Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
6
Helpful
10
Replies

AP 2702 cannot join WLC

Draganst
Level 1
Level 1

‎07-17-2023 06:30 AM

Hello everyone,

I have a problem with AIR-CAP2702I-E-K9 series of Cisco’s Access Points. 2 out of 15 APs won't associate with the WLC 8540 even though they have exactly the same configuration. I'm using only one IP address to test the APs. The two APs that cannot associate do not show any specific log error, the only thing I noticed is that I cannot ping these two APs even when I connect them directly to the PC, but I can ping the others. I formatted the flash of all APs and installed the identical version of IOS. The Accept Manufactured Installed Certificate (MIC) option is enabled on the WLC and the MAC addresses of all APs has already added to the WLC.

I have already read similar problems with Cisco APs.

Labels:
0 Helpful
10 Replies 10

marce1000
VIP
VIP

‎07-17-2023 09:48 AM

 

                                                   >...that I cannot ping these two APs 
 - If you can not ping the APs and you must make sure that they can go through the basic boot process and find an ip address (usually you will be using DHCP for that).  -> Check the boot process of the involved access points , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo
Hall of Fame
Hall of Fame

‎07-18-2023 09:35 PM

@Draganst wrote:
The Accept Manufactured Installed Certificate (MIC) option is enabled on the WLC and the MAC addresses of all APs has already added to the WLC.

What about the date of the WLC?  Did anyone roll back the year to 2022?

Rich R
VIP
VIP

‎07-29-2023 04:09 AM

Collect the complete console logs from those 2 APs from power-on and attach here as .txt files.
However if you can't ping the AP that suggests a basic layer 2/layer 3 issue so you might have 2 faulty APs.
If they're faulty the logs should make that clear - they either won't boot or they will report problems after booting.
You'd also be wise to read through the field notices below and make sure you're using an up to date code version as per TAC recommended link below.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Draganst
Level 1
Level 1
In response to Rich R

‎07-31-2023 05:14 AM

@Leo Laohoo  The date was January 2023. and I set the time correctly but without success.

I've attached 2 files with logs from APs, and when I compare those 2 files, the logs are almost identical. However, when I compare them with logs from the AP that joined the WLC, I've got an additional log :

*Jan 7, 14:52:49.115: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS

 After that, another DTLS communication take place.

Preview file
14 KB
Preview file
12 KB
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Draganst

‎07-31-2023 04:29 PM

@Draganst wrote:
The date was January 2023. and I set the time correctly but without success.

Read what I said.  I did not say (or imply) setting the time and date correctly.  I said "roll back the year to 2022".

Draganst
Level 1
Level 1
In response to Leo Laohoo

‎08-01-2023 12:49 AM

Sorry. Yes, 6 months ago we rolled back the date of the WLC to 2022 because of expired certificates on the APs. More about that:

https://www.cisco.com/c/en/us/support/docs/wireless/aironet-700-series-access-points/218447-ios-ap-image-download-fails-due-to-expir.html

We no longer do that. Now I flash the AP with the proper image, so the AP doesn't have to download an image from the WLC.

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Draganst

‎08-01-2023 04:10 AM

@Draganst wrote:

 

Sorry. Yes, 6 months ago we rolled back the date of the WLC to 2022 because of expired certificates on the APs.

I am not here discussing about what happened 6 months ago.  I am talking about now. 

Let me ask again (for brevity sake):  Did anyone make any attempts to roll back the date to 2022 or not?  

Draganst
Level 1
Level 1
In response to Leo Laohoo

‎08-01-2023 04:24 AM

As far as I know, nobody made any attempts to roll back the date to 2022.

0 Helpful

Rich R
VIP
VIP

‎07-31-2023 07:03 AM

GigabitEthernet0 comes up and then it seems to do nothing. 
Are you using static IP config on the AP or DHCP?
What WLC discovery method are you using?
CAPWAP DTLS state machine will only start after the AP establishes IP connectivity and discovers a controller to join.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Draganst
Level 1
Level 1

‎07-31-2023 07:15 AM

I configured a static IP of the AP and also of the WLC. The configuration exaple is below:

capwap ap ip address x.x.x.x mask x.x.x.x
capwap ap ip default-gateway x.x.x.x
capwap ap controller ip address x.x.x.x

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card