cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
31623
Views
0
Helpful
31
Replies

AP do not join WLC

stefan.wagner
Level 1
Level 1

Hi , i have the problem that one AP in one location doesnt join the WLC.

i checked DHCP scope options , time on WLC and AP etc.

I also check all this issues:

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml

I only see an DTLS error

debug AP

*Oct 24 08:23:02.307: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Oct 24 08:23:02.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Oct 24 08:23:10.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X:X peer_port: 5246

*Oct 24 08:23:10.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

*Oct 24 08:23:40.198: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!

*Oct 24 08:23:40.198: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.X.X:X is reached.

*Oct 24 08:24:10.051: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.X.X.X:5246

debug:

*spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 DTLS connection closed event receivedserver (10.X:X:X/5246) client (10.X:X:X/4270)
*spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 No entry exists for AP (10.X:X:X/4270)
*spamReceiveTask: Oct 24 08:54:53.308: 0c:85:25:30:14:20 No AP entry exist in temporary database for 10.X:X:X:4270
*spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Discovery Request from 10.X:X:X:4271

*spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 25, joined Aps =1
*spamReceiveTask: Oct 24 08:54:53.443: 0c:85:25:30:14:20 Discovery Response sent to 10.X:X:X:4271

*spamReceiveTask: Oct 24 08:55:03.378: 0c:85:25:30:14:20 DTLS connection not found, creating new connection for 10.X:X:X (4271) 10.X:X:X (5246)

*spamReceiveTask: Oct 24 08:55:03.378: sshpmGetCID: called to evaluate <cscoDefaultIdCert>

I wanne find out if, for this location it is an provider problem (WAN)

Have someone else such a problem ?

best regards

1 Accepted Solution

Accepted Solutions

on this controller yes .... but this is only for test :-(

on the other  WLC ´s no .... what i don`t understand is that other AP`s in UK work without problems .

Understood.

What kind of controller is this?  2K, 4400, 5500?

If it still doesn't work, can I ask if you console into the WAP and see if it could ping the WLC Management IP Address.  If it can, enter this command in enable mode:  capwap ap controller ip address

View solution in original post

31 Replies 31

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

does the ap hits wlc. check ap join status on wlc from monitor tab.

i see one ap already joined, are ap model in question similar to the one joined. old ap require ssc.

make sure there is no ip conflict for the ap.

whats the rtt btw joined and fail to join ap.

also, get debug dtls.

Hi ,

thank for the hint with the dtls debug :

Yes die AP hits / reach the WLC ... but is not registered , on the monitor tab i don`t see the ap

....

here the debug dtls output

*Oct 24 11:56:23.316: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Oct 24 11:56:23.332: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 24 11:56:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.240.4.13 peer_port: 5246
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_inc_ref_count: Secret reference count= 2
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_delete: Secret not deleted, reference count = 1
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
*Oct 24 11:56:33.000: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
*Oct 24 11:56:33.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

0604D750:                   16FEFF00 00000000          .~......
0604D760: 00000000 2F030000 23000000 00000000  ..../...#.......
0604D770: 23FEFF20 0A7F4C05 10AF1234 56789ABC  #~. ..L../.4Vx.<
0604D780: E6C139BE BE0D59E2 DF38DD51 C8E6DA3F  fA9>>.Yb_8]QHfZ?
0604D790: 054BB537                             .K57           
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

0604D750:                   16FEFF00 00000000          .~......
0604D760: 00000000 2F030000 23000000 00000000  ..../...#.......
0604D770: 23FEFF20 0A7F4C05 10AF1234 56789ABC  #~. ..L../.4Vx.<
0604D780: E6C139BE BE0D59E2 DF38DD51 C8E6DA3F  fA9>>.Yb_8]QHfZ?
0604D790: 054BB537                             .K57           
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT: dtls_process_HelloVerifyRequest: Processing...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_send_ClientHello: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_flush_handshake_msgs: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_send_handshake_msg: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_record_send: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_connection_send: Called...
*Oct 24 11:56:33.113: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

060EB780:          16FEFF00 00000000 00000100      .~..........
060EB790: 52020000 46000100 00000000 46FEFF50  R...F.......F~.P
060EB7A0: 87D77BCC F1090621 243A0FDB CCB4C173  .W{Lq..!$:.[L4As
060EB7B0: B1505CC3 F3C14DB2 1AA98521 15F91120  1P\CsAM2.).!.y.
060EB7C0: C66941CD DF08E289 ED5B4402 82C05C06  FiAM_.b.m[D..@\.
060EB7D0: EF14C27E 0D1DE4C5 B0F07EE1 B1A80405  o.B~..dE0p~a1(..
060EB7E0: 002F00                               ./.            
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT: dtls_process_ServerHello: Processing...
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT: dtls_connection_set_cipher: Setting cipher to TLS_RSA_WITH_AES_128_CBC_SHA
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT_DETAIL: dtls_secret_pki_init: Called...
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Attempting to extract next record....
*Oct 24 11:56:33.154: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

060EB7E0:       16 FEFF0000 00000000 000201B4     .~..........4
060EB7F0: 0B00047B 00020000 000001A8 00047800  ...{.......(..x.
060EB800: 04753082 04713082 0359A003 02010202  .u0..q0..Y .....
060EB810: 0A7C541A E7000000 06190930 0D06092A  .|T.g......0...*
060EB820: 864886F7 0D010105 05003039 31163014  .H.w......091.0.
060EB830: 06035504 0A130D43 6973636F 20537973  ..U....Cisco Sys
060EB840: 74656D73 311F301D 06035504 03131643  tems1.0...U....C
060EB850: 6973636F 204D616E 75666163 74757269  isco Manufacturi
060EB860: 6E672043 41301E17 0D303731 32323931  ng CA0...0712291
060EB870: 34353735 375A170D 31373132 32393135  45757Z..17122915
060EB880: 30373537 5A308198 310B3009 06035504  0757Z0..1.0...U.
060EB890: 06130255 53311330 11060355 0408130A  ...US1.0...U....
060EB8A0: 43616C69 666F726E 69613111 300F0603  California1.0...
060EB8B0: 55040713 0853616E 204A6F73 65311630  U....San Jose1.0
060EB8C0: 14060355 040A130D 43697363 6F205379  ...U....Cisco Sy
060EB8D0: 7374656D 73312730 25060355 0403131E  stems1'0%..U....
060EB8E0: 4149522D 574C4334 3430322D 32352D4B  AIR-WLC4402-25-K
060EB8F0: 392D3030 31653461 66656532 36303120  9-001e4afee2601
060EB900: 301E0609 2A864886 F70D0109 01161173  0...*.H.w......s
060EB910: 7570706F 72744063 6973636F 2E636F6D  upport@cisco.com
060EB920: 30820122 300D0609 2A864886 F70D0101  0.."0...*.H.w...
060EB930: 01050003 82010F00 3082010A 02820101  ........0.......
060EB940: 00A793B7 ADE3629A F6AD2679 4D8365BC  .'.7-cb.v-&yM.e<
060EB950: 274FA10F E6138B71 E66D361C 9FB24F7A  'O!.f..qfm6..2Oz
060EB960: 670329FE EB4A5DF2 2156D5D7 EBD10429  g.)~kJ]r!VUWkQ.)
060EB970: 4B6EF752 CC80BC49 A595AEFC BA10DD8F  KnwRL.060EB980: 3DC04BB2 3F269022 3C73AD85 5ABAD442  =@K2?&."
060EB990: 3DEF5690 65A7C35E FBD7DB09 3125CE8B  =oV.e'C^{W[.1%N.
060EB9A0: 86BBE1F7                             .;aw           
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (424) <  length (1147)
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

0608AF10:                            16FEFF00              .~..
0608AF20: 00000000 00000302 130B0004 7B000200  ............{...
0608AF30: 01A80002 079013CD 64E9C1A3 6C72E4A1  .(.....MdiA#lrd!
0608AF40: 96D206D8 27B81367 8F28184B 14B7B76C  .R.X'8.g.(.K.77l
0608AF50: CFDB0BA9 7F9D5CCF 7D6D27B6 7EBCE42F  O[.)..\O}m'6~0608AF60: 421BD972 DD78836C 845FB499 A49287A1  B.Yr]x.l._4.$..!
0608AF70: 60DE3E30 1E581D5B 7B216CFC BB996DFD  `^>0.X.[{!l|;.m}
0608AF80: F32F4B38 C70D7CB3 544FFEA3 FF439862  s/K8G.|3TO~#.C.b
0608AF90: 36093230 5BD5E795 B9083CE5 021A0B9B  6.20[Ug.9.
0608AFA0: D59C10A1 5DD18654 29BE81FE 69CC1A14  U..!]Q.T)>.~iL..
0608AFB0: 26DB13F9 CDE6CB75 D11CC51C 50008A44  &[.yMfKuQ.E.P..D
0608AFC0: 5A317136 0127BF19 FCE6854E 00593287  Z1q6.'?.|f.N.Y2.
0608AFD0: 620F0203 010001A3 82011930 82011530  b......#...0...0
0608AFE0: 0B060355 1D0F0404 030205A0 301D0603  ...U....... 0...
0608AFF0: 551D0E04 1604140B C06CB3EE 45A6210B  U.......@l3nE&!.
0608B000: C8B8CD65 2DA8941E CBAEFA30 1F060355  H8Me-(..K.z0...U
0608B010: 1D230418 30168014 D0C52226 AB4F4660  .#..0...PE"&+OF`
0608B020: ECAE0591 C7DC5AD1 B047F76C 303B0603  l...G\ZQ0Gwl0;..
0608B030: 551D1F04 34303230 30A02EA0 2C862A68  U...40200 . ,.*h
0608B040: 7474703A 2F2F7777 772E6369 73636F2E  ttp://www.cisco.
0608B050: 636F6D2F 73656375 72697479 2F63726C  com/security/crl
0608B060: 2F636D63 612E6372 6C304806 082B0601  /cmca.crl0H..+..
0608B070: 05050701 01043C30 3A303806 082B0601  ......<0:08..+..
0608B080: 05050730 02862C68 7474703A 2F2F7777  ...0..,http://ww
0608B090: 772E6369 73636F2E 636F6D2F 73656375  w.cisco.com/secu
0608B0A0: 72697479 2F636572 74732F63 6D63612E  rity/certs/cmca.
0608B0B0: 63657230 3F06092B 06010401 82371402  cer0?..+.....7..
0608B0C0: 04321E30 00490050 00530045 00430049  .2.0.I.P.S.E.C.I
0608B0D0: 006E0074 00650072 006D0065 00640069  .n.t.e.r.m.e.d.i
0608B0E0: 00610074 0065004F 00660066 006C0069  .a.t.e.O.f.f.l.i
0608B0F0: 006E0065 300D0609 2A864886 F70D0101  .n.e0...*.H.w...
0608B100: 05050003 82010100 12FA163E 1E28E8C4  .........z.>.(hD
0608B110: 883EB50D 9A3866DC 1DFA9FCD BA508DEF  .>5..8f\.z.M:P.o
0608B120: 31351B5D BDCA58E2 848B8893 8A75637D  15.]=JXb.....uc}
0608B130: CA549248 1BDE711A DB011B2A           JT.H.^q.[..*   
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (519) <  length (1147)
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later
*Oct 24 11:56:33.157: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: End of datagram reached.
*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Called... for connection 0x02C11864

060FB560:          16FEFF00 00000000 00000400      .~..........
060FB570: CC0B0004 7B000200 03AF0000 C035F540  L...{..../..@5u@
060FB580: D15DE7DE DF5BFE13 12F3D8B1 EF16EC67  Q]g^_[~..sX1o.lg
060FB590: 068E4CCB BC5422E1 84B38779 88E3D08F  ..LK060FB5A0: E3A42DFF 5B30A98F 0A44BD7D 601399D6  c$-.[0)..D=}`..V
060FB5B0: F9517694 A8E6195E F466413C C1607FCB  yQv.(f.^tfA060FB5C0: 7617EA4B 91A3EEBB 37DB7FEF 3AF98C32  v.jK.#n;7[.o:y.2
060FB5D0: BD9F32C2 1A13D939 435F4EA4 EB1EB2E3  =.2B..Y9C_N$k.2c
060FB5E0: 15496BB7 CB29223A 5461BFF9 824F170E  .Ik7K)":Ta?y.O..
060FB5F0: 7D35DE43 023FF86B 922B7E28 9815F512  }5^C.?xk.+~(.....









060FB630:                              16FEFF               .~.
060FB640: 00000000 00000005 00180B00 047B0002  .............{..
060FB650: 00046F00 000C5A88 576725DC 017098E9  ..o...Z.Wg%\.p.i

Can you please post the output to the following commands:

1.  WLC:  sh sysinfo;

2.  WAP:  sh version;

3.  WAP:  sh inventory

He thanks .... here the output

1.)

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.0
RTOS Version..................................... 7.0.235.0
Bootloader Version............................... 7.0.230.0
Emergency Image Version.......................... 7.0.230.0
Build Type....................................... DATA + WPS

System Name......................................

System Location.................................. CZE/Mokra/
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.240.4.12
System Up Time................................... 33 days 18 hrs 37 mins 11 secs
System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh

Configured Country............................... Multiple Countries:AU,BA,CZ,DE,GB
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C

State of 802.11b Network......................... Enabled

--More-- or (q)uit
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 3
Number of Active Clients......................... 1

Burned-in MAC Address............................ 00:1E:4A:FE:E2:60
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25

2.)

AP2894.0f01.0ad8#sh ver
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(23c)JA5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Mon 30-Apr-12 13:30 by prod_rel_team

ROM: Bootstrap program is C3500 boot loader
BOOTLDR: C3500 Boot Loader (AP3G1-BOOT-M) Version 12.4(23c)JA, RELEASE SOFTWARE (fc3)

AP2894.0f01.0ad8 uptime is 23 minutes
System returned to ROM by reload
System image file is "flash:/ap3g1-k9w8-mx.124-23c.JA5/ap3g1-k9w8-mx.124-23c.JA5"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3502I-E-K9 (PowerPC460exr) processor (revision A0) with 81910K/49152K bytes of memory.
Processor board ID FCZ1603W4NP
PowerPC460exr CPU at 666Mhz, revision number 0x18A8
Last reset from reload
LWAPP image version 7.0.235.0
1 Gigabit Ethernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 28:94:0F:01:0A:D8
Part Number : 73-12175-05
PCA Assembly Number : 800-32268-05
PCA Revision Number : A0
PCB Serial Number : FOC1544345G
Top Assembly Part Number : 800-32891-01
Top Assembly Serial Number : FCZ1603W4NP
Top Revision Number : A0
Product/Model Number : AIR-CAP3502I-E-K9

Configuration register is 0xF

3.)

AP2894.0f01.0ad8#sh inventory

NAME: "AP3500", DESCR: "Cisco Aironet 3500 Series (IEEE 802.11n) Access Point"

PID: AIR-CAP3502I-E-K9 , VID: V01, SN: FCZ1603W4NPAP2894.0f01.0ad8#sh inventory
NAME: "AP3500", DESCR: "Cisco Aironet 3500 Series (IEEE 802.11n) Access Point"
PID: AIR-CAP3502I-E-K9 , VID: V01, SN: FCZ1603W4NP

Configured Country............................... Multiple Countries:AU,BA,CZ,DE,GB

Geez.  That's messy.

1.  How many licenses does your WLC have and how many are currently joined?

2.  Can you console into the WAP and reboot the WAP?  I want to see the entire bootup sequence.

Hi ,

the WLC for debug has 25 AP Licenses , one in Use , the are not full ... :-)
All WLC run the same version

The AP reach the WLC ... but don not register

Here the debug off the reload:

AP2894.0f01.0ad8#reload
Proceed with reload? [confirm]

Writing out the event log to nvram...

*Oct 25 06:52:55.073: %SYS-5-RELOAD: Reload requested by cisco on console. Reload Reason: Reload Command.
*Oct 25 06:52:55.076: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
r WRDTR,CLKTR: 0x88000800 0x00000000
r RQDC ,RFDC : 0x80000033 0x00000259

using  eeprom values

WRDTR,CLKTR: 0x88000800 0x00000000
RQDC ,RFDC : 0x80000033 0x00000259

ddr init done

Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP:  Numonyx P33
Checking for Over Erased blocks
......................................................................................................................................................................................................................................................
Xmodem file system is available.

DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x88000800, 0x00000000
RQDC, RFDC : 0x80000033, 0x00000259

PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is up.
PCIE1: VC0 is active
64bit PCIE devices
PCIEx: initialization done
flashfs[0]: 35 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31739904
flashfs[0]: Bytes used: 8313856
flashfs[0]: Bytes available: 23426048
flashfs[0]: flashfs fsck took 15 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 28:94:0f:01:0a:d8
Ethernet speed is 100 Mb - FULL duplex
Loading "flash:/ap3g1-k9w8-mx.124-23c.JA5/ap3g1-k9w8-mx.124-23c.JA5"...##############################################################################################################################################################################################################################################################################################################################################################################################################################################################################

File "flash:/ap3g1-k9w8-mx.124-23c.JA5/ap3g1-k9w8-mx.124-23c.JA5" uncompressed and installed, entry point: 0x4000
executing...
enet halted

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(23c)JA5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Mon 30-Apr-12 13:30 by prod_rel_team


Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...
FLASH CHIP:  Numonyx P33
Checking for Over Erased blocks
......................................................................................................................................................................................................................................................

flashfs[1]: 35 files, 8 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 31481856
flashfs[1]: Bytes used: 8313856
flashfs[1]: Bytes available: 23168000
flashfs[1]: flashfs fsck took 7 seconds.
flashfs[1]: Initialization complete.
flashfs[2]: 0 files, 1 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 11999232
flashfs[2]: Bytes used: 1024
flashfs[2]: Bytes available: 11998208
flashfs[2]: flashfs fsck took 1 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.

Ethernet speed is 100 Mb - FULL duplex

Radio0  present 8364B 8000 B8020000 0 B8030000 10
Radio1  present 8364B 8000 B0020000 0 B0030000 C
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3502I-E-K9    (PowerPC460exr) processor (revision A0) with 81910K/49152K bytes of memory.
Processor board ID FCZ1603W4NP
PowerPC460exr CPU at 666Mhz, revision number 0x18A8
Last reset from reload
LWAPP image version 7.0.235.0
1 Gigabit Ethernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 28:94:0F:01:0A:D8
Part Number                          : 73-12175-05
PCA Assembly Number                  : 800-32268-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC1544345G
Top Assembly Part Number             : 800-32891-01
Top Assembly Serial Number           : FCZ1603W4NP
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP3502I-E-K9  
% Please define a domain-name first.


Press RETURN to get started!


*Mar  1 00:00:09.531: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:09.540: *** CRASH_LOG = YES

*Mar  1 00:00:09.540: 64bit PCIE devicesSecurity Core found.
Base Ethernet MAC address: 28:94:0F:01:0A:D8

*Mar  1 00:00:12.381: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:13.183: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:13.410: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:15.870: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:15.920: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)

*Mar  1 00:00:15.936:  status of voice_diag_test from WLC is false
*Mar  1 00:00:18.047: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 12.4(23c)JA5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Mon 30-Apr-12 13:30 by prod_rel_team
*Mar  1 00:00:18.047: %SNMP-5-COLDSTART: SNMP agent on host AP2894.0f01.0ad8 is undergoing a cold start
*Mar  1 00:13:19.040: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar  1 00:13:19.113: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:13:19.113: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:13:19.286: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:13:19.965: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:13:20.113: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:13:20.113: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:13:27.257: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 10.127.76.5, mask 255.255.255.0, hostname AP2894.0f01.0ad8

*Mar  1 00:13:37.934:  status of voice_diag_test from WLC is false
*Mar  1 00:13:37.997: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-CAPWAP-CONTROLLER.test.net"...domain server (10.X.X.X)
*Mar  1 00:13:49.016: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.X.X.X obtained through DHCP (10.70.X.X) [OK]

*Oct 25 06:55:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X.X peer_port: 5246
*Oct 25 06:55:13.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 
*Oct 25 06:55:23.692: %CDP_PD-4-POWER_OK: Full power - NON_CISCO-NO_CDP_RECEIVED inline power source
*Oct 25 06:55:23.783: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 25 06:55:23.877: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 25 06:55:24.702: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Oct 25 06:55:24.702: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated
*Oct 25 06:55:24.796: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Oct 25 06:55:43.180: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!
*Oct 25 06:55:43.180: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.X.X.X is reached.

User Access Verification

Username:
*Oct 25 06:56:13.055: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.X.X.X:5246
*Oct 25 06:56:13.105: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 25 06:56:13.105: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Oct 25 06:56:13.171: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Oct 25 06:56:13.171: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Oct 25 06:56:13.180: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Oct 25 06:56:13.190:  status of voice_diag_test from WLC is false
*Oct 25 06:56:13.190: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Oct 25 06:56:13.199: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Oct 25 06:56:13.209: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resethttp://www.cisco.com/en/US/products/ps6366/products_tech_note09186a                                                                   $cisco.com/en/US/products/ps6366/products_tech_note09186a0                  0808f8599                                                                  en/US/products/ps6366/products_tech_note09186a00808f8599.                  shtml
*Oct 25 06:56:23.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X.X peer_port: 5246
*Oct 25 06:56:23.000: %CAPWAP-5-CHANGED: CAPWAP changed state to 

*Oct 25 06:55:43.180: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!

*Oct 25 06:55:43.180: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.X.X.X is reached.

Can you change your WLC Regulatory Domain to just GB only?

on this controller yes .... but this is only for test :-(

on the other  WLC ´s no .... what i don`t understand is that other AP`s in UK work without problems .

by the way :  thanks a lot lot for your help !

on this controller yes .... but this is only for test :-(

on the other  WLC ´s no .... what i don`t understand is that other AP`s in UK work without problems .

Understood.

What kind of controller is this?  2K, 4400, 5500?

If it still doesn't work, can I ask if you console into the WAP and see if it could ping the WLC Management IP Address.  If it can, enter this command in enable mode:  capwap ap controller ip address

Hi,

ping to all WLC IP`s works ... no problem .
Test Controller ist 4402 , but we try it with WiSM and 5508 , same behaviour :-(

i also set the WLC Management IP with the command: capwap ap controller IP

Thanks

Some ideas:

Has this AP been connected to the WLC earlier or is it "clean"? Otherwise try clearing the config.

Is there a NAT/PAT firewall between the LAP and WLC? DTLS tunnels only support real IP connections, so if sevral LAP's are hidden behind the same IP this won't work. Also check for fragmetation while traversing provider networks.

Did the solution worked?

sorry ... sadly not . i am sure it is an provider issue (Firewall etc. )
but you know providers ..... you have to prove the error is on theri side :-(

but thanks a lot for your comments and your help !

it is possible the received packets are out of order/sequence and or can't reassemble is what i see from the debugs. take this AP to different location and it would join wlc.

To your SP show the bad and good dtls debug dtls taken from joining AP.

*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Reassembly required for handshake seq 2. frag_len (192) <  length (1147)

*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_handshake_fragment_new: Called...

*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_reassemble_handshake: Not ready to assemble yet.

*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_client_process_record: DTLS handshake buffered for reassembly later

*Oct 24 11:56:33.160: DTLS_CLIENT_EVENT_DETAIL: dtls_process_packet: Attempting to extract next record....

Review Cisco Networking for a $25 gift card