Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1204
Views
3
Helpful
9
Replies

Troubleshooting CAPWAP and DHCP Issues in Cisco 9800-CL Wireless Lab

phuocntlk135
Level 1
Level 1

‎05-16-2025 05:28 AM

Hi everyone,

I'm currently working on a practical WiFi lab. The goal is to broadcast SSIDs mapped to two different VLANs: VLAN 20 and VLAN 30. I'm using the Cisco 9800-CL Wireless LAN Controller (WLC) deployed as a VM on VMware Workstation running on a laptop. VLAN 10 is used for CAPWAP communication between the AP and WLC. I have two scenarios:

Case 1: Using a Layer 3 Switch for DHCP

  • The Layer 3 switch is configured to provide DHCP for both wired and wireless clients.

  • I configured the DHCP pool for VLAN 10 with Option 43: hex f104c0a80164 (this points to the WLC IP at 192.168.1.100).

  • The AP port is configured as access VLAN 10.

  • The AP is in lightweight mode.

Problems encountered:

  • The AP cannot join the WLC.
    → Note: If I configure the AP port as access VLAN 1 (default), the AP is able to join the WLC successfully.

  • Wireless clients do not receive DHCP IP addresses from the Layer 3 switch.

Case 2: Using the WLC as the DHCP Server

  • Wireless clients are able to successfully receive IP addresses from the WLC's internal DHCP server.

Problems encountered:

  • Wired clients do not receive DHCP IP addresses.

  • When the Layer 3 switch is set up to route to the internet, wireless clients get IPs but cannot access the internet.

Common Issue Across Both Cases:

  • Even though ip routing is enabled on the Layer 3 switch:

    • My laptop (used for managing the lab) gets a DHCP IP but cannot ping any gateway addresses.

    • Firewall is disabled on the laptop.

    • Interfaces and VLANs are all in "up" status (show interfaces, show ip int br, show vlan outputs look normal).

2426.png

 

I’d appreciate any insights or suggestions from the community.
Thanks in advance!

 
0 Helpful
9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

‎05-16-2025 07:40 AM

The main issue is that you are using an unsupported Hypervisor.  What you need to do since you most likely can't trunk to your laptop is to setup an access port on a specific vlan.  Then you would need to look at configuring FlexConnect local switching so that your AP's would be connected to a trunk port and all traffic except for management would egress out the ap to the switch and not to the controller.

You should also connect a wired laptop to each vlan first to make sure a wired device is getting dhcp, or else you know you have to figure that out first.

-Scott
*** Please rate helpful posts ***

phuocntlk135
Level 1
Level 1
In response to Scott Fella

‎05-16-2025 09:27 AM

I use my latop with lan ethernet connect to port f1/0/2 of switch layer 3. And my laptop can obtain DHCP from switch layer 3

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to phuocntlk135

‎05-16-2025 10:56 AM

So you verified dhcp is working on all the vlans?  Have you configured FlexConnect local switching?

-Scott
*** Please rate helpful posts ***

phuocntlk135
Level 1
Level 1
In response to Scott Fella

‎05-16-2025 12:17 PM

No because i'm a newbie do not have enough exp to knew that. Can y show me how to do that? And what the problem of ap when it coulnd't join to WLC. When i plush console cable in AP it showed that:

Booting from part2

Read 1024 bytes from volume part2 to 45000000
Read 41743224 bytes from volume part2 to 45000000
Signature returns 0
Image signing verification success, continue to run...
Using machid 0x1260 from environment

Starting image ...

[01/01/1970 00:00:00.0000] CPU: ARMv7 Processor [512f04d0] revision 0 (ARMv7), cr=10c5387d
[01/01/1970 00:00:00.0000] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction cache
[01/01/1970 00:00:00.0000] Machine: Cisco Systems 11ac Wave2 Wifi Access Point
[01/01/1970 00:00:00.0000] Memory policy: ECC disabled, Data cache writealloc
[01/01/1970 00:00:00.0000] Kernel command line: ubi.mtd=0 crashkernel=500M-:64M@1280M usbcore.authorized_default=0 console=ttyHSL1,9600n8 activepart=part2 activeboot=0 wdgtriggered=0
[01/01/1970 00:00:00.1500] CPU1: Booted secondary processor
[01/01/1970 00:00:00.2200]
[01/01/1970 00:00:00.2200] +++ hydra_ap_gpio_value =3
[01/01/1970 00:00:25.5422] ACPU PVS: 1
[01/01/1970 00:00:27.4816] buginf tty flushing thread started, ttyport=ef6e9a90
[*01/01/1970 00:00:33.7696] buginf() enabled.
[*01/01/1970 00:00:33.7796] Made it into bootsh: Sep 10 2024 20:25:53 T-c2bfebf322faec5dec64ced1820f8c4be4b1b523-gc2bfebf3-aut
[*01/01/1970 00:00:35.1292] /bin/sh: /usr/bin/led_init.sh: Permission denied
[*01/01/1970 00:00:35.1292] init_led: led init failed

Welcome to Cisco.

