cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14018
Views
0
Helpful
28
Replies

Old famous problem - AP LAP1142N can't join the controller - 4402, please participate, let's make a good guide!

zheka_pefti
Explorer
Explorer

Hello folks,

I really feel sorry for bringing up this discussion again. I wouldn't dare to ask this question if I find someone's clear cut suggestion/solution or an overview giving a detailed step-by-step procedure. People just suggest jumping through so many  hoops like resetting the AP or converting it back to standalone mode and then back to LWAPP.

Hence I have so many questions and hope that we can make a good guide covering all possible problems.

1) AP was originally running a standalone image.  I booted it into a so-called ROMMON or AP mode (ESC is the right key to make it boot into this mode)

I found a recovery image in its flash - c1140-rcvk9w8-mx. I made the AP boot from it by using "set" command and I see that it start booting using this recovery image. Here goes the question. Do all AP settings matter ? E.g. when I run "set" command from AP I see the following:

ap: set

?=

DEFAULT_ROUTER=10.0.0.1

Default_router=10.9.99.1

ENABLE_BREAK=yes

IP_ADDR=10.0.0.1

IP_AddR=10.9.99.9

MANUAL_BOOT=no

NETMASK=255.255.255.224

NEW_IMAGE=yes

PWR_INJECTOR_DETECT=0016.c7fa.b394

RELOAD_REASON=9

ROM_PERSISTENT_UTC=1014941470

TERMLINES=0

netmask=255.255.255.0

2) How would do something like "write erase" or even recover the enable password while being in AP mode? Do I really need to do it ? What I see next makes me believe there's something with the AP configuration (particularly SSH) that prevents an AP join WLC.

3) The AP is powered on, connected to the switchport on the same L2 VLAN where WLC management interface. Then it boots and gets an IP address from the DHCP server located on the other switch.

*Mar  1 00:00:08.695: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Mar  1 00:00:08.705: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR  (0000.0000.0000)

*Mar  1 00:00:09.629: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up

*Mar  1 00:00:17.534: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.122, mask 255.255.255.0, hostname AP2

Here comes the question, why do I see this on the console (pay attention at "transport input ssh" line)? Does it have anything to do  with an error for DTLS ?

*Apr 12 12:44:21.034: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 12 12:44:31.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246

*Apr 12 12:44:55.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:1924 Max retransmission count reached!

*Apr 12 12:44:55.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.1.141 is reached.

transport input ssh

^

% Invalid input detected at '^' marker.

4) Do I have to connect the controller ap-manager interface to the network or I can rely on the AP find the WLC via its management interface. I have never worked with 4400 series controllers. Just started with 5500 and they don't have the ap-manager interface.

Cisco guide says: "The management interface is also used for layer two communications between the WLC and access points", so I can safely assume that it is enough. Moreover I can ping the AP from the WLC while connected to WLC via SSH and its management interface.

5) And finally, what's wrong with the discovery? This is what I see on the controller while debugging capwap packets:

(Cisco Controller) debug>*spamReceiveTask: Apr 12 12:53:52.253: <<<<  Start of CAPWAP Packet  >>>>

*spamReceiveTask: Apr 12 12:53:52.253: CAPWAP Control mesg Recd from 192.168.1.122, Port 57046

*spamReceiveTask: Apr 12 12:53:52.253:          HLEN 4,   Radio ID 0,    WBID 1

*spamReceiveTask: Apr 12 12:53:52.253:          Msg Type   :   CAPWAP_DISCOVERY_REQUEST

*spamReceiveTask: Apr 12 12:53:52.253:          Msg Length : 29

*spamReceiveTask: Apr 12 12:53:52.253:          Msg SeqNum : 0

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253:   Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1

*spamReceiveTask: Apr 12 12:53:52.253:          Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253:   Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1

*spamReceiveTask: Apr 12 12:53:52.253:          WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253:   Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1

*spamReceiveTask: Apr 12 12:53:52.253:          WTP Mac Type  : SPLIT_MAC

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253:   Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10

*spamReceiveTask: Apr 12 12:53:52.253:          Vendor Identifier  : 0x00409600

*spamReceiveTask: Apr 12 12:53:52.254:

What discovery mode are we in? L2 or L3 ?

28 Replies 28

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

Good catch Wes.  Miss that! 

