12-11-2013 02:20 AM - edited 07-04-2021 01:24 AM
Hello All,
I am trying to connect 3502-E-K9 Access points to 5508 controller.
The dhcp pool is from the same range from management ip address.
The AP is getting the IP address.
The AP can see the Controller ip addresses. (there are two 5508 controllers) Option 60 and 43 is already setup on the pool.
The controllers are upgraded to 7.5.102.0 IOS
The FUS FPGA version is 1.7
I have a ASA service module in 6500 and the management vlan gateway is configured with the firewall. But i temporarily removed the gateway address from FW and applied it to the 6500 switch vlan, but still the problem is going on and it shows this is not a problem from the FW.
The logs from the AP is shown below:
*Nov 10 18:03:58.481: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
Full log:
*Mar 1 00:13:30.348: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:13:30.439: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:13:31.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER.sht-2.com"...domain server (10.210.99.1)
*Mar 1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.21 obtained through DHCP
*Mar 1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.22 obtained through DHCP
*Mar 1 00:13:40.461: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:13:43.462: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.sht-2.com
*Mar 1 00:13:53.466: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 10 18:03:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.210.99.21 peer_port: 5246
*Nov 10 18:03:58.481: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.210.99.21 peer_port: 5246
*Nov 10 18:03:58.481: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
*Nov 10 18:04:03.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
Any comments?
Thanks & Regards
Jay
Solved! Go to Solution.
12-11-2013 02:32 AM
Hi Jay,
Please check the time and date on WLC and make it correct.
Login to wlc and then go here :
Commands>set time
Regards
Don't forget to rate helpful posts .
Sent from Cisco Technical Support iPhone App
12-11-2013 04:03 AM
HI Jay,
Configured Country............................... US - United States
cisco AIR-CAP3502E-E-K9 (PowerPC460exr) processor (revision B1) with 98294K/32768K bytes of memory.
your WLC shoes that it is in US reguletry domain but your AP shows in Europe:
Regards
12-11-2013 04:49 AM
As long as the WLC has the country code defined for the AP and the time is set, having the ap on the same subnet is the best way to have an ap join. You don't need option 43 or DNS for that.
I would make sure that under the WLC Security tab that aaa authorization for access points is not checked. Also just for kicks I would enter the AP's Ethernet MAC address to the Mac filter and see if that helps. If either one doesn't work, I would upload a new rcv image to the AP. There are few times in which the rcv or image can be corrupt and the ap will not join.
How many AP's do you have joined successfully?
Sent from Cisco Technical Support iPhone App
12-11-2013 02:32 AM
Hi Jay,
Please check the time and date on WLC and make it correct.
Login to wlc and then go here :
Commands>set time
Regards
Don't forget to rate helpful posts .
Sent from Cisco Technical Support iPhone App
12-11-2013 03:06 AM
Hi Sandeep,
Thank you for your reply. I set the timing and time zone on the controllers and restarted. Then tried the APs again connecting but it is giving the same error. What can be the other causes?
Regards
jay
12-11-2013 03:32 AM
*Mar 1 00:13:43.462: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.sht-2.com
DNS is wrong please make it correct.
Please paste these:
1. WAP: sh inventory;
2. WLC: sh sysinfo
Can u reboots the ap and paste the log from it.
Regards
Sent from Cisco Technical Support iPhone App
12-11-2013 03:44 AM
Find below the AP intialization logs:
using eeprom values
WRDTR,CLKTR: 0x8200083f 0x40000000
RQDC ,RFDC : 0x80000032 0x00000211
using HYNG ddr static values from serial eeprom
ddr init done
Running Normal Memtest...
Passed.
IOS Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
......................................................................................................................................................................................................................................................
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x8200083f, 0x40000000
RQDC, RFDC : 0x80000032, 0x00000211
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is up.
PCIE1: VC0 is active
64bit PCIE devices
PCIEx: initialization done
flashfs[0]: 48 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31739904
flashfs[0]: Bytes used: 18169856
flashfs[0]: Bytes available: 13570048
flashfs[0]: flashfs fsck took 10 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 88:5a:92:bd:72:02
Ethernet speed is 1000 Mb - FULL duplex
Loading "flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-mx.152-4.JA1"...#################
File "flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-mx.152-4.JA1" uncompressed and installed, entry point: 0x4000
executing...
enet halted
IOS Secondary Bootloader - Starting system.
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
......................................................................................................................................................................................................................................................
Xmodem file system is available.
DDR values used from system serial eeprom.
WRDTR,CLKTR: 0x8200083f, 0x40000000
RQDC, RFDC : 0x80000032, 0x00000211
PCIE0: link is up.
PCIE0: VC0 is active
PCIE1: link is up.
PCIE1: VC0 is active
Radio 0 : Vendor 0x11AB, Device 0x8350
64bit PCIE devices
Radio 1 : Vendor 0x11AB, Device 0x8324
PCIEx: initialization done
flashfs[0]: 48 files, 9 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 31739904
flashfs[0]: Bytes used: 18169856
flashfs[0]: Bytes available: 13570048
flashfs[0]: flashfs fsck took 10 seconds.
Reading cookie from system serial eeprom...Done
Base Ethernet MAC address: 88:5a:92:bd:72:02
Creating Test Kernel diagnostic commands
Radio 0 : Vendor 0x11AB, Device 0x8324
Radio 1 : Vendor 0x11AB, Device 0x8350
Radio 2 : Vendor 0xFFFF, Device 0xFFFF
Radio 3 : Vendor 0xFFFF, Device 0xFFFF
******** AUTOMATIC DDR CALIBRATION UPGRADE LOGIC *********
=== 1. Is original FCS bootloader in BS:? If not, skip upgrade ===
---> original FCS bootloader not detected -- skip upgrade
Boot CMD: 'boot flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-xx.152-4.JA1;flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-mx.152-4.JA1'
Loading "flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-xx.152-4.JA1"...####################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
File "flash:/ap3g1-k9w8-mx.152-4.JA1/ap3g1-k9w8-xx.152-4.JA1" uncompressed and installed, entry point: 0x100000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:49 by prod_rel_team
Initializing flashfs...
FLASH CHIP: Numonyx P33
Checking for Over Erased blocks
......................................................................................................................................................................................................................................................
flashfs[3]: 48 files, 9 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 31481856
flashfs[3]: Bytes used: 18169856
flashfs[3]: Bytes available: 13312000
flashfs[3]: flashfs fsck took 8 seconds.
flashfs[3]: Initialization complete.
flashfs[4]: 0 files, 1 directories
flashfs[4]: 0 orphaned files, 0 orphaned directories
flashfs[4]: Total bytes: 11999232
flashfs[4]: Bytes used: 1024
flashfs[4]: Bytes available: 11998208
flashfs[4]: flashfs fsck took 0 seconds.
flashfs[4]: Initialization complete.
Copying radio files from flash: to ram:
Copy in progress...CCC
Copy in progress...CCC
Copy in progress...CC
Uncompressing radio files...
...done Initializing flashfs.
Ethernet speed is 1000 Mb - FULL duplex
Radio0 present 8364B 8000 B8020000 0 B8030000 10
Rate table has 80 entries (32 SGI/4 BF variants)
Radio1 present 8364B 8000 B0020000 0 B0030000 C
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-CAP3502E-E-K9 (PowerPC460exr) processor (revision B1) with 98294K/32768K bytes of memory.
Processor board ID FCZ1746D00J
PowerPC460exr CPU at 666Mhz, revision number 0x18A8
Last reset from power-on
LWAPP image version 7.5.102.0
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 88:5A:92:BD:72:02
Part Number : 73-12175-06
PCA Assembly Number : 800-32268-06
PCA Revision Number : B0
PCB Serial Number : FOC17418B8A
Top Assembly Part Number : 800-32904-02
Top Assembly Serial Number : FCZ1746D00J
Top Revision Number : A0
Product/Model Number : AIR-CAP3502E-E-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar 1 00:00:11.076: FIPS IOS test Image Checksum successful
*Mar 1 00:00:11.079: FIPS IOS test Crypto RNG DEK Key Test successful
*Mar 1 00:00:11.079: FIPS IOS test SHA-1 successful
*Mar 1 00:00:11.079: FIPS IOS test HMAC-SHA1 successful
*Mar 1 00:00:11.079: FIPS IOS test AES CBC 128-bit Encrypt successful
*Mar 1 00:00:11.079: FIPS IOS test AES CBC 128-bit Decrypt successful
*Mar 1 00:00:11.079: FIPS IOS test IOS AES CMAC Encrypt successful
*Mar 1 00:00:11.079: FIPS IOS test IOS CCM Encrypt successful
*Mar 1 00:00:11.079: FIPS IOS test IOS CCM Decrypt successful
*Mar 1 00:00:11.117: FIPS IOS test RSA Signature Generation successful
*Mar 1 00:00:11.120: FIPS IOS test RSA Signature Verification successful
*Mar 1 00:00:11.120: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar 1 00:00:11.120: *** CRASH_LOG = YES
*Mar 1 00:00:11.120: 64bit PCIE devices
*Mar 1 00:00:12.227: FIPS HW test SHA-1 successful
*Mar 1 00:00:12.227: FIPS HW test HMAC-SHA1 successful
*Mar 1 00:00:12.227: FIPS HW test AES CBC 128-bit Encrypt successful
*Mar 1 00:00:12.227: FIPS HW test AES CBC 128-bit Decrypt successful
*Mar 1 00:00:12.227: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed
*Mar 1 00:00:12.227: Security Core found.
*Mar 1 00:00:12.240: Registering HW DTLS
Base Ethernet MAC address: 88:5A:92:BD:72:02
*Mar 1 00:00:14.401: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:15.684: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 0 successful
*Mar 1 00:00:15.687: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 0 successful
*Mar 1 00:00:15.687: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 0 successful
*Mar 1 00:00:15.687: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 0 successful
*Mar 1 00:00:15.687: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar 1 00:00:15.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.827: FIPS RADIO test AES 128-bit encrypt for TX on Dot11Radio 1 successful
*Mar 1 00:00:18.827: FIPS RADIO test AES 128-bit CCM encrypt on Dot11Radio 1 successful
*Mar 1 00:00:18.827: FIPS RADIO test AES 128-bit CCM decrypt on Dot11Radio 1 successful
*Mar 1 00:00:18.827: FIPS RADIO test AMAC AES 128-bit CMAC encrypt on Dot11Radio 1 successful
*Mar 1 00:00:18.827: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar 1 00:12:56.191: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:49 by prod_rel_team
*Mar 1 00:12:56.191: %SNMP-5-COLDSTART: SNMP agent on host AP885a.92bd.7202 is undergoing a cold start
*Mar 1 00:12:56.232: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:12:56.232: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:12:56.261: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:12:56.437: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:12:57.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar 1 00:12:56.191: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.2(4)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 30-Jul-13 22:49 by prod_rel_team
*Mar 1 00:12:56.191: %SNMP-5-COLDSTART: SNMP agent on host AP885a.92bd.7202 is undergoing a cold start
*Mar 1 00:12:56.232: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:12:56.232: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar 1 00:12:56.261: %PARSER-4-BADCFG: Unexpected end of configuration file.
*Mar 1 00:12:56.437: %SSH-5-ENABLED: SSH 2.0 has been enabledlwapp_crypto_init: MIC Present and Parsed Successfully
*Mar 1 00:12:57.229: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar 1 00:13:24.912: Logging LWAPP message to 255.255.255.255.
*Mar 1 00:13:28.029: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar 1 00:13:29.118: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:13:29.476: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.210.99.176, mask 255.255.255.0, hostname AP885a.92bd.7202
*Mar 1 00:13:30.118: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:13:30.209: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:13:31.210: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER.sht-2.com"...domain server (10.210.99.1)
*Mar 1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.21 obtained through DHCP
*Mar 1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.22 obtained through DHCP
*Mar 1 00:13:40.461: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:13:58.467: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.sht-2.com
*Mar 1 00:14:08.468: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Dec 11 11:38:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.210.99.21 peer_port: 5246
*Dec 11 11:38:33.478: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.210.99.21 peer_port: 5246
*Dec 11 11:38:33.481: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Dec 11 11:38:33.481: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 11 11:38:33.481: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 11 11:38:33.481: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 11 11:38:33.481: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
*Dec 11 11:38:38.479: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
Regards
Jay
12-11-2013 03:50 AM
Sandeep,
I cannot login to the AP as it is not allowing and i think it is in read only mode. How can I access it ? Do we need to change it back to autonomous and then capwap back?
I do not have a dns server now as it is a new network setup. Is this mandatory or can we directly use IP address instead of hostname?
The sysinfo from Controller is as follows:
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.5.102.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
System Name...................................... 6048-LWW-1004
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.210.99.21
Last Reset....................................... Software reset
System Up Time................................... 0 days 0 hrs 53 mins 16 secs
System Timezone Location......................... (GMT +4:00) Muscat, Abu Dhabi
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +44 C
External Temperature............................. +25 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ 6C:41:6A:5F:0F:C0
Power Supply 1................................... Present, OK
Power Supply 2................................... Present, Power Off, Fan On
Maximum number of APs supported.................. 50
Regards
Jay
12-11-2013 04:03 AM
HI Jay,
Configured Country............................... US - United States
cisco AIR-CAP3502E-E-K9 (PowerPC460exr) processor (revision B1) with 98294K/32768K bytes of memory.
your WLC shoes that it is in US reguletry domain but your AP shows in Europe:
Regards
12-11-2013 04:31 AM
Sandeep,
Thank you for pointing that mistake, I correctied it now. In fact, i tried it earlier then found it was not able to save and now i tried via command line and found that we need to shutdown the wireless networks a/b/n before changing the country code. After this, two or three times i saw that the APs registered into the WLCs, but again it is disappeared in couple of seconds. Still it shows the registration error as follows.
*Dec 11 12:26:17.478: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
*Dec 11 12:26:17.478: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 11 12:26:17.481: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
Regards
Jay
12-11-2013 04:35 AM
The ap is on the same subnet as the WLC correct?
Sent from Cisco Technical Support iPhone App
12-11-2013 04:42 AM
Yes, find below the dhcp configuration:
SHT-2_Core_VSS#sh run | sec dhcp
ip dhcp excluded-address 10.210.99.1 10.210.99.175
ip dhcp pool 3502-WL-POOL
network 10.210.99.0 255.255.255.0
option 60 ascii "Cisco AP c3500"
option 43 hex f108.0ad2.6315.0ad2.6316
default-router 10.210.99.1
dns-server 10.210.99.1
domain-name sht-2.com
WLC IPs - 10.210.99.21 and 10.210.99.22.
Regards
Jay
12-11-2013 04:49 AM
As long as the WLC has the country code defined for the AP and the time is set, having the ap on the same subnet is the best way to have an ap join. You don't need option 43 or DNS for that.
I would make sure that under the WLC Security tab that aaa authorization for access points is not checked. Also just for kicks I would enter the AP's Ethernet MAC address to the Mac filter and see if that helps. If either one doesn't work, I would upload a new rcv image to the AP. There are few times in which the rcv or image can be corrupt and the ap will not join.
How many AP's do you have joined successfully?
Sent from Cisco Technical Support iPhone App
12-11-2013 05:02 AM
Scott,
I made sure that the authorized check lists in security tab is unchecked. I am taking the mac addresses and going to apply and let you know. I have 39 x 3502 APs and then 12 x 1552 External Mesh APs too. But the testing is started only, no AP is registered to the controllers yet.
How i can check which rcv image is running currently on the APs? Also rcv image installation on controller is the same way we copy the controller IOS?
Regards
Jay
12-11-2013 04:50 AM
Hi Jay,
Can u check the trunk port which is connected to WLC and SWITCH.
Also allowed only needful VLAN via this ports.
Regards
12-11-2013 05:05 AM
Sandeep,
The interface is running as trunk and i did not use allowed vlan. Currently there is no other traffic also pasing as this is a newn network setting up. Anyway i will give it and check.
Rgds
Jay
12-11-2013 06:55 AM
Sandeep / Scott,
Thank you very much, the problem is resolved now as the APs are started registering now. I think the problem was with the AP policies, i rechecked the options. Earlier the country domain issue was also a problem.
I do not know where you sit in the world , but your support was awesome!
Once again, thank you very much!
Regards
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide