Hi Leo,

thanks for replay, need to check on Monday because now i have boot with older Image.

As I read this I think tagging issue. On the new code can you ping the box but just can't access the gui and cli ? Or , is the box not pingable. 

I suspect the the controller lost its truck info / tag info. 

I have now the cdp output for both version:

Manufacturer's Name..... Cisco Systems Inc.
Product Name............ Cisco Controller
Product Version......... 5.2.193.0
RTOS Version............ 7.0.252.0
Bootloader Version.......4.0.191.0
Emergency Image Version..Error
Build Type...............DATA + WPS

sho cdp n
trzidls1  Unit - 0 Slot - 0 123 S I WS-C2960XR-48TS-IGigabitEthernet

Manufacturer's Name......Cisco Systems Inc.
Product Name.............Cisco Controller
Product Version..........7.0.252.0
RTOS Version.............7.0.252.0
Bootloader Version.......4.0.191.0
Emergency Image Version..N/A
Build Type...............DATA + WPS

sho cdp n
trzidls1 Fastethernet0/0/1 163  S I WS-C2960X Gig 1/0/13

@George, the box itselfs is only pining if I connect via Consol.

Ping to the D GW ist not possible

Of cource it coud be a trunking problem but what i need to configure on WLS to change that?

Post the show run of the switch port the controller connects to and the interface config of the WLC for management .. 

GigabitEthernet1/0/13 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is dca5.f411.040d (bia dca5.f411.040d)
  Description: Trunk Port ==> WLAN-Controller
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 13222
  Queueing strategy: fifo

interface GigabitEthernet1/0/13
 description Trunk Port ==> WLAN-Controller
 switchport trunk native vlan 68
 switchport trunk allowed vlan 68,168,173,681-683
 switchport mode trunk
!

Interface Name................................... management
MAC Address...................................... 00:27:0d:87:88:80
IP Address....................................... 192.168.68.195
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 192.168.68.193
VLAN............................................. untagged  
Quarantine-vlan.................................. 0
Physical Port.................................... 1         
Primary DHCP Server.............................. 192.168.68.193
Secondary DHCP Server............................ 192.168.168.170
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No

VLAN............................................. untagged  

The management port should be tagged.

makes no different.

Interface Name................................... management
MAC Address...................................... 00:27:0d:87:88:80
IP Address....................................... 192.168.68.195
IP Netmask....................................... 255.255.255.240
IP Gateway....................................... 192.168.68.193
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 68
Quarantine-vlan.................................. 0
Physical Port.................................... 1
Primary DHCP Server.............................. 192.168.68.193
Secondary DHCP Server............................ 192.168.168.170
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled

(Cisco Controller) >

Do i need to config. the sw port as dot1q?

Do i need to config. the sw port as dot1q?

2960X is already configured for 802.1Q.  

VLAN............................................. 68

This should be the management VLAN.  

Yes 68 is the VLAN for WLC and AP and the network of WLC Management:

interface Vlan68
 description TRZ_WLAN_FUER_AP-WLC
 ip address 192.168.68.193 255.255.255.240
 no ip redirects
!

The AP-manager interface’s IP address must be different from the management interface’s
IP address and may or may not be on the same subnet as the management interface. However,
we recommend that both interfaces be on the same subnet for optimum access point
association.

What that meens? I have bothe the AP-management and the management on same Subnet. Is that OK or not?

Don't worry.  AP Manager subnet and the Management subnet, ideally, can/must be the same.

Thanks,

ok, i have now boot the old image but with tagged vlan 68 and for some seconds the wlc was accessable.

after untagged vlan to 0 the wlc is now accessable but with old image.

with the new image i have no chance.

As I said originally your issue is tagging. 

On on the controller if u make the vlan 0 then on the switch you must use the native vlan statement. 

On the controller if you state a vlan like you did 68 then you need to remove the native statement and leave vlan 68 trucked. 

If if you find this helpful please remember to rate post.