06-08-2023 09:24 AM
Hello all,
i'm dealing with really strange issue. We currently have old WLC 2504 environment (will be replaced soon) with Cisco AP1602. Problem is that cert on 2504 is already expired so i'm using manual time. I have connected 4x AP1602. Two of them are in same network as WLC and those are working just fine. Other 2 are connected via flexconnect in different town (each 1 is in different location).
Everything was working just fine till today. Suddenly two AP's connected via flexconnect disconnected and i'm not able to join them back again, nothing has changed. i'm getting this in console:
%CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
However AP will get correct IP and WLC IP from DHCP server, what is weird is that AP repeats process and gets another DHCP IP after some seconds.... And this exact issue is happening in two different locations, it holds for example 10.0.0.10 and after some seconds it will get next free one, eg. .11.
I'm using DHCP option 43, i have also tried static IP assignment, reset to factory and same error. When i tried to connect affected AP to our second WLC via Flexconnect it started to work....
I have noticed that WLC time is backwards like 4 minutes to actual one since i configured it manually, could this cause the issues?
As i mentioned, 2 AP's in same subnet as WLC are working fine.... I have tried to shut one of them down and it joined WLC without problem after booting up again.
Anytone got any ideas?
Thanks!
Solved! Go to Solution.
06-12-2023 04:18 AM
Hello,
yes, problem solved. For some reason CAPWAP control port was blocked for those two locations, noone knows why and who did this but after we allowed it everything is back to normal...
Thank you,
Patrik
06-08-2023 04:39 PM
Hi
"I have noticed that WLC time is backwards like 4 minutes to actual one since i configured it manually, could this cause the issues?"
wouldn´t be bad idea. I would give that a try. Any long on the WLC > Monitor> AP join ?
06-12-2023 04:11 AM - edited 06-12-2023 04:12 AM
I don't think time drift is causing your problem. You don't mention what version of code you're running on. Ideally you should be running 8.5.182.7 (assuming all your APs can support 8.5 code - certainly 1602 will). If it's just those 4 1602's then 8.5.182.7 shouldn't be a problem. You also need to have configured the workaround for FN63942 (see below) "config ap cert-expiry-ignore mic enable" because your AP certificates could have expired (that might be what changed). They'll need to join first to pick up that config change - that might require more tweaking of the WLC date.
If not that, then it sounds like a routing/connectivity issue between the APs and WLC. Can the APs ping the WLC? No ACLs/firewalls blocking the CAPWAP?
06-12-2023 04:18 AM
Hello,
yes, problem solved. For some reason CAPWAP control port was blocked for those two locations, noone knows why and who did this but after we allowed it everything is back to normal...
Thank you,
Patrik
06-12-2023 04:24 AM
TACACS logs to see who made the change (always comes in handy when people say "I didn't change anything")?
I did smile when you said above "nothing has changed" - that you knew about or that anybody is admitting to ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide