cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
918
Views
1
Helpful
10
Replies

AP 1815 (capwap) not joining Master Mobility Express (1815)

nbenamara
Level 1
Level 1

Dears, 

I am facing an issue on Cisco 1815 series. I already configured 1 AP as master mobility express mode (IP  172.20.238.120). 

The show run config command is given below : 

(Cisco Controller) >show running-config

Notice: "show running-config" has been changed to be an alias to "show run-config".
Use "show run-config commands" to display the configuration commands.
Press Enter to continue or <Ctrl-Z> to abort...

System Inventory
NAME: "Mobility Express" , DESCR: "Cisco Aironet 1815 Series Mobility Express"
PID: AIR-AP1815I-E-K9, VID: V01, SN: FGL2547LCNJ

Burned-in MAC Address............................ 2C:1A:05:A4:C3:A0
Maximum number of APs supported.................. 50
Press Enter to continue or <ctrl-z> to abort


System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Build Info....................................... Engineering Special
Product Version.................................. 8.5.140.0

System Name...................................... Cisco_a4:c3:a0
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.2489
IP Address....................................... 172.20.238.120
Last Reset....................................... 0: unknown

 

I have a second AP same model 1815, configured in capwap mode but it stucks in CAPWAP State : discovery as show below (I already configured manually capwap ap primary-base <controllername> 172.20.238.120 : 

 

[*06/24/2024 18:06:34.0399] CAPWAP State: Discovery
[*06/24/2024 18:06:34.0499] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:34.0599] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:34.0599] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:06:43.7399]
[*06/24/2024 18:06:43.7399] CAPWAP State: Discovery
[*06/24/2024 18:06:43.7499] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:43.7599] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:43.7699] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:06:53.4299]
[*06/24/2024 18:06:53.4299] CAPWAP State: Discovery
[*06/24/2024 18:06:53.4399] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:53.4399] Discovery Request sent to 172.20.238.120, discovery type STATIC_CONFIG(1)
[*06/24/2024 18:06:53.4499] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*06/24/2024 18:07:02.8999] Failed to discover WLC for 35 times, reboot AP...
[*06/24/2024 18:07:02.9099] AP Rebooting: Reset Reason - Capwap Discovery Failed

 

Also I add the show version from CAPWAP AP

 

cisco AIR-AP1815I-E-K9 ARMv7 Processor rev 5 (v7l) with 1016204/742444K bytes of memory.
Processor board ID FGL2547LCRY
AP Running Image : 8.5.140.0
Primary Boot Image : 8.5.140.0
Backup Boot Image : 0.0.0.0
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : NOT MOBILITY EXPRESS CAPABLE
1 Gigabit Ethernet interfaces
2 802.11 Radios

10 Replies 10

marce1000
VIP
VIP

 

 

  - (Corrected reply) : - Check controller logs when the AP tries to join.
                                 + Can the AP ping the controller
                                 + Have a checkup of the mobility express controller based configuration using :
                                     WirelessAnalyzer input (procedure) for AireOs controllers
                                     and feed the output from that into Wireless Config Analyzer

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

- There are no logs found from WLC when the AP tries to join.  

- The AP is pinging the Controller and vice-versa

- The configuration report is given attached

 

     - The configuration report looks good ; however you should upgrade to the recommended release :
        https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0

                         -> There are no logs found from WLC when the AP tries to join. 
      - That is worry some ; do you have any firewalling solutions in place between the AP-subnet and the
         mobility express controller ?
         You may try full capwap access (emulate) trough a test with or instance a laptop on the same subnet
        as the CAPWAP access point and then use the command :
                             % nmap -sU  --reason  -p5246-5247 172.20.238.120

 M.
   



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hi @marce1000 

 

Thank you for your reply. 

 

There are no firewalling between AP and ME Controller. We are planning to deploy this solution a remote branch and we are simulating this on a switch C1000 (AP and ME AP plugged in same switch). 

 

Regarding NMAP, attached the result 

 

  - The nmap result is inconclusive ; could you also  issue the command :
     show auth-list on the mobility controller.

    For the rest and or the time being I can only suggest to have a try by letting the AP find the controller through DHCP
    with DHCP option 43 instead of static , although this should not be related at first glance , but that method is more standard, 

   If it keeps failing then I would suggest that using https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0 will become a requirement for next steps 

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Kindly, please find below the show auth-list command on ME Controller 


(Cisco Controller) >
(Cisco Controller) >show auth-list

Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ no
AP with Locally Significant Certificate........ no


(Cisco Controller) >

 

 

 - Could you try : config auth-list ap-policy  ssc  disable
    Then use the show auth-list command again and check if this line is now
    >....AP with Self-Signed Certificate................ yes

   (if it has not toggled then try the initial command again with enable)

                After all of this , have the capwap ap (try to) join again ,

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Unfortunately, did not resolve the issue 

 

(Cisco Controller) >show auth-list

Authorize MIC APs against Auth-list or AAA ...... disabled
Authorize LSC APs against Auth-List ............. disabled
APs Allowed to Join
AP with Manufacturing Installed Certificate.... yes
AP with Self-Signed Certificate................ yes
AP with Locally Significant Certificate........ no

 

 

  - Required upgrade to https://software.cisco.com/download/home/286306794/type/286289839/release/8.10.196.0
    and test again.
    + If not working then use https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html
       for further troubleshooting , use the debugging commands mentioned for the controller  and the CAPWAP-AP , and test further.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R
VIP
VIP
NTP NTP: Controller without time source,  please configure a valid NTP server No time source detected for this controller. It could be incomplete configuration, check that NTP servers are configured. Command: config time ntp server

Make sure the ME WLC has a valid time source.  It currently has the default NTP servers configured but evidently does not have internet access to reach them.  Either provide the access to those servers or configure a local NTP server to be used.  Certificates can only be verified with a valid time source.

8.5.140.0 is very old so like Marce said you should upgrade to 8.10.196.0

 

Review Cisco Networking for a $25 gift card