Solved: Re: AP´s not Join

athan1234 · ‎08-22-2024

Hello everyone.

This is the case I have. A few APs were configured to connect to the controller. I notice that the APs are not joining.

I am tryng to troubleshoot, but I am unable to find any solutions to identify the problem.

My coworker configured the capwap tunnel i requested to him the set up . I dont have access to AP they are on the customer on the ceeliing , tomorrow maybe i am going to the customer if i dont get to join before

/////

The ip are fixed

The model are air-ap1852

I dont know the firmware

////////////////////////
24:36:da:2e:96:40 N A APZALF5_39 10.54.10.239 Not Joined
252 10.54.10.252 Not Joined
F5_13 10.54.10.213 Not Joined
32 10.54.10.232 Not Joined

///////

>show ap join stats detailed 24:36:da:2e:96:40

Sync phase statistics
- Time at sync request received............................ Not applicable
- Time at sync completed................................... Not applicable

Discovery phase statistics
- Discovery requests received.............................. 211
- Successful discovery responses sent...................... 211
- Unsuccessful discovery request processing................ 0
- Reason for last unsuccessful discovery attempt........... Not applicable
- Time at last successful discovery attempt................ Aug 22 17:16:17.466
- Time at last unsuccessful discovery attempt.............. Not applicable

Join phase statistics
- Join requests received................................... 0
- Successful join responses sent........................... 0
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Not applicable
- Time at last unsuccessful join attempt................... Not applicable

Configuration phase statistics

--More-- or (q)uit
- Configuration requests received.......................... 0
- Successful configuration responses sent.................. 0
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Not applicable
- Time at last unsuccessful configuration attempt.......... Not applicable

Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable

Last AP disconnect details
- Reason for last AP connection failure.................... Not applicable
- Last AP disconnect reason................................ Not applicable

Last join error summary
- Type of error that occurred last......................... None
- Reason for error that occurred last...................... Not applicable
- Time at which the last join error occurred............... Not applicable

AP disconnect details
- Reason for last AP connection failure.................... Not applicable
Ethernet Mac : 00:00:00:00:00:00 Ip Address : 10.54.10.239

///////////////////////

The stup the cawap tunnel was this

capwap ap primary-base WLC1 10.50.4.101

capwap ap ip 10.54.10.239 255.255.255.0 10.54.10.1

capwap ap hostname name AP

///////////////////////

I'm using SSH to connect to an APit is work , and while I can see the configuration, I'm not sure whether it's enabled correctly or if the tunnel capwap mask needs to be changed. Does it not? Maybe that was the mistake, right?

>show capwap ip
config CAPWAP IP static configuration
APZALF5_210>show capwap ip config
IP Address : 10.54.10.210
IP netmask : 255.255.0.0
Default Gateway : 10.54.4.1
/////

CONTROLER VERSION

System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.5.161.0
RTOS Version..................................... 8.5.161.0
Bootloader Version............................... 8.5.103.0
Emergency Image Version.......................... 8.5.103.0

OUI File Last Update Time........................ N/A
Build Type....................................... DATA + WPS

System Name...................................... WLC_ZAL_F5
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.2427
Redundancy Mode.................................. SSO
IP Address....................................... 10.54.4.101
IPv6 Address..................................... ::

Flavio Miranda · ‎08-22-2024

"so , Is it right that the capwap tunnel was configured in this app but was not joined?"

capwap ap primary-base WLC1 10.50.4.101

capwap ap ip 10.54.10.239 255.255.255.0 10.54.10.1

capwap ap hostname name AP"

If the log you share above is from the Access Point, yes, the tunnel is right as the AP is hitting the WLC and asking to join.

//////////////////////////////

"On the other hand, the APs are currently in the celling; I plan to check them tomorrow.

Which command I have to check it on the AP."

You dont need to check with commnads. Only connect to the AP in console mode, restart the AP and try to catch the logs. There will be some message on why the AP is not joining. Share the logs here please.

//////

"One more thing: what will the user and password be when i try to conncet via to those AP's console?"

Cisco/Cisco

This is the standard username and password. You can also reset it in case it does not work. Just press the button on the back with a something, then connect the AP to the network or power supply, if that is the case, and hold for 20 seconds.

This should be enough to reset the AP.

Go prepared to maybe replace the AP firmware because this could be easly the problem.

View solution in original post

marce1000 · ‎08-22-2024

- What controller model is this ?
+ Normally I would ask the full console boot (output) from an AP ; but since they are remote on the ceiling I would ask to reboot one of them and just after available in the network again issue the command show logging , post the output here.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda · ‎08-22-2024

@athan1234

Based on the information you shared above:

- Discovery requests received.............................. 211
- Successful discovery responses sent...................... 211

The AP is reaching the WLC and the WLC is replying back to the AP. Meaning, the communication seems to be fine, unless of course, the AP is not receiving the reply from the WLC.

To figure that out, you need to have console cable to at least on AP presenting the problem to check either the AP is receiving the discovery response or it is not receiving.

CAPWAP access point will not allow you to SSH when it is not joined on the WLC, you need to have console access on it either locally or someone providing you access via console.

My suspicious is related to firm version on the Access Point, but need to check.

athan1234 · ‎08-22-2024

Regards, @Flavio Miranda

so , Is it right that the capwap tunnel was configured in this app but was not joined?

capwap ap primary-base WLC1 10.50.4.101

capwap ap ip 10.54.10.239 255.255.255.0 10.54.10.1

capwap ap hostname name AP

//////////////////////////////

On the other hand, the APs are currently in the celling; I plan to check them tomorrow.

Which command I have to check it on the AP.

//////

One more thing: what will the user and password be when i try to conncet via to those AP's console?

marce1000 · ‎08-22-2024

>...One more thing: what will the user and password be when i try to conncect via to those AP's console?
- It's only set or can be set when the AP is managed by the controller , for the time being getting the boot
process (output) from one of them is the most important task.

+ Also specify the controller model

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda · ‎08-22-2024

"so , Is it right that the capwap tunnel was configured in this app but was not joined?"

capwap ap primary-base WLC1 10.50.4.101

capwap ap ip 10.54.10.239 255.255.255.0 10.54.10.1

capwap ap hostname name AP"

If the log you share above is from the Access Point, yes, the tunnel is right as the AP is hitting the WLC and asking to join.

//////////////////////////////

"On the other hand, the APs are currently in the celling; I plan to check them tomorrow.

Which command I have to check it on the AP."

You dont need to check with commnads. Only connect to the AP in console mode, restart the AP and try to catch the logs. There will be some message on why the AP is not joining. Share the logs here please.

//////

"One more thing: what will the user and password be when i try to conncet via to those AP's console?"

Cisco/Cisco

This is the standard username and password. You can also reset it in case it does not work. Just press the button on the back with a something, then connect the AP to the network or power supply, if that is the case, and hold for 20 seconds.

This should be enough to reset the AP.

Go prepared to maybe replace the AP firmware because this could be easly the problem.

athan1234 · ‎09-16-2024

Hi @Flavio Miranda Thank you for all and your help.

Rob Getrost · ‎08-22-2024

From your output above, the WLC you are trying to join is

WLC_ZAL_F5 10.54.4.101

So your join statement on the AP should match:

capwap ap primary-base WLC_ZAL_F5 10.54.4.101 NOT capwap ap primary-base WLC1 10.50.4.101

A remote workaround you could consider only if this is your only WLC is to create the dns name CISCO-CAPWAP-CONTROLLER to the IP of your WLC. This is the default catchall that an AP will use when it can't find a WLC. If its not your only WLC, doing this could cause other AP's to move if they are already relying on that DNS, so be careful with this.

athan1234 · ‎09-16-2024

Hi @Rob Getrost Sorry for the delayed response; I was out.

You are right so thanks

Rob Getrost · ‎08-22-2024

Please check your addressing

The instruction you have given to the AP is to reach the WLC @ capwap ap primary-base WLC1 10.50.4.101
But the IP specified in the Controller Version Details specifies IP Address....................................... 10.54.4.101 Look at the second octet

Leo Laohoo · ‎08-22-2024

Post the complete output to the following WLC commands:

sh sysinfo
sh time

From the AP, post the complete output to the following commands:

sh ip interface brief
sh capwap client rcb

Rich R · ‎08-27-2024

@athan1234
What model(s) are the APs? (show ver)
What model is the WLC? Marce has already asked you this twice - but you need to answer because it is important. (show inventory)

The software version (8.5.161.0) is old but the recommended version to upgrade to will depend on the WLC and AP models. If you want to work it out for yourself refer to the Compatibility Matrix and TAC Recommended links below. In general it should be on 8.5.182.12 (for older WLCs and APs which ended on 8.5) or 8.10.196.0 for newer WLC and AP models.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

athan1234 · ‎09-16-2024

I appreciate all of your responses.