02-12-2020 01:34 AM - edited 07-05-2021 11:41 AM
Hello Cisco Community,
I have an issue with one AP which refuses to connect to the WLC. WLC logs show this:
[...It occurred 2 times/sec!.] *spamApTask5: Feb 12 10:24:03.869: #CNFGR-5-LIC_REQUEST_FAILURE: cnfgr.c:1442 License request for feature data_encryption failed, return code is 18 *dot1xMsgTask: Feb 12 10:23:56.805: #DOT1X-4-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:456 Max EAPOL-key M5 retransmissions exceeded for client 34:51:c9:43:58:60 *spamApTask7: Feb 12 10:23:24.532: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.0.127
WLC sh sysinfo:
Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 7.4.100.0 Bootloader Version............................... 1.0.16 Field Recovery Image Version..................... 1.0.0 Firmware Version................................. PIC 16.0 Build Type....................................... DATA + WPS System Name...................................... Cisco System Location.................................. System Contact................................... System ObjectID.................................. 1.3.6.1.4.1.9.1.1279 IP Address....................................... 192.168.0.16 Last Reset....................................... Power on reset System Up Time................................... 26 days 21 hrs 5 mins 20 secs System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna System Stats Realtime Interval................... 5 System Stats Normal Interval..................... 180
WLC license
License Store: Primary License Storage StoreIndex: 0 Feature: base Version: 1.0 License Type: Permanent License State: Active, Not in Use License Count: Non-Counted License Priority: Medium License Store: Primary License Storage StoreIndex: 1 Feature: base-ap-count Version: 1.0 License Type: Permanent License State: Active, In Use License Count: 15 /15 (Active/In-use) License Priority: Medium License Store: Evaluation License Storage StoreIndex: 0 Feature: base-ap-count Version: 1.0 License Type: Evaluation License State: Inactive Evaluation total period: 12 weeks 6 days Evaluation period left: 12 weeks 6 days License Count: 75 / 0 (Active/In-use) License Priority: None
I don't know why it shows 15/15 when there are only 6 APs connected. Checking under GUI
Counted Feature AP Count Max Count 15 Current Count 6 Remaining Count 9
AP Log:
[*01/16/2020 13:18:38.0022] dtls_disconnect: ERROR shutting down dtls connection ... [*01/16/2020 13:18:38.0022] [*01/16/2020 13:18:38.0022] [*01/16/2020 13:18:38.0022] CAPWAP State: DTLS Teardown [*01/16/2020 13:18:42.7607] ApMgr list is empty.. setting TRIED_BOTH_ADDRESS [*01/16/2020 13:18:42.7607] No valid AP manager found for controller 'Cisco' (ip: 192.168.0.16) [*01/16/2020 13:18:42.7607] Failed to join controller Cisco. [*01/16/2020 13:18:42.7607] Failed to join controller. [*01/16/2020 13:18:42.8707] [*01/16/2020 13:18:42.8707] CAPWAP State: Discovery [*01/16/2020 13:18:42.8707] IP DNS query for CISCO-CAPWAP-CONTROLLER. [*01/16/2020 13:18:42.8807] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*01/16/2020 13:18:42.8807] Discovery Response from 192.168.0.16 Username: [*01/16/2020 13:18:52.0000] can't find the Ip from discoveryRequest array [*01/16/2020 13:18:52.0000] [*01/16/2020 13:18:52.0000] [*01/16/2020 13:18:52.0000] CAPWAP State: DTLS Setup [*01/16/2020 13:18:52.1199] dtls_process_packet: DTLS Error: 1046 [*01/16/2020 13:18:52.1199] dtls_process_packet: The controller shut down the DTLS connection. [*01/16/2020 13:18:52.1199] dtls_process_packet: Please verify that the AP certificate is valid and has not expired.
I don't have access to the AP console at the moment, cna you please help me?
Thank you!
02-12-2020 01:44 AM
Whihc AP model(2800 or 3800 or...)you are trying to Join ?
02-12-2020 02:30 AM
It is an AIR-AP1852E-E-K9
02-12-2020 02:45 AM
As you are running 7.4.100.0 version on WLC Which is not compatible with 1852AP.
1852 AP need minimum 8.1.111.0 version or higher on WLC to join .
So please upgrade the WLC and then try again to register AP.
Check the compatibility matrix: https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
Regards
Dont forget to rate helpful posts
02-12-2020 05:21 AM
Oh, thank you for te information. Will upgrading the WLC do something to existing AP connections?
Thanks again
02-12-2020 06:16 AM
Yes it will disconnect all AP because you nee dto reload the WLC aftre new software upgrade.
If you have AP SSO filover then you can reduce the downtime else plan a downtime of 20-30 minutes.
Upgrade from 7.4 to 8.0.152.0 and then to 8.3.143.0
Regards
Dont forget to rate helpful posts
02-12-2020 06:27 AM
Depending on your WLC you probably also need to upgrade the FUS. Check that also in the release notes. If you need to, add another 60 minutes to the upgrade time.
02-18-2021 06:39 AM
02-18-2021 11:29 AM
Thank you. This has been solved with a RMA after a failed upgrade.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide