12-09-2020 07:53 AM - edited 07-05-2021 12:53 PM
Hello Everyone,
I'm wondering if you experience the same behavior I am getting from my outdoor AIR-LAP1522A.
The access point is powered normal and the switch can detect it from the sh CDP neighbor.
in addition, AP is able to reply on ping. but it doesn't want to report any of the 2 controllers.
The AP at the moment in a far location, so I am trying to do any action in order to avoid release it from the current location.
Thank you
Solved! Go to Solution.
12-19-2020 02:19 AM
The issue that I have expired certificates and the link I share contains information to resolve this kind of certificate issue.
for my case adjust the date to an older date let the AP join and after I put back the current date.
That was as simple as I describe.
Thanks for rrudling and Scott Fella your advice were helping me.
12-09-2020 08:12 AM
12-09-2020 08:48 AM - edited 12-09-2020 08:59 AM
Thanks, Scott for your attention...
Well this AP was working for years or since the installation and I haven't had any issue with it and suddenly stopped and it was not shown in the switch & controller. the solution to reset the power and then it shows up again but can't reach the controller.
The AP has its original power cord and it works normally.
I am not sure which method the AP is discovering the AP. I can see in other model's profiles Cisco Discovery Protocol.
I can not see there is MAC filter used.
12-09-2020 09:15 AM - edited 12-09-2020 09:15 AM
Well if this has been working for years, You would need to physically check the ap. By checking, I mean make sure that no water has gotten into the unit/antenna and the cable has no sign of corrosion. Power cycling doesn't prove much unless the ap was in a hung state and the reboot helped. I would also verify that nothing has changed, the switchport is correct and that nothing is wrong with the controller. Like you have other ap's joined and no other signs of issues. You could always run a debug and see if the controller can provide information on the join or maybe not.
Want want to prepare to RMA the ap just in case.
12-10-2020 01:28 AM
I am planning to dismount it as I need to physically check it.
However, the AP showed in the switch normal check the attached...
I confirm that switch doesn't have any changes at all, I even tried to replace the port but it doesn't help.
I am quite sure that the issue in the AP itself and might be hardware.
But my question if it is a hardware issue the AP could be detected on the switch as attached?
Thank you
12-10-2020 08:57 AM
12-10-2020 09:10 AM
I had the feeling that the AP had an issue with Hardware and still showing up in the cdp and even still pingable without any issue.
the switch port had no changes since the edges and this is the best configuration.
Anyway, I plan to dismount it and I will let you know the outcome.
Thank you
12-10-2020 09:52 AM
If you still have support, then RMA the device so you have another ap that you can test with. You can always send the replacement back if you get your ap working again. Just plan our your testing so when you get there, you have a checklist that you can work off of. Makes it easy and you don't forget something you wanted to do.
12-10-2020 10:20 AM
2 things:
1. AP has reverted to factory default name using MAC address - did it have a proper name before? If so that confirms the AP has lost it's config = flash/nvram corruption - might be recoverable from console, might not. Might need software recovery from ROMMON.
2. sh cdp neigh detail will show you what software version the AP is running - if you see it's on a recovery image then you know the main image has been corrupted for example.
Regarding the discovery mechanism - see https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html section 2 of Overview of the Wireless LAN Controller (WLC) Discovery and Join Process which lists the discovery mechanisms. Now if you were relying on (e) static configuration and your AP has lost config then that will be why it can't join anymore. In that case your remote fix is easy - just configure one of the discovery options like DNS or DHCP option 43 or subnet broadcast (with helper address if WLC is not local). You need to know the answer to this before trying to fix it anyway so make sure you find out.
12-14-2020 04:34 AM
Hello Guys, I did not disappear
It took some time to get some data and check the console output (on the field)
Well, I have 3 AP's 1522, One had an issue to communicate it receive power but not showing on the switch.
The other two AP's showing on the switch and takes an IP from the DHCP but can't join the WLC.
The reason I discovered, that some certificates have been expired.
Now, I am looking for the workaround in this link, please advise if you see I could do things differently
https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
This is the output of the console.
*Dec 13 17:16:39.091: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Dec 13 17:16:50.091: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 13 16:59:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.x.x peer_port: 5246
*Dec 13 16:59:41.439: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 10.1.x.x
*Dec 13 16:59:41.439: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Dec 13 16:59:41.439: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.x.x:5246
*Dec 13 16:59:41.439: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Dec 13 17:00:45.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 13 16:59:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.x.x peer_port: 5246
*Dec 13 16:59:41.439: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 10.1..x.x
*Dec 13 16:59:41.439: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Dec 13 16:59:41.439: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1..x.x:5246
*Dec 13 16:59:41.439: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Dec 13 17:00:35.911: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
*Dec 13 17:00:35.911: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
*Dec 13 17:00:35.911: %MESH-6-LINK_UPDOWN: Mesh station 68bd.ab6a.6bfc link Down
*Dec 13 17:00:45.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 13 16:59:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1..x.x peer_port: 5246
*Dec 13 17:00:10.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
*Dec 13 17:00:22.915: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.x.x:5246
*Dec 13 17:00:23.915: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Dec 13 17:00:23.915: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 13 17:20:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.x.x peer_port: 5246
*Dec 13 17:20:50.439: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 10.1.x.x
*Dec 13 17:20:50.439: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Dec 13 17:20:50.439: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.x.x:5246
*Dec 13 17:20:50.439: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Dec 13 17:21:53.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 13 17:20:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.x.x peer_port: 5246
*Dec 13 17:20:49.443: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 10.1.x.x
*Dec 13 17:20:49.443: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Dec 13 17:20:49.443: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.x.x:5246
*Dec 13 17:20:49.443: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
% CDP is not supported on this interface, or for this encapsulation
Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)
*Dec 13 17:21:54.043: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Dec 13 17:22:03.091: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER
12-18-2020 11:07 PM
Replace the APs with newer ones and that will resolve your issue as well.
what controller model are you running and what version?
12-19-2020 02:21 AM
Sure, replacing a newer one is the best, but access point 1522AG cost 4500euros usually there is no spare for such AP model like that.
12-19-2020 02:19 AM
The issue that I have expired certificates and the link I share contains information to resolve this kind of certificate issue.
for my case adjust the date to an older date let the AP join and after I put back the current date.
That was as simple as I describe.
Thanks for rrudling and Scott Fella your advice were helping me.
12-19-2020 07:59 AM
I believe if the AP reboots you will have the same issue again as the way I understood it is that you have to keep the controller on an older date until the AP is replaced or if you can perform a code upgrade.
12-19-2020 08:33 AM
Honestly, I didn't try because the operation doesn't allow me to have more time for testing.
as far as I read I have to do a software upgrade and this model is already EOL.
However, I am planning to buy a new Outdoor APs so as long as it works now. I am fine till the new AP arrives.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: