Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
8
Replies

AP is frequently disassociating after SDWAN migration

sajeshedayath
Level 1
Level 1

‎09-20-2023 07:52 PM

After SDWAN migration AP is freeqently disconnecting from WLC

*Sep 21 02:27:05.431: %CAPWAP-3-DATA_KEEPALIVE_ERR: Failed to receive data keep-alive
*Sep 21 02:27:05.447: Delete of backup image not donewith status 1
*Sep 21 02:27:05.463: Delete of backup image not donewith status 1

 

Labels:
0 Helpful
8 Replies 8

marce1000
VIP
VIP

‎09-20-2023 11:10 PM

 

 - What is the WLC model and which software version is it running ? What is  the AP model ?

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

sajeshedayath
Level 1
Level 1

‎09-20-2023 11:19 PM

WLC:3504

Version: 8.10.130.0

AP Model:AIR-CAP1702I-Q-K9

Below logs we are able to see in AP.

*Sep 21 02:27:05.431: %CAPWAP-3-DATA_KEEPALIVE_ERR: Failed to receive data keep-alive
*Sep 21 02:27:05.447: Delete of backup image not donewith status 1
*Sep 21 02:27:05.463: Delete of backup image not donewith status 1
*Sep 21 02:27:05.463: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.121.8.248:5246
*Sep 21 02:27:05.463: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Sep 21 02:27:06.511: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Sep 21 02:27:06.511: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Sep 21 02:27:06.523: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 39
*Sep 21 02:27:06.523: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 39
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station c475.ab08.9503
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 5c87.9cb9.9b46
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station d4d2.52e6.4182
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 24ee.9a3a.10c4
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station e4fd.459f.052e
*Sep 21 02:27:06.579: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station e4fd.459e.51a1
*Sep 21 02:27:06.583: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 24ee.9a39.ef63
*Sep 21 02:27:08.867: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 46
*Sep 21 02:27:08.867: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 46
*Sep 21 02:27:08.871: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Sep 21 02:27:08.879: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Sep 21 02:27:09.871: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Sep 21 02:27:09.903: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Sep 21 02:27:09.911: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Sep 21 02:27:09.919: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Sep 21 02:27:10.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Sep 21 02:27:10.911: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Sep 21 02:27:10.955: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Sep 21 02:27:11.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Sep 21 02:27:16.579: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Sep 21 02:27:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.121.8.248 peer_port: 5246
*Sep 21 02:27:17.267: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.121.8.248 peer_port: 5246
*Sep 21 02:27:17.267: %CAPWAP-5-SENDJOIN: sending Join Request to 10.121.8.248
*Sep 21 02:27:22.267: %CAPWAP-5-SENDJOIN: sending Join Request to 10.121.8.248
*Sep 21 02:27:22.403: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 56
*Sep 21 02:27:22.407: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Sep 21 02:27:22.415: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Sep 21 02:27:23.035: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 56
*Sep 21 02:27:23.039: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 10
*Sep 21 02:27:23.055: %LWAPP-4-CLIENTEVENTLOG: OfficeExtend Localssid saved in AP flash
*Sep 21 02:27:23.239: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Sep 21 02:27:23.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Sep 21 02:27:24.243: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller ishikawa33-wlcWLAN id 1, SSID ZsE45ThN, L2ACL , L2ACL AP

*Sep 21 02:27:24.247: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Sep 21 02:27:24.255: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Sep 21 02:27:24.307: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio0 due to the reason code 10capwap_delete_all_l2Acls_in_nacl_list:336. Deleting all L2Acls in AP config

*Sep 21 02:27:24.375: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 10
*Sep 21 02:27:25.275: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Sep 21 02:27:25.283: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Sep 21 02:27:25.291: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Sep 21 02:27:25.623: %WIDS-6-ENABLED: IDS Signature is loaded and enabled%CRYPTO_PKI: Cert not yet valid or is expired -
start date: 21:36:50 UTC Nov 5 2013
end date: 21:36:50 UTC May 20 2022

*Sep 21 02:27:25.799: %DOT11-3-NA_SENSOR_CERT_ERROR: Certificate installation error: Error in saving WSA certificate.
*Sep 21 02:27:26.315: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Sep 21 02:27:26.635: %DOT11-6-ASSOC: Interface Dot11Radio0, Station otb-shinagawa20 d4d2.52e6.4182 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:27.147: %DOT11-6-ASSOC: Interface Dot11Radio0, Station e4fd.459e.51a1 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:27.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Sep 21 02:27:27.523: %DOT11-6-ASSOC: Interface Dot11Radio0, Station otb-shinagawa20 24ee.9a39.ef63 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:28.319: %DOT11-5-EXPECTED_RADIO_RESET: Restarting Radio interface Dot11Radio1 due to the reason code 46
*Sep 21 02:27:28.323: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Sep 21 02:27:28.327: %DOT11-6-ASSOC: Interface Dot11Radio0, Station otb-shinagawa20 24ee.9a3a.10c4 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:28.331: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Sep 21 02:27:29.323: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Sep 21 02:27:29.367: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Sep 21 02:27:30.155: %DOT11-6-ASSOC: Interface Dot11Radio1, Station e4fd.459f.052e REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:30.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Sep 21 02:27:33.391: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station d4d2.52e6.4182 Sending station has left the BSS
*Sep 21 02:27:34.691: %DOT11-6-ASSOC: Interface Dot11Radio1, Station otb-shinagawa20 d4d2.52e6.4182 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:37.103: %DOT11-6-ASSOC: Interface Dot11Radio1, Station 20c1.9be5.83d7 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:45.723: %CLEANAIR-6-STATE: Slot 1 disabled
*Sep 21 02:27:48.547: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 24ee.9a3a.10c4 Sending station has left the BSS
*Sep 21 02:27:48.563: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station e4fd.459e.51a1 Sending station has left the BSS
*Sep 21 02:27:48.579: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 24ee.9a39.ef63 Sending station has left the BSS
*Sep 21 02:27:48.675: %DOT11-6-ASSOC: Interface Dot11Radio1, Station otb-shinagawa20 24ee.9a39.ef63 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:49.499: %DOT11-6-ASSOC: Interface Dot11Radio1, Station e4fd.459e.51a1 REAP Associated KEY_MGMT[Open]
*Sep 21 02:27:50.723: %CLEANAIR-6-STATE: Slot 0 disabled
*Sep 21 02:28:02.927: LWAPP IPV6 IAPP [ERROR!]: 2nd retry failed! for client[24ee.9a39.ef63]
*Sep 21 02:29:07.983: %DOT11-6-ASSOC: Interface Dot11Radio1, Station otb-shinagawa20 24ee.9a3a.10c4 REAP Associated KEY_MGMT[Open]
*Sep 21 02:29:43.911: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 20c1.9be5.83d7 Sending station has left the BSS

 

0 Helpful

marce1000
VIP
VIP
In response to sajeshedayath

‎09-22-2023 02:56 AM

 

 - Check the output of : 
         (Cisco Controller) >show ap config general <APname>

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

sajeshedayath
Level 1
Level 1

‎09-22-2023 03:29 AM

Please find the below output

Cisco AP Identifier.............................. 45
Cisco AP Name.................................... otb-shinagawa205-ap-02
Country code..................................... J4 - Japan 4(PQ)
Regulatory Domain allowed by Country............. 802.11bg:-JPQU 802.11a:-JPQU
AP Country code.................................. J4 - Japan 4(PQ)
AP Regulatory Domain............................. 802.11bg:-Q 802.11a:-Q
Switch Port Number .............................. 8
MAC Address...................................... 70:b3:17:f6:bd:88
IP Address Configuration......................... DHCP
IP Address....................................... 10.130.204.24
IP NetMask....................................... 255.255.255.0
Gateway IP Addr.................................. 10.130.204.254
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1437
DHCP Release Override............................ Disabled
Telnet State..................................... Globally Enabled
Ssh State........................................ Globally Enabled
NSI Ports State.................................. Globally Enabled
Virtual IP Address............................... Not Configured
Cisco AP Location................................ 5F
Cisco AP Floor Label............................. 0

--More-- or (q)uit
Cisco AP Group Name.............................. AGN_01_d
Primary Cisco Switch Name........................ ishikawa33-wlc
Primary Cisco Switch IP Address.................. 10.121.8.248
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... FlexConnect
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Rogue Detection ................................. Enabled
AP Vlan Trunking ................................ Enabled (Inherited)
AP Native Vlan ID: .............................. 1 (Inherited)
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
KPI not configured ..............................
Logging syslog facility ......................... kern
S/W Version .................................... 8.10.130.0
Boot Version ................................... 15.3.0.0
Mini IOS Version ................................ 8.3.102.0

--More-- or (q)uit
Stats Reporting Period .......................... 180
Stats Collection Mode ........................... normal
Radio Core Mode ................................. Disabled
Slub Debug Mode ................................. Disabled
Static Ip Failover .............................. Enabled
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. DC / Full Power
Number Of Slots.................................. 2
AP Model......................................... AIR-CAP1702I-Q-K9
AP Image......................................... C1700-K9W8-M
IOS Version...................................... 15.3(3)JK3$
Reset Button..................................... Enabled
AP Serial Number................................. FGL2250K1JB
AP Certificate Type.............................. Manufacture Installed
AP LAG Configuration Status ..................... Disabled
LAG Support for AP .............................. No
AP multicast mode :.............................. Disabled
Native Vlan Inheritance: ........................ Group
FlexConnect Vlan mode :.......................... Enabled
Native ID :..................................... 1
WLAN 2 :........................................ 1 (Group-Specific)

--More-- or (q)uit
FlexConnect VLAN ACL Mappings
FlexConnect Group................................ FGN_043_otb-shinagawa_01
Group VLAN ACL Mappings


Group VLAN Name to Id Mappings

AP-Specific FlexConnect Policy ACLs :
L2Acl Configuration ............................. Not Available

FlexConnect Local-Split ACLs :
WLAN ID PROFILE NAME ACL TYPE
------- -------------------------------- --------------------------------- -------

Flexconnect Central-Dhcp Values :

WLAN ID PROFILE NAME Central-Dhcp DNS Override Nat-Pat Type
------- --------------------------------- -------------- -------------- --------- ------
2 PN_data02_11n False False False Wlan

Flex AVC visibility Configurations..............

WlanId PROFILE NAME Inherit-level Visibility Flex Avc-profile

--More-- or (q)uit
------- -------------------------------- ------------- ---------- --------------------------------

FlexConnect Backup Auth Radius Servers :
Primary Radius Server........................... Disabled
Secondary Radius Server......................... Disabled
FlexConnect Radius/Local Auth Parameters :
Radius Retransmit Count......................... 3 (default)
Active Radius Timeout........................... 5 (default)

AP User Mode................................... CUSTOMIZED
AP User Name..................................... read
AP Dot1x User Mode............................... Not Configured
AP Dot1x User Name............................... Not Configured
AP Dot1x EAP Method.............................. Not Configured
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 13 days, 01 h 04 m 13 s
AP LWAPP Up Time................................. 0 days, 00 h 33 m 16 s
Join Date and Time............................... Fri Sep 22 18:54:54 2023
Join Taken Time.................................. 0 days, 00 h 00 m 15 s
Unencrypted Data Keep Alive ..................... Enable
AP broken antenna detection - Status ............ Not Supported
Memory Type...................................... DDR3
Memory Size...................................... 376814 KBytes

--More-- or (q)uit
CPU Type......................................... PowerPC CPU at 800Mhz, revision number 0x2151
Flash Type....................................... Onboard Flash
Flash Size....................................... 39942 KBytes
GPS Present...................................... NO
Ethernet Vlan Tag................................ Disabled
Ethernet Port Duplex............................. Auto
Ethernet Port Speed.............................. Auto
Fabric support................................... Yes
AP Link Latency.................................. Disabled
Rogue Detection.................................. Enabled
AP TCP MSS Adjust................................ Enabled
AP TCP MSS Size.................................. 1250
AP CAPWAP Control Port........................... 60377
AP CAPWAP Data Port.............................. 60377
AP WPA3 Capable.................................. No
Hotspot Venue Group.............................. Unspecified
Hotspot Venue Type............................... Unspecified
DNS server IP ............................. 10.130.2.201
DNS server IP ............................. 10.120.3.142
Cisco TrustSec Config...:
CTS Global Override State....................... Disabled
Inline-Tagging.................................. Disabled
SGACL-Enforcement............................... Disabled

--More-- or (q)uit
Time Zone Config :
Time Zone State................................. Disabled
Time Zone Offset Hour........................... 00
Time Zone Offset Minute......................... 00
NTP server status :
NTP Enable...................................... No
Encryption SPIs (Unique Identifiers)
Hyperlocation................................... None


ApVapId to Profile Name Mappings:

APVAPID WLANID PROFILE NAME SLOT-A/B
------- ------ ------------------------------ --------
1 2 PN_data02_11n 1/1

 

Service SubService CMX Server
------------ ---------------- ---------------

 

 

0 Helpful

sajeshedayath
Level 1
Level 1

‎09-24-2023 09:24 PM

Any findings 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-24-2023 11:54 PM

You mean to say before SD-WAN all working as expected ?

Make sure RTT meet the deployment between WLC and AP. ( also check the MTU ?)

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/211405-Configure-CAPWAP-Path-MTU-Discovery.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

sajeshedayath
Level 1
Level 1

‎09-26-2023 10:36 PM

Can you please briefly explain?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to sajeshedayath

‎09-27-2023 03:34 AM

read the document i was reffering for the  RTT requirement is this below that RTT as guided ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card