Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
20
Helpful
7
Replies

AP unable to join WLC - solid green light

Go to solution
cisconn00b
Beginner
Beginner

‎08-19-2022 08:17 AM

Hello all, I am having issues with wireless controller Catalyst model 9800 L-F and access point model AIR-CAP3702i-A-K9.  I have 2 of these access points and only one of them is able to join the WLC.  The one giving me issues has a solid green light on and it shows up in the GUI under Configuration>wireless setup > basic > "APs on this location" > it shows the mac address and "not joined", and N/A AP name while the other APs that work, says joined.  

I've tried to wipe the AP using 

ap: delete flash:private-multiple-fs

AP#clear capwap private-config

Below are the error messages I see when consoled into the AP

 

*Aug 19 16:07:22.999: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 3AFC900. -Process= "CAPWAP CLIENT", ipl= 0, pid= 73
-Traceback= 119AF80z 12A89C8z 12AA11Cz 16F32C8z 1762360z 16FD224z 1725FFCz 17278A4z 171E070z 1728184z 171E374z 17305D8z 173C56Cz 1728250z 176052Cz 172E614z
*Aug 19 16:07:22.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Aug 19 16:07:22.999: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg

*Aug 19 16:07:22.999: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default config
*Aug 19 16:07:23.007: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg

*Aug 19 16:07:33.007: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 19 16:08:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.100.9 peer_port: 5246Peer certificate verification failed FFFFFFFF

*Aug 19 16:08:38.003: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Aug 19 16:08:38.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:467 Certificate verified failed!
*Aug 19 16:08:38.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.1.100.9:5246
*Aug 19 16:09:42.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 19 16:08:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.100.9 peer_port: 5246Peer certificate verification failed FFFFFFFF

*Aug 19 16:08:38.003: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Aug 19 16:08:38.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:467 Certificate verified failed!
*Aug 19 16:08:38.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.1.100.9:5246
*Aug 19 16:09:42.999: %SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 3AFC900. -Process= "CAPWAP CLIENT", ipl= 0, pid= 73
-Traceback= 119AF80z 12A89C8z 12AA11Cz 16F32C8z 1762360z 16FD224z 1725FFCz 17278A4z 171E070z 1728184z 171E374z 17305D8z 173C56Cz 1728250z 176052Cz 172E614z
*Aug 19 16:09:42.999: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Aug 19 16:09:42.999: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg

*Aug 19 16:09:42.999: %CAPWAP-3-ERRORLOG: Failed to load configuration from flash. Resetting to default config
*Aug 19 16:09:43.007: %LWAPP-3-CLIENTERRORLOG: Config load from flash failed. Initialising Cfg

AP58f3.9c3e.fdfc#
*Aug 19 16:09:53.007: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 19 16:10:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: x.x.x.x peer_port: 5246Peer certificate verification failed FFFFFFFF

*Aug 19 16:10:58.003: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Aug 19 16:10:58.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:467 Certificate verified failed!
*Aug 19 16:10:58.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to x.x.x.x:5246

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎08-21-2022 01:59 AM

What version of software is installed on the 3702?  It needs to be at least 8.10.162.0 (15.3(3)JK6) to be able to join that WLC.
To save download time simply install the 17.3.5a code manually - 15.3(3)JPJ8a -
https://software.cisco.com/download/home/285029865/type/280775090/release/15.3.3-JPI8a
Note that 17.3.5b is released now.
https://software.cisco.com/download/home/286321399/type/282046477/release/Amsterdam-17.3.5b

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

View solution in original post

Go to solution
Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎08-24-2022 04:34 AM

The correct command to install new software (which automatically updates the boot variables) is:
archive download-sw tftp://x.x.x.x/ap3g2-k9w8-tar.153-3.JPN.tar
Note you've set the boot variable to JPJ8a but the image you installed is JPN!!!

To delete files manually: del /f /r flash:tftp://x.x.x.x/ap3g2-k9w8-tar.153-3.JPN.tar
When you use archive download-sw it will automatically delete old images to make space unless you use the various options to disable that.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

View solution in original post

7 Replies 7

Go to solution
marce1000
VIP Mentor VIP Mentor
VIP Mentor

‎08-19-2022 10:08 AM

 

 - What is the IOS-XE version that the controller is running , not that these are only supported up and to 17.3.x (no later).

 M.



-- ' A nun once asked a penguin ' do you think the earth is flat ? ; the penguin replied :
Madam, it all depends , in Riemann geometries the earth can be perfectly flat! The nun thanked him , he tripped and fell forward : the poor animal had forgotten that he might be living in a Riemann geometry too!
0 Helpful

Go to solution
cisconn00b
Beginner
Beginner
In response to marce1000

‎08-19-2022 10:57 AM

The WLC is running version17.3.5a

0 Helpful

Go to solution
marce1000
VIP Mentor VIP Mentor
VIP Mentor
In response to cisconn00b

‎08-19-2022 11:16 AM

 

               - Check if controller is set to correct time and or using NTP.

 M.



-- ' A nun once asked a penguin ' do you think the earth is flat ? ; the penguin replied :
Madam, it all depends , in Riemann geometries the earth can be perfectly flat! The nun thanked him , he tripped and fell forward : the poor animal had forgotten that he might be living in a Riemann geometry too!

Go to solution
Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎08-21-2022 01:59 AM

What version of software is installed on the 3702?  It needs to be at least 8.10.162.0 (15.3(3)JK6) to be able to join that WLC.
To save download time simply install the 17.3.5a code manually - 15.3(3)JPJ8a -
https://software.cisco.com/download/home/285029865/type/280775090/release/15.3.3-JPI8a
Note that 17.3.5b is released now.
https://software.cisco.com/download/home/286321399/type/282046477/release/Amsterdam-17.3.5b

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

Go to solution
cisconn00b
Beginner
Beginner
In response to Rich R

‎08-23-2022 02:52 PM

It is currently on 15.2(4)JB. I downloaded the image filename: ap3g2-k9w8-tar.153-3.JPN.tar and I was able to run the command

ap: tar -xtract tftp://x.x.x.x/ap3g2-k9w8-tar.153-3.JPN.tar flash:

I tried to boot after this but it booted the old one. I then changed: set BOOT = flash:/ap3g2-k9w8-mx.153-3.JPJ8a/ap3g2-k9w8-xx.153-3.JPJ8a

I don't think this is the right file because it failed.  

when looking in Dir, I can see:

34 drwx 512 <date> ap3g2-rcvk9w8-mx

8 drwx 2496 <date> ap3g2-k9w8-mx.153-3.JPN

11 drwx 2368 <date> ap3g2-k9w8-mx.153-3.JF12

How do I remove the old one and just boot whatever is necessary.  This is for a lightweight AP

0 Helpful

Go to solution
Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎08-24-2022 04:34 AM

The correct command to install new software (which automatically updates the boot variables) is:
archive download-sw tftp://x.x.x.x/ap3g2-k9w8-tar.153-3.JPN.tar
Note you've set the boot variable to JPJ8a but the image you installed is JPN!!!

To delete files manually: del /f /r flash:tftp://x.x.x.x/ap3g2-k9w8-tar.153-3.JPN.tar
When you use archive download-sw it will automatically delete old images to make space unless you use the various options to disable that.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

Go to solution
cisconn00b
Beginner
Beginner
In response to Rich R

‎08-24-2022 01:20 PM

Thank you for the help. After updating the AP, it was able to join the controller.  You're right, once I changed the syntax to .JPN, it worked.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents