Actually I've got the AP's showing up again, it was an expired certificate issue I had to set the date on the controller back a year to have them connect.

Issue I'm having now is no internet connection on my wifi.

   @pmcleanglx  >...Issue I'm having now is no internet connection on my wifi.
              Debug clients using instructions from : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/213258-collect-debugs-from-wireless-lan-control.html
             You can have these debugs analyzed with : Wireless Debug Analyzer

  M.

Its on v8.0.115.0 and I can't update it because I don't have a service contract.

Right now my external DHCP Is not giving out IP addresses for some reason.

Find a recent security advisory that affects 8.5 code and find the section which says "Customers without Service Contracts" then contact TAC quoting the URL of the advisory, the paragraph just mentioned and the version and URL https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7 for the software you want to download and serial number of your WLC.  You'll have to mention which platform you need it for (2504) because they have all of them there at that URL.  Then TAC should publish it to you directly.

This advisory should be suitable: Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability because CSCwa40778 : Bug Search Tool (cisco.com) is fixed in 8.5.182.12. (even though the advisory itself says upgrade to 8.10)

"Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade."

Before upgrading check that your AP models are compatible with 8.5 code.  Refer to the Compatibility Matrix (link below)

---

@Rich R wrote:

Find a recent security advisory that affects 8.5 code and find the section which says "Customers without Service Contracts" then contact TAC quoting the URL of the advisory, the paragraph just mentioned and the version and URL https://software.cisco.com/download/specialrelease/9a6a7cf84f9fdf04b95c76e2ac7820e7 for the software you want to download and serial number of your WLC.  You'll have to mention which platform you need it for (2504) because they have all of them there at that URL.  Then TAC should publish it to you directly.

This advisory should be suitable: Cisco Wireless LAN Controller AireOS Software FIPS Mode Denial of Service Vulnerability because CSCwa40778 : Bug Search Tool (cisco.com) is fixed in 8.5.182.12. (even though the advisory itself says upgrade to 8.10)

"Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade."

Before upgrading check that your AP models are compatible with 8.5 code.  Refer to the Compatibility Matrix (link below)

---

I tried to contact Cisco support and they are denying me an upgrade, saying because my device is EOL the system won't allow them to create a support ticket.

How do I escalate this? Its pretty screwed up that my device is a brick now unless I set the time back.

That sounds like "we know you're entitled but don't know how to do it"!
Unfortunately first line TAC are mostly outsourced now and "computer says no" response means they are too lazy/unwilling to escalate it to Cisco which is the only thing you can ask them to do.

ps: it's also possible that they're going to just refer you to the EOL policy and say they can't help you because it's past end of support date (even though the software update was published after that date too <smile> 2504 Last Date of Support: April 30, 2023 - 8.5.182.12 published 07-MAR-2024 - so clearly was intended to still be provided after LDOS)

  - @pmcleanglx   >...Right now my external DHCP Is not giving out IP addresses for some reason
                            As stated earlier you need to perform client debugging to get insights on that :
   Debug clients using instructions from : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/213258-collect-debugs-from-wireless-lan-control.html
             You can have these debugs analyzed with : Wireless Debug Analyzer

   But with the older controller and no service contract(s) ; you are getting yourselves 'bricked'; consider moving on to
   a modern wireless environment

  M.

As @marce1000 mentioned, take debugs. If auth is getting passed and endpoint is getting stuck in the DHCP_REQD state, while running the debugs, no need to add debug aaa as that will generate too much data which is not necessary. Instead you can run - 

>debug client aa:bb:cc:dd:ee:ff
>debug dhcp message enable
>debug dhcp packet enable

As a side note, you can try enabling/disabling DHCP proxy mode (by default it should be enabled) on the dynamic interface assigned for this SSID. Might work. If still doesn't work, I will prefer to plug a laptop to the same switch where WLC is and configure it with access vlan (same vlan from where wireless users should get ip) and see if my laptop gets an ip over wired network.