Showing results for 
Search instead for 
Did you mean: 
Chris Callison

C9130axi - cannot add additional AP

I have a C9130axi running 17.3.3 in EWC mode.

I would like to add an additional AP (3802i).


I have added the new AP to a Cisco Catalyst 3850:


interface GigabitEthernet1/0/25
description "Cisco 9130axi EWC AP"
switchport trunk native vlan 424
switchport trunk allowed vlan 423-426,997,998
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet1/0/26
description "Cisco 3802i AP"
switchport trunk native vlan 424
switchport trunk allowed vlan 423-426,997,998
switchport mode trunk
spanning-tree portfast


POE is working


stand#sho power inline | include on
Gi1/0/25 auto on 30.0 C9130AXI-B 4 30.0
Gi1/0/26 auto on 30.0 AIR-AP3802I-B-K9 4 30.0


CDP & LLDP are both seeing the devices


I added the new AP through the webgui "Configuration | Wireless | Access Points" using the base mac address, but that didn't help.


I have also tried changing the settings "Authorize APs against MAC" and "Authorize APs against Serial Number" from disabled to enabled, but that didn't help, either.


The AP is going through sequence this over and over.


[*08/10/2021 18:18:00.5056] CAPWAP State: Discovery
[*08/10/2021 18:18:00.5106] Discovery Request sent to, discovery type STATIC_CONFIG(1)
[*08/10/2021 18:18:00.5115] Discovery Request sent to, discovery type UNKNOWN(0)
[*08/10/2021 18:18:00.5132] Discovery Response from
[*08/10/2021 18:18:10.0002] Discovery Response from
[*08/10/2021 18:18:10.0000]
[*08/10/2021 18:18:10.0000] CAPWAP State: DTLS Setup
[*08/10/2021 18:18:10.0474] dtls_load_ca_certs: LSC Root Certificate not present
[*08/10/2021 18:18:10.0474]
[*08/10/2021 18:18:10.0500]
[*08/10/2021 18:18:10.0500] CAPWAP State: Join
[*08/10/2021 18:18:10.0536] Sending Join request to through port 5272
[*08/10/2021 18:18:10.0572] Invalid event 10 & state 5 combination.
[*08/10/2021 18:18:10.0572] CAPWAP SM handler: Failed to process message type 10 state 5.
[*08/10/2021 18:18:10.0572] Failed to handle capwap control message from controller - status 1
[*08/10/2021 18:18:10.0573] Failed to process encrypted capwap packet 0x26b3000 from
[*08/10/2021 18:18:10.0573] Failed to send capwap message 0 to the state machine. Packet already freed.
[*08/10/2021 18:18:10.0573] IPv4 wtpProcessPacketFromSocket returned 1
[*08/10/2021 18:18:10.0574] Join Response from
[*08/10/2021 18:18:10.1342] HW CAPWAP tunnel is ADDED
[*08/10/2021 18:18:10.1490]
[*08/10/2021 18:18:10.1490] CAPWAP State: Image Data
[*08/10/2021 18:18:10.1798] do NO_UPGRADE, part1 is active part
[*08/10/2021 18:18:10.1830]
[*08/10/2021 18:18:10.1830] CAPWAP State: Configure
[*08/10/2021 18:18:10.1857] NO-ENC-PROVIDER for DOT11R_WLC_MAC_IP_PAYLOAD
[*08/10/2021 18:18:41.5488] Re-Tx Count=11, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:41.5488]
[*08/10/2021 18:18:44.3996] Re-Tx Count=12, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:44.3996]
[*08/10/2021 18:18:47.2504] Re-Tx Count=13, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:47.2504]
[*08/10/2021 18:18:50.1013] Re-Tx Count=14, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:50.1013]
[*08/10/2021 18:18:52.9521] Re-Tx Count=15, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:52.9521]
[*08/10/2021 18:18:53.6370] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Configure(8).
[*08/10/2021 18:18:55.8029] Re-Tx Count=16, Max Re-Tx Value=5, NumofPendingMsgs=1
[*08/10/2021 18:18:55.8029]
[*08/10/2021 18:18:55.8030] Max retransmission count exceeded, going back to DISCOVER mode.
[*08/10/2021 18:18:55.8030] GOING BACK TO DISCOVER MODE
[*08/10/2021 18:18:55.8035]
[*08/10/2021 18:18:55.8035] CAPWAP State: DTLS Teardown

VIP Mentor


 - Is there anything in the logs of  the C9130axi, if not make sure the AP is using dhcp option 43 for instance, and this pointing to the intended controller for joining.


I've got them in the same VLAN so the EWC should be accessible without the DHCP option.  I have added it in nonetheless, but no change.  same set of recurring errors on the AP


            - What's in the logs of the C9130axi


Arshad Safrulla
VIP Advocate

Some 9130's had an issue where it wouldn't join the controller when option 43 is being used,

Refer the bug


But in your case problem seems to be the that you have enabled certificate verification for the AP's. Could you please disable it and try again or install the root certificate in the AP. Also make sure that the AP and WLC's are syncing to a NTP server and time is upto date.


[*08/10/2021 18:18:10.0474] dtls_load_ca_certs: LSC Root Certificate not present


To disable


Conf t

no ap lsc-provision





Arshad Safrulla

Did you try the archive download command in the AP that you are trying to add?

The idea is to try upgrade the AP directly and the connect it to the 9130 as usual.

I turned off the lsc function with no change

Is it possibly a minimum version problem?  i know there is a table somewhere but i can't recall where.  My 3802i is running the following version


cisco AIR-AP3802I-B-K9 ARMv7 Processor rev 1 (v7l) with 1030640/719404K bytes of memory.
Processor board ID FCW2042N8L3
AP Running Image :


Latest lightweight version is 15.3.3-JPK2s, so not sure how this unit is running  Mobility express versions are in the 8. ranges.....

I've upgraded the C9130axi to 17.4.1, but still no luck with the other AP. 


I am seeing this error:


*Aug 14 02:48:12.128: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: AP58AC.78F8.B7BE Mac:[5248] Session-IP: a03d.6f97.e5a0 Disjoined Image Download Failed


So I think i will try the upgrade on the AP and see what happens

Recognize Your Peers
Content for Community-Ad