09-12-2016 08:46 PM - edited 07-05-2021 05:48 AM
Hi,
As per Leo Laohoo 's recommendation - starting a new thread instead of adding to 'https://supportforums.cisco.com/discussion/10877506/ap-fails-join-controller'. The temptation to interject into that thread was too much - seeing that manjil.bhetwal1013 's post was practically identical to the log output we are seeing here. Equipment configured as follows:
WLAN controller: WLC5508. Version 8.2.100. Active fleet of APs consisting predominantly of 2700-series, 1140-series & 1600-series APs.
New Access Point - 1532I. Originally started with ... what appears to be LWAP OS version: ap1g3-k9w8-tar.153-3.JC.
Practically identical logs to Manjil's.
*Nov 25 11:08:35.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.12.100 peer_port: 5246
*Nov 25 11:09:26.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap
/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x8717754!
*Nov 25 11:09:34.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.12.100:5246
*Nov 25 11:09:59.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
Turned up debugging with:
debug dtls client // event
Attached info.txt file provides further information - logging cycle after the debug command was issued.
I then tftp/upgraded the LWAP OS to: ap1g3-k9w8-mx.153-3.JD
No notable change.
I then shifted to an alternate WLC5508; which I had upgraded to ver 8.2.121.
No notable change.
Any thoughts?
Solved! Go to Solution.
09-12-2016 09:00 PM
09-12-2016 09:00 PM
09-12-2016 09:26 PM
Hi Leo,
This was the answer we were looking for. Unfortunately I had already found it at: "http://www.networkoc.net/cap1532i-does-not-join-the-wlc/" - but the WLC reported an entirely different MAC address from the AP. I.e. *Definitely* use the MAC address stamped on the (AP) unit rather than the one which the WLC sees as failing authentication each time in the logs. Anyway - problem seems to be resolved; thanks again!
SEW
11-14-2016 04:24 AM
I had the exact same issue with 1532 APs not joining a 5508 WLC. The tip here, did the trick. However, we are going to order around 80 of those access points, soon.
Is there a final solution for this problem? I dont see myself entering 80 MAC addresses before configuring these access points. We whip them to distand locations where non-IT employees connect them up to the network. Having to write down all MACs could cause lots of problems with typos.
Thanks and best regards
11-14-2016 12:16 PM
Mario - if there is a final answer to this, then I never found it. My fleet of 1532s is much smaller than yours; so is manageable even with this quirk. I imagine if you were ordering 80 units, there would be a distinct possibility of consecutive MAC addresses - you may be able to cut and paste to a certain degree. Or possibly even script this at the CLI for the WLC?
Regards,
SEW
03-13-2018 11:16 AM
Leo I am trying to do the exact same thing you indicate below on a Cisco 2504 Controller. When I do so I get a pop up message stating that "Key Hash is needed for location servers with SSC"
03-13-2018 11:17 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide