cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2187
Views
5
Helpful
20
Replies

IW9167EH-B not joining 9800-40 WLC

fuhrersk8
Level 3
Level 3

Hi Guys,

We have a IW9167EH-B access point unable to join a 9800-40 WLC. The 9800 IOS version is 17.9.3

The error we are getting is "Received AAA authorization failed response for AP MAC auth"

Thanks in advanced.

1 Accepted Solution

Accepted Solutions


@fuhrersk8 wrote:
Does anywhere in IW9167s documentation states that they are factory set as mesh?

In the Bill of Material.

By default, all outdoor APs are configured for MESH from the factory.  If the BoM does not specify the firmware loaded will be local-mode, then then AP will arrive in MESH.  

The only way to convert it back to local is to either console into the AP or get the AP to join the controller (by adding the MAC address) and change the mode to local. 

View solution in original post

20 Replies 20

Scott Fella
Hall of Fame
Hall of Fame

Take a look at the matrix.  This will show you want image is compatible with what access point. 17.11.1 is the first image supported by the model you have.

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html#c9800-ctr-ap-sw-platform

--UPDATE--

Looks like 17.9.3 is the minimum if that is the correct model number you have.  Also, take a look at the port configuration because that looks like a MAB error.  You can also connect a good know ap to the same port to see if the ap joins or not, that will help isolate the issue.

-Scott
*** Please rate helpful posts ***

Thanks for your reply Scott.

Port configuration is not an issue. 

Thanks again. 

Have you tried anything else?  Have you tried another ap on the same port?  Are you using MAB on the switch port?

-Scott
*** Please rate helpful posts ***

Yes. There was a 9130AXI connected to the same port and registered to the WLC, no issues. 

Regards, 

Okay, well your best bet is to console into the ap and power the ap up. The logs will tell you what the issue is. 

-Scott
*** Please rate helpful posts ***

Leo Laohoo
Hall of Fame
Hall of Fame

On the AP, post the output to the command "sh capwap client rcb".

marce1000
VIP
VIP

 

                              >...The 9800 IOS version is 17.9.3
     Ref : https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
                                    You will need 17.11.1 at minimum

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hi,

Its 17.9.3 first introduction for these access points.

Regards,

 

                  - Ref : >...Received AAA authorization failed response for AP MAC auth             (from initial post)
    - It seems that you are authorizing APs on the controller by MAC address ; make sure that the particular AP is authorized as such  , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Like mentioned earlier, you need to post the output from the console with info when the ap boots up.  This is the only way folks here can help you.  You should also post your port confg and any debug from the switch.

-Scott
*** Please rate helpful posts ***

Rich R
VIP
VIP

Take a look at https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213916-catalyst-9800-wireless-controllers-ap-au.html for AP MAC auth

fuhrersk8
Level 3
Level 3

Hi Guys,

Still working the case via Cisco TAC. Executed the command no ap auth-list method-list default but same result. 

Thanks. 

I am sure you get better support with TAC. If AP came up with Mesh image, you need to add AP Ethernet MAC address into 9800 database.

Configuration > Security > AAA > Advanced > Device Authentication

HTH
Rasika
*** Pls rate all useful responses ***

Hi Rasika,

Yes, that was what I first thought of, but it did not made any difference. 

Thanks. 

Review Cisco Networking for a $25 gift card