Join error: AIR-AP1852E-H-K9 "Ap model" have a more "9" when join WLC

Rps-Cheers · ‎03-24-2019

Hi All

These days,i have met a few similar issue.AIR-AP1852E-H-K9 cannot join WLC(eg,2504\5508).

There are some error when we issue "debug capwap event enable" and "debug capwap error enable" on WLC.

As below：

----error info -1

*spamApTask1: Mar 24 15:18:59.752: [PA] Unknown AP type. Using Controller Version!!!

*spamApTask4: Mar 24 15:19:01.708: [PA] 00:38:df:1b:3b:a0 ApModel: AIR-AP1852E-H-K99

*spamApTask6: Mar 24 15:19:02.447: [PA] 00:f8:2c:1b:2b:00 ApModel: AIR-AP1852E-H-K99

*spamApTask7: Mar 24 15:19:04.873: [PA] 00:f8:2c:1b:5b:20 ApModel: AIR-AP1852E-H-K99

......

-----error info -2

show msglog

.........

*spamApTask3: Mar 24 15:30:42.684: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:833 Failed to complete DTLS handshake with peer 172.27.60.19
*spamApTask4: Mar 24 15:30:33.108: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:833 Failed to complete DTLS handshake with peer 10.27.60.39
*spamApTask2: Mar 24 15:30:11.841: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:833 Failed to complete DTLS handshake with peer 10.27.60.17
*spamApTask0: Mar 24 15:30:11.343: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:833 Failed to complete DTLS handshake with peer 10.27.60.13
*spamApTask3: Mar 24 15:30:05.622: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:833 Failed to complete DTLS handshake with peer 10.27.60.32

In addition,there are some APs(AIR-AP1852E-H-K9) which join wlc before can join wlc again normally.

WLC software:8.1.131.0 & 8.2.170.0

AP source ：RMA or Newly purchased AP

I am very serious about this is a serious vulnerability.Do you think?

Is there anybody have occur the issue,and resloved it?

Thanks & BR

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Ric Beeching · ‎03-24-2019

Hi,
Do you have time/NTP configured correctly on the WLC(s)? Is it happening on multiple WLCs? Can you attach a full output from the debug commands you're running as well as a show sysinfo show inventory show licenses summary show country and show auth-list.

Cheers,
Ric

-----------------------------
Please rate helpful / correct posts

Rps-Cheers · ‎03-26-2019

I have configured the time and it's happening on multiple WLCs.The debug info is always as below:
*spamApTask1: Mar 24 15:18:59.752: [PA] Unknown AP type. Using Controller Version!!!

*spamApTask4: Mar 24 15:19:01.708: [PA] 00:38:df:1b:3b:a0 ApModel: AIR-AP1852E-H-K99

*spamApTask6: Mar 24 15:19:02.447: [PA] 00:f8:2c:1b:2b:00 ApModel: AIR-AP1852E-H-K99

*spamApTask7: Mar 24 15:19:04.873: [PA] 00:f8:2c:1b:5b:20 ApModel: AIR-AP1852E-H-K99

there is not some other useful info.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Sathiyanarayanan Ravindran · ‎03-24-2019

Hi,

Check whether proper country code is enabled on the Controller for associating. Also check for the NTP configuration, Is it proper or Not.

Country code China has to be enabled to support these -H- domain access points.

https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Rps-Cheers · ‎03-26-2019

The country code is right,and the time of WLC is also right.

Yes,the AP model is AIR-AP1852E-H-K9,so i have set the country code is CN. And there are some other AP1852E joined before,they can work well at the same time.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Leo Laohoo · ‎03-24-2019

I'd recommend migrating away from 8.1.131.0.

Rps-Cheers · ‎03-26-2019

Yes,I think so,So i suggested upgrade wlc to 8.3.134.0 ,and waiting for end user update.
I believe there is a bug about the issue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

patoberli · ‎03-28-2019

This, or an error happened in the provisioning process in the factory. I actually suggest to do an RMA.