cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1401
Views
6
Helpful
10
Replies

AP 2702 cannot join WLC

Draganst
Level 1
Level 1

Hello everyone,

I have a problem with AIR-CAP2702I-E-K9 series of Cisco’s Access Points. 2 out of 15 APs won't associate with the WLC 8540 even though they have exactly the same configuration. I'm using only one IP address to test the APs. The two APs that cannot associate do not show any specific log error, the only thing I noticed is that I cannot ping these two APs even when I connect them directly to the PC, but I can ping the others. I formatted the flash of all APs and installed the identical version of IOS. The Accept Manufactured Installed Certificate (MIC) option is enabled on the WLC and the MAC addresses of all APs has already added to the WLC.

I have already read similar problems with Cisco APs.

10 Replies 10

marce1000
VIP
VIP

 

                                                   >...that I cannot ping these two APs 
 - If you can not ping the APs and you must make sure that they can go through the basic boot process and find an ip address (usually you will be using DHCP for that).  -> Check the boot process of the involved access points , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo
Hall of Fame
Hall of Fame

@Draganst wrote:
The Accept Manufactured Installed Certificate (MIC) option is enabled on the WLC and the MAC addresses of all APs has already added to the WLC.

What about the date of the WLC?  Did anyone roll back the year to 2022?

Rich R
VIP
VIP

Collect the complete console logs from those 2 APs from power-on and attach here as .txt files.
However if you can't ping the AP that suggests a basic layer 2/layer 3 issue so you might have 2 faulty APs.
If they're faulty the logs should make that clear - they either won't boot or they will report problems after booting.
You'd also be wise to read through the field notices below and make sure you're using an up to date code version as per TAC recommended link below.

@Leo Laohoo  The date was January 2023. and I set the time correctly but without success.

I've attached 2 files with logs from APs, and when I compare those 2 files, the logs are almost identical. However, when I compare them with logs from the AP that joined the WLC, I've got an additional log :

*Jan 7, 14:52:49.115: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS

 After that, another DTLS communication take place.


@Draganst wrote:
The date was January 2023. and I set the time correctly but without success.

Read what I said.  I did not say (or imply) setting the time and date correctly.  I said "roll back the year to 2022".

Sorry. Yes, 6 months ago we rolled back the date of the WLC to 2022 because of expired certificates on the APs. More about that:

https://www.cisco.com/c/en/us/support/docs/wireless/aironet-700-series-access-points/218447-ios-ap-image-download-fails-due-to-expir.html

We no longer do that. Now I flash the AP with the proper image, so the AP doesn't have to download an image from the WLC.

 


@Draganst wrote:

 

Sorry. Yes, 6 months ago we rolled back the date of the WLC to 2022 because of expired certificates on the APs.

I am not here discussing about what happened 6 months ago.  I am talking about now. 

Let me ask again (for brevity sake):  Did anyone make any attempts to roll back the date to 2022 or not?  

As far as I know, nobody made any attempts to roll back the date to 2022.

Rich R
VIP
VIP

GigabitEthernet0 comes up and then it seems to do nothing. 
Are you using static IP config on the AP or DHCP?
What WLC discovery method are you using?
CAPWAP DTLS state machine will only start after the AP establishes IP connectivity and discovers a controller to join.

Draganst
Level 1
Level 1

I configured a static IP of the AP and also of the WLC. The configuration exaple is below:

capwap ap ip address x.x.x.x mask x.x.x.x
capwap ap ip default-gateway x.x.x.x
capwap ap controller ip address x.x.x.x

Review Cisco Networking for a $25 gift card