Solved: AP 1572 does not joint to WLC

asmlicense · ‎03-23-2017

Hello I have Cisco 1572 Ap trying to join to controller but fails. I need urgently to fix this problem. Here are some informations:

AIR-AP1572EAC-B-K9
LWAPP image version 8.2.110.0
Cisco WLC version: 8.0.133.0

Wireless>Mesh>Outdoor Ext. UNII B Domain Channels is enabled

AP's mac adress is added to AP Policies with MIC option.

Logs from AP:

*Mar 23 17:19:00.631: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.100.2:5246
*Mar 23 17:19:01.631: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Mar 23 17:19:01.631: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Mar 23 17:19:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:19:02.523: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:19:02.523: %CAPWAP-5-SENDJOIN: sending Join Request to 10.100.100.2
*Mar 23 17:19:07.523: %CAPWAP-5-SENDJOIN: sending Join Request to 10.100.100.2
*Mar 23 17:19:07.527: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.100.2:5246
*Mar 23 17:19:07.527: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Mar 23 17:19:08.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:19:17.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Mar 23 17:19:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:19:17.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x54FA2D8 is already there for this server port 5246, Deleting it. Number of connections: 1

*Mar 23 17:19:17.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.100.2:5246
*Mar 23 17:19:46.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x54FA2D8!

*Mar 23 17:20:07.403: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.100.2:5246
*Mar 23 17:20:21.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Mar 23 17:20:22.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:20:22.523: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:20:22.523: %CAPWAP-5-SENDJOIN: sending Join Request to 10.100.100.2
*Mar 23 17:20:27.523: %CAPWAP-5-SENDJOIN: sending Join Request to 10.100.100.2
*Mar 23 17:20:27.527: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.100.2:5246
*Mar 23 17:20:27.527: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Mar 23 17:20:28.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.100.2 peer_port: 5246
*Mar 23 17:20:37.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

Philip D'Ath · ‎03-23-2017

8.0.133.0 is pretty ancient. I doubt it supports a 1572. Try upgrading your WLC.

View solution in original post

Sandeep Choudhary · ‎03-24-2017

I would re command to go with 8.0.140.0.

As per Cisco its the stable version:

https://software.cisco.com/download/release.html?mdfid=282600534&flowid=7012&softwareid=280926587&release=7.4.150.0&relind=AVAILABLE&rellifecycle=MD&reltype=latest

Regards

Dont forget to rate helpful posts

View solution in original post

Philip D'Ath · ‎03-23-2017

8.0.133.0 is pretty ancient. I doubt it supports a 1572. Try upgrading your WLC.

asmlicense · ‎03-24-2017

I guess you are right. Anyhow in compatibility matrix, 8.0.132.0 has 1570 series, but 8.0.133.0 does not?

Sandeep Choudhary · ‎03-24-2017

I would re command to go with 8.0.140.0.

As per Cisco its the stable version:

https://software.cisco.com/download/release.html?mdfid=282600534&flowid=7012&softwareid=280926587&release=7.4.150.0&relind=AVAILABLE&rellifecycle=MD&reltype=latest

Regards

Dont forget to rate helpful posts

asmlicense · ‎03-24-2017

Thank you, I will contact to cisco for recommended upgrade steps.

Philip D'Ath · ‎03-25-2017

Even that is pretty old now. I would at least jump to 8.2.151.0.

asmlicense · ‎03-25-2017

Is it possible to jump directly?

Philip D'Ath · ‎03-25-2017

Yes.

Sandeep Choudhary · ‎03-25-2017

yes. You can.

here is the upgrade path:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn82mr5.html

Regards

Dont forget to Rate helpful posts

Sandeep Choudhary · ‎03-23-2017

hi,

You need to upgrade the WLC software to 8.0.135.0 or higher .

Check the compatibility matrix:

http://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

Regards

Dont forget to rate helpful posts