10-04-2017 05:06 AM - edited 07-05-2021 07:42 AM
Hello, everybody!
I have 2504 with 8.3.111.0 code, it's IP is 192.168.16.4/21. Using DHCP I assigned IPs to APs from the same range 192.168.16.0/21. There are DNS A-records:
cisco-capwap-controller 192.168.16.4
cisco-LWAPP-controller 192.168.16.4
I can ping all AP's IPs and WLC's IP.
The problem is my APs doesn't appear on controller. I have very different APs from 3502 to 3802.
What most likely could be the problem?
Many thanks in advance,
Ilya
Solved! Go to Solution.
10-04-2017 07:35 AM
Check the date and time on Controller.
Please set correct date and time and then check again.
Regards
Dont forget to rate helpful posts
10-04-2017 07:36 AM
10-04-2017 05:33 AM
Paste the output of these commands:
sh sysinfo from WLC
sh version from AP
Regards
Dont forget to rate helpful posts
10-04-2017 05:42 AM
Hello, Sandeep,
here you are:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.111.0
Bootloader Version............................... 1.0.16
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0
OUI File Update Time............................. Sun Sep 07 10:44:07 IST 2014
Build Type....................................... DATA + WPS
System Name...................................... WLC2504
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 192.168.16.4
IPv6 Address..................................... ::
Last Reset....................................... Power on reset
System Up Time................................... 7 days 22 hrs 33 mins 27 secs
System Timezone Location.........................
--More-- or (q)uit
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... RU - Russian Federation
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +32 C
External Temperature............................. +35 C
Fan Status....................................... 3800 rpm
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
OUI Classification Failure Count................. 0
Burned-in MAC Address............................ D0:C2:82:E2:B4:C0
Maximum number of APs supported.................. 75
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1
I can't connect to APs because don't know their passwords. What is a default cisco AP password?
Many thank for your reply!
10-04-2017 05:46 AM
default username password is: Cisco/Cisco.
Regards
Dont forget to rate helpful posts
10-04-2017 06:09 AM
Hi,
the strange thing is I can ping APs but can't telnet them (or ssh).
I can connect only to one of them but password doesn't work(
10-04-2017 06:17 AM - edited 10-04-2017 06:18 AM
which AP model you have? can you paste the complete name !!!
Example: AIR-CAP1602I-E-K9
Cisco/Cisco is the default username and password.
Connect via Console and then check it!!!!
Regards
Dont forget to rate helpful posts
10-04-2017 06:26 AM
I have a lot of models, 3502, 2602, 3802, 1140...
What can I do using console link? Reset APs?
Or manually setup controller?
10-04-2017 06:29 AM
1. No , I just wanted to check if these APs regulatory domain are comptibile with Russioan Fedreation or not!!
2. If you can login via console then we can see the errors in console logs...
alternatively ..what you can do is:
you can try to put APs in same subnet as your WLC is in and then check if its joining or not!!!!!
Regards
Dont forget to rate helpful posts
10-04-2017 06:35 AM
They are in the same subnet already!!! 192.168.16.0/21
These AP are local, Russian AP, for ROW domain. May be I can manyally set controller for them?
10-04-2017 06:46 AM
if they are in same subnet then please paste the logs from cosole of AP..
alos try manually:
capwap ap controller ip address <IP Address>
Regards
Dont forget to rate helpful posts
10-04-2017 06:54 AM
I've connected over Console to 3802
[*01/08/2000 23:50:13.6342] DTLS: Received packet caused DTLS to close connection
[*01/08/2000 23:50:13.6342]
[*01/08/2000 23:50:13.6342] Lost connection to the controller, going to restart CAPWAP...
[*01/08/2000 23:50:13.6342]
[*01/08/2000 23:50:13.6349] CAPWAP State: DTLS Teardown [*01/08/2000 23:50:18.2726] CAPWAP State: Discovery
[*01/08/2000 23:50:33.2863] DNS resolved CISCO-CAPWAP-CONTROLLER.itsummit.local
[*01/08/2000 23:50:33.2863] DNS discover addr: 192.168.16.4
[*01/08/2000 23:50:33.2874] Discovery Request sent to 192.168.16.4 with discovery type set to CAPWAP_DISCOVERY_TYPE_DNS(3)
[*01/08/2000 23:50:33.2885] Discovery Request sent to 255.255.255.255 with discovery type set to CAPWAP_DISCOVERY_TYPE_UNKNOWN(0)
[*01/08/2000 23:50:33.2887] Discovery Response from 192.168.16.4
[*01/08/2000 23:50:49.0004] Discovery Response from 192.168.16.4
[*01/08/2000 23:50:49.0000] CAPWAP State: DTLS Setup
[*01/08/2000 23:50:50.6477] Bad certificate alert received from peer.
[*01/08/2000 23:50:50.6480] DTLS: Received packet caused DTLS to close connection
[*01/08/2000 23:50:50.6480]
[*01/08/2000 23:50:50.6480] Lost connection to the controller, going to restart CAPWAP...
[*01/08/2000 23:50:50.6480]
[*01/08/2000 23:50:50.6556] CAPWAP State: DTLS Teardown
[*01/08/2000 23:50:49.0000] CAPWAP State: DTLS Setup
[*01/08/2000 23:50:50.6457] Bad certificate alert received from peer.
[*01/08/2000 23:50:50.6460] DTLS: Received packet caused DTLS to close connection
[*01/08/2000 23:50:50.6460]
[*01/08/2000 23:50:50.6460] Lost connection to the controller, going to restart CAPWAP...
[*01/08/2000 23:50:50.6460]
[*01/08/2000 23:50:50.6494] CAPWAP State: DTLS Teardown
10-04-2017 06:56 AM
10-04-2017 07:41 AM
The certificate on the APs might either be expired or the SSC hash needs to be added to the controller.
You may also want to make sure NTP is enabled and working on your controller.
Alternately, you could try having the controller ignore expired certificates:
config ap cert-expiry-ignore {mic|ssc} enable
Lastly, we were trying to make sure the AP was in fact a Russian regulatory domain AP by verifying the exact model number of the AP. Is this a new deployment or did things just stop working? Where did you get the hardware from? If it was third party, you may have US hardware, etc.
Hope this helps.
-Derrick
*** Rate helpful posts ***
10-04-2017 07:35 AM
Check the date and time on Controller.
Please set correct date and time and then check again.
Regards
Dont forget to rate helpful posts
10-04-2017 07:36 AM
You are right - it was **bleep**ing time.
Many thanks to you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide