cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3673
Views
15
Helpful
14
Replies

AP don't join to controller

schulcz
Beginner
Beginner

Hi Guys,

 

I would like to made a little change and I should move some AP from the production wlc to the temporary wlc.

 

Production wlc runs 8.3.143.0, temp wlc runs 8.5.140.0, ap manager interfaces is in the same subnet. After I prepared temp wlc for that type of AP (image bundle was needed), I configured AP to join to another wlc, and made a reset. Capwap process started, but the AP cannot join to wlc, and I didn't understand why. (APs got bad IP address from option 43, I know it)

 

AP log:

*Mar  1 00:00:53.267: Currently running a Release Image

*Mar  1 00:00:53.363: Using SHA-2 signed certificate for image signing validation.
*Mar  1 00:01:03.983: AP image integrity check PASSED

*Mar  1 00:01:03.991: Non-recovery image. PNP Not required.

*Mar  1 00:01:04.079: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

*Mar  1 00:01:04.103: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  1 00:01:04.103: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to resetcreating PnP template view

*Mar  1 00:01:14.127: Logging LWAPP message to 255.255.255.255.

*Mar  1 00:01:14.135: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Mar  1 00:01:15.307: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 172.21.250.177, mask 255.255.255.128, hostname b2-test-ap

*Mar  1 00:01:25.139: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.5 obtained through DHCP
*Mar  1 00:01:25.139: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.10.20 obtained through DHCP
*Mar  1 00:01:37.207: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 24 21:18:10.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:18:10.415: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:18:10.415: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 24 21:18:10.427: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
*Jul 24 21:18:16.019: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 24 21:18:16.019: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 24 21:18:16.019: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Jul 24 21:18:29.947: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:18:30.947: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:18:31.227: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:18:32.227: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 24 21:18:58.487: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.21.250.133:5246
*Jul 24 21:18:58.487: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface is getting down
*Jul 24 21:18:58.487: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface is getting down
*Jul 24 21:18:58.567: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to hostname change
*Jul 24 21:18:58.567: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to hostname change
*Jul 24 21:18:58.591: capwap_image_proc: problem extracting tar file
*Jul 24 21:18:58.595: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jul 24 21:18:58.595: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jul 24 21:18:58.595: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to interface reset
*Jul 24 21:18:58.599: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:18:58.611: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to interface reset
*Jul 24 21:18:58.651: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:18:59.595: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 24 21:18:59.627: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jul 24 21:18:59.635: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 24 21:19:00.619: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:19:00.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 24 21:19:00.663: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 24 21:19:00.671: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jul 24 21:19:00.679: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 24 21:19:01.663: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 24 21:19:01.671: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 24 21:19:01.703: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 24 21:19:02.703: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 24 21:19:08.719: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jul 24 21:19:09.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:19:09.415: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.21.250.133 peer_port: 5246
*Jul 24 21:19:09.415: %CAPWAP-5-SENDJOIN: sending Join Request to 172.21.250.133perform archive download capwap:/ap1g2 tar file
*Jul 24 21:19:09.427: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.

WLC log:

*spamApTask4: Jul 24 23:18:28.737: %CAPWAP-3-DTLS_CLOSED_ERR: capwap_ac_sm.c:7095 00:6c:bc:c2:01:f0:  DTLS connection closed forAP  172:21:250:177 (18227), Controller: 172:21:250:133 (5246) AP Message Timeout
*spamApTask4: Jul 24 23:18:28.737: %CAPWAP-3-MAX_RETRANSMISSIONS_REACHED: capwap_ac_sm.c:7642 Max retransmissions reached on AP(00:6c:bc:c2:01:f0),message (CAPWAP_IMAGE_DATA_REQUEST
),number of pending messages(1)

After I enabled some debug capwap commands on wlc, I see the wlc try to send ap image to the AP.

Debug outputs from wlc a couple of hours ago, it's the same AP:

*spamApTask6: Jul 24 18:06:30.915: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 packet received of length 24 from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Msg Type = 16 Capwap state = 10

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Image data resp: Total msgEleLen = 0 

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Image Data message element len = 1331

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Sending encrypted packet to AP 172.21.250.176(18226) 

*spamApTask6: Jul 24 18:06:30.915: 00:6c:bc:c2:01:f0 Releasing WTP
*spamApTask6: Jul 24 18:06:30.929: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 packet received of length 24 from 172.21.250.176:18226

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Msg Type = 16 Capwap state = 10

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Image data resp: Total msgEleLen = 0 

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Image Data message element len = 1331

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Sending encrypted packet to AP 172.21.250.176(18226) 

*spamApTask6: Jul 24 18:06:30.929: 00:6c:bc:c2:01:f0 Releasing WTP
*spamApTask6: Jul 24 18:06:30.948: 00:3a:7d:d4:73:1f CAPWAP Control Msg Received from 172.21.250.176:18226

What can I do/check to make it work? I can't reboot wlc or configure any other APs on any wlc because it is a factory, and wireless is mission critical.

 

Clock and images are OK on temp wlc:

(Cisco Controller) >show ap bundle primary


Primary Version : 8.5.140.0


AP Supplement Bundle : Installed

Primary AP Image        Size            Supported AP's
----------------        ----            ------------
ap1g1                   13192           AP700
ap1g2                   13652           AP1600
ap1g3                   15380           AP1530
ap1g4                   25784           AP1850/1810
ap1g5                   22208           AP1815,1540
ap3g1                   10168           AP3500
ap3g2                   15380           AP2600,3600
ap3g3                   39336           AP2800,3800,1560
ap801                   8468            AP802
ap802                   9968            AP802
c1550                   10928           AP1550(128MB)
c1570                   13052           AP1570
c3700                   14372           AP1700,2700,3700

--More-- or (q)uit

(Cisco Controller) >show boot
Primary Boot Image............................... 8.5.140.0 (default)
Backup Boot Image................................ 8.3.143.0

(Cisco Controller) >

Thanks!

 

 

 

 

1 Accepted Solution

Accepted Solutions

did you upload the AP bundle image on WLC ?

Did you reboot the WLC after upgrade ?

 

Regards

Dont forget to rate helpful posts

View solution in original post

14 Replies 14

Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor

which WLC/APs are you using..

 

paste the output of these commands:

 

sh sysinfo from WLC

sh version from AP whcih is not joining to Temporary WLC

complete boot-up process from AP console.

 

Regards

Dont forget to arte helpful posts