Unable to connect AIR-CAP1602I-A-K9 with Cisco WLC 5508

Miankhel · ‎10-27-2022

Brought some used APs from another location AIR CAP1602I-A-K9 but having trouble joining it with 5508 WLC Software version 8.5.171.0 Recovery Image Version 7.6.95.16. The AP is not connecting automatically and only LED red blinking in the AP.

Already connected AP with the WLC are AIR CAP1702I-C-K9 which working fine.

Need some help/tips to check which configuration needs to be adjusted to join the above AP with WLC.

Thanks in Advance.

@Leo Laohoo @Rasika Nayanajith @Sandeep Choudhary

marce1000 · ‎10-27-2022

- Check controller logs when the AP tries to join.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi · ‎10-27-2022

Maybe I would console to AP check the Logs.

1. did AP get IP address from DHCP

2. What is your option to join WLC controller ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Miankhel · ‎11-01-2022

The AP gets the IP address from DHCP but did not get the profile from the controller. a green light continuously blinking. The following steps were taken.

The regulatory Domain enables C

MIC enable commands were applied

Console the AP, and the AP OS restarting repeatedly.

Leo Laohoo · ‎11-01-2022

@Miankhel wrote:
Console the AP, and the AP OS restarting repeatedly.

Console into the AP and reboot. Post the entire boot-up process.

Post the complete output to the following WLC commands:

sh sysinfo
sh time

jonathga94 · ‎10-27-2022

Since your APs were transferred from another location, I would assume that they were used there and thus have the configuration for joining a controller on their previous site. You should clear the configuration of the AP using the command "clear capwap ap all-config" to ensure that it will work properly on the new site.

Another thing to check is if the AP and WLC are on different subnets; if they are, then you should provide a way for the AP to know how to reach the desired controller. You could either configure it manually to the AP with the command "capwap ap primary-base <WLC-sysname> <IP-address>" or provision the information via DHCP option 43 or DNS by adding the DNS entry for cisco-capwap-controller on your DNS server.

Optionally, if your AP and WLC are on different subnets, you could configure a broadcast relay on the default gateway of the AP subnet. This would allow capwap broadcast discovery packets to be relayed to the WLC. To do this, you would need to use the commands "ip helper-address <WLC-IP-address>" and "ip forward-protocol udp 5246".

Besides that, the AP AIR-CAP1602I-A-K9 is an older model that may have an expired certificate by the time being which wouldn't allow to create a capwap tunnel with the controller. If that's the case, then you need to use the command "config ap cert-expiry-ignore mic enable" on the WLC so the controller will bypass the certificate validation check. To validate if your AP or WLC are affected by an expired certificate, check the steps in the link below:

https://community.cisco.com/t5/wireless-mobility-knowledge-base/lightweight-ap-fail-to-create-capwap-lwapp-connection-due-to/ta-p/3155111

Leo Laohoo · ‎10-27-2022

Look at the Regulatory Domain of the existing/working APs (-C) and look at the ones purchased (-A). The Regulatory Domain do not match.

Rich R · ‎10-28-2022

I also noticed the regulatory domain mismatch.
-C = Pakistan
-A = Argentina, Bolivia, Canada, Chile, Colombia, Costa Rica, Ecuador, Peru, Philippines, Uruguay, Venezuela
https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html
Remember in most countries it will be illegal to use APs from another regulatory domain.

And to add to what @jonathga94 mentioned about certs refer to the FN in my signature below for full details. WLC or APs could have expired certs and you'll need to follow the full procedure to get them to join if that's the case - just applying the config alone will not make them join.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Unable to connect AIR-CAP1602I-A-K9 with Cisco WLC 5508

AP AIR-CAP1602I-A-K9 se desasocian del WLC

事象：ASDM Unable to launch device manager from <IP address>

ISE - O que precisamos saber sobre Data Connect

DNAC: IP Access Control の無効化("Allow all IP address to connect")手順

When is the support end data of Cisco 5508 Series Wireless Controller?