06-04-2008 01:55 PM - edited 07-03-2021 03:59 PM
Hi, I have just connected my 1130ag ap to the network noticed that it can not get a Join response. as follows;
bymydesk#
*Mar 1 00:00:25.294: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:35.698: LWAPP_CLIENT_ERROR_DEBUG: spamHandleDiscoveryTimer : Found the disco
very response from MASTER Mwar
*Mar 1 00:00:35.707: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 1 00:00:40.707: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the J
oin response
*Mar 1 00:00:40.707: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
*Mar 1 00:00:40.746: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID
NOT GET JOIN RESPONSE.
*Mar 1 00:00:40.746: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is
I have looked in the forum and other people have had the problem and have indicated it could be a date time issue. I have set the date and time but when I do a "show Auth-list" i get nothing back like the following;
(Cisco Controller) >show auth-list
(Cisco Controller) >
can anyone help please, i am not sure what else to do
Solved! Go to Solution.
06-05-2008 07:24 AM
06-04-2008 05:10 PM
Hi Martin,
Have a look at these two docs for some good tips;
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml#prob
Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
http://www.cisco.com/en/US/products/ps7206/products_configuration_example09186a00806a426c.shtml
Hope this helps!
Rob
06-05-2008 01:13 AM
Hi Rob,
Thanks for the advice, looked into great detail on these docs but still no joy. When I do a sh auth-list the controller comes back blank, I have checked and ssc is enabled but when trying to add the AP mac and key hash, i'm having problems, as i can not find the the key hash using the "debug pm pki enable". as per below;
(Cisco Controller) >Thu Jun 5 09:55:41 2008: Received a message from AP of length 83 on i
nteface = 1
Thu Jun 5 09:55:41 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**
Thu Jun 5 09:55:41 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19
:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'
Thu Jun 5 09:55:41 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**
Thu Jun 5 09:55:41 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res
ponse to AP 00:19:06:73:30:90 on Port 1
Thu Jun 5 09:57:04 2008: Received a message from AP of length 83 on inteface = 1
Thu Jun 5 09:57:04 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**
Thu Jun 5 09:57:04 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19
:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'
Thu Jun 5 09:57:04 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**
Thu Jun 5 09:57:04 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res
ponse to AP 00:19:06:73:30:90 on Port 1
Thu Jun 5 09:57:29 2008: sshpmExtKeyCallback: called with Event 5, Keypath software://0/,
Flags 00000000
Thu Jun 5 09:57:36 2008: sshpmExtKeyCallback: called with Event 5, Keypath software://0/,
Flags 00000000
Thu Jun 5 09:58:26 2008: Received a message from AP of length 83 on inteface = 1
Thu Jun 5 09:58:26 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**
Thu Jun 5 09:58:26 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19
:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'
Thu Jun 5 09:58:26 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**
Thu Jun 5 09:58:26 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res
ponse to AP 00:19:06:73:30:90 on Port 1
Thu Jun 5 09:59:49 2008: Received a message from AP of length 83 on inteface = 1
Thu Jun 5 09:59:49 2008: Entered spamGetLCBFromMac file spam_lrad.c line 472**
Thu Jun 5 09:59:49 2008: 00:19:06:73:30:90 Received LWAPP DISCOVERY REQUEST from AP 00:19
:06:73:30:90 to 00:19:aa:72:2b:40 on port '1'
Thu Jun 5 09:59:49 2008: Entered spamGetLCBFromMac file spam_lrad.c line 1046**
Thu Jun 5 09:59:49 2008: 00:19:e8:af:e6:45 Successful transmission of LWAPP Discovery-Res
ponse to AP 00:19:06:73:30:90 on Port 1
The "show crypto ca certificates" confirmed that the date is within the stated time period of the certificate.
I am using a cisco 875 as the dhcp server with the option 43 commands.
??? please help
06-05-2008 05:12 AM
Hi Martin,
Sorry for the delay as I have many things on the go today :) Just so I can understand;
this was an upgraded AP (from Autonomous)?
I made some assumptions on my first post (I know) but just need to be sure.
Rob
06-05-2008 05:20 AM
Hi rob,
this was not upgraded, this was just an out of the box AP its an 1131AG -E.
06-05-2008 02:41 AM
also rob, this is the config for the layer 3 switch and the 875 i an using for the dhcp server, basically i want to setup a bsic wirelss lan in a test enviroment, can you point me in the write direct to a docuemnt which shows a good example of setting something up? or have a look at this config, can you see anything wrong
your help is appriciated!!!
Switch#sh ru
Switch#sh running-config
Building configuration...
Current configuration : 2298 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
switch 2 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet2/0/1
description Access port Connection to Cisco AP
switchport access vlan 5
switchport mode access
spanning-tree portfast
!
interface FastEthernet2/0/2
switchport access vlan 60
switchport mode access
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet2/0/3
switchport access vlan 2
speed 100
duplex full
!
interface FastEthernet2/0/4
!
interface FastEthernet2/0/5
!
interface FastEthernet2/0/6
!
interface FastEthernet2/0/7
!
interface FastEthernet2/0/8
!
interface FastEthernet2/0/9
!
interface FastEthernet2/0/10
!
interface FastEthernet2/0/11
!
interface FastEthernet2/0/12
!
interface FastEthernet2/0/13
!
interface FastEthernet2/0/14
!
interface FastEthernet2/0/15
!
interface FastEthernet2/0/16
!
interface FastEthernet2/0/17
!
interface FastEthernet2/0/18
!
interface FastEthernet2/0/19
!
interface FastEthernet2/0/20
!
interface FastEthernet2/0/21
!
interface FastEthernet2/0/22
!
interface FastEthernet2/0/23
!
interface FastEthernet2/0/24
!
interface GigabitEthernet2/0/1
description Trunk Port to Cisco WLC
switchport trunk encapsulation dot1q
switchport trunk native vlan 60
switchport trunk allowed vlan 2-5,60
switchport mode trunk
!
interface GigabitEthernet2/0/2
!
interface Vlan1
no ip address
!
interface Vlan2
description LAN
ip address 10.1.1.254 255.255.255.0
!
interface Vlan3
description secure Auth_1
ip address 10.3.3.1 255.255.255.0
!
interface Vlan4
description secure Auth_2
ip address 10.4.4.1 255.255.255.0
!
interface Vlan5
description AP VLan
ip address 10.5.5.1 255.255.255.0
ip helper-address 10.1.1.2
!
interface Vlan60
description Managment & AP Managment Interface
ip address 192.168.60.1 255.255.255.0
!
router eigrp 10
network 10.1.1.0
network 10.5.5.0
no auto-summary
eigrp stub connected summary
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
password cisco
login
line vty 0 4
password cisco
login
line vty 5 15
no login
!
end
***************************************************
also this is the cisco 875 config i am using for the dhcp server for option 43
vice timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
!
ip dhcp pool vlan5pool
network 10.5.5.0 255.255.255.0
default-router 10.5.5.1
option 60 ascii "Cisco AP c1130"
option 43 hex f104.c0a8.3c02
!
!
ip cef
!
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.1.1.2 255.255.255.0
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
06-05-2008 05:48 AM
For now, place the ap on vlan 60 and place a temporary dhcp scope for that vlan and see if the ap joins the controller. Then if it does, change it back and the ap will be able to join from vlan 5.
06-05-2008 06:38 AM
hi,
doing what u have told me it now assigns a dhcp address but still fails on the same place.
*Mar 1 00:00:07.149: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:08.149: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, chang
ed state to up
*Mar 1 00:00:25.197: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:35.336: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP addres
s 192.168.60.21, mask 255.255.255.0, hostname bymydesk
*Mar 1 00:00:46.617: %LWAPP-5-CHANGED: LWAPP changed state to JOIN
*Mar 1 00:00:54.617: LWAPP_CLIENT_ERROR_DEBUG: spamHandleJoinTimer: Did not recieve the J
oin response
*Mar 1 00:00:54.617: LWAPP_CLIENT_ERROR_DEBUG: No more AP manager IP addresses remain.
*Mar 1 00:00:54.644: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: DID
NOT GET JOIN RESPONSE.
*Mar 1 00:00:54.644: %LWAPP-5-CHANGED: LWAPP changed state to DOWNXmodem file system is a
vailable.
the scop i have made is as follows;
ip dhcp pool WLAN
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
option 60 ascii "Cisco AP c1130"
option 43 hex f104.c0a8.c0a8.3c02
** NOTICE** i dont have the DNS server address. I have not put one in because i dont have a dns server on this test network. What is that used for in this instance please????
06-05-2008 06:54 AM
you can take out the option 60 and option 43. Not needed when tha ap's are on the same subnet as the ap-manager.
06-05-2008 07:06 AM
hi,
this again has made no difference, can you see anything in the controller config, i have attached this, please take a look, the only thing i can see is that maybe the ap manager interface should not be tagged, because i had a problem earlier were i could not connect to the managment interface, and I got round this by changing the tagging to 0???
may try this, what do you reckon? sorry see one below i have attached the controller sh run
thanks
06-05-2008 07:08 AM
post your show run-config
06-05-2008 07:10 AM
06-05-2008 07:07 AM
hi,
this again has made no difference, can you see anything in the controller config, i have attached this, please take a look, the only thing i can see is that maybe the ap manager interface should not be tagged, because i had a problem earlier were i could not connect to the managment interface, and I got round this by changing the tagging to 0???
may try this, what do you reckon?
06-05-2008 07:13 AM
YOur ap-manager interface is set to vlan 60. This should be untagged. Also configure the service port to an ip address not on your network... like 2.2.2.2 or 192.168.237.x or something.
06-05-2008 07:14 AM
how would i change that please?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide