Solved: Old famous problem - AP LAP1142N can't join the controller - 440 - Page 2

zheka_pefti · ‎04-12-2012

Hello folks,

I really feel sorry for bringing up this discussion again. I wouldn't dare to ask this question if I find someone's clear cut suggestion/solution or an overview giving a detailed step-by-step procedure. People just suggest jumping through so many hoops like resetting the AP or converting it back to standalone mode and then back to LWAPP.

Hence I have so many questions and hope that we can make a good guide covering all possible problems.

1) AP was originally running a standalone image. I booted it into a so-called ROMMON or AP mode (ESC is the right key to make it boot into this mode)

I found a recovery image in its flash - c1140-rcvk9w8-mx. I made the AP boot from it by using "set" command and I see that it start booting using this recovery image. Here goes the question. Do all AP settings matter ? E.g. when I run "set" command from AP I see the following:

ap: set

?=

DEFAULT_ROUTER=10.0.0.1

Default_router=10.9.99.1

ENABLE_BREAK=yes

IP_ADDR=10.0.0.1

IP_AddR=10.9.99.9

MANUAL_BOOT=no

NETMASK=255.255.255.224

NEW_IMAGE=yes

PWR_INJECTOR_DETECT=0016.c7fa.b394

RELOAD_REASON=9

ROM_PERSISTENT_UTC=1014941470

TERMLINES=0

netmask=255.255.255.0

2) How would do something like "write erase" or even recover the enable password while being in AP mode? Do I really need to do it ? What I see next makes me believe there's something with the AP configuration (particularly SSH) that prevents an AP join WLC.

3) The AP is powered on, connected to the switchport on the same L2 VLAN where WLC management interface. Then it boots and gets an IP address from the DHCP server located on the other switch.

*Mar 1 00:00:08.695: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Mar 1 00:00:08.705: %CDP_PD-2-POWER_LOW: All radios disabled - AC_ADAPTOR (0000.0000.0000)

*Mar 1 00:00:09.629: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up

*Mar 1 00:00:17.534: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigned DHCP address 192.168.1.122, mask 255.255.255.0, hostname AP2

Here comes the question, why do I see this on the console (pay attention at "transport input ssh" line)? Does it have anything to do with an error for DTLS ?

*Apr 12 12:44:21.034: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 12 12:44:31.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246

*Apr 12 12:44:55.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:1924 Max retransmission count reached!

*Apr 12 12:44:55.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.1.141 is reached.

transport input ssh

^

% Invalid input detected at '^' marker.

4) Do I have to connect the controller ap-manager interface to the network or I can rely on the AP find the WLC via its management interface. I have never worked with 4400 series controllers. Just started with 5500 and they don't have the ap-manager interface.

Cisco guide says: "The management interface is also used for layer two communications between the WLC and access points", so I can safely assume that it is enough. Moreover I can ping the AP from the WLC while connected to WLC via SSH and its management interface.

5) And finally, what's wrong with the discovery? This is what I see on the controller while debugging capwap packets:

(Cisco Controller) debug>*spamReceiveTask: Apr 12 12:53:52.253: <<<< Start of CAPWAP Packet >>>>

*spamReceiveTask: Apr 12 12:53:52.253: CAPWAP Control mesg Recd from 192.168.1.122, Port 57046

*spamReceiveTask: Apr 12 12:53:52.253: HLEN 4, Radio ID 0, WBID 1

*spamReceiveTask: Apr 12 12:53:52.253: Msg Type : CAPWAP_DISCOVERY_REQUEST

*spamReceiveTask: Apr 12 12:53:52.253: Msg Length : 29

*spamReceiveTask: Apr 12 12:53:52.253: Msg SeqNum : 0

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_DISCOVERY_TYPE, Length 1

*spamReceiveTask: Apr 12 12:53:52.253: Discovery Type : CAPWAP_DISCOVERY_TYPE_UNKNOWN

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_WTP_FRAME_TUNNEL, Length 1

*spamReceiveTask: Apr 12 12:53:52.253: WTP Frame Tunnel Mode : NATIVE_FRAME_TUNNEL_MODE

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_WTP_MAC_TYPE, Length 1

*spamReceiveTask: Apr 12 12:53:52.253: WTP Mac Type : SPLIT_MAC

*spamReceiveTask: Apr 12 12:53:52.253:

*spamReceiveTask: Apr 12 12:53:52.253: Type : CAPWAP_MSGELE_VENDOR_SPECIFIC_PAYLOAD, Length 10

*spamReceiveTask: Apr 12 12:53:52.253: Vendor Identifier : 0x00409600

*spamReceiveTask: Apr 12 12:53:52.254:

What discovery mode are we in? L2 or L3 ?

