Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1509
Views
0
Helpful
6
Replies

Unable to See APs on C9800

tcp_analysis_flags_eq_1
Level 1
Level 1

‎02-22-2022 05:23 AM

Im a troubleshooting a scenario below.

  1. APs 2700 connect to a WLC(1), APs obtain IP address via DHCP and Option 43 is configured on the Server. 
  2. APs are able to get an IP and send a Capwap discovery
  3. AP and WLC are able to communicate
  4. APs are not shown in WLC(1)

As part of troubleshooting I tried to modify the Option 43 on DHCP server to a different WLC IP, The AP appeared on WLC(2) without issue.

Anyone had the same issue?

Note: No issue joining and discovering AP under L2 broadcast

WLC 1 Version: 17.3.4c

WLC 2 Version: 17.3.2a

Labels:
0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎02-22-2022 06:05 AM

 

 - You may start by having a sanity check of the C9800 configuration ,for that use (CLI) : show tech wireless , have the output analyzed by : https://cway.cisco.com/tools/WirelessAnalyzer/

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎02-22-2022 06:23 AM

Since you have two 9800's and you have determined that the AP is connecting to WLC2, that means that the AP and WLC 2are fine and the issue is with WLC 1.  I'm assuming that you are using an appliance not a VM?  You have any ap's joined to the WLC 1, if not, then you need to look at the FW or any acl's that might be blocking the join.  If the ap os joined to WLC 2, you can then go into that ap and change the high availability to point to WLC 1.  If the ap doesn't join that way, then the issue again is with WLC 1 and or something blocking the join.

-Scott
*** Please rate helpful posts ***
0 Helpful

tcp_analysis_flags_eq_1
Level 1
Level 1
In response to Scott Fella

‎02-22-2022 06:54 AM

There are APs already joined in the WLC(1) however the method is via L2 Broadcast. And the issue is not with the joining, The issue is that the APs are not appearing in the dashboard of the AP (Monitoring > AP Statistics). Firewall flows has been opened to any as part of the troubleshooting. I also tried to perform PCAP on the WLC(1) but Im not able to see any request from the AP even if the AP has the configured the option 43 to point to WLC(1) when I issue ping from AP to WLC it is being seen in the PCAP.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to tcp_analysis_flags_eq_1

‎02-22-2022 06:58 AM - edited ‎02-23-2022 07:24 AM

If the access point is not appearing in the dashboard, then there is an issue with joining.  Only joined ap's will show up in the controller.  Have you tried to put the ap in the same subnet so its a layer 2 broadcast discovery?  Have you tried to connect an indoor ap on the same cable to see if that ap joins WLC 1?  Have you tried to connect another ap to that same cable and connect it to WLC 2 and then change the ap high availability to point to WLC 1 to see if the ap joins?  This will help you determine where the issue is.

-Scott
*** Please rate helpful posts ***
0 Helpful

jagan.chowdam
Spotlight
Spotlight

‎02-22-2022 06:30 AM

Also, make sure you have trustpoint configured for AP DTLS connection. 

 

If you have some issues with AP joining, that’s probably the first thing to start troubleshooting, and it’s recommended that you follow these steps:

●      show wireless management trustpoint: verify if the trustpoint is set

●      If not there: On the physical appliance simply reassign the MIC by using the following commands:

c9800(config)#no wireless management trustpoint

c9800(config)#wireless management trustpoint CISCO_IDEVID_SUDI 

 

the validate it by issuing 

c9800#wireless config validate

 

If possible, console into the AP and log the boot process and share.

 

CJ

 

/** Please rate all useful responses **/

 

0 Helpful

Rich R
VIP
VIP

‎02-23-2022 02:01 AM

What model are the 2 WLCs?

What do the join stats show for those APs? Did the WLC see the join requests and if they failed what was the reason?

If the WLC replied and the AP didn't receive the reply then despite what you think there is something blocking the traffic from WLC -> AP.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card