AP not join Controller after upgrade

ntlong3 · ‎07-12-2024

I have C9800-L-C

Access Point 1832 2802 9115

After Upgrade Controller from 17.3.4 to 17.9.5, AP not join Controller and version AP is 17.8.0

I downgraded to 17.6.6 but AP still won't join.

Last disconnect reason in 9800 is AP auth Failure

Console AP show no valid user found, please config from controller

I created a user on the controller, but in 17.3.4 I left it blank.

Please help me

marce1000 · ‎07-12-2024

- Have a checkup of the controller's configuration using the CLI command show tech wireless
and feed the output from that into Wireless Config Analyzer

- Debug the AP join process on using https://logadvisor.cisco.com/logadvisor/wireless/9800/9800APJoin

- Post the complete boot process of one of these APs

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo · ‎07-13-2024

Console into the AP and reboot.

Post the entire boot-up process of the AP.

ntlong3 · ‎07-13-2024

Hi Leo,

I send log 2802

marce1000 · ‎07-13-2024

>... AP boot log provided

+ Check if the wireless controller has a valid NTP server configured (and usable = show ntp assoc)
+ Check if the wireless controller has (still) sufficient licenses to accommodate all APs

+ On the AP execute this command : show version
show ip int brief

+ Check wired connection on a problematic AP on a particular switch (port-connection) ;
issue the command : show cdp neighbors detail
verify duplex and speed (acquired) settings

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎07-13-2024

- Another thing I am observing from the boot log (2802.txt) is that there seems to be an ongoing cycle to find a controller; is the
intended DNS entry for CISCO-CAPWAP-CONTROLLER.xangdau.petrolimex.com.vn still correct , I also see Discovery Response from a 10.x address which is different apparently , are there some NAT solution implemented in the networking ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Leo Laohoo · ‎07-13-2024

And what firmware is the 2800 on?

Rasika Nayanajith · ‎07-13-2024

Do you have a back up of your WLC configuration prior to upgrade ? Then I would check any configurations have been changed since upgrde.

Are these Mesh mode or Local mode APs? If mesh mode please check those AP Ethernet MAC addresses added to WLC (Configuration > AAA > AAA Advanced > Device Authentication)

HTH
Rasika
*** Pls rate all useful responses ***

MHM Cisco World · ‎07-14-2024

debug capwap packet <<- share this from WLC 9800

MHM

Rich R · ‎07-15-2024

@ntlong3 check your WLC config using the Config Analyzer (link below) as Marce has already advised.

Use "sh wireless stats ap join summary" on the WLC to see what reason the WLC is giving for the join failure?

What is the correct IP address for the WLC? (123.30.16.153, 10.0.11.200 or 10.0.11.10?)

> version AP is 17.8.0
Not according to the log you provided which says "Active version: 17.3.4.40" which is probably the version they were running before you did the upgrade.

Have you tried doing a factory default reset on the APs?

Also take note of Field Notice: FN74109 - Access Point Image Corruption During CAPWAP Upgrade May Result in Boot Failure - Software Upgrade Recommended - Cisco and Recover from a Boot Loop Caused by Image Corruption on Wave 2 and 11ax Access Points (CSCvx32806) - Cisco

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

ntlong3 · ‎07-15-2024

Hello, thanks for everyone's help.

I resolved the issue by disable Authorize AP against in AP Policy.

Once again, thank you for everyone's help.