Issue with moving AP from 5508 WLC to 9800-l
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2020 06:31 PM - edited 07-05-2021 12:24 PM
Hi all,
I have a WLC 5508 controller running 8.5.140.0 and I am trying to move the access points off this controller to a 9800-l running ios-xe 16.12.3
When I move an AP from the 5508 to the 9800 it will not join.
I have checked the other posts with similar issues and I have enabled data encryption on the AP and on the 9800-L controller as per the documentation. but this didn't solve the issue.
In the packet capture on the 9800 I can see the
1. discover request and response
2. Client Hello and response
3. Client Key exchange followed by the change cipher from the controller with everything set to use DTLS 1.0
4. AP sends a capwap join request
5. the WLC responds with a encrypted alert message.
6 the ap tries to send data but the WLC does not respond.
within the packet capture taken of the join request I can see the mac address of the of the ap (WTP Board data Base MAC Address) This address is on the 9800.
At this stage I am stuck, as there is nothing in the 9800-l logs to prevent it from joining.
I will be very grateful for some assistance on the issue.
Ian Vickery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-17-2020 08:04 PM
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 02:44 PM
The Access points are 2800.
I have used a brand new unit and it connected successfully to the 9800 controller
I failed this to the 5800, and the AP associated fine.
I then went to reassociate the same ap back to the 9800 but will not join.
I have check the date and time settings and they are correct and in sync.
Do you have any other suggestions?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 06:32 PM
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 06:42 PM
since it is in a remote location I have done a factory reset via the CLI
I haven't tried it with the mode button.
In the packet captures taken it discovers the WLC authenticates sends the join message, and receives an encrypted alert back from the WLC.
I do notice the CAPwap tunnel is using TLS1.0 but when connected to the 5508 it is using TLS1.2
Regards
Ian Vickery
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 06:56 PM
*** Please rate helpful posts ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 07:40 PM
Yes I have now opened a TAC case.
We will post the solution here. when I get a response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2020 08:09 AM
Can you post show certificate all from 5508 controller?
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2020 04:55 AM
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2023 03:04 AM
Hi,
Is this the only solution. Because I am also having a similar scenario. Wherein my customer has 2800/3800 series AP and 5508 WLC. Not the 5508 is running on 8.5.171.0 code which refers to 15.3(3)JF14 IOS version on AP and if I check the wireless compatibility matrix then I need to have 15.3.(3)JPJ10 IOS version on the AP to get the AP connected to C9800 WLC. So its obvious that to get the AP to 15.3(3)JPJ10 I need to also upgrade 5508 WLC which is not possible since the last code support for 5508 WLC is 8.5.182.0 which refers to 15.3(3)JF15. which will not help in the migration. So how can we upgrade only the IOS version of the AP that too in bulk option. Because the AP count is very high. Doing it one by one would take a lot of time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2023 02:07 PM
Hi Rahul,
I would suggest your 9800 to be on 17.9.3 code and test moving one AP across to test & see how it goes. I would not expect major issues
HTH
Rasika
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2023 02:45 AM
Thanks Rasika. Your input helps. Also I did found one article wherein it is mentioned we can do pre download image on the AP using the WLANPoller tool. Not sure of this tool. Have not heard or used this before. Below is the link.
