Solved

Cisco AP fails to join WLC

Posted on 2016-10-05
8
36 Views
Last Modified: 2016-11-06
We have a Cisco virtual wireless controller (vWLC) v8.3.102.0 set up as detailed here:

http://www.cisco.com/c/en/us/support/docs/wireless/virtual-wireless-controller/113677-virtual-wlan-dg-00.html#features

All other settings are on default, apart from the IP addresses.

New, out of the box, APs fail to connect despite sending join requests to the WLC.  The output of the AP is as follows:

Ethernet speed is 1000 Mb - FULL Duplex
Loading "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-mx"...#########################

File "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-mx" uncompressed and installed, entr                                                                              y point: 0x2003000
executing...

Secondary Bootloader - Starting system.
Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Xmodem file system is available.
flashfs[0]: 239 files, 8 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 41158656
flashfs[0]: Bytes used: 20173824
flashfs[0]: Bytes available: 20984832
flashfs[0]: flashfs fsck took 11 seconds.
flashfs[1]: 0 files, 1 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 12257280
flashfs[1]: Bytes used: 1024
flashfs[1]: Bytes available: 12256256
flashfs[1]: flashfs fsck took 0 seconds.
Base Ethernet MAC address: 00:62:ec:4b:58:7c
Boot CMD: 'boot  flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx;flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx'
Loading "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx"...############################
File "flash:/ap3g2-rcvk9w8-mx/ap3g2-rcvk9w8-xx" uncompressed and installed, entry point: 0x1003000
executing...

              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706



Cisco IOS Software, C1700 Software (AP3G2-RCVK9W8-M), Version 15.3(3)JC, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 11-Dec-15 11:55 by prod_rel_team

Antigua Lite Board P2
40MB format
Tide XL MB - 40MB of flash
Initializing flashfs...

flashfs[2]: 239 files, 8 directories
flashfs[2]: 0 orphaned files, 0 orphaned directories
flashfs[2]: Total bytes: 40900608
flashfs[2]: Bytes used: 20173824
flashfs[2]: Bytes available: 20726784
flashfs[2]: flashfs fsck took 11 seconds.
flashfs[2]: Initialization complete.
flashfs[3]: 0 files, 1 directories
flashfs[3]: 0 orphaned files, 0 orphaned directories
flashfs[3]: Total bytes: 11999232
flashfs[3]: Bytes used: 1024
flashfs[3]: Bytes available: 11998208
flashfs[3]: flashfs fsck took 1 seconds.
flashfs[3]: Initialization complete....done Initializing flashfs.

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP1702I-E-K9 (PowerPC) processor (revision A0) with 376814K/134656K bytes of memory.
Processor board ID FCW2024P2WZ
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.2.100.0
1 Gigabit Ethernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:62:EC:4B:58:7C
Part Number                          : 73-16776-01
PCB Serial Number                    : FOC20222CAY
Top Assembly Part Number             : 068-100665-01
Top Assembly Serial Number           : FCW2024P2WZ
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1702I-E-K9
% Please define a domain-name first.
ipv6 enable
  ^
% Invalid input detected at '^' marker.

ipv6 address autoconfig
  ^
% Invalid input detected at '^' marker.

ipv6 address dhcp
  ^
% Invalid input detected at '^' marker.



Press RETURN to get started!


*Mar  1 00:00:13.475: APAVC: Initial WLAN Buffers Given to System is  2500

*Mar  1 00:00:13.523: APAVC:  WlanPAKs 42878 RadioPaks  42270

*Mar  1 00:00:13.523: Starting Ethernet promiscuous mode
*Mar  1 00:00:13.531: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:13.531: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:14.831: %LWAPP-4-CLIENTEVENTLOG: PnP waiting for capwap init
*Mar  1 00:00:15.507: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:15.571: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1700 Software (AP3G2-RCVK9W8-M), Version 15.3(3)JC, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 11-Dec-15 11:55 by prod_rel_team
*Mar  1 00:00:15.571: %SNMP-5-COLDSTART: SNMP agent on host ap is undergoing a cold start
*Mar  1 00:00:15.611: %LINK-6-UPDOWN: Interface GigabitEthernet1, changed state to up
*Mar  1 00:00:15.611: %CDP_PD-4-POWER_OK: Full power - HIGH_POWER inline power source
*Mar  1 00:00:15.623: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:15.623: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:15.623: spamInitRadCfg: recovery image default mode 0
lwapp_crypto_init: MIC Present and Parsed Successfully

*Mar  1 00:00:15.787: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Mar  1 00:00:16.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:17.611: %LINK-5-CHANGED: Interface GigabitEthernet1, changed state to administratively down
*Mar  1 00:00:20.431: DPAA Initialization Complete
*Mar  1 00:00:20.431: %SYS-3-HARIKARI: Process DPAA INIT top-level routine exited
*Mar  1 00:00:21.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar  1 00:00:23.431: %LINK-6-UPDOWN: Interface BVI1, changed state to down
*Mar  1 00:00:24.431: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
*Mar  1 00:00:27.607: %LINK-6-UPDOWN: Interface BVI1, changed state to up
*Mar  1 00:00:28.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Mar  1 00:00:28.679: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.50.50.102, mask 255.255.255.0, hostname AP0062.ec4b.587c

bridge-group 1 source-learning
                ^
% Invalid input detected at '^' marker.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Mar  1 00:00:34.531: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config failed, trying backup...
*Mar  1 00:00:34.531: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak config failed...
*Mar  1 00:00:34.531: %CAPWAP-3-EVENTLOG: No Config Present. PNP required
*Mar  1 00:00:34.535: Cert ISSUER (39): cn=Cisco Manufacturing CA SHA2,o=Cisco

%Error opening flash:/capwap-saved-config (No such file or directory)
%Error opening flash:/capwap-saved-config-bak (No such file or directory)
Not in Bound state.
*Mar  1 00:00:53.135: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.50.50.103, mask 255.255.255.0, hostname AP0062.ec4b.587c

Not in Bound state.
*Mar  1 00:01:06.083: %LWAPP-4-CLIENTEVENTLOG: Invoking capwap discovery
*Mar  1 00:01:09.155: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.50.50.104, mask 255.255.255.0, hostname AP0062.ec4b.587c

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)

*Mar  1 00:01:27.091: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Oct  5 08:01:33.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_i
*Oct  5 08:01:34.231: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully
*Oct  5 08:01:34.231: %CAPWAP-5-SENDJOIN: sending Join Request to 10.50.50.119
*Oct  5 08:01:39.231: %CAPWAP-5-SENDJOIN: sending Join Request to 10.50.50.119
ipv6 enable
  ^
% Invalid input detected at '^' marker.

ipv6 address autoconfig
  ^
% Invalid input detected at '^' marker.

ipv6 address dhcp
  ^
% Invalid input detected at '^' marker.

*Oct  5 08:02:32.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.
*Oct  5 08:02:33.003: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config f
*Oct  5 08:02:33.003: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak conf
*Oct  5 08:02:33.003: spamInitRadCfg: recovery image default mode 0

*Oct  5 08:02:33.015: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg config f
*Oct  5 08:02:33.015: %LWAPP-3-CLIENTERRORLOG: Load nvram:/lwapp_ap.cfg.bak conf

Open in new window

What must we do to allow the APs to join the WLC?
0
Comment
Question by:David Haycox
  • 5
  • 3
8 Comments
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 500 total points
ID: 41829567
Can you post the following outputs from the vWLC?

show sysinfo
show run-config commands
show interface summary
show interface detailed management
show time
show ap join stats summary all
0
 
LVL 1

Author Comment

by:David Haycox
ID: 41829584
I have just tried a different version of the WLC (v8.0.140) which seems to be working okay (it's currently "Downloading image from Controller")  The only difference other than the version I think was that I set an IPv6 address.

I will post the outputs shortly if the problem persists, or update if resolved.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 41829590
Strange.  Your AP is supported in 8.3 code.
0
 
LVL 1

Author Comment

by:David Haycox
ID: 41829625
On that version the AP gets detected but seems to go in a loop.  In any case I've reverted to the original WLC (v8.3.102.0) in order to get the outputs requested.

Here you go:
(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.102.0
RTOS Version..................................... 8.3.102.0
Bootloader Version............................... 8.3.15.96
Emergency Image Version.......................... 8.3.102.0

OUI File Update Time............................. Sun Sep 07 10:44:07 IST 2014

Build Type....................................... DATA + WPS

System Name...................................... WLC-HQ1
System Location.................................. 
System Contact................................... 
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.50.50.119
IPv6 Address..................................... ::
System Up Time................................... 0 days 0 hrs 11 mins 7 secs
System Timezone Location......................... 
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... GB  - United Kingdom

