cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
817
Views
0
Helpful
6
Replies

APs don't associate with redundant management IP (but will after ping)

Jeff Osthimer
Level 1
Level 1

WLC 2504 Software Version 8-0-110-0

2702e Access Points

I have configured dynamic AP management interfaces on ports two, three, and four with IP addresses in the same subnet as the default management interface. The APs won't associate with the WLC but connecting to the console of the AP shows it has obtained an IP and WLC address via DHCP and is able to ping the WLC's default management interface on port 1 (10.32.32.10).

However if I attempt to ping the non-default management interfaces (10.32.32.11-13) the AP immediately associates with the WLC.

Output from the console of the AP:

*Mar  2 20:01:13.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.32.32.12:5246
*Mar  2 20:01:23.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Mar  2 20:01:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.32.32.12 peer_port: 5246
*Mar  2 20:01:53.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xD072038!

APf07f.0693.0e74#ping 10.32.32.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.32.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
APf07f.0693.0e74#ping 10.32.32.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.32.11, timeout is 2 seconds:
!.!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/8 ms
APf07f.0693.0e74#
*Mar  2 20:17:48.471: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.32.32.11 peer_port: 5246
*Mar  2 20:17:48.471: %CAPWAP-5-SENDJOIN: sending Join Request to 10.32.32.11

For the time being I have removed the additional dynamic AP manager interfaces but would like to reinstate them for redundancy.

 

Any thoughts or suggestions?

6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame
*Mar  2 20:17:48.471: %CAPWAP-5-SENDJOIN: sending Join Request to 10.32.32.11

Look at the date of this log.  The date is incorrect.  

 

Post the complete output to the following commands: 

 

1.  WLC:  sh sysinfo; 

2.  WLC:  sh time; 

3.  AP:  sh version; and

4.  AP:  sh ip interface brief

The logs were collected a few weeks ago - that is why the dates aren't correct.

 

WLC

show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.0.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 19.0


Build Type....................................... DATA + WPS

System Name...................................... CAG-AIR2504
System Location.................................. MDF
System Contact................................... Modern Data 4198855500
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 10.32.32.10
IPv6 Address..................................... ::
Last Reset....................................... Software reset
System Up Time................................... 0 days 2 hrs 49 mins 41 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

--More-- or (q)uit

Configured Country............................... US  - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +40 C
External Temperature............................. +45 C
Fan Status....................................... 3500 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 13

Burned-in MAC Address............................ 84:80:2D:F9:38:E0
Maximum number of APs supported.................. 75
System Nas-Id.................................... CAG-AIR2504
WLC MIC Certificate Types........................ SHA1/SHA2

(Cisco Controller) >show time

Time............................................. Fri Mar 13 13:06:02 2015

Timezone delta................................... 0:0
Timezone location................................ (GMT -5:00) Eastern Time (US and Canada)

NTP Servers
    NTP Polling Interval.........................     86400

     Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
    -------  ----------------------------------------------------------------------------------
       1              0                                 95.81.173.8       AUTH DISABLED
       2              0                             193.225.121.131       AUTH DISABLED
       3              0                               91.121.61.207       AUTH DISABLED


 

AP (Not currently affected by the problem since I removed the non-default AP manager interfaces)


AP881d.fc3a.93f4#sh version
Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team

ROM: Bootstrap program is C2700 boot loader
BOOTLDR: C2700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB5m, RELEASE SOFTWARE (fc2)

AP881d.fc3a.93f4 uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"
Last reload reason:

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP2702E-A-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FTX1901S0G8
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 88:1D:FC:3A:93:F4
Part Number                          : 73-15823-03
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  :
PCB Serial Number                    : FOC18411M2Q
Top Assembly Part Number             : 800-41175-01
Top Assembly Serial Number           : FTX1901S0G8
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP2702E-A-K9

 

Configuration register is 0xF


AP881d.fc3a.93f4#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       10.32.129.197   YES DHCP   up                    up 
Dot11Radio0                unassigned      NO  unset  up                    up 
Dot11Radio1                unassigned      NO  unset  up                    up 
GigabitEthernet0           unassigned      NO  unset  up                    up 
GigabitEthernet1           unassigned      NO  unset  administratively down down
Virtual-WLAN0              unassigned      NO  unset  up                    up 
Virtual-WLAN0.1            unassigned      NO  unset  up                    up 
Virtual-WLAN0.2            unassigned      NO  unset  up                    up 
Virtual-WLAN0.3            unassigned      NO  unset  up                    up 
Virtual-WLAN0.4            unassigned      NO  unset  up                    up 
Virtual-WLAN0.5            unassigned      NO  unset  up                    up 
Virtual-WLAN0.6            unassigned      NO  unset  up                    up 
Virtual-WLAN0.7            unassigned      NO  unset  up                    up 
Virtual-WLAN0.8            unassigned      NO  unset  up                    up 
Virtual-WLAN0.9            unassigned      NO  unset  up                    up 
Virtual-WLAN0.10           unassigned      NO  unset  up                    up 
Virtual-WLAN0.11           unassigned      NO  unset  up                    up 
Virtual-WLAN0.12           unassigned      NO  unset  up                    up 
Virtual-WLAN0.13           unassigned      NO  unset  up                    up 
Virtual-WLAN0.14           unassigned      NO  unset  up                    up 
Virtual-WLAN0.15           unassigned      NO  unset  up                    up 
Virtual-WLAN0.16           unassigned      NO  unset  up                    up 
 

 

 

Ok, everything looks fine with the output.  


Can I ask if you can console into the AP and reboot the AP?  I would like to see the entire boot-up process of the AP.

I can do that when I am next on site. I'm assuming you want me to re-add the dynamic AP manager interfaces, correct? Without them the problem does not occur.

Hi Jeff, 

 

Nope.  Just bootup the AP as normal.  I want to see the entire bootup process and anything out of the ordinary.

Jeff,

I would not create ap managers for all ports as that configuration design was really with the older controllers. Keep the management interface as the ap manager which is default. That is how it should be implemented. 

-Scott

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card