cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
929
Views
0
Helpful
7
Replies
Chris Callison
Beginner

C9130axi - cannot add additional AP

I have a C9130axi running 17.3.3 in EWC mode.

I would like to add an additional AP (3802i).

 

I have added the new AP to a Cisco Catalyst 3850:

 

interface GigabitEthernet1/0/25
description "Cisco 9130axi EWC AP"
switchport trunk native vlan 424
switchport trunk allowed vlan 423-426,997,998
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet1/0/26
description "Cisco 3802i AP"
switchport trunk native vlan 424
switchport trunk allowed vlan 423-426,997,998
switchport mode trunk
spanning-tree portfast

 

POE is working

 

stand#sho power inline | include on
Gi1/0/25 auto on 30.0 C9130AXI-B 4 30.0
Gi1/0/26 auto on 30.0 AIR-AP3802I-B-K9 4 30.0

 

CDP & LLDP are both seeing the devices

 

I added the new AP through the webgui "Configuration | Wireless | Access Points" using the base mac address, but that didn't help.

 

I have also tried changing the settings "Authorize APs against MAC" and "Authorize APs against Serial Number" from disabled to enabled, but that didn't help, either.

 

The AP is going through sequence this over and over.

 

[*08/10/2021 18:18:00.5056] CAPWAP State: Discovery
[*08/10/2021 18:18:00.5106] Discovery Request sent to 192.168.42.130, discovery type STATIC_CONFIG(1)
[*08/10/2021 18:18:00.5115] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*08/10/2021 18:18:00.5132] Discovery Response from 192.168.42.130
[*08/10/2021 18:18:10.0002] Discovery Response from 192.168.42.130
[*08/10/2021 18:18:10.0000]
[*08/10/2021 18:18:10.0000] CAPWAP State: DTLS Setup
[*08/10/2021 18:18:10.0474] dtls_load_ca_certs: LSC Root Certificate not present
[*08/10/2021 18:18:10.0474]
[*08/10/2021 18:18:10.0500]
[*08/10/2021 18:18:10.0500] CAPWAP State: Join
[*08/10/2021 18:18:10.0536] Sending Join request to 192.168.42.130 through port 5272
[*08/10/2021 18:18:10.0572] Invalid event 10 & state 5 combination.
[*08/10/2021 18:18:10.0572] CAPWAP SM handler: Failed to process message type 10 state 5.
[*08/10/2021 18:18:10.0572] Failed to handle capwap control message from controller - status 1
[*08/10/2021 18:18:10.0573] Failed to process encrypted capwap packet 0x26b3000 from 192.168.42.130
[*08/10/2021 18:18:10.0573] Failed to send capwap message 0 to the state machine. Packet already freed.
[*08/10/2021 18:18:10.0573] IPv4 wtpProcessPacketFromSocket returned 1
[*08/10/2021 18:18:10.0574] Join Response from 192.168.42.130
[*08/10/2021 18:18:10.1342] HW CAPWAP tunnel is ADDED
[*08/10/2021 18:18:10.1490]
[*08/10/2021 18:18:10.1490] CAPWAP State: Image Data
[*08/10/2021 18:18:10.1798] do NO_UPGRADE, part1 is active part
[*08/10/2021 18:18:10.1830]
[*08/10/2021 18:18:10.1830] CAPWAP State: Configure
[*08/10/2021 18:18:10.1857] NO-ENC-PROVIDER for DOT11R_WLC_MAC_IP_PAYLOAD
[*08/10/2021 18:18:41.5488] Re-Tx Count=11, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:41.5488]
[*08/10/2021 18:18:44.3996] Re-Tx Count=12, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:44.3996]
[*08/10/2021 18:18:47.2504] Re-Tx Count=13, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:47.2504]
[*08/10/2021 18:18:50.1013] Re-Tx Count=14, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:50.1013]
[*08/10/2021 18:18:52.9521] Re-Tx Count=15, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:52.9521]
[*08/10/2021 18:18:53.6370] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Configure(8).
[*08/10/2021 18:18:55.8029] Re-Tx Count=16, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:55.8029]
[*08/10/2021 18:18:55.8030] Max retransmission count exceeded, going back to DISCOVER mode.
[*08/10/2021 18:18:55.8030] GOING BACK TO DISCOVER MODE
[*08/10/2021 18:18:55.8035]
[*08/10/2021 18:18:55.8035] CAPWAP State: DTLS Teardown

7 REPLIES 7
marce1000
VIP Mentor

 

 - Is there anything in the logs of  the C9130axi, if not make sure the AP is using dhcp option 43 for instance, and this pointing to the intended controller for joining.

 M.

I've got them in the same VLAN so the EWC should be accessible without the DHCP option.  I have added it in nonetheless, but no change.  same set of recurring errors on the AP

 

            - What's in the logs of the C9130axi

 M.

Arshad Safrulla
VIP Advocate

Some 9130's had an issue where it wouldn't join the controller when option 43 is being used,

Refer the bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu57562/?rfs=iqvred

 

But in your case problem seems to be the that you have enabled certificate verification for the AP's. Could you please disable it and try again or install the root certificate in the AP. Also make sure that the AP and WLC's are syncing to a NTP server and time is upto date.

 

[*08/10/2021 18:18:10.0474] dtls_load_ca_certs: LSC Root Certificate not present

 

To disable

 

Conf t

no ap lsc-provision

exit

wr

!

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/locally-significant-certificates.html

 

______________
Arshad Safrulla

Did you try the archive download command in the AP that you are trying to add?

The idea is to try upgrade the AP directly and the connect it to the 9130 as usual.

I turned off the lsc function with no change

Is it possibly a minimum version problem?  i know there is a table somewhere but i can't recall where.  My 3802i is running the following version

 

cisco AIR-AP3802I-B-K9 ARMv7 Processor rev 1 (v7l) with 1030640/719404K bytes of memory.
Processor board ID FCW2042N8L3
AP Running Image : 16.3.11.0

 

Latest lightweight version is 15.3.3-JPK2s, so not sure how this unit is running 16.3.11.0...?  Mobility express versions are in the 8. ranges.....

I've upgraded the C9130axi to 17.4.1, but still no luck with the other AP. 

 

I am seeing this error:

 

*Aug 14 02:48:12.128: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP58AC.78F8.B7BE Mac: 192.168.42.134[5248] Session-IP: a03d.6f97.e5a0 Disjoined Image Download Failed

 

So I think i will try the upgrade on the AP and see what happens

Create
Recognize Your Peers
Content for Community-Ad