03-12-2015 01:35 PM - edited 07-05-2021 02:41 AM
WLC 2504 Software Version 8-0-110-0
2702e Access Points
I have configured dynamic AP management interfaces on ports two, three, and four with IP addresses in the same subnet as the default management interface. The APs won't associate with the WLC but connecting to the console of the AP shows it has obtained an IP and WLC address via DHCP and is able to ping the WLC's default management interface on port 1 (10.32.32.10).
However if I attempt to ping the non-default management interfaces (10.32.32.11-13) the AP immediately associates with the WLC.
Output from the console of the AP:
*Mar 2 20:01:13.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.32.32.12:5246
*Mar 2 20:01:23.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Mar 2 20:01:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.32.32.12 peer_port: 5246
*Mar 2 20:01:53.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xD072038!
APf07f.0693.0e74#ping 10.32.32.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.32.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
APf07f.0693.0e74#ping 10.32.32.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.32.32.11, timeout is 2 seconds:
!.!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/8 ms
APf07f.0693.0e74#
*Mar 2 20:17:48.471: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.32.32.11 peer_port: 5246
*Mar 2 20:17:48.471: %CAPWAP-5-SENDJOIN: sending Join Request to 10.32.32.11
For the time being I have removed the additional dynamic AP manager interfaces but would like to reinstate them for redundancy.
Any thoughts or suggestions?
03-12-2015 02:34 PM
*Mar 2 20:17:48.471: %CAPWAP-5-SENDJOIN: sending Join Request to 10.32.32.11
Look at the date of this log. The date is incorrect.
Post the complete output to the following commands:
1. WLC: sh sysinfo;
2. WLC: sh time;
3. AP: sh version; and
4. AP: sh ip interface brief
03-13-2015 10:09 AM
The logs were collected a few weeks ago - that is why the dates aren't correct.
WLC
show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.0.110.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 19.0
Build Type....................................... DATA + WPS
System Name...................................... CAG-AIR2504
System Location.................................. MDF
System Contact................................... Modern Data 4198855500
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 10.32.32.10
IPv6 Address..................................... ::
Last Reset....................................... Software reset
System Up Time................................... 0 days 2 hrs 49 mins 41 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US and Canada)
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
--More-- or (q)uit
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +40 C
External Temperature............................. +45 C
Fan Status....................................... 3500 rpm
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 13
Burned-in MAC Address............................ 84:80:2D:F9:38:E0
Maximum number of APs supported.................. 75
System Nas-Id.................................... CAG-AIR2504
WLC MIC Certificate Types........................ SHA1/SHA2
(Cisco Controller) >show time
Time............................................. Fri Mar 13 13:06:02 2015
Timezone delta................................... 0:0
Timezone location................................ (GMT -5:00) Eastern Time (US and Canada)
NTP Servers
NTP Polling Interval......................... 86400
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ----------------------------------------------------------------------------------
1 0 95.81.173.8 AUTH DISABLED
2 0 193.225.121.131 AUTH DISABLED
3 0 91.121.61.207 AUTH DISABLED
AP (Not currently affected by the problem since I removed the non-default AP manager interfaces)
AP881d.fc3a.93f4#sh version
Cisco IOS Software, C2700 Software (AP3G2-K9W8-M), Version 15.3(3)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 19-Dec-14 11:20 by prod_rel_team
ROM: Bootstrap program is C2700 boot loader
BOOTLDR: C2700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB5m, RELEASE SOFTWARE (fc2)
AP881d.fc3a.93f4 uptime is 2 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.153-3.JA1/ap3g2-k9w8-xx.153-3.JA1"
Last reload reason:
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP2702E-A-K9 (PowerPC) processor (revision A0) with 376810K/134656K bytes of memory.
Processor board ID FTX1901S0G8
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.110.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 88:1D:FC:3A:93:F4
Part Number : 73-15823-03
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC18411M2Q
Top Assembly Part Number : 800-41175-01
Top Assembly Serial Number : FTX1901S0G8
Top Revision Number : A0
Product/Model Number : AIR-CAP2702E-A-K9
Configuration register is 0xF
AP881d.fc3a.93f4#show ip interface brief
Interface IP-Address OK? Method Status Protocol
BVI1 10.32.129.197 YES DHCP up up
Dot11Radio0 unassigned NO unset up up
Dot11Radio1 unassigned NO unset up up
GigabitEthernet0 unassigned NO unset up up
GigabitEthernet1 unassigned NO unset administratively down down
Virtual-WLAN0 unassigned NO unset up up
Virtual-WLAN0.1 unassigned NO unset up up
Virtual-WLAN0.2 unassigned NO unset up up
Virtual-WLAN0.3 unassigned NO unset up up
Virtual-WLAN0.4 unassigned NO unset up up
Virtual-WLAN0.5 unassigned NO unset up up
Virtual-WLAN0.6 unassigned NO unset up up
Virtual-WLAN0.7 unassigned NO unset up up
Virtual-WLAN0.8 unassigned NO unset up up
Virtual-WLAN0.9 unassigned NO unset up up
Virtual-WLAN0.10 unassigned NO unset up up
Virtual-WLAN0.11 unassigned NO unset up up
Virtual-WLAN0.12 unassigned NO unset up up
Virtual-WLAN0.13 unassigned NO unset up up
Virtual-WLAN0.14 unassigned NO unset up up
Virtual-WLAN0.15 unassigned NO unset up up
Virtual-WLAN0.16 unassigned NO unset up up
03-13-2015 11:41 PM
Ok, everything looks fine with the output.
Can I ask if you can console into the AP and reboot the AP? I would like to see the entire boot-up process of the AP.
03-16-2015 01:42 PM
I can do that when I am next on site. I'm assuming you want me to re-add the dynamic AP manager interfaces, correct? Without them the problem does not occur.
03-16-2015 02:20 PM
Hi Jeff,
Nope. Just bootup the AP as normal. I want to see the entire bootup process and anything out of the ordinary.
03-16-2015 08:30 PM
Jeff,
I would not create ap managers for all ports as that configuration design was really with the older controllers. Keep the management interface as the ap manager which is default. That is how it should be implemented.
-Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide