07-29-2024 08:05 AM
Dears,
I am facing an issue on Cisco 1815 series. I already configured 1 AP as master mobility express mode (IP 172.20.238.120).
The show run config command is given below :
(Cisco Controller) >show running-config
Notice: "show running-config" has been changed to be an alias to "show run-config".
Use "show run-config commands" to display the configuration commands.
Press Enter to continue or <Ctrl-Z> to abort...
System Inventory
NAME: "Mobility Express" , DESCR: "Cisco Aironet 1815 Series Mobility Express"
PID: AIR-AP1815I-E-K9, VID: V01, SN: FGL2547LCNJ
Burned-in MAC Address............................ 2C:1A:05:A4:C3:A0
Maximum number of APs supported.................. 50
Press Enter to continue or <ctrl-z> to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Build Info....................................... Engineering Special
Product Version.................................. 8.5.140.0
System Name...................................... Cisco_a4:c3:a0
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.2489
IP Address....................................... 172.20.238.120
Last Reset....................................... 0: unknown
I have a second AP same model 1815, configured in capwap mode but it stucks in CAPWAP State : discovery as show below (I already configured manually capwap ap primary-base <controllername> 172.20.238.120 :
[*06/24/2024 18:06:34.0399] CAPWAP State: Discovery
[*06/24/2024 18:06:34.0499] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:34.0599] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:34.0599] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:06:43.7399]
[*06/24/2024 18:06:43.7399] CAPWAP State: Discovery
[*06/24/2024 18:06:43.7499] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:43.7599] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:43.7699] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:06:53.4299]
[*06/24/2024 18:06:53.4299] CAPWAP State: Discovery
[*06/24/2024 18:06:53.4399] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:53.4399] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:53.4499] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:07:02.8999] Failed to discover WLC for 35 times, reboot AP...
[*06/24/2024 18:07:02.9099] AP Rebooting: Reset Reason - Capwap Discovery Failed
Also I add the show version from CAPWAP AP
cisco AIR-AP1815I-E-K9 ARMv7 Processor rev 5 (v7l) with 1016204/742444K bytes of memory.
Processor board ID FGL2547LCRY
AP Running Image : 8.5.140.0
Primary Boot Image : 8.5.140.0
Backup Boot Image : 0.0.0.0
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : NOT MOBILITY EXPRESS CAPABLE
1 Gigabit Ethernet interfaces
2 802.11 Radios
07-29-2024 08:20 AM - edited 07-29-2024 09:47 AM
- (Corrected reply) : - Check controller logs when the AP tries to join.
+ Can the AP ping the controller
+ Have a checkup of the mobility express controller based configuration using :
WirelessAnalyzer input (procedure) for AireOs controllers
and feed the output from that into Wireless Config Analyzer
M.
07-30-2024 03:42 AM
- There are no logs found from WLC when the AP tries to join.
- The AP is pinging the Controller and vice-versa
- The configuration report is given attached
07-30-2024 04:57 AM
- The configuration report looks good ; however you should upgrade to the recommended release :
https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0
-> There are no logs found from WLC when the AP tries to join.
- That is worry some ; do you have any firewalling solutions in place between the AP-subnet and the
mobility express controller ?
You may try full capwap access (emulate) trough a test with or instance a laptop on the same subnet
as the CAPWAP access point and then use the command :
% nmap -sU --reason -p5246-5247 172.20.238.120
M.
07-30-2024 05:45 AM
Hi @marce1000
Thank you for your reply.
There are no firewalling between AP and ME Controller. We are planning to deploy this solution a remote branch and we are simulating this on a switch C1000 (AP and ME AP plugged in same switch).
Regarding NMAP, attached the result
07-30-2024 06:04 AM
- The nmap result is inconclusive ; could you also issue the command :
show auth-list on the mobility controller.
For the rest and or the time being I can only suggest to have a try by letting the AP find the controller through DHCP
with DHCP option 43 instead of static , although this should not be related at first glance , but that method is more standard,
If it keeps failing then I would suggest that using https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0 will become a requirement for next steps
M.
07-30-2024 08:14 AM
Kindly, please find below the show auth-list command on ME Controller
(Cisco Controller) >
(Cisco Controller) >show auth-list
Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ no
AP with Locally Significant Certificate........ no
(Cisco Controller) >
07-30-2024 08:30 AM
- Could you try : config auth-list ap-policy ssc disable
Then use the show auth-list command again and check if this line is now
>....AP with Self-Signed Certificate................ yes
(if it has not toggled then try the initial command again with enable)
After all of this , have the capwap ap (try to) join again ,
M.
07-31-2024 01:21 AM
Unfortunately, did not resolve the issue
(Cisco Controller) >show auth-list
Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ yes
AP with Locally Significant Certificate........ no
07-31-2024 01:32 AM
- Required upgrade to https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0
and test again.
+ If not working then use https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html
for further troubleshooting , use the debugging commands mentioned for the controller and the CAPWAP-AP , and test further.
M.
08-19-2024 11:22 PM - edited 08-19-2024 11:23 PM
NTP | NTP: Controller without time source, please configure a valid NTP server | No time source detected for this controller. It could be incomplete configuration, check that NTP servers are configured. Command: config time ntp server |
Make sure the ME WLC has a valid time source. It currently has the default NTP servers configured but evidently does not have internet access to reach them. Either provide the access to those servers or configure a local NTP server to be used. Certificates can only be verified with a valid time source.
8.5.140.0 is very old so like Marce said you should upgrade to 8.10.196.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide