Hi So if I correctly

zineb · ‎11-30-2014

Hi

I am new to Wireless network and have been tasked with setting v WLC Cisco and AIR-CAP702I-I-K9. I followed some guides to configure the WLC, but however the APs are not joining the controller. with console cable connected to the AP i get the following;

*Mar 1 00:01:02.879: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Mar 1 00:01:02.883: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'Cisco_17:1d:20'running version 7.3.101.0 is rejected.
*Mar 1 00:01:02.883: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 00:01:02.883: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
*Mar 1 00:01:02.883: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Mar 1 00:01:02.883: %CAPWAP-3-ERRORLOG: Failed to process unencrypted capwap packet from 10.0.0.1
*Mar 1 00:01:02.887: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'Cisco_17:1d:20'running version 7.3.101.0 is rejected.
*Mar 1 00:01:02.887: %CAPWAP-3-ERRORLOG: Failed to decode discovery response.
*Mar 1 00:01:02.887: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 2 state 2.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

Please can you help me it is very urgent

Leo Laohoo · ‎11-30-2014

*Mar  1 00:01:02.883: %CAPWAP-3-ERRORLOG: Discovery response from MWAR 'Cisco_17:1d:20'running version 7.3.101.0 is rejected.

The vWLC is running the wrong or outdated firmware. For a AP702, the vWLC should be running a minimum of 7.6.X formware.

I would, however, recommend you run the latest 7.6.130.X as this is a stable version and 7.5.X is classified as "deferred".

Sebastian Helmer · ‎12-01-2014

That's right!!

sun.ramalingam · ‎12-23-2014

I am getting the same error ,as you can see my time is correct , I can ping the AP from WLC

any idea ? much appreciated

(Cisco Controller) >show time

Time............................................. Tue Dec 23 22:39:49 2014

Timezone delta................................... 0:0
Timezone location................................

NTP Servers
NTP Polling Interval......................... 86400

     Index     NTP Key Index                  NTP Server                  NTP Msg Auth Status
    ------- ----------------------------------------------------------------------------------
       1              0                               119.252.27.44       AUTH DISABLED

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.110.0
RTOS Version..................................... 7.6.110.0
Bootloader Version............................... 7.6.110.0
Emergency Image Version.......................... 7.6.110.0

Build Type....................................... DATA + WPS

System Name...................................... vWLC1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 192.168.0.202
System Up Time................................... 0 days 0 hrs 43 mins 32 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... AU - Australia

--More-- or (q)uit
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 2
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:29:32:68
Maximum number of APs supported.................. 200

################Log from AP ##############################
*Dec 23 22:41:16.007: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Dec 23 22:41:16.007: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:348 Certificate verified failed!
*Dec 23 22:41:16.007: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.0.202
*Dec 23 22:41:16.007: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.0.202:5246
*Dec 23 22:41:16.007: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.0.202: Malformed Certificate
*Dec 23 22:41:16.007: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.0.202:5246
*Dec 23 22:41:16.007: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

zineb · ‎12-05-2014

Hi

I try with another Access Point , i get the following with console cable connected to the AP

Can you help me please

*Jul 23 13:25:09.974: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 30 06:31:54.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.0.1 peer_port: 5246Peer certificate verification failed 000B

*Nov 30 06:31:55.032: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 30 06:31:55.032: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:337 Certificate verified failed!
*Nov 30 06:31:55.032: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.0.0.1:5246
*Nov 30 06:31:55.033: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.1:5246
*Nov 30 06:31:55.033: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Rasika Nayanajith · ‎12-05-2014

*Nov 30 06:31:55.032: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 30 06:31:55.032: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:337 Certificate verified failed!
*Nov 30 06:31:55.032: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.0.0.1:5246

There is certification verification failed & hence AP not registered.

Check in your vWLC to see correct time "show time" output verify this.

HTH

Rasika

*** Pls rate all useful responses ****

Leo Laohoo · ‎12-05-2014

*Nov 30 06:31:55.033

Can you post the following outputs:

1. WLC: sh sysinfo;

2. WLC: sh time;

3. AP: sh version

zineb · ‎12-07-2014

hi

Outputs are :

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.101.0
RTOS Version..................................... 7.3.101.0
Bootloader Version............................... 7.3.101.0
Emergency Image Version.......................... 7.3.101.0

Build Type....................................... DATA + WPS

System Name...................................... Cisco_17:1d:20
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.0.0.1
System Up Time................................... 1 days 3 hrs 59 mins 19 secs
System Timezone Location......................... (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

Configured Country............................... TN - Tunisia

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled

--More-- or (q)uit
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:17:1D:20
Maximum number of APs supported.................. 200

(Cisco Controller) >show time

Time............................................. Fri Dec 12 15:50:48 2014

Timezone delta................................... 0:0
Timezone location................................ (GMT +1:00) Amsterdam, Berlin, Rome, Vienna

NTP Servers
NTP Polling Interval......................... 86400

Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------

AP7c69.f670.d1a9#show version
Cisco IOS Software, C1140 Software (C1140-K9W8-M), Version 12.4(25e)JA1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 30-May-12 04:06 by prod_rel_team

ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA6, RELEASE SOFTWARE (fc1)

AP7c69.f670.d1a9 uptime is 15 minutes
System returned to ROM by power-on
System image file is "flash:/c1140-k9w8-mx.124-25e.JA1/c1140-k9w8-mx.124-25e.JA1 "

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-LAP1141N-E-K9 (PowerPC405ex) processor (revision B0) with 65526K/65 536K bytes of memory.
Processor board ID FCZ1743P23U
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from power-on
LWAPP image version 7.2.110.0
1 Gigabit Ethernet interface
1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 7C:69:F6:70:D1:A9
Part Number : 73-12836-06
PCA Assembly Number : 800-33767-06
PCA Revision Number : A0
PCB Serial Number : FOC172964DZ
Top Assembly Part Number : 800-33776-05
Top Assembly Serial Number : FCZ1743P23U
Top Revision Number : A0
Product/Model Number : AIR-LAP1141N-E-K9

Configuration register is 0xF

Thanks

Rasika Nayanajith · ‎12-07-2014

Hi

As we can see WLC does not have correct time

(Cisco Controller) >show time
Time............................................. Fri Dec 12 15:50:48 2014

Sync WLC to a NTP server to get the correct time. Then AP should register

HTH

Rasika

**** Pls rate all useful responses ***

zineb · ‎12-07-2014

Hi

Can you suggest an NTP server on windows 7

thanks

Rasika Nayanajith · ‎12-07-2014

You can use public NTP server that can found here

http://www.pool.ntp.org/en/

If you have a router as internet gateway, sync that device to one of this public NTP server & then all your internal device to sync with your router as NTP.

See this post for basics of NTP functionality

http://mrncciew.com/2013/04/28/ntp-basics/

*** Pls do not forget to rate our responses if you find them useful ****

HTH

Rasika

zineb · ‎12-08-2014

Hi

So if I correctly understand , the problem is the result of the missing of the synchronization between AP and vWLC although I have set the time on the vWLC and I verified that the PA has the same time.
Is it mandatory to have an NTP server?

Best regards

Rasika Nayanajith · ‎12-08-2014

Is it mandatory to have an NTP server?

It is mandatory to have the correct time & sync to NTP is the best way to do it. You can manually set the time, but accuracy will be not that high. Also when you have RADIUS servers/ AD /MSE/ Prime integrated, every thing should sync to a common NTP to get them work, manual clock setting is not practical in those scenarios.

Try to set WLC time manually & see your APs get registered.

HTH

Rasika

*** Pls rate all useful responses ***

zineb · ‎12-09-2014

Hi

USUALLY if I manually adjusts the time, the cli AP it will not display the error
but every time I manually adjusts the time it shows the same error

Leo Laohoo · ‎12-07-2014

Time............................................. Fri Dec 12 15:50:48 2014

I agree with Rasika.

The AP won't join the controller because the WLC's time & date are incorrect.

Can you suggest an NTP server on windows 7

Windows OS do NOT adhere to NTP/SNTP standard. Windows OS will work well as an NTP client but never as an NTP server.

The best method to get NTP is to use public NTP pool found on the internet.

error connection between vwlc and AP