10-23-2019 06:08 AM - edited 07-05-2021 11:11 AM
Hi All,
I thought I was getting to grips with the wireless world but I am finding that I am a little out of my depth setting up a test Cisco Catalyst 9800-CL Wireless Controller.
This will be my third controller, this one I am testing in a VMWare ESXi environment which sits on my live network.
So I have controller one at our HQ "CISCO-CAPWAP-CONTROLLER" is on 10.11.0.230, controller two is in a datacentre "CISCO-CAPWAP-CONTROLLER" and is on 10.11.202.230. I have introduced controller three which is the test 9800-CL Wireless Controller at our HQ also "CISCO-CAPWAP-CONTROLLER" and is on IP 10.11.0.199.
I have a test C9120AXI-E which is plugged into a trunked port. Quite rightly so, the older controllers are rejecting it, but it never seems to attempt to connect to the 9800-CL. It seems to just repeat the following process:
CAPWAP State: Discovery [*10/23/2019 14:04:17.6470] IP DNS query for CISCO-CAPWAP-CONTROLLER.mydomain.local [*10/23/2019 14:04:17.6500] DNS resolved CISCO-CAPWAP-CONTROLLER.mydomain.local [*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.0.199 [*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.0.230 [*10/23/2019 14:04:17.6500] DNS discover IP addr: 10.11.202.230 [*10/23/2019 14:04:17.6510] Discovery Request sent to 10.11.0.199, discovery type DNS(3) [*10/23/2019 14:04:17.6520] Discovery Request sent to 10.11.202.230, discovery type DNS(3) [*10/23/2019 14:04:17.6530] Discovery Request sent to 10.11.0.230, discovery type DNS(3) [*10/23/2019 14:04:17.6540] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0) [*10/23/2019 14:04:17.6560] Discovery Response from 10.11.0.230 [*10/23/2019 14:04:17.6610] Discovery response from MWAR 'wlc-h003214' running version 8.5.151.0 is rejected. [*10/23/2019 14:04:17.6610] Failed to decode discovery response(status = 4). [*10/23/2019 14:04:17.6610] CAPWAP SM handler: Failed to process message type 2 state 2. [*10/23/2019 14:04:17.6610] Failed to handle capwap control message from controller - status 4 [*10/23/2019 14:04:17.6610] Failed to process unencrypted capwap packet 0x55a0066000 from 10.11.0.230 [*10/23/2019 14:04:17.6610] Failed to send message to CAPWAP state machine, msgId 0 [*10/23/2019 14:04:17.6610] Failed to send capwap message 0 to the state machine. Packet already freed. [*10/23/2019 14:04:17.6610] IPv4 wtpProcessPacketFromSocket returned 4 [*10/23/2019 14:04:17.6620] Discovery Response from 10.11.202.230 [*10/23/2019 14:04:17.6650] Discovery response from MWAR 'wlc-h000453' running version 8.5.151.0 is rejected. [*10/23/2019 14:04:17.6650] Failed to decode discovery response(status = 4). [*10/23/2019 14:04:17.6650] CAPWAP SM handler: Failed to process message type 2 state 2. [*10/23/2019 14:04:17.6650] Failed to handle capwap control message from controller - status 4 [*10/23/2019 14:04:17.6650] Failed to process unencrypted capwap packet 0x55a0064000 from 10.11.202.230 [*10/23/2019 14:04:17.6650] Failed to send message to CAPWAP state machine, msgId 0 [*10/23/2019 14:04:17.6650] Failed to send capwap message 0 to the state machine. Packet already freed. [*10/23/2019 14:04:17.6650] IPv4 wtpProcessPacketFromSocket returned 4
So from what I can see, DNS is configured correctly so that the AP can see all of the available controllers but I doesn't seem to be requesting to join the 9800-CL.
Can anyone advise what step I have missed or where I can check whats going wrong?
Thanks in advance.
10-24-2019 01:17 AM
10-24-2019 03:41 AM
10-25-2019 05:00 AM - edited 10-25-2019 05:01 AM
Hi, it looks like you need to go in to enable mode first. You shouldn't have to go in to configuration terminal to run the command.
12-03-2019 02:15 AM
Hey sorry! I have only just got back round to taking a look at this.
I think the problem was the the command to generate certificate had not specified an encryption level but still after it does not report any trustpoint.
wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 7 ThisisaPassword0
wlc>show wireless management trustpoint
Trustpoint Name :
Certificate Info : Not Available
Private key Info : Not Available
FIPS suitability : Not Applicable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide