01-30-2014 12:26 AM - edited 07-05-2021 12:04 AM
Hello,
I am struggling in associating a 1242 AP's with WLC's.
Show version of the AP:
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(25e)JAM2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 29-Jul-13 11:32 by prod_rel_team
ROM: Bootstrap program is C1240 boot loader
BOOTLDR: C1240 Boot Loader (C1240-BOOT-M) Version 12.3(7)JA1, RELEASE SOFTWARE (fc1)
AP0019.56b0.855e uptime is 9 minutes
System returned to ROM by power-on
System image file is "flash:/c1240-k9w8-mx.124-25e.JAM2/c1240-k9w8-mx.124-25e.JAM2"
Show inventory of the AP:
AME: "AP1240", DESCR: "Cisco Aironet 1240 Series (IEEE 802.11a/g) Access Point"
PID: AIR-LAP1242AG-E-K9, VID: V01, SN: FCZ10408384
When trying to attach it to a WLC 5508 running 6.0.199.4, the AP keeps on downloading image and power cycling.
When trying to attach it to a WLC 5508 running 7.4.110.0, the AP shows the following message :
Jan 30 08:24:56.372: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 30 08:24:56.373: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.71.142.7:5246
*Jan 30 08:24:56.427: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Jan 30 08:24:56.445: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jan 30 08:24:56.445: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jan 30 08:24:56.447: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 08:24:56.484: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 08:24:57.445: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 08:24:57.473: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 30 08:24:57.478: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 30 08:24:58.466: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 08:24:58.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 30 08:24:58.503: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 08:24:58.508: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jan 30 08:24:58.513: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 30 08:24:59.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 30 08:24:59.508: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 08:24:59.532: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 08:25:00.532: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 08:25:06.483: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 30 08:25:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 08:25:08.565: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 08:25:08.567: %CAPWAP-5-SENDJOIN: sending Join Request to 10.71.142.7
*Jan 30 08:25:08.598: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.71.142.7 Jan 30 08:24:56.372: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 30 08:24:56.373: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.71.142.7:5246
*Jan 30 08:24:56.427: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Jan 30 08:24:56.445: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jan 30 08:24:56.445: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jan 30 08:24:56.447: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 08:24:56.484: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 08:24:57.445: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 08:24:57.473: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 30 08:24:57.478: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 30 08:24:58.466: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 08:24:58.473: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 30 08:24:58.503: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 08:24:58.508: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jan 30 08:24:58.513: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 30 08:24:59.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 30 08:24:59.508: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 08:24:59.532: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 08:25:00.532: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 08:25:06.483: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 30 08:25:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 08:25:08.565: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 08:25:08.567: %CAPWAP-5-SENDJOIN: sending Join Request to 10.71.142.7
*Jan 30 08:25:08.598: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Jan 30 08:25:08.599: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.71.142.7
Any idea ?
Many thanks !
01-30-2014 12:39 AM
Can you paste the sh sysinfo from wlc.
Also paste the output of thsi command from wlc: debug pm pki enable
Regards
01-30-2014 12:42 AM
Here is show sysinfo output from WLC running 7.4.110.0:
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.110.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... gvenwc0006
System Location.................................. 
System Contact................................... 
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.71.142.7
Last Reset....................................... Software reset
System Up Time................................... 101 days 23 hrs 9 mins 43 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:CH,NL,GB,AE,AT,DE,ES,IT,RU,SE,TR
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +39 C
External Temperature............................. +25 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Disabled
Number of WLANs.................................. 7
Number of Active Clients......................... 85
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 44:2B:03:B4:45:00
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 50
01-30-2014 12:45 AM
why do have so many country configured on WLC??
did you need this or what ???
Also check this :
Security > AP Policies, and check the Accept the Manufactored Installed Certicate box.
Reagrds
01-30-2014 12:49 AM
The WLC is WLC for H-REAP AP's. We have 30 AP's working fine with that setup. We need that because AP's are from multiple countries.
All boxes in AP Policies were already checked.
Many thanks.
01-30-2014 12:50 AM
Hi,
Can you console to AP and reboot it then paste the entire bootup process here.
did you checked this box: Authorize MIC APs against auth-list or AAA
If yes then you must enter the mac address of AP in AP Authorization List.
Reagrds
01-30-2014 01:03 AM
I have added the MAC to the AP Aurthorization List. Here is the reboot:
: 5246Xmodem file system is available.
flashfs[0]: 12 files, 4 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 7335936
flashfs[0]: Bytes available: 8663040
flashfs[0]: flashfs fsck took 32 seconds.
Base ethernet MAC Address: 00:19:56:b0:85:5e
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1240-k9w8-mx.124-25e.JAM2/c1240-k9w8-mx.124-25e.JAM2"...##########################################################################################################################################################################################################################################################################################################################################################################################################################################################################################
File "flash:/c1240-k9w8-mx.124-25e.JAM2/c1240-k9w8-mx.124-25e.JAM2" uncompressed and installed, entry point: 0x3000
executing...
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(25e)JAM2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 29-Jul-13 11:32 by prod_rel_team
Proceeding with system init
Proceeding to unmask interrupts
Initializing flashfs...
flashfs[2]: 12 files, 4 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 15740928
flashfs[2]: Bytes used: 7335936
flashfs[2]: Bytes available: 8404992
flashfs[2]: flashfs fsck took 5 seconds.
flashfs[2]: Initialization complete....done Initializing flashfs.
Radio0  present A506 7100 E8000000 A0000000 80000000 3
Rate table has 12 entries (0 SGI/0 BF variants)
Radio1  present A506 6700 E8000100 A0040000 80010000 2
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco AIR-LAP1242AG-E-K9   (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory.
Processor board ID FCZ10408384
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 7.4.110.0
1 FastEthernet interface
2 802.11 Radio(s)
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:19:56:B0:85:5E
Part Number                          : 73-10256-05
PCA Assembly Number                  : 800-26918-04
PCA Revision Number                  : B0
PCB Serial Number                    : FOC10384AHS
Top Assembly Part Number             : 800-26965-03
Top Assembly Serial Number           : FCZ10408384
Top Revision Number                  : A0
Product/Model Number                 : AIR-LAP1242AG-E-K9
% Please define a domain-name first.
Press RETURN to get started!
*Mar  1 00:00:06.684: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:08.106: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:09.482: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:09.553: %LINK-6-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:09.582: %LWAPP-4-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1024 messages)
*Mar  1 00:00:10.639: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar  1 00:00:11.782: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(25e)JAM2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 29-Jul-13 11:32 by prod_rel_team
*Mar  1 00:00:11.782: %SNMP-5-COLDSTART: SNMP agent on host AP0019.56b0.855e is undergoing a cold start
*Mar  1 00:00:12.050: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:12.050: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:12.050: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:12.290: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Mar  1 00:00:12.290: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to resetlwapp_crypto_init: MIC Present and Parsed Successfully
*Mar  1 00:00:13.051: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar  1 00:00:13.051: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Mar  1 00:00:14.849: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:20.673: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.64.94.52, mask 255.255.255.0, hostname AP0019.56b0.855e
*Mar 1 00:00:30.761: Logging LWAPP message to 255.255.255.255.
Translating "CISCO-CAPWAP-CONTROLLER.emea.givaudan.com"...domain server (10.65.79.222)
Translating "CISCO-LWAPP-CONTROLLER.emea.givaudan.com"...domain server (10.65.79.222)
*Mar  1 00:00:40.807: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.71.142.7 obtained through DHCP
*Mar  1 00:00:40.807: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.71.142.8 obtained through DHCP
*Mar  1 00:00:40.807: %CAPWAP-5-DHCP_OPTION_43: Controller address 0.0.1.90 obtained through DHCP
*Mar  1 00:00:40.808: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar  1 00:00:40.862: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.emea.givaudan.com
*Mar  1 00:00:40.915: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.emea.givaudan.com
*Mar  1 00:00:42.844: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Mar  1 00:00:43.876: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:00:44.876: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar  1 00:00:44.915: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  1 00:00:45.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:00:50.918: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 30 09:01:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 09:01:16.553: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.71.142.7 peer_port: 5246
*Jan 30 09:01:16.554: %CAPWAP-5-SENDJOIN: sending Join Request to 10.71.142.7
*Jan 30 09:01:16.586: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Jan 30 09:01:16.586: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Jan 30 09:01:16.586: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Jan 30 09:01:16.586: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.71.142.7
*Jan 30 09:01:34.766: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_T., 1)5)
*Jan 30 09:01:34.766: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 30 09:01:34.767: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.71.142.7:5246
*Jan 30 09:01:34.825: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Jan 30 09:01:34.849: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jan 30 09:01:34.849: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jan 30 09:01:34.851: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 09:01:34.906: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 09:01:35.848: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 09:01:35.876: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 30 09:01:35.881: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 30 09:01:36.869: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 09:01:36.876: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 30 09:01:36.907: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 30 09:01:36.912: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jan 30 09:01:36.917: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 30 09:01:37.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 30 09:01:37.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 30 09:01:37.935: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 30 09:01:38.935: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 30 09:01:44.906: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 30 09:01:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.71.142.7 peer_port: 5246
It keeps on doing that.
many thanks
01-30-2014 01:17 AM
Hi David,
With these log I am not able to find the root cause.