As far as the rest of this thread going all over the place....:

Can you confirm that the Management Interface and the AP-Manager are both in the same vlan, same subnet, and are configured with the same Port Number?

All this business about 1 SFP and which port to plug in has me concerned you split the ports or something.....

The first logs provided imply the AP couldn't attach to the AP-Manager address (but that the Management Interface discovery was fine)

The second logs provided imply the AP never discovered a WLC at all (no attempt to join)...

But then again, as Leo referenced, the Canada domain I guess is a -A not -N.....  so perhaps that was your original problem all along, and the 3600 won't join just because it isn't compatible.

this is a real breakthrough

Thanks to you all!

For now, let me get the right AP that will work with 4402 in terms of compatibility and regulatory domain and then I'll try it again.

As for AP-Manager interface everything is the way you mentioned, Wes, except for the same port. This is my first experience with 4400 series and I thought that two different ports should allocated for two different interfaces. Hence, the management interface is on port 0 and AP Manager interface is on port 1. I'll reconfigure them as well once there's a compatible AP.

Good weekend to everyone and thanks again.

just think of the 4402 similar to the 5508. The only difference is that on the 4402 you need to use 2 IP addresses in the management vlan on the same port (1 for Management, 1 for AP-Manager).

You can do as many dynamic interfaces you want on port 1,  its just a trunk port.    But the Management+AP-Manager are the only two that can share a vlan ID.

Ok, I'm back with the new AP - AIR-LAP1231G-A-K9 which is of course of the right regulatory domain.

I will describe my challenges specific to this controller (4402) and how I resolved them. I hope someone will find it helpful.

1. Regulatory domain mismatch. Unfortunately there has been nothing seen on the debugs on the controller to give me a clue that I face the regulatory issues. I expected to find something similar to:

Wed Oct 24 17:13:47 2007: 00:0b:85:91:c3:c0 AP 00:0b:85:91:c3:c0: 80211bg Regulatory

Domain (-N) does not match with country (US )  reg. domain -AB for the slot 1

Wed Oct 24 17:13:47 2007: spamVerifyRegDomain AP RegDomain check for the country US failed

Wed Oct 24 17:13:47 2007: 00:0b:85:91:c3:c0 AP 00:0b:85:91:c3:c0: Regulatory Domain

check Completely FAILED The AP will not be allowed to join

My lame undestanding was that if I change the country on the controller I can change the regulatory domain. No way. The regulatory domain for this controller always stays the same:

802.11a: -A

802.11bg: -A

2. Since 4402 controller has an AP-management port I had to make sure that both management and AP-management interfaces are on the same physical port (1), on the same L2 vlan (untagged in my case) and in the same L3 subnet.

Again, my lame understanding was limited to the fact that AP-management interface should be on the different controller port and I kept moving the only available SFP from one port (1) to the other one (2) without any success.

3. I had to use "Autonomous to lightweight mode upgrade tool" together with the "Wireless LAN LWAPP Upgrade and Recovery Image for 1200 Series Access Points". The procedure went smoothly even though it looked complicated from the description.

4. Once I connected the AP to the same VLAN where AP-Management and Management intertfaces are I got it joined the controller. The following is the snippet from the AP console output (192.168.1.141 is the IP address of the AP-Management interface):

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Mar  1 00:00:05.286: soap_prepare_new_image_crash: mini ios flash:/c1200-rcvk9w8-mx/c1200-rcvk9w8-mx

*Mar  1 00:00:05.764: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar  1 00:00:06.973: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0

*Mar  1 00:00:07.046: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 47 messages)

*Mar  1 00:00:07.075:  status of voice_diag_test from WLC is false

*Mar  1 00:00:08.099:  STUB Called : crypto_ssl_init

*Mar  1 00:00:09.234: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar  1 00:00:09.282: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Fri 27-Jan-12 19:24 by prod_rel_team

*Apr 22 14:04:09.139: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:09.159: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 8 seconds

*Apr 22 14:04:09.950: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Apr 22 14:04:10.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Apr 22 14:04:10.145: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 22 14:04:10.145: bsnInitRcbSlot: slot 1 has NO radio

*Apr 22 14:04:10.368: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Apr 22 14:04:10.368: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:10.619: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:11.392: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:11.442: %LINK-3-UPDOWN: Interface Dot11Radio0, changed sta