Usage of this device is governed by Cisco's End User License Agreement,
available at:
http://www.cisco.com/c/en/us/td/docs/general/warranty/English/EU1KEN_.html.


Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to
restrictions as set forth in subparagraph (c) of the Commercial
Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and
subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.


This product contains some software licensed under the
"GNU General Public License, version 2" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html


This product contains some software licensed under the
"GNU Library General Public License, version 2" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Library
General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html


This product contains some software licensed under the
"GNU Lesser General Public License, version 2.1" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Lesser
General Public License, version 2.1", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html


This product contains some software licensed under the
"GNU General Public License, version 3" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html.


This product contains some software licensed under the
"GNU Affero General Public License, version 3" provided
with ABSOLUTELY NO WARRANTY under the terms of
"GNU Affero General Public License, version 3", available here:
http://www.gnu.org/licenses/agpl-3.0.html.

[ OK ] Reached target Timers.
[ OK ] Reached target Cisco File Systems (Pre).
[ OK ] Created slice -.slice.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Reached target Sockets.
[ OK ] Created slice system.slice.
[ OK ] Reached target Slices.
[ OK ] Created slice system-sshd\x2dkeygen.slice.
[ OK ] Created slice system-serial\x2dgetty.slice.
Starting Cisco UBIFS reformat/mount...
[ OK ] Started Cisco UBIFS reformat/mount.
Starting Cisco early mount...
[ OK ] Started Cisco early mount.
[ OK ] Reached target Local File Systems (Pre).
Starting Cisco system time setup...
[*01/01/1970 00:00:39.9577] Last reload time: May 12 13:30:26 2025
[*05/12/2025 13:30:26.0000] Setting system time Mon May 12 13:30:26 UTC 2025
Starting Cisco fips check...
Starting Cisco seed generation...
Starting Cisco platform file generation...
[*05/12/2025 13:30:26.3399] GCM-128 POST passed
[*05/12/2025 13:30:26.3399] GCM-256 POST passed
[ OK ] Started Cisco system time setup.
[ OK ] Started Cisco fips check.
[ OK ] Started Cisco seed generation.
[ OK ] Started Cisco platform file generation.
[ OK ] Reached target Local File Systems.
[ OK ] Started Cisco system time saving.
Starting Cisco system time saving...
Starting Cisco S10 boot service...
Starting Cisco pkg install service...
[ OK ] Started Cisco S10 boot service.
Starting Cisco nss service...
Starting Cisco watchdog...
[*05/12/2025 13:30:27.7994] === 5G radio domain is 14, COPY 5G BDF files from non_ETSI_BDF folder ===
[*05/12/2025 13:30:27.8394] 1
[*05/12/2025 13:30:28.0694] Active version: 17.9.6.40
[*05/12/2025 13:30:28.0694] Backup version: 8.5.140.0
[*05/12/2025 13:30:28.2693]
[*05/12/2025 13:30:28.2693] led pattern module start
[*05/12/2025 13:30:28.3193] AP1852I
[*05/12/2025 13:30:28.4492] nss_driver - Turbo Support 1
[*05/12/2025 13:30:28.4492] Supported Frequencies - 110Mhz 550Mhz 733Mhz
[*05/12/2025 13:30:28.4992] NSS firmware booted
[*05/12/2025 13:30:28.5192] NSS firmware booted
[*05/12/2025 13:30:28.6292]
[*05/12/2025 13:30:28.6292] phy_value=0: org="0x1000" phy_reg="0x1800"
[*05/12/2025 13:30:29.0091] Current value of FACTORY_RESET=0
[*05/12/2025 13:30:29.0291] Last reload time: May 12 13:30:26 2025
[*05/12/2025 13:30:26.0000] Setting system time Mon May 12 13:30:26 UTC 2025
[*05/12/2025 13:30:26.0999] device wired0 entered promiscuous mode
[*05/12/2025 13:30:26.1999] device wired1 entered promiscuous mode
[*05/12/2025 13:30:26.1999] cat: can't open '/var/platform/board_name': No such file or directory
[*05/12/2025 13:30:26.8997] Last reload reason : 0: unknown
Starting Cisco nolan service...
[ OK ] Started Cisco nss service.
[ OK ] Started Cisco watchdog.
[ OK ] Started Cisco nolan service.
[ OK ] Started Cisco pkg install service.
Starting Cisco nolan USB service...
Starting Cisco S15platform...
Starting Cisco Kclick...
[ OK ] Started Cisco nolan USB service.
[ OK ] Started Cisco S15platform.
[ OK ] Started Cisco Kclick.
Starting Cisco Kclick...
Starting Cisco certificate create service...
[*05/12/2025 13:30:44.8841] NTKM - ntkm_init - Nitro KM loaded
Starting Cisco sysctl service...
Starting Cisco ME service...
[ OK ] Started Cisco sysctl service.
[*05/12/2025 13:30:45.6738] Loading sha2...
[*05/12/2025 13:30:45.6738] Dumpping sha1...
[*05/12/2025 13:30:45.7938] miibus get eee38800!
[*05/12/2025 13:30:45.8238] cat: can't open '/var/platform/board_name': No such file or directory
[*05/12/2025 13:30▒ OK ] Started Cisco Kclick.
[ OK ] Started Cisco ME service.
Starting Cisco synclogd...
Starting rsyslog client...
Starting Cisco S16platfomm...
[*05/12/2025 13:30:46.3736] rsyslogd: [ OK ] Started rsyslog client.
[ OK ] Started Cisco S16platfomm.
[ OK ] Started Cisco synclogd.
[ OK ] Started Cisco certificate create service.
[ OK ] Started Tam server.
Starting Tam server...
Starting Cisco certtime service...
[ OK ] Started Cisco certtime service.
[ OK ] Reached target System Initialization.
[ OK ] Reached target Paths.

[*05/12/2025 13:30:46.7035] Loading MIC cert and key
[*05/12/2025 13:30:46.7135] Dumpping sha2...
[*05/12/2025 13:30:46.7735] pid 3035's current affinity mask: 3
[*05/12/2025 13:30:46.7735] pid 3035's new affinity mask: 1
[*05/12/2025 13:30:47.7832] Loading MIC cert and key
[ OK ] Reached target Basic System.
Starting Cisco klogd...
Starting RSYNC User Key Generation...
Starting Cisco brain service...
Starting Cisco led service...
Starting capwapd...
[ OK ] Started NSS Firmware Monitor daemon.
Starting NSS Firmware Monitor daemon...
Starting Cisco printkd...
Starting Fast CGI daemon...
[ OK ] Started NTP_PROC daemon.
Starting NTP_PROC daemon...
Starting AP Trace daemon...
Starting Cisco kexec...
[ OK ] Started Serial Getty on ttyS0.
Starting Serial Getty on ttyS0...
[ OK ] Reached target Login Prompts.
[ OK ] Started System Monitor service.
Starting System Monitor service...
Starting Cisco rtd service...
Starting WCPD process...
Starting Hostapd process...
Starting Clean Air daemon...
[ OK ] Started Cisco klogd.
[ OK ] Started Cisco led service.
[ OK ] Started Cisco printkd.
[ OK ] Started Cisco kexec.
[ OK ] Started AP Trace daemon.
[ OK ] Started Fast CGI daemon.
[ OK ] Started Cisco rtd service.
[ OK ] Started Hostapd process.
[ OK ] Started Cisco brain service.
[ OK ] Started RSYNC User Key Generation.
[ OK ] Reached target sshd-keygen.target.
Starting OpenSSH server daemon...
[*05/12/2025 13:30:52.0419] pid 3234's current affinity mask: 3
[*05/12/2025 13:30:52.0419] pid 3234's new affinity mask: 1
[*05/12/2025 13:30:52.1118] hostapd:Hostapd: DCDS not init cloud=0 webauth=255 255 init=0
[*05/12/2025 13:30:52.1118]
[*05/12/2025 13:30:52.3018] pid 3262's current affinity mask: 3
[*05/12/2025 13:30:52.3018] pid 3262's new affinity mask: 1
[*05/12/2025 13:30:52.5217] __mm_init_module
[*05/12/2025 13:30:52.6617]
[*05/12/2025 13:30:52.6617] __ol_ath_attach() Allocated scn ed980480
[*05/12/2025 13:30:52.6717] ol_ath_attach interface_id 0
[*05/12/2025 13:30:52.6717] Chip id: 0x9, chip version: 0x1000000
[*05/12/2025 13:30:52.6817]
[*05/12/2025 13:30:52.6817] Target Version is 1000000
[*05/12/2025 13:30:52.6817]
[*05/12/2025 13:30:52.6817] Flash Download Address c0000
[*05/12/2025 13:30:52.6817] ol_transfer_bin_file: flash data file defined
[*05/12/2025 13:30:52.6817] Cal location [0]: 00000000
[*05/12/2025 13:30:52.6817]
[*05/12/2025 13:30:52.6817] Wifi0 NAND FLASH Select OFFSET 0x1000
[*05/12/2025 13:30:52.6917] qc98xx_verify_checksum: flash checksum passed: 0x15cc
[*05/12/2025 13:30:52.7017] ol_transfer_bin_file 3861: Download Flash data len 12064
[*05/12/2025 13:30:52.7216]
[*05/12/2025 13:30:52.7216] Board data initialized
[*05/12/2025 13:30:52.7816] ol_ath_download_firmware :First OTP download and Execute is good address:0xa000 return param 4660
[*05/12/2025 13:30:52.7816] ol_ath_download_firmware:##Board Id 8 , CHIP Id 1
[*05/12/2025 13:30:52.7816] ol_transfer_bin_file: Board Data File download to address=0xc0000 file name=AR900B/hw.2/boardData_AR900B_CUS260_negative_pwr_offset_2G_v2_008.bin
[*05/12/2025 13:30:52.9216]
[*05/12/2025 13:30:52.9216] [Flash] : Ignore Module param
[*05/12/2025 13:30:52.9216] ol_ath_download_firmware : Second OTP download and Execute is good, param=0x0
[*05/12/2025 13:30:52.9516] ol_transfer_bin_file: Downloading firmware file: AR900B/hw.2/athwlan.bin
[*05/12/2025 13:30:53.6913] pid 3401's current affinity mask: 3
[*05/12/2025 13:30:53.6913] pid 3401's new affinity mask: 1
[*05/12/2025 13:30:54.0412]
[*05/12/2025 13:30:54.0412] ol_ath_copy_tgt_iram() iram read paddr: 0x980000 host paddr 0x44000000 Radio id 0
[*05/12/2025 13:30:54.2112] HTC Rx: insufficient length, got:4 expected =8
[*05/12/2025 13:30:54.2112] <---------Dumping 8 Bytes : BAD RX packet length ------>
[*05/12/2025 13:30:54.2112] [0]: 00 00 00 00 A0 BB 89 C1
[*05/12/2025 13:30:54.2112] <------------------------------------------------->
[*05/12/2025 13:30:54.2112] Startup Mode-0 set
[*05/12/2025 13:30:54.2112] HTC Service:0x0300 ep:1 TX flow control disabled
[*05/12/2025 13:30:54.2212] HTC Service:0x0100 ep:2 TX flow control disabled
[*05/12/2025 13:30:54.2212] Firmware_Build_Number:70
[*05/12/2025 13:30:54.2212] num_rf_chain:0x00000004 ht_cap_info:0x0000185b vht_cap_info:0x339a79b2 vht_supp_mcs:0x0000ffaa
[*05/12/2025 13:30:54.2212]
[*05/12/2025 13:30:54.2212] RES CFG Support wmi_service_bitmap 9778
[*05/12/2025 13:30:54.2212]
[*05/12/2025 13:30:54.2212] Sending Ext resource cfg: HOST PLATFORM as 0 and fw_feature_bitmap as 50 to TGT
[*05/12/2025 13:30:54.2212] ol_ath_service_ready_event: sw_cal_support_check_flag: 1
[*05/12/2025 13:30:54.2912] wmi_ready_event_rx: WMI UNIFIED READY event
[*05/12/2025 13:30:54.2912] htt_h2t_frag_desc_bank_cfg_msg - HTT_H2T_MSG_TYPE_FRAG_DESC_BANK_CFG sent to FW for radio ID = 0
[*05/12/2025 13:30:54.2912] spectral_init_netlink 81 NULL SKB
[*05/12/2025 13:30:54.2912] ACS not enabled
[*05/12/2025 13:30:54.3012] ol_ath_thermal_mitigation_attach: --
[*05/12/2025 13:30:54.3012]
[*05/12/2025 13:30:54.3012] __ol_ath_attach() Allocated scn ec900480
[*05/12/2025 13:30:54.3111] ol_ath_attach interface_id 1
[*05/12/2025 13:30:54.3111] Chip id: 0x9, chip version: 0x1000000
[*05/12/2025 13:30:54.3111]
[*05/12/2025 13:30:54.3111] Target Version is 1000000
[*05/12/2025 13:30:54.3111]
[*05/12/2025 13:30:54.3111] Flash Download Address c0000
[*05/12/2025 13:30:54.3111] ol_transfer_bin_file: flash data file defined
[*05/12/2025 13:30:54.3111] Cal location [1]: 00004000
[*05/12/2025 13:30:54.3111]
[*05/12/2025 13:30:54.3111] wifi1 NAND FLASH Select OFFSET 0x5000
[*05/12/2025 13:30:54.3311] qc98xx_verify_checksum: flash checksum passed: 0x218e
[*05/12/2025 13:30:54.3311] ol_transfer_bin_file 3861: Download Flash data len 12064
[*05/12/2025 13:30:54.3511]
[*05/12/2025 13:30:54.3511] Board data initialized
[*05/12/2025 13:30:54.4011] ol_ath_download_firmware :First OTP download and Execute is good address:0x9c00 return param 4660
[*05/12/2025 13:30:54.4011] ol_ath_download_firmware:##Board Id 7 , CHIP Id 1
[*05/12/2025 13:30:54.4011] ol_transfer_bin_file: Board Data File download to address=0xc0000 file name=AR900B/hw.2/boardData_AR900B_CUS239_negative_pwr_offset_5G_v2_007.bin
[*05/12/2025 13:30:54.4711]
[*05/12/2025 13:30:54.4711] [Flash] : Ignore Module param
[*05/12/2025 13:30:54.4711] ol_ath_download_firmware : Second OTP download and Execute is good, param=0x0
[*05/12/2025 13:30:54.4911] ol_transfer_bin_file: Downloading firmware file: AR900B/hw.2/athwlan.bin
[*05/12/2025 13:30:54.8510]
[*05/12/2025 13:30:54.8510] Click sched monitor: schedulers = 1
[*05/12/2025 13:30:55.2109] FWLOG: [72794] WAL_DBGID_TX_AC_BUFFER_SET ( 0x3, 0xdeb001, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:55.2109] FWLOG: [72794] WAL_DBGID_TX_AC_BUFFER_SET ( 0x12, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:55.2109] FWLOG: [72794] WAL_DBGID_TX_AC_BUFFER_SET ( 0x45, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:55.2109] FWLOG: [72794] WAL_DBGID_TX_AC_BUFFER_SET ( 0x67, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:55.5808]
[*05/12/2025 13:30:55.5808] ol_ath_copy_tgt_iram() iram read paddr: 0x980000 host paddr 0x44200000 Radio id 1
[*05/12/2025 13:30:55.7407] HTC Rx: insufficient length, got:4 expected =8
[*05/12/2025 13:30:55.7407] <---------Dumping 8 Bytes : BAD RX packet length ------>
[*05/12/2025 13:30:55.7407] [0]: 00 00 00 00 00 00 00 00
[*05/12/2025 13:30:55.7407] <------------------------------------------------->
[*05/12/2025 13:30:55.7507] Startup Mode-0 set
[*05/12/2025 13:30:55.7507] HTC Service:0x0300 ep:1 TX flow control disabled
[*05/12/2025 13:30:55.7507] HTC Service:0x0100 ep:2 TX flow control disabled
[*05/12/2025 13:30:55.7507] Firmware_Build_Number:70
[*05/12/2025 13:30:55.7507] num_rf_chain:0x00000004 ht_cap_info:0x0000185b vht_cap_info:0x339b79b2 vht_supp_mcs:0x0000ffaa
[*05/12/2025 13:30:55.7507]
[*05/12/2025 13:30:55.7507] RES CFG Support wmi_service_bitmap 9778
[*05/12/2025 13:30:55.7507]
[*05/12/2025 13:30:55.7507] Sending Ext resource cfg: HOST PLATFORM as 0 and fw_feature_bitmap as 50 to TGT
[*05/12/2025 13:30:55.7507] ol_ath_service_ready_event: sw_cal_support_check_flag: 1
[*05/12/2025 13:30:55.8207] wmi_ready_event_rx: WMI UNIFIED READY event
[*05/12/2025 13:30:55.8207] htt_h2t_frag_desc_bank_cfg_msg - HTT_H2T_MSG_TYPE_FRAG_DESC_BANK_CFG sent to FW for radio ID = 1
[*05/12/2025 13:30:55.8307] acfg_attach: Offload using existing sock ece45200
[*05/12/2025 13:30:55.8307] spectral_init_netlink 81 NULL SKB
[*05/12/2025 13:30:55.8307] ACS not enabled
[*05/12/2025 13:30:55.8307] ol_ath_thermal_mitigation_attach: --
[*05/12/2025 13:30:55.8807] pktlog_init: Initializing Pktlog for AR900B, pktlog_hdr_size = 16
[*05/12/2025 13:30:55.8807] pktlog_init: Initializing Pktlog for AR900B, pktlog_hdr_size = 16
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.0306] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file before update:
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.0306] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf new config:
[*05/12/2025 13:30:56.0306] no-resolv
[*05/12/2025 13:30:56.0306] pid-file=/var/run/dnsmasq.vaperr.pid
[*05/12/2025 13:30:56.0306] port=5316
[*05/12/2025 13:30:56.0306] min-port=61000
[*05/12/2025 13:30:56.0306] address=/#/6.0.0.7
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.0306] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file after update:
[*05/12/2025 13:30:56.0306] no-resolv
[*05/12/2025 13:30:56.0306] pid-file=/var/run/dnsmasq.vaperr.pid
[*05/12/2025 13:30:56.0306] port=5316
[*05/12/2025 13:30:56.0306] min-port=61000
[*05/12/2025 13:30:56.0306] address=/#/6.0.0.7
[*05/12/2025 13:30:56.0306]
[*05/12/2025 13:30:56.7504] FWLOG: [74322] WAL_DBGID_TX_AC_BUFFER_SET ( 0x3, 0xdeb001, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:56.7504] FWLOG: [74322] WAL_DBGID_TX_AC_BUFFER_SET ( 0x12, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:56.7504] FWLOG: [74322] WAL_DBGID_TX_AC_BUFFER_SET ( 0x45, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:56.7504] FWLOG: [74322] WAL_DBGID_TX_AC_BUFFER_SET ( 0x67, 0x1e, 0x94c, 0x94c, 0x0 )
[*05/12/2025 13:30:56.7504] FWLOG: [74330] WAL_DBGID_PDEV_INFO_PRINT ( 0x3a, 0x10, 0x0, 0x10, 0x0 )
[*05/12/2025 13:30:58.6698] chatter: Device wired0 notify up link DOWN
[*05/12/2025 13:30:58.6698] chatter: Device wired1 notify up link DOWN
[*05/12/2025 13:30:58.6698] chatter: Device wired1 notify state change link DOWN
[*05/12/2025 13:30:58.7997] chatter: Device wired0 notify state change link UP
[*05/12/2025 13:30:58.9197] wmi_dbg_cfg_send: mod[0]00000000 dbgcfg40000000 cfgvalid[0] 00000000 cfgvalid[1] 00000000
[*05/12/2025 13:30:58.9197] wmi_dbg_cfg_send: mod[0]00000000 dbgcfg40000000 cfgvalid[0] 00000000 cfgvalid[1] 00000000
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.2796] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file before update:
[*05/12/2025 13:30:59.2796] no-resolv
[*05/12/2025 13:30:59.2796] pid-file=/var/run/dnsmasq.vaperr.pid
[*05/12/2025 13:30:59.2796] port=5316
[*05/12/2025 13:30:59.2796] min-port=61000
[*05/12/2025 13:30:59.2796] address=/#/6.0.0.7
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.2796] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf new config:
[*05/12/2025 13:30:59.2796] no-resolv
[*05/12/2025 13:30:59.2796] pid-file=/var/run/dnsmasq.vaperr.pid
[*05/12/2025 13:30:59.2796] port=5316
[*05/12/2025 13:30:59.2796] min-port=61000
[*05/12/2025 13:30:59.2796] address=/#/6.0.0.7
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.2796] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file after update:
[*05/12/2025 13:30:59.2796] no-resolv
[*05/12/2025 13:30:59.2796] pid-file=/var/run/dnsmasq.vaperr.pid
[*05/12/2025 13:30:59.2796] port=5316
[*05/12/2025 13:30:59.2796] min-port=61000
[*05/12/2025 13:30:59.2796] address=/#/6.0.0.7
[*05/12/2025 13:30:59.2796]
[*05/12/2025 13:30:59.4896] ip6_port srcr2, ip6local ::, ip6 ::, plen 0, gw6 ::, gw6_mac 00:00:00:00:00:00, mtu 1500, vid 0, mode6 2(slaac)
[*05/12/2025 13:31:00.0194] ethernet_port wired0, ip 0.0.0.0, netmask 0.0.0.0, gw 0.0.0.0, mtu 0, bcast 0.0.0.0, dns1 0.0.0.0, vid 0, static_ip_failover false, dhcp_vlan_failover false
[*05/12/2025 13:31:00.4493] Check whether client_ip_table entry need to be cleared 0
[*05/12/2025 13:31:00.4493] Clearing client entry
[*05/12/2025 13:31:05.0778] ip6_port srcr2, ip6local fe80::4a8b:aff:fe40:6e8, ip6 ::, plen 0, gw6 ::, gw6_mac 00:00:00:00:00:00, mtu 1500, vid 0, mode6 2(slaac)
Starting ntp file watcher...
[*05/12/2025 13:31:05.5777] No valid NTP source
[*05/12/2025 13:31:05.5777] No valid ntp server info file. Stop NTP!
[ OK ] Started OpenSSH server daemon.
[*05/12/2025 13:31:06.5474] ethernet_port wired0, ip 192.168.10.151, netmask 255.255.255.0, gw 192.168.10.1, mtu 1500, bcast 192.168.10.255, dns1 8.8.8.8, vid 0, static_ip_failover false, dhcp_vlan_failover false

[*05/12/2025 13:31:07.1672] pid 4427's current affinity mask: 3
[*05/12/2025 13:31:07.1672] pid 4427's new affinity mask: 1
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3471] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file before update:
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3471] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf new config:
[*05/12/2025 13:31:07.3471] no-resolv
[*05/12/2025 13:31:07.3471] pid-file=/var/run/dnsmasq.host.pid
[*05/12/2025 13:31:07.3471] port=53
[*05/12/2025 13:31:07.3471] min-port=61000
[*05/12/2025 13:31:07.3471] server=8.8.8.8
[*05/12/2025 13:31:07.3471] bind-interfaces
[*05/12/2025 13:31:07.3471] interface=lo
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3471] !!!!! {/opt/cisco/bin/capwap_brain} Dnsmasq.conf file after update:
[*05/12/2025 13:31:07.3471] no-resolv
[*05/12/2025 13:31:07.3471] pid-file=/var/run/dnsmasq.host.pid
[*05/12/2025 13:31:07.3471] port=53
[*05/12/2025 13:31:07.3471] min-port=61000
[*05/12/2025 13:31:07.3471] server=8.8.8.8
[*05/12/2025 13:31:07.3471] bind-interfaces
[*05/12/2025 13:31:07.3471] interface=lo
[*05/12/2025 13:31:07.3471]
[*05/12/2025 13:31:07.3771] pid 4430's current affinity mask: 3
[*05/12/2025 13:31:07.3771] pid 4430's new affinity mask: 1

No valid user found, please configure a valid user from Controller[*05/12/2025 13:31:08.8567] pid 4543's current affinity mask: 3
[*05/12/2025 13:31:08.8567] pid 4543's new affinity mask: 1
[*05/12/2025 13:31:08.9566] device aptrace0 entered promiscuous mode
[*05/12/2025 13:31:09.0566] /etc/dnsmasq.host.conf:
[*05/12/2025 13:31:09.0666] no-resolv
[*05/12/2025 13:31:09.0666] pid-file=/var/run/dnsmasq.host.pid
[*05/12/2025 13:31:09.0666] port=53
[*05/12/2025 13:31:09.0666] min-port=61000
[*05/12/2025 13:31:09.0666] server=8.8.8.8
[*05/12/2025 13:31:09.0666] bind-interfaces
[*05/12/2025 13:31:09.0666] interface=lo
[*05/12/2025 13:31:09.7064] chpasswd: password for user changed
[*05/12/2025 13:31:09.8064] #### board_data_init: num_slots (3), num_radios (2)
[*05/12/2025 13:31:11.0560] DOT11_TXP[0]:Domain configured: 1 class:E
[*05/12/2025 13:31:11.2759] DOT11_TXP[0]:Regdb file: /radio_fw/AP1852E_power_table_mapping.txt
[*05/12/2025 13:31:11.2959] DOT11_TXP[0]:Domain configured: 14 class:S
[*05/12/2025 13:31:12.0756] DOT11_TXP[0]:Regdb file: /radio_fw/AP1852E_power_table_mapping.txt
[*05/12/2025 13:31:12.3356] DOT11_DRV[0]: vendor_set_slot_capability: slot 0, radio_service_type 0
[*05/12/2025 13:31:12.3356] DOT11_DRV[0]: Init Radio0
[*05/12/2025 13:31:12.3656] DOT11_DRV[0]: set_channel Channel set to 6
[*05/12/2025 13:31:12.3955] DOT11_DRV[1]: vendor_set_slot_capability: slot 1, radio_service_type 0
[*05/12/2025 13:31:12.3955] DOT11_DRV[1]: Init Radio1
[*05/12/2025 13:31:12.4455] DOT11_DRV[1]: set_channel Channel set to 36
[*05/12/2025 13:31:13.3053] DOT11_DRV[0]: set_channel Channel set to 6
[*05/12/2025 13:31:13.3153] DOT11_DRV[0]: Channel set to 6, width 20
[*05/12/2025 13:31:13.3253] DOT11_DRV[0]: Channel set to 6 skipped
[*05/12/2025 13:31:13.6651] DOT11_DRV[0]: Channel set to 6, width 20
[*05/12/2025 13:31:13.6651] DOT11_DRV[0]: Channel set to 6 skipped
[*05/12/2025 13:31:13.7451] DOT11_DRV[1]: set_channel Channel set to 100
[*05/12/2025 13:31:13.7551] DOT11_DRV[1]: Channel set to 100, width 40
[*05/12/2025 13:31:13.7551] DOT11_DRV[1]: Channel set to 100 skipped
[*05/12/2025 13:31:13.8751] DOT11_DRV[1]: Channel set to 100, width 40
[*05/12/2025 13:31:13.8751] DOT11_DRV[1]: Channel set to 100 skipped
[*05/12/2025 13:31:14.9747] ipv6 gw config loop in capwap main
[*05/12/2025 13:31:16.9641] AP IPv4 Address updated from 0.0.0.0 to 192.168.10.151
[*05/12/2025 13:31:16.9741] ipv6 gw config loop in capwap main
[*05/12/2025 13:31:17.9738] ipv6 gw config loop in set IPv4 addr task
[*05/12/2025 13:31:18.9735] ipv6 gw config loop in capwap main
[*05/12/2025 13:31:19.9732] ipv6 gw config loop in set IPv4 addr task
[*05/12/2025 13:31:20.9729] ipv6 gw config loop in capwap main
[*05/12/2025 13:31:21.9726] ipv6 gw config loop in set IPv4 addr task
[*05/12/2025 13:31:22.9722] ipv6 gw config loop in capwap main
[*05/12/2025 13:31:23.9719] ipv6 gw config loop in set IPv4 addr task
[*05/12/2025 13:31:23.9919] dtls_init: Use MIC certificate
[*05/12/2025 13:31:24.3118]
[*05/12/2025 13:31:24.3118] CAPWAP State: Init
[*05/12/2025 13:31:24.3118]
[*05/12/2025 13:31:24.3118] PNP is not required,
[*05/12/2025 13:31:24.3118] Starting CAPWAP discovery
[*05/12/2025 13:31:24.3118]
[*05/12/2025 13:31:24.3318]
[*05/12/2025 13:31:24.3318] CAPWAP State: Discovery
[*05/12/2025 13:31:24.3318] Got WLC address 192.168.1.100 from DHCP.
[*05/12/2025 13:31:24.3318] Discovery Request sent to 192.168.1.100, discovery type STATIC_CONFIG(1)
[*05/12/2025 13:31:24.3618] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*05/12/2025 13:31:24.3718]
[*05/12/2025 13:31:24.3718] CAPWAP State: Discovery
[*05/12/2025 13:31:25.9713] Start: RPC thread 1108962448 created.
[*05/12/2025 13:31:25.9713] ipv6 gw config loop in set IPv4 addr task
[*05/12/2025 13:31:34.8185] ipv6 gw config loop in discovery timer expiry
[*05/12/2025 13:31:36.8179] ipv6 gw config loop in discovery timer expiry
[*05/12/2025 13:31:38.8173] ipv6 gw config loop in discovery timer expiry
[*05/12/2025 13:31:40.8167] ipv6 gw config loop in discovery timer expiry
[*05/12/2025 13:31:42.8260] ipv6 gw config loop in discovery timer expiry
[*05/12/2025 13:31:44.8254] ipv6 gw config loop in Ac discovery
[*05/12/2025 13:31:46.8248] ipv6 gw config loop in Ac discovery
[*05/12/2025 13:31:48.8242] ipv6 gw config loop in Ac discovery
[*05/12/2025 13:31:50.8235] ipv6 gw config loop in Ac discovery
[*05/12/2025 13:31:52.8229] ipv6 gw config loop in Ac discovery

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to phuocntlk135

‎05-17-2025 09:10 AM

I don't know if you will ever get this working the way you want it or at all, but put the ap on the same vlan as the controller.  I don't think you have configured any discovery for the ap to find the controller, so put it on vlan 1 and see if it joins, if it joins, then try to move it to vlan 10 and see what happens.  At least that way you have an idea if the controller and ap can communicate and join or not.  Also if you can get it to join on vlan 1 but not vlan 10, then you have other issues.  Once the ap joins a controller, it will now of that controller ip and you should see that in the logs.

-Scott
*** Please rate helpful posts ***
0 Helpful

phuocntlk135
Level 1
Level 1
In response to Scott Fella

‎05-19-2025 05:57 AM

Hi Scott Fella,

First of all thank you for your advice. I got a success with AP and WLC together on VLAN 1. It worked, the AP can join to the wlc if it has the same subnet. But i want to do it with more advance by separate management (VLAN 1) and CAPWAP (VLAN 10). But it was failed, when i plug in console cable in AP, i could see it can obtain DHCP from WLC by DHCP option 43 but when it send CAPWAP discorvery to wlc, the wlc could receive it but the problem is wlc not send a discovery reply to WLC. So that is a problem

Nó hoạt động, AP có thể tham gia WLC nếu nó có cùng một mạng con.
 
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to phuocntlk135

‎05-19-2025 06:38 AM

If the join was successful when on vlan 1, but when you change the ap to vlan 10 and it fails, that basically means that the discovery from the ap on vlan 10 to the controller on vlan 1 is not working.  This can be a firewall on your laptop maybe blocking UDP ports 5246 and 5247.  Since VM Workstation is not a supported version, it can also be something that VM Workstation is doing that is not allowing the communications.  Why not put the controller on vlan 10, no one these day's use vlan 1.  If you can't get it to work, I suggest leaving it in a working condition and getting everything else working that you want to test out.

-Scott
*** Please rate helpful posts ***
0 Helpful

Rich R
VIP
VIP

‎05-17-2025 07:07 AM

Like Scott says VMware workstation is not supported so won't work "out the box" - there are some tweaks and hacks you can find if you search to make it work.

Note: If I configure the AP port as access VLAN 1 (default), the AP is able to join the WLC successfully.
Without seeing all your switch configs not clear why but means that either your WLC's WMI is in VLAN 1 or you have mismatched VLANs across the network - eg access ports between switches instead of trunk or incorrect/mismatched native VLANs.

Your AP ports should be access (for Local Mode) or trunk for Flexconnect Mode with native VLAN set to the management VLAN (10).  The links between switches should be trunk ports (with matching native VLAN) and allowing all required VLANs.

Make sure you follow the 9800-CL setup and install guides very carefully.  Any missed steps can cause problems.
Also carefully review the Best Practices guide (link below) because there are a number of things which are specific to 9800-CL too.

And finally review your WLC config with Config Analyzer (link and details below) to highlight many common mistakes and best practice items.

To understand Flexconnect:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/cat-9800-flexconnect-branch-deployment-guide-og.html

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Haydn Andrews
VIP
VIP

‎05-20-2025 04:03 PM

A really good blog post on setting up the 9800-CL on VMWare Fusion on a MAC here https://semfionetworks.com/blog/setup-cisco-catalyst-9800-controller-on-your-laptop/ 

not a supported hypervisor but might help you with simalarities to workstation

Also there a good video on adding VLAN taging to VMware Workstation here which might be a missing step

https://youtu.be/FMb_IIvFQfk?feature=shared 

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Hacking VMware Workstation networking to add VLAN tagging for virtual machines
Hacking VMware Workstation networking to add VLAN tagging for virtual machines
youtu.be/FMb_IIvFQfk?feature=shared
Have you ever wanted to hack your VMware Workstation networking? In this video tutorial, I show you an easy way to add VLAN tagging to VMware Workstation which is something you can't do natively. Using a combination of client Hyper-V, PowerShell, and VMware Workstation networking, we can add VLAN
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card