %LINK-6-UPDOWN: Interface GigabitEthernet1, changed state to up
*Mar 1 00:00:29.967: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:30.079: loading Power Tables from ram:/U2.bin. Class = E
*Mar 1 00:00:30.083: record size of 3ss: 1168 read_ptr: 5E719DE
*Mar 1 00:00:35.275: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:35.319: loading Power Tables from ram:/U5.bin. Class = E
*Mar 1 00:00:35.355: record size of vht: 2904 read_ptr: 5E719DE
APAVC Registering AVC licences on the AP to make sure we enable advanced PP
*Mar 1 00:00:36.763: SCHED: Ethernet Bridge Process: install watched boolean System Initialized(5E59C18), os:1 ah:0APAVC Protocol list already initialized.
*Mar 1 00:00:36.763: Start STILE Activation
APAVC: Succeeded to activate all the STILE protocols.
APAVC: Registering with CFT
*Mar 1 00:00:37.015: APAVC: CFT registration of delete callback succeeded
APAVC: Reattaching Original Buffer pool for system use
*Mar 1 00:00:38.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:00:38.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1, changed state to down
*Aug 27 10:53:41.067: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 39
*Aug 27 10:53:41.067: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 39
*Aug 27 10:53:41.079: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Experimental Version 15.3(20221215:041014) [EZCommit 239]
Copyright (c) 1986-2022 by Cisco Systems, Inc.
Compiled Wed 14-Dec-22 20:13 by aut
*Aug 27 10:53:41.079: %SNMP-5-COLDSTART: SNMP agent on host N113 is undergoing a cold start
*Aug 27 10:53:41.155: SCHED: Ethernet Bridge Process: remove watched boolean System Initialized(5E59C18)
*Aug 27 10:53:41.155: SCHED: Ethernet Bridge Process: install watched queue Soap BVI input queue(CDF1458), os:0 ah:0
*Aug 27 10:53:41.227: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!
*Aug 27 10:53:41.227: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!
*Aug 27 10:53:41.279: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 10
*Aug 27 10:53:41.279: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 10
*Aug 27 10:53:41.279: %CDP_PD-4-POWER_OK: Full power - HIGH_POWER inline power sourcelwapp_crypto_init: MIC Present and Parsed Successfully
*Aug 27 10:53:42.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Aug 27 10:53:42.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Aug 27 10:53:42.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Aug 27 10:53:43.615: %LINK-5-CHANGED: Interface GigabitEthernet1, changed state to administratively down
*Aug 27 10:53:47.191: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (2-16)
*Aug 27 10:53:47.191: DPAA Initialization Complete
*Aug 27 10:53:47.191: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Aug 27 10:53:47.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Aug 27 10:53:49.735: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.5.216, mask 255.255.240.0, hostname N113
*Aug 27 10:53:59.455: Currently running a Non-Release Image
*Aug 27 10:53:59.479: Using SHA-2 signed certificate for image signing validation.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Aug 27 10:54:11.755: AP image integrity check PASSED
*Aug 27 10:54:11.763: Non-recovery image. PNP Not required.
*Aug 27 10:54:11.771: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco
*Aug 27 10:54:11.799: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 27 10:54:12.903: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Aug 27 10:54:12.911: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Aug 27 10:54:13.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Aug 27 10:54:14.147: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Aug 27 10:54:15.147: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Aug 27 10:54:21.903: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Aug 27 10:54:22.903: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER.unet.aalborghus.dk"...domain server (192.168.0.252) [OK]
*Aug 27 10:54:45.911: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Aug 27 10:56:40.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.0.63 peer_port: 5246
*Aug 27 10:56:40.443: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.0.63 peer_port: 5246
*Aug 27 10:56:40.443: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.63
*Aug 27 10:56:40.615: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 56
*Aug 27 10:56:40.619: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 27 10:56:40.627: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 27 10:56:40.631: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 42
*Aug 27 10:56:41.247: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 56
*Aug 27 10:56:41.247: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 10
*Aug 27 10:56:41.255: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller Aalborghus Wireless 3
*Aug 27 10:56:41.323: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Aug 27 10:56:41.483: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Aug 27 10:56:41.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Aug 27 10:56:41.655: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Aug 27 10:56:41.663: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Aug 27 10:56:42.323: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Aug 27 10:56:42.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Aug 27 10:56:42.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Aug 27 10:56:42.699: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Aug 27 10:56:42.707: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 27 10:56:42.715: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 27 10:56:43.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Aug 27 10:56:43.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Aug 27 10:56:43.735: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Aug 27 10:56:44.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Aug 27 10:57:07.611: %CLEANAIR-6-STATE: Slot 0 enabled
*Aug 27 10:57:09.387: %CLEANAIR-6-STATE: Slot 1 enabled
Please let me know how to continue
Solved! Go to Solution.
ā08-27-2024 06:21 AM - edited ā08-27-2024 06:23 AM
Translating "CISCO-CAPWAP-CONTROLLER.unet.aalborghus.dk"...domain server (192.168.0.252) [OK]
*Aug 27 10:56:40.443: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.63
Looks like only the DNS option is used. I don't see a DHCP Option 43 being offered in the logs. And yet, the AP instead sends the join request to 192.168.0.63. That must be configured in the AP's HA settings and can be changed with the CLI command RoadRunner4K provided or in the GUI > Wireless > Choose an AP > High Availability tab. Move the current controller to secondary, and enter the IP and hostname of the new controller in primary. No need to reboot; the AP will move to the new primary (9800) within a minute or so, then download new code and reboot (for a 2702, this may take a while, 20 minutes or more, especially if connecting to the WLC over a WAN link).
ā08-27-2024 04:54 AM
DHCP Option 43
ā08-27-2024 04:54 AM
If you just need to the old APs to move to new WLC then you can from gui of the old use this command
config ap primary-base NEW WLC NAME AP NAME NEW WLC MGMT IP
If things are ready on the new one, try with one AP ( test ap first)
ā08-27-2024 10:40 PM
You mean CLI not GUI @RoadRunner4k ?
ā08-27-2024 05:19 AM - edited ā08-27-2024 05:43 AM
- Standard methodology to let APs find a controller is to use DHCP (for ip address provisioning) together with DHCP option 43 to point to the intended controller to use (the controller ip address =Wireless Management Interface address= that is)
Appendix : - Have an overall checkup of the new Catalyst 9800-L controller's configuration with the CLI command
show tech wireless and feed the output from that into Wireless Config Analyzer
use the full command as denoted in green , do not use a simple show tech as input for this procedure
Consider this mandatory for optimal use for the new 9800-L controller ,
M.
ā08-27-2024 06:21 AM - edited ā08-27-2024 06:23 AM
Translating "CISCO-CAPWAP-CONTROLLER.unet.aalborghus.dk"...domain server (192.168.0.252) [OK]
*Aug 27 10:56:40.443: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.0.63
Looks like only the DNS option is used. I don't see a DHCP Option 43 being offered in the logs. And yet, the AP instead sends the join request to 192.168.0.63. That must be configured in the AP's HA settings and can be changed with the CLI command RoadRunner4K provided or in the GUI > Wireless > Choose an AP > High Availability tab. Move the current controller to secondary, and enter the IP and hostname of the new controller in primary. No need to reboot; the AP will move to the new primary (9800) within a minute or so, then download new code and reboot (for a 2702, this may take a while, 20 minutes or more, especially if connecting to the WLC over a WAN link).
ā08-30-2024 12:37 AM
Hi AP on the old controller are with name and ip configured in High Availability low, how to trigger the move. We try reboot AP. But not trigger High Availability low move... Please let me know how to continue
ā08-30-2024 03:45 AM - edited ā08-30-2024 09:43 AM
1. Have you landed any APs on the 9800 to confirm that it is working?
2. Have you checked the 9800 config using Config Analyzer (link below)?
3. Your old APs probably have expired certificates. Have you configured the 9800 as per Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration to ensure that it allows the APs with expired certificates?
4. Save the complete console log of the AP after you reboot to a text file (.txt) and attach here for us to review. Also check the 9800 log (show log) for anything it logs if/when the AP tries to join. Also check the 9800 join stats (show wireless stats ap join summary) and check the Last Disconnect Reason. Also show wireless stats ap history mac-address <ap-ethernet-MAC>
5. AP running 8.5.182.7 should be able to join the 17.9.5 WLC but the large difference in version could potentially be a problem because there have been some major changes in CAPWAP protocol security. Try manually installing the 8.10.196.0 or 17.9.5 software on the AP via TFTP.
https://software.cisco.com/download/home/286256843/type/280775090/release/15.3.3-JK11
https://software.cisco.com/download/home/286256843/type/280775090/release/15.3.3-JPN4
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide