Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1940
Views
5
Helpful
18
Replies

AP not joining WLC

Go to solution
Majlo97
Level 1
Level 1

‎12-18-2023 06:47 AM

Hello to everyone,
I am basically just a beginner in networking, currently i am trying to join Cisco 3702 to joing WLC 2504
I have reseted it to rommon mode, uploaded rcvk image, it booted, after booting, it joined WLC, downloaded new image from WLC, when it rebooted after that, it cannot join WLC

Here is WLC output:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.5.120.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 15.0


OUI File Last Update Time........................ Sun Sep 07 10:44:07 IST 2014


Build Type....................................... DATA + WPS

System Name...................................... Cisco_d7:05:35
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 10.0.0.5
IPv6 Address..................................... ::
Last Reset....................................... Software reset
System Up Time................................... 3 days 1 hrs 34 mins 30 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

--More-- or (q)uit
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... RS - Serbia
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +30 C
External Temperature............................. +34 C
Fan Status....................................... 4664 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 15

OUI Classification Failure Count................. 0

Burned-in MAC Address............................ D0:C2:82:D7:05:30
Maximum number of APs supported.................. 75
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1
Here is AP output:

APd072.dc2b.0dfc#show version
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JF5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 30-Jan-18 00:57 by prod_rel_team

ROM: Bootstrap program is C3700 boot loader
BOOTLDR: C3700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB, RELEASE SOFTWARE (fc1)

APd072.dc2b.0dfc uptime is 10 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.153-3.JF5/ap3g2-k9w8-xx.153-3.JF5"
Last reload reason: Invalid config file.

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3702I-E-K9 (PowerPC) processor (revision A0) with 376814K/134656K bytes of memory.
Processor board ID FCZ1811D0M4
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.5.120.0
1 Gigabit Ethernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: D0:72:DC:2B:0D:FC
Part Number : 73-15243-01
PCB Serial Number : FOC180827KX
Top Assembly Part Number : 068-05054-01
Top Assembly Serial Number : FCZ1811D0M4
Top Revision Number : A0
Product/Model Number : AIR-CAP3702I-E-K9

 

Configuration register is 0xF

APd072.dc2b.0dfc#show log
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

 

No Inactive Message Discriminator.


Console logging: level debugging, 163 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 165 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
Trap logging: level informational, 142 message lines logged
Logging to 255.255.255.255 (udp port 514, audit disabled,
link up),
120 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:

Log Buffer (1048576 bytes):

*Mar 1 00:00:17.199: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:17.655: Registering HW DTLS
set_radio_pwr_mode: bad radio unit# 0
set_radio_pwr_mode: bad radio unit# 1

*Mar 1 00:00:18.675: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar 1 00:00:18.679: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...APAVC Registering AVC licences on the AP to make sure we enable advanced PP

*Mar 1 00:00:20.011: SCHED: Ethernet Bridge Process: install watched boolean System Initialized(5D68374), os:1 ah:0APAVC Protocol list already initialized.

*Mar 1 00:00:20.011: Start STILE Activation
APAVC: Succeeded to activate all the STILE protocols.
APAVC: Registering with CFT

*Mar 1 00:00:20.255: APAVC: CFT registration of delete callback succeeded
APAVC: Reattaching Original Buffer pool for system use

*Mar 1 00:00:20.255: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:21.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Dec 18 14:29:19.067: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JF5, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 30-Jan-18 00:57 by prod_rel_team
*Dec 18 14:29:19.067: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Dec 18 14:29:19.131: SCHED: Ethernet Bridge Process: remove watched boolean System Initialized(5D68374)
*Dec 18 14:29:19.131: SCHED: Ethernet Bridge Process: install watched queue Soap BVI input queue(AA6ED60), os:0 ah:0
*Dec 18 14:29:19.203: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
--More--
*Dec 18 14:40:44.339: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:40:44.403: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:40:44.403: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:40:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:40:55.279: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:40:55.279: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.5
*Dec 18 14:41:13.319: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:41:13.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:41:13.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:41:23.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:41:23.303: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:41:23.303: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.5
*Dec 18 14:41:41.343: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:41:41.407: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:41:41.407: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:41:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:41:51.279: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:41:51.283: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.5
*Dec 18 14:42:09.323: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:42:09.387: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:42:09.387: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:42:20.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:42:20.275: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:42:20.279: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.5
*Dec 18 14:42:38.319: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:42:38.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:42:38.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:42:48.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:42:48.279: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:42:48.279: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.0.5
*Dec 18 14:43:06.319: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246
*Dec 18 14:43:06.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

*Dec 18 14:43:06.383: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - Easy Admin is not enabled, turn it off!

*Dec 18 14:43:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:43:17.279: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.0.5 peer_port: 5246
*Dec 18 14:43:17.279: %CAPWAP-5-SENDJOIN: sending Join Request t*Dec 18 14:29:19.207: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Dec 18 14:29:19.211: %CAPWAP-5-AP_EASYADMIN_INFO: AP Easy Admin information - EASY_ADMIN is not set, turn off easy admin service!

 

I have googled this %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.5:5246 and did ap cert expire command on wlc and other command, it didn't help
10 previous AP-s have succesfully joined this WLC, but this one, nope

Thanks in advance


Labels:
0 Helpful
18 Replies 18

Go to solution
MHM Cisco World
VIP
VIP
In response to Majlo97

‎12-19-2023 11:50 PM

check the link I share above 
MHM

0 Helpful

Go to solution
Majlo97
Level 1
Level 1
In response to MHM Cisco World

‎12-19-2023 11:59 PM

Yeah, i have just read it, so basically i should upgrade my WLC to newer image.
Because i don't have any other problem with flash except for:

%Error opening flash:/capwap-saved-config (No such file or directory)
%Error opening flash:/capwap-saved-config-bak (No such file or directory)

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Majlo97

‎12-20-2023 12:39 AM

@Majlo97 wrote:
APd072.dc2b.0dfc>set_radio_pwr_mode: bad radio unit# 0
set_radio_pwr_mode: bad radio unit# 1

Raise a TAC Case and get the AP RMAed.  

The 5.0 Ghz radio is dead. 

This is a very common thing.  I have RMAed about 20 APs with dead 5.0 Ghz radios in the last 5 years.

Go to solution
Rich R
VIP
VIP
In response to Leo Laohoo

‎12-20-2023 02:40 AM

Yep in fact that's both radios dead.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card