Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
4
Replies

AP 9115 access

heyjunsun
Level 1
Level 1

‎02-15-2024 08:54 PM

Hello AP9115 I have a question while setting up.
 
SSID configuration completed and checked ping to AP-> Radius server
 
However, the connection does not persist in the AP and clicking SSID does not connect or disconnects after attempting.
 
The log that comes out through "sh log" is
 

*Mar 25 03:27:03.792 KST: %DOT1X-5-FAIL: Chassis 1 R0/0: wncd: Authentication failed for client (02c7.0719.bd20) with reason (Timeout) on Interface capwap_90000003 AuditSessionID E86013AC0000002414D993C7 Username: 191539                

 *Mar 25 03:28:28.789 KST: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (191539) joined with ssid (DBLIFE_19096_232) for device with MAC: 02c7.0719.bd20                                               

 *Mar 25 03:28:32.981 KST: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (191539) joined with ssid (DBLIFE_19096_232) for device with MAC: 02c7.0719.bd20                                               

 *Mar 25 03:29:19.486 KST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: dbliug] [Source: 172.19.96.11] [localport: 23] at 03:29:19 KST Sat Mar 25 2023  

I set it up by referring to the two websites below. SSID/ping test was successful normally, but why can't I access it?....
 

https://www.youtube.com/watch?v=kW9nJ3MEZX0 

https://lihaifeng.net/?p=699 

 

 
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎02-15-2024 11:19 PM

 

  - Have a checkup of the 9800 controller configuration with the CLI command show tech wireless and feed the output into :
                                                                                                                    Wireless Config Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

heyjunsun
Level 1
Level 1
In response to marce1000

‎02-16-2024 12:25 AM

hello marce 

When I analyzed it, I found four red error messages.
 
1. 
Version: IOS-XE Controller with deferred or security impacted (PSIRT) code:16.12.4a, it is strongly advised to migrated to recommended code
 
2.
WCAE: Parsing: missing configuration file section(s), checks may not be executed properly:VLAN Config,Interface Config,RF Profile Conversion,Policy Profiles
Action: One or more configuration sections were not found, this is indication of corrupted file, or very old software version. If the file is believed to be correct, please contact wcae@cisco.com, otherwise try to capture it again: https://developer.cisco.com/docs/wireless-troubleshooting-tools/#!how-to-colletct-sh-run-config
 
3.
RRM: RF tag points to non-existing RF profile name. This may cause severe controller issues. Tag(s) name: Typical_Client_Density_rf_24gh
Action: Check the show wireless tag rf all, and confirm all RF profiles entries are present in show ap rf-profile summary. Fix any missing entry
 
4.
Authentication: Profile(s) with AAA Policy pointing to non-existing value. Profile: DBLIFE_TEST_WLANID_1,Profile: default-policy-profile
Action: Check the configuration item, and change/replace it with an existing value
 
What I suspect is the 4th, and you want me to change my profile ID to default-policy-profile instead of DBLIFE_TEST?
0 Helpful

marce1000
VIP
VIP
In response to heyjunsun

‎02-16-2024 01:19 AM

 

           >....Version: IOS-XE Controller with deferred or security impacted (PSIRT) code:16.12.4a,
                        - This is very old software indeed ; upgrade to 17.9.4a

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Rich R
VIP
VIP

‎02-16-2024 07:23 AM - edited ‎02-16-2024 08:08 AM

https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/products-configuration-examples-list.html

Also check Best Practice guide (link below).

I guess you're using EWC on 9115 AP, in which case only flexconnect local switching is supported so take that into account when following any guides.  And EWC does not support VLANs (because no central switching possible) so that part of the config check can be ignored.  VLANs for the local switching WLANs must be defined in flex profiles for the AP.

As @marce1000 says you must upgrade to a currently supported IOS as per the TAC recommended link below (because there are so many bugs and incomplete features in that old version), and fix all the errors highlighted by config analyzer.
you want me to change my profile ID to default-policy-profile instead of DBLIFE_TEST?
You can only reference policies which exist so whatever policy you use in your config must exactly match (case sensitive) the policy you have already defined in the config.

Also check out these links which will help to understand all you need to configure:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/17-12/config-guide/ewc_cg_17_12/overview_of_the_controller.html
https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/white-paper-c11-743398.html
https://www.youtube.com/watch?v=oS68E25wc4A
https://www.wiresandwi.fi/blog/cisco-wlc-9800-base-initial-configuration-cli

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card