Re: I am failing to join Access point to Wireless Lan Controller

Nkamiyingabo Gatungo Frederic · ‎11-10-2022

I have cisco Accee point c9120AX-I that I am trying to join to Wireless Lan Controller(Cisco catalys 9800 series), From AP, I can ping the WLC from AP, and vice versa, but the AP can not join the WLC, the AP is blinking RED and Green,

From the AP, the below errors message are showin over and over

=================================================

AP9CD5.7DC1.7B44#[*11/10/2022 17:37:38.0130] PNP:Server not reachable, Start CAPWAP Discovery
[*11/10/2022 17:37:38.0130]
[*11/10/2022 17:37:38.0130] Going to restart CAPWAP (reason : Post startCapwapDiscovery)...
[*11/10/2022 17:37:38.0130]
[*11/10/2022 17:37:38.0130] Restarting CAPWAP State Machine.
[*11/10/2022 17:37:38.0130] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Discovery(2).
[*11/10/2022 17:37:38.0400]
[*11/10/2022 17:37:38.0400] CAPWAP State: DTLS Teardown
[*11/10/2022 17:37:38.1550] upgrade.sh: Script called with args:[ABORT]
[*11/10/2022 17:37:38.2080] do ABORT, part1 is active part
[*11/10/2022 17:37:38.2280] upgrade.sh: Cleanup tmp files ...
[*11/10/2022 17:37:38.2530] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).
[*11/10/2022 17:37:38.2530] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Teardown(4).

================================================

When i do SHOW IP INT BRIEF:

AP9CD5.7DC1.7B44>show ip int br
Interface IP-Address Method Status Protocol Speed Duplex
wired0 192.168.0.4 static up up 100 full
auxiliary-client unassigned unset up up n/a n/a
apr0v0 n/a n/a administatively down down n/a n/a
apr1v0 n/a n/a administatively down down n/a n/a
AP9CD5.7DC1.7B44>

Both appliance are in the same Vlan.

Please assist me.

WLC version:

WLC#show vers
Cisco IOS XE Software, Version 17.03.03
Cisco IOS Software [Amsterdam], C9800 Software (C9800_IOSXE-K9), Version 17.3.3, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Thu 04-Mar-21 12:37 by mcpre

AP Version and Details:

AP9CD5.7DC1.7B44 uptime is 0 days, 0 hours, 19 minutes
Last reload time : Thu Nov 10 17:28:04 UTC 2022
Last reload reason : Capwap Discovery Failed

ry. 20AXI-A ARMv8 Processor rev 0 (v8l) with 1875408/1085124K bytes of memo--More--
Processor board ID FGL2551L1KN
AP Running Image : 8.10.130.0
Primary Boot Image : 8.10.130.0
Backup Boot Image : 0.0.0.0
Primary Boot Image Hash:
Backup Boot Image Hash:
1 Multigigabit Ethernet interfaces
2 802.11 Radios
Radio Driver version : Broadcom BCA: 17.18 RC2.0
Radio FW version : 24203.103.r40354 0
NSS FW version : NA

===========

Also the AP is blinking RED and Green, what does this LED means?

balaji.bandi · ‎11-10-2022

how is your AP joining process, same network with broadcast, or Option 43 or DNS ?

also AP connected what switch port ?

APs LED blinking red and green even though the AP has obtained the IP address and joined the controller. This is because there is no regulatory domain set on the AP, and it has not been primed with the correct domain.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Nkamiyingabo Gatungo Frederic · ‎11-10-2022

It has not joined yet. both AP and WLC are on the same networ. both getting
ip from VLAN dhcp.
==============================
[*11/10/2022 18:44:01.7830] No more AP manager addresses remain..
[*11/10/2022 18:44:01.7830] No valid AP manager found for controller 'WLC'
(ip: 192.168.1.5)
[*11/10/2022 18:44:01.7830] Failed to join controller WLC.
[*11/10/2022 18:44:01.7830] Failed to join controller.
[*11/10/2022 18:55:50.0000]
[*11/10/2022 18:55:50.0000] CAPWAP State: DTLS Setup

marce1000 · ‎11-10-2022

- Review the your 9800 controller configuration with the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer. Checkout all advisories!

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Arshad Safrulla · ‎11-10-2022

What is the WLC model?

Looks like AP is negotiating 100mb, is there any cabling issue? Also make sure that the AP is using IP from DHCP.

wired0 192.168.0.4 static up up 100 full

Since you said AP and WLC WMI are in the same VLAN, please make sure that the below is configured in the WLC.

wireless management interface <WMI interface>

If you are using virtual WLC, make sure that the below is configured.

wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 <password>

Also make sure that the WLC is syncing to NTP server and date/time updated. If you are using a physical WLC make sure that the WMI VLAN is allowed in the trunk connecting to WLC from both WLC and switch side, do not use any native VLANs.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Nkamiyingabo Gatungo Frederic · ‎11-11-2022

I can't locate wireless management interface in WLC,
MOdel : c9120AX-I
C9800-L-C-K9.
Its an appliance, not a virtual WLC.

Leo Laohoo · ‎11-10-2022

Post the complete output to the command "sh run | i wireless management".

Nkamiyingabo Gatungo Frederic · ‎11-11-2022

Post the complete output to the command "sh run | i wireless management"

WLC#show run | begin wireless management
wireless management interface GigabitEthernet0
public-ip 192.168.1.20
wireless profile airtime-fairness default-atf-policy 0
wireless profile flex default-flex-profile
description "default flex profile"
wireless profile mesh default-mesh-profile
description "default mesh profile"
wireless profile policy default-policy-profile
autoqos mode voice
description "default policy profile"
dhcp-tlv-caching
http-tlv-caching
radius-profiling
service-policy input platinum-up
service-policy output platinum
vlan VLAN0200
no shutdown
wireless tag site default-site-tag
description "default site tag"
wireless tag policy default-policy-tag
description "default policy-tag"
wlan Guest_ISE policy default-policy-profile
wlan STAFF_ISE policy default-policy-profile
wireless tag rf default-rf-tag
description "default RF tag"
wireless fabric control-plane default-control-plane
wireless country US
wlan Guest_ISE 2 Guest_ISE
no security wpa
no security wpa wpa2
no security wpa wpa2 ciphers aes
no security wpa akm dot1x
security web-auth
security web-auth authentication-list authentication_login_day0
security web-auth parameter-map day0_web_auth_Guest_ISE
no shutdown
wlan STAFF_ISE 1 STAFF_ISE
security wpa psk set-key ascii 0 Wireless@Feda
no security wpa akm dot1x
security wpa akm psk
no shutdown
ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold low
rate RATE_12M supported
rate RATE_24M supported
rate RATE_6M supported
tx-power v1 threshold -65
no shutdown
ap dot11 24ghz rf-profile High_Client_Density_rf_24gh
description "pre configured High Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold medium
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
tx-power min 7
no shutdown
ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh
description "pre configured Typical Client Density rfprofile for 2.4gh
radio"
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
no shutdown
ap dot11 24ghz cac voice acm
ap dot11 24ghz rate RATE_12M supported
ap dot11 24ghz rate RATE_24M supported
ap dot11 24ghz rate RATE_6M supported
ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 5gh radio"
high-density rx-sop threshold low
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
tx-power v1 threshold -60
no shutdown
ap dot11 5ghz rf-profile High_Client_Density_rf_5gh
description "pre configured High Client Density rfprofile for 5gh radio"
high-density rx-sop threshold medium
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M disable
rate RATE_9M disable
tx-power min 7
tx-power v1 threshold -65
no shutdown
ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh
description "pre configured Typical Density rfprofile for 5gh radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz cac voice acm
ap dot11 5ghz rate RATE_12M mandatory
ap dot11 5ghz rate RATE_24M mandatory
ap dot11 5ghz rate RATE_6M mandatory
ap lsc-provision
ap lsc-provision trustpoint TP-self-signed-1657734717
ap tag-source-priority 2 source filter
ap tag-source-priority 3 source ap
ap profile HQ
capwap backup primary WLC 192.168.50.1
description "HQ Autherntication"
icap subscription client packet-trace full enable
ntp ip 192.168.50.2
syslog host 192.168.50.1
ap profile default-ap-profile
description "default ap profile"
ntp ip 8.8.8.8
power injector installed
power injector switch-mac-address 9cd5.7dc1.7b44
ap upgrade staggered 25
trapflags ap crash
trapflags ap noradiocards
trapflags ap register
end
=================
How can I set the DHCP to be pushed from WLC and get it to AP, through
the L3 switch ?

Rich R · ‎11-16-2022

1. Upgrade WLC to 17.3.6 + APSP or 17.6.4 as per TAC recommended link in my signature below.
2. You will need to manually upgrade the AP software to a more recent version like 8.10.162.0 or later before it will be able to join due to changes in CAPWAP protocol on 9800. https://software.cisco.com/download/home/286322988/type/286288051/release/15.3.3-JK6
3. You should not be using the WLC for DHCP - that should be configured on switch, router or DHCP server.
4. Have you checked your config as @marce1000 recommended?
"wireless management interface GigabitEthernet0" will not work - that is the Service Port (SP) for out-of-band management which is in a VRF and can NOT be used for wireless management.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-L/installation-guide/b-wlc-ig-9800-L/Power-Up-and-Initial-Configuration.html#Gigabit_Ethernet_Management_Interface_Overview
See the example in https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-L/installation-guide/b-wlc-ig-9800-L/Power-Up-and-Initial-Configuration.html#Checking_Conditions_Prior_to_System_Startup Step 7 and refer to https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#Wirelessmanagementinterface

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390