I have the problem that my APs wont join my WLC for some reason.
On the DHCP server I can tell that all 4 APs get an IP address and I also can ping them but dont see them on my WLC.
When I look at the WLC log I can see the following messages:
*fp_main_task: Mar 27 15:33:36.004: %SSHPM-4-AES_AP_ONLY: sshpmcert.c:4919 Cisco APs will not be able to join this controller
*fp_main_task: Mar 27 15:33:36.004: %LOG-6-Q_IND: sshpmcert.c:4561 Found Manufacturing-installed device certificates
*fp_main_task: Mar 27 15:33:36.001: %SSHPM-6-MANUF_CERT_INFO: sshpmcert.c:4561 Found Manufacturing-installed device certificates
Unfortunately, I couldnt find anything about the first message online.
I configured Option 43 on the DHCP server and used the MGMT IP of the WLC in hex.
Any ideas? The first log message is somehow suspucious!?
Which software version are you running on the WLC.
The 1700 is only compatible with 8.0.x and above.
Do you have any other 1700 series APs on the WLC?
Is the time on the WLC correct?
Try adding the AP Ethernet mac address to the AP Policies and see how you go as well
Can you console the AP and provide the logs from it when it tries to join.
thanks for all your replies!
FW running on the WLC is 8.1.x, which should be compatible to the APs.
Time is correct on the WLC.
I can ping all the AP IPs from the WLC.
When I turn on debugging for CAPWAP I dont see any related packets on the WLC?
There is another backup WLC in my mobility group to which I cannot connect yet. Might this be the problem? It says "Control and Data Path Down" for the connection to the other WLC. But I would think that this has nothing to do with the APs not joing the controller, right!?
At the moment I dont have any access to the APs.
thanks for your reply!
Here the "cdp neig detail" output from the switch the APs are connected to:
Device ID: XXX-AP001
IP address: 172.29.x.x
IPv6 address: FE80::7A72:x:x:x:x (link-local)
Platform: cisco AIR-CAP1702I-E-K9, Capabilities: Trans-Bridge Source-Route-Bridge IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0
Holdtime : 158 sec
Cisco IOS Software, C1700 Software (AP3G2-K9W8-M), Version 15.3(3)JD14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Fri 23-Mar-18 09:21 by prod_rel_team
advertisement version: 2
Power drawn: 15.400 Watts
Power request id: 51247, Power management id: 2
Power request levels are:15400 13000 0 0 0
IP address: 172.29.x.x
From the switch the WLC is connected to:
Device ID: XXX
IPv4 Address: 172.29.X.X
IPv6 Address: fe80::ba38:x:x:x:x
Platform: AIR-CT2504-K9, Capabilities: Host
Interface: Ethernet1/18, Port ID (outgoing port): GigabitEthernet0/0/1
Holdtime: 160 sec
Manufacturer's Name: Cisco Systems Inc. Product Name: Cisco Controller Product Version: 184.108.40.206 RTOS Version: Erro Bootloader Version: 1.0.20 Build Type: DATA + WPS
Advertisement Version: 2
The WLC is connected via a trunk and the APs are connected as access ports to VLAN 100. The trunk to the WLC is allowed to carry VLAN 100.
Unfortunately, I cannot connect them together directly.
Just as info for you, I also included now the string "Cisco AP c1700" as option 60 with my DHCP server.
According to the "setup guide" its necessary.
thanks for your help.
I will do this and see what happens.
One last question, what FW version is getting pushed down to the APs from the WLC?
When I look at the WLCs flash there are only the active and backup FW versions.
But that are not the FW versions used for the APs, right? How can I tell the WLC which FW version to use for the APs?
paste the output of these commands:
From WLC: sh sysinfo
FRom AP: sh version
Also boot the AP and paste the complete bootup process here .
Dont forget to rate helpful posts