Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3230
Views
5
Helpful
6
Replies

Issue when registering AP 3702 to vWLC 9800

Go to solution
caob
Level 1
Level 1

‎08-05-2021 12:20 PM - edited ‎08-06-2021 10:08 AM

Hi,

 

I have a vWLC in a remote lab where im using the interface G1 for WLC admin and also as wireless management interface.

 

Then, at my home I have an AP 3702 in a network that can reach the WLC via VPN. The AP can ping the WLC and the WLC can ping the AP. In the AP I use the command "capwap ap controller ip address"  and then the IP that is configured on the interface G1 on my vWLC.

 

But when in the GUI I go to Wiress -> AP Statistics -> Join Statistics, I see a type of error that occurred last: DTLS-Handshake and the AP appears at not joined.

 

***UPDATE***

As I'm using  version 17.3.3 on WLC, I manually updated the AP to version 15.3(3)JPJ6, after this Im getting the next logs on the AP side:

 

*Aug 6 17:05:57.011: Delete of backup image not donewith status 1
*Aug 6 17:05:57.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.3.247:5246
*Aug 6 17:06:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.3.247 peer_port: 5246!
*Aug 6 17:06:44.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xD13786C!

 

In the Radioactive trace tool on WLC I got the following logs:

 

2021/08/06 12:02:37.264086 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 Public IP learnt is FALSE, public IP discovery is FALSE, private IP discovery is TRUE.
2021/08/06 12:02:37.264256 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 IP:192.168.129.210[58052], Discovery Response sent
2021/08/06 12:02:47.240462 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:47.240545 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:02:49.243227 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:49.243258 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:02:53.238407 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:53.238697 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:01.238694 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:01.238949 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:47.252034 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:47.252090 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:49.250946 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:49.250999 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:53.247810 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:53.247863 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:04:01.250326 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:04:01.250381 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:04:47.265751 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 Public IP learnt is FALSE, public IP discovery is FALSE, private IP discovery is TRUE.
2021/08/06 12:04:47.265825 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 IP:192.168.129.210[58052], Discovery Response sent

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to caob

‎08-06-2021 02:43 PM

Ok, did you generate the self signed certificate for ap to wlc communication?

wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}

 

Also you can set the wireless management interface manually by 

wireless management interface {interface name}

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

6 Replies 6

Go to solution
marce1000
VIP
VIP

‎08-05-2021 11:50 PM

 

 - Check  Wireless compatibility matrix     , make sure this ap-model and the controller are compatible

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
caob
Level 1
Level 1
In response to marce1000

‎08-06-2021 08:30 AM

Hi,

 

I've checked that, im running version 17.3.3 and in the compatibility matrix appears the lightweight APs 3700 as supported.

 

Best regards!

0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-06-2021 12:57 PM

When you configured "capwap ap controller ip address" did you configure it with the Wireless management interface IP?

Remember 9800 can have only one wireless management interface.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
caob
Level 1
Level 1
In response to Arshad Safrulla

‎08-06-2021 02:09 PM

Yes, I used the wireless management interface IP, but this is the same interface that I use for access the vWLC via GUI.

 

It's the only interface "up" at the moment. Do you think this could be a problem? Now I'm trying to join a 1850 and I'm getting these logs:

 

Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000] CAPWAP State: DTLS Setup
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122] dtls_disconnect: ERROR shutting down dtls connection ...
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122]
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122]
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122] CAPWAP State: DTLS Teardown
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] No more AP manager addresses remain..
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] No valid AP manager found for controller 'WLC-9800-AA' (ip: 10.100.3.247)
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] Failed to join controller WLC-9800-AA.
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] Failed to join controller.
Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000]
Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000] CAPWAP State: DTLS Setup

0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to caob

‎08-06-2021 02:43 PM

Ok, did you generate the self signed certificate for ap to wlc communication?

wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}

 

Also you can set the wireless management interface manually by 

wireless management interface {interface name}

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
caob
Level 1
Level 1
In response to Arshad Safrulla

‎08-06-2021 04:21 PM

Hi, at the begining of my tshoot I had used the "wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}" command with a "weak" password, after your suggestion I re-entered the command (this time using a more complex password) and it seemed to work, I got the next log:

 

Aug 6 22:50:30.503: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.

 

What was strange for me was that the AP already had the correct image (Version 15.3(3)JPJ6), So I don't know why the log said that the required image was not found. Anyways, after the download process the AP got registered in the WLC.

 

Another important thing is that after I read that the management interface and the AP interface should be different in the vWLC, I added a new interface G2 and used this new interface as "wireless management interface"

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card