1. vWLC:  sh sysinfo; 

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.3.101.0
RTOS Version..................................... 7.3.101.0
Bootloader Version............................... 7.3.101.0
Emergency Image Version.......................... 7.3.101.0

Build Type....................................... DATA + WPS

System Name...................................... WLC1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.1.1.120
System Up Time................................... 0 days 11 hrs 32 mins 36 secs
System Timezone Location.........................

Configured Country............................... AU - Australia

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled

--More-- or (q)uit
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:BE:43:EE
Maximum number of APs supported.................. 200

1. AP:  sh version;

APa493.4c38.0b67#sh ver
Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 12.4(21a)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 08-Jun-09 16:28 by prod_rel_team

ROM: Bootstrap program is C1140 boot loader
BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1)

APa493.4c38.0b67 uptime is 10 hours, 56 minutes
System returned to ROM by reload
System image file is "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"
Last reload reason:

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-LAP1142N-N-K9 (PowerPC405ex) processor (revision B0) with 98294K/32768K bytes of memory.
Processor board ID FGL1620S4Y9
PowerPC405ex CPU at 586Mhz, revision number 0x147E
Last reset from reload
LWAPP image version 3.0.51.0
1 Gigabit Ethernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: A4:93:4C:38:0B:67
Part Number : 73-12836-04
PCA Assembly Number : 800-33767-04
PCA Revision Number : A0
PCB Serial Number : FOC16192EK0
Top Assembly Part Number : 800-33775-03
Top Assembly Serial Number : FGL1620S4Y9
Top Revision Number : A0
Product/Model Number : AIR-LAP1142N-N-K9

Configuration register is 0xF

APa493.4c38.0b67#

1. AP:  sh ip interface brief

APa493.4c38.0b67#sh ip int br

Interface                        IP-Address           OK?         Method           Status            Protocol
GigabitEthernet0         10.1.2.50               YES          DHCP             up                    up

Current logs of AP:

*Jul 15 13:16:25.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:16:26.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:16:26.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:16:36.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:16:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:16:36.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:17:05.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:17:05.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:17:36.000: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:17:36.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:17:36.001: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:17:46.006: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:17:46.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:17:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:17:46.013: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jul 15 13:18:16.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:18:16.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:18:45.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:18:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:18:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:18:56.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:18:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:18:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:19:25.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:19:25.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:19:55.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:19:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:19:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:20:06.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:20:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:20:06.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:20:36.001: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:20:36.001: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:21:06.000: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:21:06.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:21:06.001: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:21:16.006: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:21:16.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:21:16.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:21:16.014: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jul 15 13:21:46.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:21:46.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:22:15.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:22:16.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:22:16.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:22:26.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:22:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:22:26.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:22:56.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:22:56.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:23:25.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:23:26.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:23:26.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:23:36.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:23:37.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:23:37.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:24:06.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:24:06.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 13:24:36.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 13:24:37.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:24:37.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 13:24:47.005: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 13:24:47.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 13:24:47.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 13:24:47.014: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jul 15 13:25:17.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 13:25:17.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.

How many APs is the vWLC licensed for?

200 Access Points Supported

If the AP has an IP address, could the AP ping the Management IP Address of the vWLC?

Yes, AP can ping the vWLC management IP address 10.1.1.120

APa493.4c38.0b67#ping 10.1.1.120

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.120, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
APa493.4c38.0b67#

From Controller to AP:

(Cisco Controller) >ping 10.1.2.50

Send count=3, Receive count=3 from 10.1.2.50

(Cisco Controller) >

Yes, AP can ping the vWLC management IP address 10.1.1.120

On the AP, kindly try the command "capwap ap controller <Management IP address of the controller>".

This command does not support the ap:

APa493.4c38.0b67#capwap ap controller 10.1.1.120
^
% Invalid input detected at '^' marker.

APa493.4c38.0b67#

I tried this command but didnt get anything...

APa493.4c38.0b67#lwapp ap controller ip address 10.1.1.120
APa493.4c38.0b67#
APa493.4c38.0b67#

Current logs of AP:

*Mar 1 00:14:43.963: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 20:58:46.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 20:58:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 20:58:46.002: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jul 15 20:59:15.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 20:59:15.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 20:59:45.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 20:59:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 20:59:46.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 20:59:56.007: %CAPWAP-3-ERRORLOG: Go join a lwapp controller
*Jul 15 20:59:56.007: %LWAPP-3-CLIENTERRORLOG: Set Transport AddressCalled
*Jul 15 20:59:56.015: %LWAPP-5-CHANGED: CAPWAP changed state to JOIN
*Jul 15 21:00:01.014: %LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - WLC1)
*Jul 15 21:00:01.014: %LWAPP-3-CLIENTERRORLOG: Set Transport AddressCalled
*Jul 15 21:00:01.015: %LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
*Jul 15 21:00:01.015: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 20:59:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 20:59:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 20:59:56.002: %CAPWAP-3-ERRORLOG: Dropping dtls packet since session is not established.
*Jul 15 21:00:25.999: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 21:00:25.999: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.
*Jul 15 21:00:55.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 21:00:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 21:00:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 21:01:06.005: %CAPWAP-3-ERRORLOG: Go join a lwapp controller
*Jul 15 21:01:06.005: %LWAPP-3-CLIENTERRORLOG: Set Transport AddressCalled
*Jul 15 21:01:06.012: %LWAPP-5-CHANGED: CAPWAP changed state to JOIN
*Jul 15 21:01:11.012: %LWAPP-3-CLIENTERRORLOG: Join Timer: did not recieve join response (controller - WLC1)
*Jul 15 21:01:11.012: %LWAPP-3-CLIENTERRORLOG: Set Transport AddressCalled
*Jul 15 21:01:11.012: %LWAPP-3-CLIENTERRORLOG: Set Transport Address: no more AP manager IP addresses remain
*Jul 15 21:01:11.012: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 21:01:11.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 21:01:11.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 21:01:41.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Jul 15 21:01:41.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.1.120 is reached.

Nothing is block on firewall... i can ping internet from AP

APa493.4c38.0b67#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 18/18/19 ms
APa493.4c38.0b67#
APa493.4c38.0b67#
APa493.4c38.0b67#ping www.google.com
Translating "www.google.com"...domain server (10.1.1.99) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.25.36, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/18 ms
APa493.4c38.0b67#

i can ping firewall IP

Pa493.4c38.0b67#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
APa493.4c38.0b67#

Now having certificate issue

*Jul 15 22:57:31.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 22:57:31.000: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jul 15 22:57:41.004: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jul 15 22:57:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.120 peer_port: 5246
*Jul 15 22:57:41.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jul 15 22:57:41.020: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jul 15 22:57:41.020: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jul 15 22:57:41.020: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:326 Certificate verified failed!
*Jul 15 22:57:41.020: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.1.1.120
*Jul 15 22:57:41.020: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.1.1.120:5246
*Jul 15 22:57:41.020: %DTLS-3-BAD_RECORD: Erroneous record received from 10.1.1.120: Malformed Certificate
*Jul 15 22:57:41.021: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.1.1.120:5246
*Jul 15 22:57:41.021: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Finally i registered the AP with vWLC... :)

but it dose not broadcast ssid..AP is in default group