Paste the output from wlc:
1. debug pm pki enable
2. debug capwap events enable
Reagrds
01-30-2014 01:48 AM
here is the debug output:
login as: groupwls
(Cisco Controller)
User: groupwls
Password:************
Your password does not meet the strong password requirements.For added security,                                                                              set a new password that meets these requirements. To prevent this message from                                                                              showing again, disable the strong password feature.
(Cisco Controller) >debug pm pki enable
(Cisco Controller) >debug capwap events enable
(Cisco Controller) >*spamApTask2: Jan 30 09:46:38.639: 00:19:07:c6:39:60 DTLS connection not found, creating new connection for 10:64:94:52 (2134) 10:71:142:8 (5246)
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: called to evaluate 
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCertFromCID: called to get cert for CID 155224fa
*spamApTask2: Jan 30 09:46:38.640: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCertFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: called to evaluate 
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetSshPrivateKeyFromCID: called to get key for CID 155224fa
*spamApTask2: Jan 30 09:46:38.641: sshpmGetSshPrivateKeyFromCID: comparing to row 0, certname >bsnOldDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetSshPrivateKeyFromCID: comparing to row 1, certname >bsnDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetSshPrivateKeyFromCID: comparing to row 2, certname >cscoDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.641: sshpmGetSshPrivateKeyFromCID: match in row 2
*spamApTask2: Jan 30 09:46:38.883: sshpmGetIssuerHandles: locking ca cert table
*spamApTask2: Jan 30 09:46:38.883: sshpmGetIssuerHandles: calling x509_alloc() for user cert
*spamApTask2: Jan 30 09:46:38.883: sshpmGetIssuerHandles: calling x509_decode()
*spamApTask2: Jan 30 09:46:38.887: sshpmGetIssuerHandles: 
*spamApTask2: Jan 30 09:46:38.887: sshpmGetIssuerHandles: 
*spamApTask2: Jan 30 09:46:38.887: sshpmGetIssuerHandles: Mac Address in subject is 00:19:56:b0:85:5e
*spamApTask2: Jan 30 09:46:38.887: sshpmGetIssuerHandles: Cert Name in subject is C1240-001956b0855e
*spamApTask2: Jan 30 09:46:38.887: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: called to evaluate 
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: called to get cert for CID 2f6d981f
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 0, certname >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 1, certname >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 2, certname >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 3, certname >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 4, certname >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.887: sshpmGetCertFromCID: comparing to row 5, certname >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.887: ssphmUserCertVerify: calling x509_decode()
*spamApTask2: Jan 30 09:46:38.898: ssphmUserCertVerify: user cert verfied using >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetIssuerHandles: ValidityString (current): 2014/01/30/09:46:38
*spamApTask2: Jan 30 09:46:38.898: sshpmGetIssuerHandles: ValidityString (NotBefore): 2006/10/05/13:05:43
*spamApTask2: Jan 30 09:46:38.898: sshpmGetIssuerHandles: ValidityString (NotAfter): 2016/10/05/13:15:43
*spamApTask2: Jan 30 09:46:38.898: sshpmGetIssuerHandles: getting cisco ID cert handle...
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: called to evaluate 
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 0, CA cert >bsnOldDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 1, CA cert >bsnDefaultRootCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 2, CA cert >bsnDefaultCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 3, CA cert >bsnDefaultBuildCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 4, CA cert >cscoDefaultNewRootCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 5, CA cert >cscoDefaultMfgCaCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 0, ID cert >bsnOldDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 1, ID cert >bsnDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.898: sshpmGetCID: comparing to row 2, ID cert >cscoDefaultIdCert<
*spamApTask2: Jan 30 09:46:38.906: sshpmFreePublicKeyHandle: called with 0x2c058e50
*spamApTask2: Jan 30 09:46:38.906: sshpmFreePublicKeyHandle: freeing public key
*spamApTask2: Jan 30 09:46:40.169: 00:19:07:c6:39:60 Allocated index from main list, Index: 312
*spamApTask2: Jan 30 09:46:40.169: 00:19:07:c6:39:60 DTLS keys for Control Plane are plumbed successfully for AP 10.64.94.52. Index 313
*spamApTask2: Jan 30 09:46:40.169: 00:19:07:c6:39:60 DTLS Session established server (10.71.142.8:5246), client (10.64.94.52:2134)
*spamApTask2: Jan 30 09:46:40.169: 00:19:07:c6:39:60 Starting wait join timer for AP: 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:40.199: 00:19:07:c6:39:60 Join Request from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:40.200: 00:19:07:c6:39:60 Deleting AP entry 10.64.94.52:2134 from temporary database.
*spamApTask2: Jan 30 09:46:40.201: 00:19:07:c6:39:60 Join Version: = 117730816
*spamApTask2: Jan 30 09:46:40.201: 00:19:07:c6:39:60 Join resp: CAPWAP Maximum Msg element len = 87
*spamApTask2: Jan 30 09:46:40.201: 00:19:07:c6:39:60 Join Response sent to 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:40.201: 00:19:07:c6:39:60 CAPWAP State: Join
*spamApTask2: Jan 30 09:46:40.201: 00:19:07:c6:39:60 capwap_ac_platform.c:1225 - Operation State 0 ===> 4
*apfReceiveTask: Jan 30 09:46:40.201: 00:19:07:c6:39:60 Register LWAPP event for AP 00:19:07:c6:39:60 slot 0
*apfReceiveTask: Jan 30 09:46:40.201: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.202: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*apfReceiveTask: Jan 30 09:46:40.202: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.202: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*apfReceiveTask: Jan 30 09:46:40.202: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.202: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*apfReceiveTask: Jan 30 09:46:40.203: 00:19:07:c6:39:60 Register LWAPP event for AP 00:19:07:c6:39:60 slot 1
*apfReceiveTask: Jan 30 09:46:40.203: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.203: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*apfReceiveTask: Jan 30 09:46:40.203: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.203: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*apfReceiveTask: Jan 30 09:46:40.203: WARP IEs: (12)
*apfReceiveTask: Jan 30 09:46:40.203: [0000] dd 0a 00 c0 b9 01 00 00 00 08 01 01
*spamApTask2: Jan 30 09:46:41.021: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:41.022: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:41.022: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:41.022: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:41.023: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:44.028: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:44.028: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:44.028: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:44.028: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:44.029: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:47.021: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:47.021: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:47.021: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:47.021: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:47.022: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:50.021: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:50.021: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:50.021: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:50.021: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:50.022: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:53.021: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:53.021: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:53.021: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:53.021: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:53.022: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:56.021: 00:19:07:c6:39:60 Configuration Status from 10.64.94.52:2134
*spamApTask2: Jan 30 09:46:56.021: 00:19:07:c6:39:60 CAPWAP State: Configure
*spamApTask2: Jan 30 09:46:56.021: 00:19:07:c6:39:60 Updating IP info for AP 00:19:07:c6:39:60 -- static 0, 10.64.94.52/255.255.255.0, gtw 10.64.94.254
*spamApTask2: Jan 30 09:46:56.021: 00:19:07:c6:39:60 Updating IP 10.64.94.52 ===> 10.64.94.52 for AP 00:19:07:c6:39:60
*spamApTask2: Jan 30 09:46:56.022: 00:19:07:c6:39:60 Setting MTU to 1485
*spamApTask2: Jan 30 09:46:59.019: 00:19:07:c6:39:60 DTLS keys for Control Plane deleted successfully for AP 10.64.94.52
*spamApTask2: Jan 30 09:46:59.026: 00:19:07:c6:39:60 DTLS connection closed event receivedserver (10:71:142:8/5246) client (10:64:94:52/2134)
*spamApTask2: Jan 30 09:46:59.026: 00:19:07:c6:39:60 Entry exists for AP (10:64:94:52/2134)
*spamApTask2: Jan 30 09:46:59.026: 00:19:07:c6:39:60 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 00:19:07:c6:39:60 slot 0
*apfReceiveTask: Jan 30 09:46:59.026: 00:19:07:c6:39:60 Deregister LWAPP event for AP 00:19:07:c6:39:60 slot 0
*spamApTask2: Jan 30 09:46:59.027: 00:19:07:c6:39:60 apfSpamProcessStateChangeInSpamContext: Deregister LWAPP event for AP 00:19:07:c6:39:60 slot 1
*apfReceiveTask: Jan 30 09:46:59.027: 00:19:07:c6:39:60 Deregister LWAPP event for AP 00:19:07:c6:39:60 slot 1
*spamApTask2: Jan 30 09:46:59.028: 00:19:07:c6:39:60 No AP entry exist in temporary database for 10.64.94.52:2134
*spamApTask0: Jan 30 09:46:59.127: 00:19:07:c6:39:60 Received LWAPP DISCOVERY REQUEST to 44:2b:03:b4:39:cf on port '13'
*spamApTask3: Jan 30 09:46:59.128: 00:19:07:c6:39:60 Discovery Request from 10.64.94.52:2135
*spamApTask3: Jan 30 09:46:59.128: 00:19:07:c6:39:60 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
*spamApTask3: Jan 30 09:46:59.128: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2135
*spamApTask3: Jan 30 09:46:59.129: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2135
*spamApTask0: Jan 30 09:46:59.129: 00:19:07:c6:39:60 Discarding discovery request in LWAPP from AP supporting CAPWAP
*spamApTask0: Jan 30 09:47:28.995: 00:19:07:c6:39:60 Received LWAPP DISCOVERY REQUEST to 44:2b:03:b4:39:cf on port '13'
*spamApTask2: Jan 30 09:47:28.996: 00:19:07:c6:39:60 Discovery Request from 10.64.94.52:2134
*spamApTask2: Jan 30 09:47:28.996: 00:19:07:c6:39:60 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
*spamApTask2: Jan 30 09:47:28.996: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2134
*spamApTask2: Jan 30 09:47:28.996: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2134
*spamApTask0: Jan 30 09:47:28.996: 00:19:07:c6:39:60 Discarding discovery request in LWAPP from AP supporting CAPWAP
*spamApTask0: Jan 30 09:47:58.856: 00:19:07:c6:39:60 Received LWAPP DISCOVERY REQUEST to 44:2b:03:b4:39:cf on port '13'
*spamApTask3: Jan 30 09:47:58.857: 00:19:07:c6:39:60 Discovery Request from 10.64.94.52:2135
*spamApTask3: Jan 30 09:47:58.857: 00:19:07:c6:39:60 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 50, joined Aps =0
*spamApTask3: Jan 30 09:47:58.857: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2135
*spamApTask3: Jan 30 09:47:58.857: 00:19:07:c6:39:60 Discovery Response sent to 10.64.94.52:2135
*spamApTask0: Jan 30 09:47:58.857: 00:19:07:c6:39:60 Discarding discovery request in LWAPP from AP supporting CAPWAP
*sshpmLscTask: Jan 30 09:48:10.688: sshpmLscTask: LSC Task received a message 4
01-30-2014 02:19 AM
HI David,
There is nothing wrong in logs.
Now You must check your swicth config, routing / Firewall Policies....(dont forget to open the port 5246, 5247).
Reagrds
01-30-2014 01:19 AM
Have you tried to clear the AP and upload a new RCV image and start the ap from scratch?
I would upload this image to the AP first
c1240-rcvk9w8-tar.124-25e.JAO3.tar
http://software.cisco.com/download/release.html?mdfid=280237322&flowid=7588&softwareid=280775090&release=12.4.25e-JAO3&relind=AVAILABLE&rellifecycle=ED&reltype=latest
I would then delete all the other images in flash: and also delete these two files
delete flash:private-config
delete flash:private-multiple-fs
Erase the nvram:
Enter the username and password
debug LWAPP console cli
erase /all nvram:
[confirm]
undebug all
reload
[confirm]
When the AP comes back up, from the console issue: lwapp ap controller IP address 
See if the AP joins
Sent from Cisco Technical Support iPhone App
01-30-2014 01:51 AM
Hi Scott,
Can you just show me how to download the new image to the AP ?
Thanks a lot !
David
01-30-2014 06:00 AM
David,
Here are various ways to upload images to an AP
Using a TFTP Server to Return to a Previous Release
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
https://supportforums.cisco.com/docs/DOC-18268
http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp160918
http://www.youtube.com/watch?v=QQ_NuxdRhQ4
https://supportforums.cisco.com/docs/DOC-14960
Sent from Cisco Technical Support iPhone App
01-30-2014 02:23 AM
HI David,
One other reason that H-REAP APs do not join WLCs is if the Proxy ARP is disabled on the gateway for the H-REAP APs. From the AP console, this message is logged:
*Jan 30 09:01:34.766: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(UNKNOWN_MESSAGE_T., 1)5)
This can be caused by Cisco bug ID CSCse92856. This problem applies only to AP1130 and AP1240. This problem does not apply to AP1000s, AP1100, or AP1200.
This problem occurs when these conditions are met:
HREAP mode is used in the WLAN. Local mode is not affected by this issue. Native VLAN mapping is required.
The APs have to be on a different IP subnet than the AP Manager of the WLCs.
Proxy ARP is disabled on the default gateway for the AP.
The H-REAP AP gets the default gateway from a DHCP server.
In order to resolve this issue, enable Proxy ARP on the default gateway router of the AP.
Try this.
Regards
Dont forget to rate helpful posts
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide