AP not joining 9800WLC

someone_003 · ‎06-21-2024

Hi,

I m really struggling to get 9164 access points to join a 9800 controller.

I get this error on the console of the Access point dtls_log_replay: dtls_log_replay: DTLS Replay Attack detected for Source.

I don't know if this is the reason for the APs not to join, but I have set an ntp for the controller and the APs as per some previous posts.

Any help would be appreciated

marce1000 · ‎06-21-2024

- Make sure that the country code for the APs is configured on the controller (allowed)
- Have a checkup of the 9800 controller's configuration using the CLI command show tech wireless
and feed the output from that into Wireless Config Analyzer

- Get further insights from https://logadvisor.cisco.com/logadvisor/wireless/9800/9800APJoin

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

someone_003 · ‎06-21-2024

Hi,

I have these in the config:

wireless country BE

ap profile default-ap-profile
country BE

However in the radioactive trace i get these errors:

Failed to get valid slot count. country code DE is not configured on WLC

Not sure how to change that?

marce1000 · ‎06-21-2024

>...Failed to get valid slot count. country code DE is not configured on WLC
- For which country did you buy the AP ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

someone_003 · ‎06-21-2024

HI,

PID: CW9164I-E so it should be right? Its strange because I haven't set DE on it all.

marce1000 · ‎06-21-2024

- Yeah , that should be right : could you check the output of :
show running-config | inc country

- Also have an overall checkup of the 9800 controller configuration with the CLI command show tech wireless
and feed the output from that into Wireless Config Analyzer

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

someone_003 · ‎06-21-2024

Hi,

I just checked the ntp status on the AP it shows this:

#sho ntp
%Error: NTP service is not running

I have set the NTP in the profile in the controller, is there any other way for the AP to pick up the NTP server?

someone_003 · ‎06-21-2024

I've fixed the ntp issue and set the country to DE (not correct) but still get the same error.

Leo Laohoo · ‎06-21-2024

What firmware is the controller on?

someone_003 · ‎06-21-2024

It's on 17.12.3

marce1000 · ‎06-21-2024

>...and set the country to DE (not correct) but still get the same error = ???
- Strange reply ; could you set the correct country code and see if the AP can join according to your initial post.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

someone_003 · ‎06-21-2024

Hi,

Sorry I should have said that when it's set to BE it's still the same error, it thinks its set to DE. But when the controller is DE that error goes away but it still has the dtls replay attack message.

marce1000 · ‎06-21-2024

>...Sorry I should have said that when it's set to BE it's still the same error, it thinks its set to DE.
- Ok ,let's stick with that for the moment , the correct NTP parameters will be provided if or when the AP can join.
As asked before : Have a checkup of the 9800 controller's configuration using the CLI command show tech wireless
and feed the output from that into Wireless Config Analyzer
(set the correct country code BE first!)

- On a switch where this particular AP model is connected ; issue the command show cdp neighbors detail
and post the output for an AP connection ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

someone_003 · ‎06-22-2024

Hi,

I have run the wireless config analyser there were a few minor issues regarding management access, but it didn't give any glaring issues?

Show cdp neighbors output:

Device ID Local Intrfce Holdtme Capability Platform Port ID
APC4D6.6636.F1B0 Two 1/0/4 169 R T CW9164I-E Gig 0
APC4D6.6637.0830 Two 1/0/3 163 R T CW9164I-E Gig 0

Leo Laohoo · ‎06-22-2024

Console into the AP and reboot.

Post, in a text file and attached to the thread, the entire bootup process.