Leo Laohoo · ‎04-12-2012

Good catch Wes. Miss that!

weterry · ‎04-12-2012

As far as the rest of this thread going all over the place....:

Can you confirm that the Management Interface and the AP-Manager are both in the same vlan, same subnet, and are configured with the same Port Number?

All this business about 1 SFP and which port to plug in has me concerned you split the ports or something.....

The first logs provided imply the AP couldn't attach to the AP-Manager address (but that the Management Interface discovery was fine)

The second logs provided imply the AP never discovered a WLC at all (no attempt to join)...

But then again, as Leo referenced, the Canada domain I guess is a -A not -N..... so perhaps that was your original problem all along, and the 3600 won't join just because it isn't compatible.

zheka_pefti · ‎04-12-2012

this is a real breakthrough

Thanks to you all!

For now, let me get the right AP that will work with 4402 in terms of compatibility and regulatory domain and then I'll try it again.

As for AP-Manager interface everything is the way you mentioned, Wes, except for the same port. This is my first experience with 4400 series and I thought that two different ports should allocated for two different interfaces. Hence, the management interface is on port 0 and AP Manager interface is on port 1. I'll reconfigure them as well once there's a compatible AP.

Good weekend to everyone and thanks again.

weterry · ‎04-12-2012

just think of the 4402 similar to the 5508. The only difference is that on the 4402 you need to use 2 IP addresses in the management vlan on the same port (1 for Management, 1 for AP-Manager).

You can do as many dynamic interfaces you want on port 1, its just a trunk port. But the Management+AP-Manager are the only two that can share a vlan ID.

zheka_pefti · ‎04-23-2012

Ok, I'm back with the new AP - AIR-LAP1231G-A-K9 which is of course of the right regulatory domain.

I will describe my challenges specific to this controller (4402) and how I resolved them. I hope someone will find it helpful.

1. Regulatory domain mismatch. Unfortunately there has been nothing seen on the debugs on the controller to give me a clue that I face the regulatory issues. I expected to find something similar to:

Wed Oct 24 17:13:47 2007: 00:0b:85:91:c3:c0 AP 00:0b:85:91:c3:c0: 80211bg Regulatory

Domain (-N) does not match with country (US ) reg. domain -AB for the slot 1

Wed Oct 24 17:13:47 2007: spamVerifyRegDomain AP RegDomain check for the country US failed

Wed Oct 24 17:13:47 2007: 00:0b:85:91:c3:c0 AP 00:0b:85:91:c3:c0: Regulatory Domain

check Completely FAILED The AP will not be allowed to join

My lame undestanding was that if I change the country on the controller I can change the regulatory domain. No way. The regulatory domain for this controller always stays the same:

802.11a: -A

802.11bg: -A

2. Since 4402 controller has an AP-management port I had to make sure that both management and AP-management interfaces are on the same physical port (1), on the same L2 vlan (untagged in my case) and in the same L3 subnet.

Again, my lame understanding was limited to the fact that AP-management interface should be on the different controller port and I kept moving the only available SFP from one port (1) to the other one (2) without any success.

3. I had to use "Autonomous to lightweight mode upgrade tool" together with the "Wireless LAN LWAPP Upgrade and Recovery Image for 1200 Series Access Points". The procedure went smoothly even though it looked complicated from the description.

4. Once I connected the AP to the same VLAN where AP-Management and Management intertfaces are I got it joined the controller. The following is the snippet from the AP console output (192.168.1.141 is the IP address of the AP-Management interface):

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Mar 1 00:00:05.286: soap_prepare_new_image_crash: mini ios flash:/c1200-rcvk9w8-mx/c1200-rcvk9w8-mx

*Mar 1 00:00:05.764: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar 1 00:00:06.973: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0

*Mar 1 00:00:07.046: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 47 messages)

*Mar 1 00:00:07.075: status of voice_diag_test from WLC is false

*Mar 1 00:00:08.099: STUB Called : crypto_ssl_init

*Mar 1 00:00:09.234: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:09.282: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Fri 27-Jan-12 19:24 by prod_rel_team

*Apr 22 14:04:09.139: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:09.159: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 8 seconds

*Apr 22 14:04:09.950: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Apr 22 14:04:10.139: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Apr 22 14:04:10.145: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 22 14:04:10.145: bsnInitRcbSlot: slot 1 has NO radio

*Apr 22 14:04:10.368: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Apr 22 14:04:10.368: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:10.619: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:11.392: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:11.442: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down

*Apr 22 14:04:11.466: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:11.865: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:12.400: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Apr 22 14:04:27.913: %PARSER-4-BADCFG: Unexpected end of configuration file.

*Apr 22 14:04:27.913: status of voice_diag_test from WLC is false

*Apr 22 14:04:27.973: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Apr 23 22:13:14.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246

*Apr 23 22:13:15.002: %CAPWAP-5-CHANGED: CAPWAP changed state to

wmmAC status is FALSE

*Apr 23 22:13:16.861: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.141 peer_port: 5246

*Apr 23 22:13:16.863: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.141

*Apr 23 22:13:16.863: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Apr 23 22:13:17.076: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG

*Apr 23 22:13:17.194: %CAPWAP-5-CHANGED: CAPWAP changed state to UP

*Apr 23 22:13:17.263: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller Cisco_8b:83:03

*Apr 23 22:13:17.339: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down

*Apr 23 22:13:17.345: %WIDS-5-ENABLED: IDS Signature is loaded and enabled

*Apr 23 22:13:17.349: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 23 22:13:17.353: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated

Leo Laohoo · ‎04-23-2012

And your controller is still running 7.0.X firmware? If no, then can you post the output to the command "sh sysinfo" from the WLC?

The 1230 is supported only up to the 7.0.230.0 and this model is no longer supported with the 7.1.X and 7.2.X firmware.

zheka_pefti · ‎04-23-2012

OMG!

Why are there so limitations and restrictions ?

Fortunately the controller software is exactly 7.0.230.0 and now I'm scared of running into another compatibility issue. The whole idea about this exercise was to get WLC and ISE work together and run a pilot project for the customer. Tell me I won't face any other compatibility issues

Thanks to you all, guys! Nice support!

Leo Laohoo · ‎04-23-2012

Ok, that rules out firmware imcompatibility issue.

How did you convert the 1230 to the controller? The 1230 is a pain-in-the-proverbial-behind to convert because you need the Cisco Conversion Tool PLUS you need the WLC and the WAP to be in the same subnet.

zheka_pefti · ‎04-23-2012

This is how I connected everything. Didn't even know that such an eloquent description is applicable to 1230 AP
I booted the AP to factory default, assinged its BVI an IP from the WLC management subnet, placed it to the same VLAN, connected the laptop with the conversion tool and recovery image and it seemed to do the trick.

Leo Laohoo · ‎04-23-2012

Can you please console to the WAP and reboot it? I would like to see the entire bootup and WLC discovery sequence.

zheka_pefti · ‎04-23-2012

Here it is:

flashfs[0]: 12 files, 2 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 7741440

flashfs[0]: Bytes used: 3451904

flashfs[0]: Bytes available: 4289536

flashfs[0]: flashfs fsck took 12 seconds.

Reading cookie from flash parameter block...done.

Base ethernet MAC Address: 00:23:04:1a:45:bc

Initializing ethernet port 0...

Reset ethernet port 0...

Reset done!

ethernet link up, 100 mbps, full-duplex

Ethernet port 0 initialized: link is up

Loading "flash:/c1200-k9w8-mx.124-23c.JA4/c1200-k9w8-mx.124-23c.JA4"...##################################################################################################################################################################################################################################################################################

File "flash:/c1200-k9w8-mx.124-23c.JA4/c1200-k9w8-mx.124-23c.JA4" uncompressed and installed, entry point: 0x3000

executing...

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Fri 27-Jan-12 19:24 by prod_rel_team

Proceeding with system init

Proceeding to unmask interrupts

Initializing flashfs...

flashfs[1]: 12 files, 2 directories

flashfs[1]: 0 orphaned files, 0 orphaned directories

flashfs[1]: Total bytes: 7483392

flashfs[1]: Bytes used: 3451904

flashfs[1]: Bytes available: 4031488

flashfs[1]: flashfs fsck took 2 seconds.

flashfs[1]: Initialization complete....done Initializing flashfs.

Radio0 present A506 5100 E8000000 A0000000 80000000 3

Radio1 not present 0 0 0 0 0 2

%Error opening flash:/c1200-rcvk9w8-mx/info (No such file or directory)cisco AIR-LAP1231G-A-K9 (PowerPC405GP) processor (revision A0) with 15038K/1336K bytes of memory.

Processor board ID FCW1244Y04P

PowerPC405GP CPU at 196Mhz, revision number 0x0145

Last reset from power-on

LWAPP image version 7.0.230.0

1 FastEthernet interface

1 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 00:23:04:1A:45:BC

Part Number : 73-8704-14

PCA Assembly Number : 800-23211-14

PCA Revision Number : A0

PCB Serial Number : FOC12422PVB

Top Assembly Part Number : 800-29026-02

Top Assembly Serial Number : FCW1244Y04P

Top Revision Number : A0

Product/Model Number : AIR-AP1231G-A-K9

% Please define a domain-name first.

no ip http server

^

% Invalid input detected at '^' marker.

Press RETURN to get started!

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Mar 1 00:00:04.385: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed

*Mar 1 00:00:05.662: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0

*Mar 1 00:00:05.735: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 47 messages)

*Mar 1 00:00:05.765: status of voice_diag_test from WLC is false

*Mar 1 00:00:06.790: STUB Called : crypto_ssl_init

*Mar 1 00:00:07.924: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up

*Mar 1 00:00:07.984: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Fri 27-Jan-12 19:24 by prod_rel_team

*Apr 22 14:04:09.141: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:09.159: %DOT11-6-FREQ_SCAN: Interface Dot11Radio0, Scanning frequencies for 33 seconds

*Apr 22 14:04:09.938: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up

*Apr 22 14:04:10.144: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Apr 22 14:04:10.145: bsnInitRcbSlot: slot 1 has NO radio

*Apr 22 14:04:10.230: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

*Apr 22 14:04:10.430: %SSH-5-ENABLED: SSH 2.0 has been enabled

*Apr 22 14:04:10.430: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:10.733: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 22 14:04:11.478: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Apr 22 14:04:12.481: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Apr 22 14:04:27.902: %PARSER-4-BADCFG: Unexpected end of configuration file.

*Apr 22 14:04:27.902: status of voice_diag_test from WLC is false

*Apr 22 14:04:27.964: Logging LWAPP message to 255.255.255.255.

Translating "CISCO-LWAPP-CONTROLLER"...domain server (255.255.255.255)

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Apr 23 23:28:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.141 peer_port: 5246

*Apr 23 23:28:52.002: %CAPWAP-5-CHANGED: CAPWAP changed state to

wmmAC status is FALSE

*Apr 23 23:28:53.849: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.1.141 peer_port: 5246

*Apr 23 23:28:53.850: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.1.141

*Apr 23 23:28:53.851: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Apr 23 23:28:54.689: %CAPWAP-5-CHANGED: CAPWAP changed state to CFG

*Apr 23 23:28:54.805: %CAPWAP-5-CHANGED: CAPWAP changed state to UP

*Apr 23 23:28:54.876: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC4402

*Apr 23 23:28:54.950: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to down

*Apr 23 23:28:54.957: %WIDS-5-ENABLED: IDS Signature is loaded and enabled

*Apr 23 23:28:54.962: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Apr 23 23:28:55.031: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 started - CLI initiated

*Apr 23 23:28:55.045: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

User Access Verification

Username:

Leo Laohoo · ‎04-23-2012

*Apr 23 23:28:54.876: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC4402

The 1230 seems to have joined.

craig.eyre · ‎05-18-2012

Hey All,

I'm seeing the same type of issue but was wondering if the AP3G2-RCVK9W8-M image is a mesh image? I read somewhere that some of the 3602 ap's got shipped with a mesh image on them. I just consoled into one of the ap's and entered the wlc ip address and it worked fine but isn't a viable option moving forward.

Can anyone confirm if this is a mesh image?

Thanks

Craig

Leo Laohoo · ‎05-18-2012

Can you kindly post the output to the following commands:

1. WLC: sh sysinfo;

2. WAP: sh version;

3. WAP: sh inventory

Old famous problem - AP LAP1142N can't join the controller - 4402, please participate, let's make a good guide!