Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8629
Views
13
Helpful
25
Replies

APs Cannot join the Controller

Go to solution
Allan001
Level 1
Level 1

‎03-23-2023 09:35 AM

Hi all,

My APs can't join the C9800-CL ver 17.6.5. The controller is run on a HyperV server.

1) Certificate is configured, and I see it with: sh wireless management trustpoint. 

2) I configured the DHCP scope in the controller 

3) Checking the DHCP binding - it shows that 2 APs have been allocated addresses, and I can ping those 2 APs from the controller. However, the APs are not joining the controller. 

4) Wireless management is an SVI in controller under VLAN 10

5) Gig 2 is configured as a trunk, and VLAN is allowed on Gig2

6) The port-facing APs are configured as access with VLAN 10

Additionally, I haven't registered the controller with a license yet, so I'm uncertain whether it's necessary to do so for the APs to join. The AP model is C9115xai. In the logs, I cannot see any CAPWAP log. And to register the AP license to the controller using a smart account. I noticed some IP addresses need to be configured for the controller to communicate with CCSM - where would I get those IP addresses?

Any help is appreciated.

Thank you,

Labels:
0 Helpful
6 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-23-2023 09:39 AM

C9115xa  - what version of AP ? new model v5 or more  need Cat 9800 should be 17.8.X or 17.9.X

Also post complete log from AP console.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-23-2023 10:41 AM

First off... make sure you follow the guide and you have met the requirements for the size of the controller.  Also, when using a 9800-CL, you really don't want traffic to tunnel back.  You wan to setup the management and the wireless management which I usually use the management also as the WMI.  License is not an issue here because you probably purchased the license when you bought the ap... tied to the ap.  Place the ap on the same subnet as the controller management to at least validate if the ap can join.  Then you can move the ap to any other subnet and you don't have to create any new SVI on the controller.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide/b-c9800-cl-install-guide_chapter_01011.html

You can also search the internet for "cisco 9800-CL Hyper-V" and look at blogs and or videos on the setup. 

-Scott
*** Please rate helpful posts ***

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Allan001

‎03-24-2023 12:44 AM

Sure get the information so we can assist better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Rich R
VIP
VIP

‎03-24-2023 04:56 PM

Just one more thing to check for: if the APs are loaded with a very old version of AireOS then they may not be able to join the 17.6.5 WLC (due to security related changes in CAPWAP protocol).

In which case you'll need to manually update the AP code before they'll be able to join.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to Allan001

‎03-27-2023 04:35 PM

Your AP is running as an EWC WLC and at least one other AP is running as EWC.  You can convert it to capwap mode by a number of methods:

For EWC: https://www.cisco.com/c/en/us/support/docs/wireless/embedded-wireless-controller-on-catalyst-access-points/215303-embedded-wireless-controller-conversion.html#anc18

Accessing AP Console From EWC (former apciscoshell)

When console cable is plugged into the AP running EWC image, an EWC prompt will be shown by default. If, for any reason, access to the underlying AP shell is required, it can be done using:

EWC#wireless ewc-ap ap shell username admin

admin@192.168.129.1's password: Cisco123

To exit back to EWC shell, use:

AP1>logout

Connection to 192.168.129.1 closed.

EWC#

Note: This command is equivalent to apciscoshell that was previously available in Mobility Express controllers.

Converting EWC Back To Lightweight CAPWAP Mode

If AP running in EWC mode needs to be converted back to lightweight capwap mode, it can be done via:

AP1#ap-type capwap

AP is the Master AP, system will need a reboot when ap type is changed to CAPWAP

. Do you want to proceed? (y/N) y

Important: This command will perform a complete factory reset of both AP and EWC partition. Make sure to backup existing EWC configuration before conversion.

https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/white-paper-c11-743398.html#Conversion

 

Converting EWCs to CAPWAP using option 43

DHCP option 43 is a vendor-specific option and is used for providing WLC IP addresses to the access point. Using option 43 with a specific subtype option, you can have the EWC convert to CAPWAP and join a WLC appliance or virtual controller. After the AP receives DHCP option 43 and subtype 0xF2 at bootup, the AP type will be converted to CAPWAP, and the AP will follow the regular joining process.

The DHCP configuration on the switch is shown below.

Switch(dhcp-config)#option 43 hex F2056464645801

Personally I recommend removing the IOS-XE EWC code from them completely because they have a nasty habit of unexpectedly re-activating EWC when they can't reach the WLC.   Also note that running EWC and WLC together at the same time is NOT SUPPORTED.  To completely remove the EWC re-flash them using the process at:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9120axi-access-point/217537-repairing-c9120-c9115-access-points-from.html

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to Allan001

‎04-03-2023 03:48 AM

 

  @Allan001 - Did you run the WirelessAnalyze procedure which was requested earlier : (CLI) show tech wireless , feed output into :
                                          https://cway.cisco.com/wireless-config-analyzer/

  =?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

0 Helpful
25 Replies 25

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-23-2023 09:39 AM

C9115xa  - what version of AP ? new model v5 or more  need Cat 9800 should be 17.8.X or 17.9.X

Also post complete log from AP console.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Allan001
Level 1
Level 1
In response to balaji.bandi

‎03-23-2023 02:15 PM

Hi Balaji,

I really appreciate your taking the time to respond. The APs are at a remote site - I will get a tech to drive to the site tomorrow to console into the AP. I also asked the customer to check the UDP ports 5246 & 5247 are not blocked on the the FW. I found out that there is an FW in between the controllers and the switches with APs. Once I have the AP console output tomorrow, I will share it here

Thank you

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Allan001

‎03-24-2023 12:44 AM

Sure get the information so we can assist better.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Allan001
Level 1
Level 1
In response to balaji.bandi

‎03-24-2023 08:33 AM

Hi Balaji,

Thank you for the info. The Tech went to the site and could not do anything as the whole area had no power due to a transformer that blew up last night. Hopefully, by tomorrow it will be sorted them on Monday I can start working again.

Thank you so much.

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-23-2023 09:51 AM - edited ‎03-23-2023 09:53 AM

 

  - Check controller configuration with  show  tech wireless  (CLI command) and feed that output into : https://cway.cisco.com/wireless-config-analyzer/  , check AP model and verify if this FN might be applicable : https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72424.html  , for Cloud controller AIR-DNA license for APs is mandatory.

          Also check controller logs when the APs try to join , advised too  : check AP boot process with console attached, check for errors if any.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Allan001
Level 1
Level 1
In response to marce1000

‎03-23-2023 02:18 PM

Hi Marce,

Many thanks for providing solutions. Much appreciated. I will try the solutions you provided above. Once again, thank you for your time and effort in trying to help. 

Thank you

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎03-23-2023 10:41 AM

First off... make sure you follow the guide and you have met the requirements for the size of the controller.  Also, when using a 9800-CL, you really don't want traffic to tunnel back.  You wan to setup the management and the wireless management which I usually use the management also as the WMI.  License is not an issue here because you probably purchased the license when you bought the ap... tied to the ap.  Place the ap on the same subnet as the controller management to at least validate if the ap can join.  Then you can move the ap to any other subnet and you don't have to create any new SVI on the controller.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide/b-c9800-cl-install-guide_chapter_01011.html

You can also search the internet for "cisco 9800-CL Hyper-V" and look at blogs and or videos on the setup. 

-Scott
*** Please rate helpful posts ***

Go to solution
Allan001
Level 1
Level 1
In response to Scott Fella

‎03-23-2023 02:26 PM

Hi Scott, 

Thank you so much for your contributions. I really appreciate it. Currently, the APs are placed in the same vlan as the management. When configuring the controller, I used a cisco guide on deploying the C9800-CL on a HyperV. I am not sure what I am missing. I also watched youtube videos, and it looks like I configured the exact same config. The difference is mine is not working.

Once again thank you so much. 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Allan001

‎03-23-2023 06:05 PM

Console into the ap and attach that to the thread.  That should show a message why the ap con't join the controller.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Allan001
Level 1
Level 1
In response to Scott Fella

‎03-24-2023 02:04 AM

Hi Scott, 

I will get a tech to go to the site and share the output.

Thank you.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Allan001

‎03-24-2023 07:36 AM

@Allan001 a couple of things also.  I would configure the DHCP on the controller, ip helper should be on the SVI on the upstream L3 device and you should use an external DHCP server that all other devices use to obtain an ip address.  Also it doesn't hurt to register the controller to the Smartlicense portal, it only take a few minutes as long as the Smartlicense is in your portal.

Make sure the tech captures this from a few ap's also and you should check to make sure the switch port is configured properly so that the ap is on the management/wireless management vlan.  Doesn't hurt to provide the port configuration also, so that others can review and provide feedback.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Allan001
Level 1
Level 1
In response to Scott Fella

‎03-24-2023 08:32 AM

Hi Scott, 

Thank you for the info. The Tech went to the site and could not do anything as the whole area had no power due to a transformer that blew up last night. Hopefully, by tomorrow it will be sorted them on Monday I can start working again.

Thank you so much. 

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Allan001

‎03-24-2023 09:15 AM

Okay... thanks for the update.

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎03-23-2023 11:14 AM

 

 - Adding to my initial reply , if problems persist then start using these tools too : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800APJoin

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card