WLC is 8510, infect when APs started flapping, I migrated all APs to 3rd controller that has 8.0.120.21 code, APs were still intermittent, then I reverted all to 1st and 2nd controllers that have 8.5.151.0 code, but now when they flap they 1st download the old code 120.21 and then latest code 151.0. , I have SSO redundancy..

Dear MHM, Here is the O/P

dot11 ssid XXXXX

!

dot11 pause-time 100

dot11 syslog

dot11 flex native-vlan-lvl 0

dot11 flex clear 0

eap profile lwapp_eap_profile

 method fast

!

no ipv6 cef

!

crypto pki trustpoint cisco-m2-root-cert

 revocation-check none

!

crypto pki trustpoint Cisco_IOS_M2_MIC_cert

 revocation-check none

!

crypto pki trustpoint airespace-old-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-new-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint airespace-device-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint cisco-root-cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

!

crypto pki trustpoint Cisco_IOS_MIC_cert

 revocation-check none

 rsakeypair Cisco_IOS_MIC_Keys

 match certificate ciscomic allow expired-certificate

!

crypto pki trustpoint virtual_wlc_trust_point

 revocation-check crl

 match certificate vwlcssc allow expired-certificate

!

!

!

crypto pki certificate map ciscomic 10

 issuer-name co cn = cisco manufacturing ca, o = cisco systems

!

crypto pki certificate map vwlcssc 1

 subject-name co o = cisco virtual wireless lan controller

!

crypto pki certificate chain cisco-m2-root-cert

 certificate ca 01

  30820313 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxx

        quit

crypto pki certificate chain Cisco_IOS_M2_MIC_cert

 certificate ca 02

  30820465 3082034D XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain airespace-old-root-cert

 certificate ca 00

  30820406 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain airespace-new-root-cert

 certificate ca 00

  3082045A XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain airespace-device-root-cert

 certificate ca 03

  3082047F XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain cisco-root-cert

 certificate ca 5FF87B282XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain Cisco_IOS_MIC_cert

 certificate 263D02A70000002F45A1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

 certificate ca 6A6967B3000000000003 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

        quit

crypto pki certificate chain virtual_wlc_trust_point

username admin secret XXXXXXXXXXXXXXXXXXXXXXX.

!

!

lldp run

bridge irb

!

!

!

interface Dot11Radio0

 no ip route-cache

 antenna gain 0

 stbc

 ampdu transmit priority 1

 ampdu transmit priority 2

 ampdu transmit priority 3

 mbssid

 speed  11.0 6.0 basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.

 power local 7

 power client local

 packet retries 64 drop-packet

 station-role root

!

interface Dot11Radio0.18

 encapsulation dot1Q 18

 no ip route-cache

 bridge-group 2

 bridge-group 2 subscriber-loop-control

 bridge-group 2 spanning-disabled

 bridge-group 2 block-unknown-source

 no bridge-group 2 source-learning

 no bridge-group 2 unicast-flooding

!

interface Dot11Radio0.19

 encapsulation dot1Q 19

 no ip route-cache

 bridge-group 3

 bridge-group 3 subscriber-loop-control

 bridge-group 3 spanning-disabled

 bridge-group 3 block-unknown-source

 no bridge-group 3 source-learning

 no bridge-group 3 unicast-flooding

!

interface Dot11Radio0.20

 encapsulation dot1Q 20

 no ip route-cache

 bridge-group 4

 bridge-group 4 subscriber-loop-control

 bridge-group 4 spanning-disabled

 bridge-group 4 block-unknown-source

 no bridge-group 4 source-learning

 no bridge-group 4 unicast-flooding

!

interface Dot11Radio1

 no ip route-cache

 antenna gain 0

 peakdetect

 stbc

 ampdu transmit priority 1

 ampdu transmit priority 2

 ampdu transmit priority 3

 mbssid

 speed  6.0 9.0 basic-12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.

 power client local

 packet retries 64 drop-packet

 station-role root

!

interface Dot11Radio1.18

 encapsulation dot1Q 18

 no ip route-cache

 bridge-group 2

 bridge-group 2 subscriber-loop-control

 bridge-group 2 spanning-disabled

 bridge-group 2 block-unknown-source

 no bridge-group 2 source-learning

 no bridge-group 2 unicast-flooding

!

interface Dot11Radio1.19

 encapsulation dot1Q 19

 no ip route-cache

 bridge-group 3

 bridge-group 3 subscriber-loop-control

 bridge-group 3 spanning-disabled

 bridge-group 3 block-unknown-source

 no bridge-group 3 source-learning

 no bridge-group 3 unicast-flooding

!

interface Dot11Radio1.20

 encapsulation dot1Q 20

 no ip route-cache

 bridge-group 4

 bridge-group 4 subscriber-loop-control

 bridge-group 4 spanning-disabled

 bridge-group 4 block-unknown-source

 no bridge-group 4 source-learning

 no bridge-group 4 unicast-flooding

!

interface GigabitEthernet0

 no ip route-cache

 duplex auto

 speed auto

!

interface GigabitEthernet0.750

 encapsulation dot1Q 750 native

 no ip route-cache

 bridge-group 1

 bridge-group 1 spanning-disabled

 no bridge-group 1 source-learning

!

interface BVI1

 mac-address bc16.65XX.XXXX

 ip address 172.19.XX.XX 255.255.XXXX

 no ip route-cache

 ipv6 address dhcp

 ipv6 address autoconfig

 ipv6 enable

!

interface BVI2

 mac-address f41f.c25b.XXXX

 no ip address

!

interface BVI3

 mac-address 0000.0c44.XXXX

 no ip address

!

interface BVI4

 mac-address 0000.0c44.XXXX

 no ip address

!        

interface Virtual-WLAN0

 no ip route-cache

!

ip default-gateway 172.19.XX.XX

ip forward-protocol nd

no ip http server

no ip http secure-server

ip ssh version 2

!

!

!

logging trap emergencies

logging origin-id string AP:bc16.XXXX.XXXX

logging facility kern

logging host 172.19.XX.XX

!

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 2 route ip

bridge 3 route ip

bridge 4 route ip

parser view capwap-config-view

 secret 5 XXXXXXXXXXXXXXXXXXXX

 commands configure include all capwap

 commands exec include all enable

 commands exec include configure terminal

 commands exec include configure

 commands exec include all show capwap

 commands exec include show running-config

 commands exec include show

!

parser view pnp-config-view

 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX

 commands configure include-exclusive capwap ap flexgroup

 commands configure include capwap ap

 commands configure include capwap

 commands exec include all enable

 commands exec include configure terminal

 commands exec include configure

 commands exec include show running-config

 commands exec include show

!        

!

line con 0

line vty 0 4

 transport input ssh

line vty 5 15

 transport input ssh

!

capwap ap strict-daisy-rap disable

capwap ap pause-time 100

capwap ap flexgroup default-flex-group

capwap ap unencrypted_data_keep_alive enable

capwap ap hyperlocation disable

capwap ap halo-APflag disable

capwap ap dot1x-port-state 0

capwap ap ble-adv-power 0

end