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0


OUI Classification Failure Count................. 0


Burned-in MAC Address............................ 00:50:56:95:98:99
Maximum number of APs supported.................. 200
System Nas-Id.................................... 
WLC MIC Certificate Types........................ SHA1
Licensing Type................................... RTU
vWLC config...................................... Small

(Cisco Controller) >show run-config commands
 802.11a 11nSupport a-mpdu tx scheduler enable 

 802.11a 11nSupport a-mpdu tx scheduler timeout rt 10 

 802.11a 11nSupport a-mpdu tx scheduler timeout nrt 200 

 802.11a 11nSupport a-msdu max-subframes 3 

 802.11b 11nSupport a-msdu max-subframes 3 

 802.11a 11nSupport a-msdu max-length 8k

 802.11b 11nSupport a-msdu max-length 8k

 802.11a 11nSupport mcs tx 8 disable 

 802.11a 11nSupport mcs tx 9 disable 

 802.11a beacon range 0 


 802.11a rx-sop threshold auto default 


 802.11a cca threshold 0 default 


 802.11a multicast buffer 0 


 802.11a multicast data-rate 0 default


 802.11a cac video cac-method static 


 802.11a max-clients 200 


 802.11a dfs-peakdetect enable 


 802.11b 11nSupport a-mpdu tx scheduler enable 

 802.11b 11nSupport a-mpdu tx scheduler timeout rt 10 

 802.11b 11nSupport a-mpdu tx scheduler timeout nrt 200 

 802.11b beacon range 0 


 802.11b rx-sop threshold auto default 


 802.11b cca threshold 0 default 


 802.11b multicast buffer 0 


 802.11b multicast data-rate 0 default


 802.11b cac video cac-method static 


 802.11b max-clients 200 


802.11h channelswitch enable loud

 aaa auth mgmt  local radius


 acl url-acl disable


 flexconnect fallback-radio-shut disable

 advanced 802.11a channel dca interval 0


 advanced 802.11a channel dca startup-interval 0


 advanced 802.11a channel dca anchor-time 0


 advanced 802.11a channel dca chan-width 20


 advanced 802.11a channel dca best-width-max 80


 advanced 802.11a channel dca sensitivity 15


 advanced 802.11a channel dca min-metric -95


 advanced 802.11b channel dca interval 0


 advanced 802.11b channel dca startup-interval 0


 advanced 802.11b channel dca anchor-time 0


 advanced 802.11b channel dca sensitivity 10


 advanced 802.11b channel dca min-metric -95


 location info rogue extended


 location rssi-half-life tags 0


 location rssi-half-life client 0


 location rssi-half-life rogue-aps 0


 location expiry tags 5


 location expiry client 5


 location expiry calibrating-client 5


 location expiry rogue-aps 5



 advanced 802.11b client-network-preference default



 advanced 802.11a client-network-preference default


 advanced backup-controller primary  

 advanced backup-controller secondary  

 advanced backup-controller   

 advanced backup-controller   

 advanced sip-snooping-ports 0 0


 advanced eap bcast-key-interval 3600


 advanced 802.11-abgn pak-rssi-location threshold -100


 advanced 802.11-abgn pak-rssi-location trigger-threshold 10


 advanced 802.11-abgn pak-rssi-location reset-threshold 8


 advanced 802.11-abgn pak-rssi-location ntp 178.79.162.34


 advanced 802.11-abgn pak-rssi-location timeout 3


 advanced hotspot cmbk-delay 1


Cisco Public Safety is not allowed to set in this domain

 ap syslog host global ::

 ap dtls-cipher-suite RSA-AES128-SHA


 ap dtls-wlc-mic sha2



 cdp advertise-v2 enable

 country GB 


 cts sxp disable

 cts sxp connection default password ****

 cts sxp retry period 120

 cts sxp sxpversion 2

 database size 2048

 dhcp opt-82 remote-id ap-mac


 qos qosmap disable

 qos qosmap trust-dscp-upstream disable

 flexconnect group default-flex-group add


 flexconnect group default-flex-group radius ap server-key <hidden> 


 flexconnect group default-flex-group radius ap authority id 436973636f0000000000000000000000 


 flexconnect group default-flex-group radius ap authority info Cisco A_ID 


 flexconnect group default-flex-group http-proxy ip-address 0.0.0.0 http-proxy port 0 


 flexconnect group default-flex-group template-vlan-map add none

 local-auth method fast server-key ****


interface address management 10.50.50.119 255.255.255.0 10.50.50.254 


interface address virtual 1.1.1.1 


interface dhcp  management primary 10.10.10.1   


 nasid apgroup  default-group

 wlan nasid none 1 


interface port management 1 



 mdns snooping disable


 mdns policy service-group create "default-mdns-policy" "Default Access Policy created by WLC"


 mdns policy service-group user-role add default-mdns-policy admin


 mdns profile create "default-mdns-profile" 


 mdns service create "AirTunes" _raop._tcp.local. origin All LSS disable query disable


 mdns service create "Airplay" _airplay._tcp.local. origin All LSS disable query disable


 mdns service create "Googlecast" _googlecast._tcp.local. origin All LSS disable query disable


 mdns service create "HP_Photosmart_Printer_1" _universal._sub._ipp._tcp.local. origin All LSS disable query enable


 mdns service create "HP_Photosmart_Printer_2" _cups._sub._ipp._tcp.local. origin All LSS disable query enable


 mdns service create "HomeSharing" _home-sharing._tcp.local. origin All LSS disable query enable


 mdns service create "Printer-IPP" _ipp._tcp.local. origin All LSS disable query disable


 mdns service create "Printer-IPPS" _ipps._tcp.local. origin All LSS disable query disable


 mdns service create "Printer-LPD" _printer._tcp.local. origin All LSS disable query disable


 mdns service create "Printer-SOCKET" _pdl-datastream._tcp.local. origin All LSS disable query disable


 mdns profile service add "default-mdns-profile" "AirTunes" 


 mdns profile service add "default-mdns-profile" "Airplay" 


 mdns profile service add "default-mdns-profile" "Googlecast" 


 mdns profile service add "default-mdns-profile" "HP_Photosmart_Printer_1" 


 mdns profile service add "default-mdns-profile" "HP_Photosmart_Printer_2" 


 mdns profile service add "default-mdns-profile" "HomeSharing" 


 mdns profile service add "default-mdns-profile" "Printer-IPP" 


 mdns profile service add "default-mdns-profile" "Printer-IPPS" 


 mdns profile service add "default-mdns-profile" "Printer-LPD" 


 mdns profile service add "default-mdns-profile" "Printer-SOCKET" 


 mdns query interval 15


 wlan mdns disable 1 




 ipv6 ra-guard ap enable


 ipv6 capwap udplite enable all

 ipv6 multicast mode unicast 


 load-balancing aggressive enable


 load-balancing window 5


 wlan apgroup add default-group 


 wlan apgroup qinq tagging eap-sim-aka default-group enable


 wlan apgroup interface-mapping add default-group 1 management


 wlan apgroup nac-snmp disable default-group 1 


 memory monitor errors enable

 memory monitor leak thresholds 10000 30000
Outdoor Mesh Ext.UNII B Domain channels: Disable
mesh security rad-mac-filter disable
mesh security rad-mac-filter disable

 mesh security eap
mesh background-scanning disable
mesh backhaul rrm disable
mesh backhaul rrm auto-rf global
mesh lsc advanced ap-provision open-window enable

 mgmtuser add admin **** read-write 


 mgmtuser termination-interval 0

 mobility group domain Charlies


 mobility group member hash 10.50.50.119 92371b2887a532e211e552bfd6e7f7a7d7305f16

 mobility dscp 0

 network dns serverip 10.50.50.8


 network http-proxy ip 0.0.0.0 


 network http-proxy Port 80 


 network secureweb csrfcheck enable


 network multicast igmp snooping enable 


 network multicast mld snooping enable 


 network profiling http-port 80 


 network ap-priority disabled 


 network rf-network-name Charlies

 network secureweb cipher-option rc4-preference disable

 network client-ip-conflict-detection disable 

 paging disable


 pmipv6 mag binding maximum AP 250 


 qos protocol-type bronze dot1p

 qos protocol-type silver dot1p

 qos protocol-type gold dot1p

 qos protocol-type platinum dot1p

 qos priority bronze background background background

 qos priority gold video video video

 qos priority platinum voice voice voice

 qos priority silver besteffort besteffort besteffort

 qos dot1p-tag silver 0

 qos dot1p-tag gold 4

 qos dot1p-tag platinum 5

 radius callStationIdType macaddr


 radius auth callStationIdType ap-macaddr-ssid


 radius fallback-test mode passive


 radius fallback-test username cisco-probe


 radius fallback-test interval 300


 radius dns serverip 10.50.50.8


 radius dns disable

 radius dns auth network enable


 radius dns auth management enable


 radius dns acct network enable


 radius dns auth rfc3576 disable

 tacacs dns serverip 10.50.50.8


 tacacs dns disable


 rogue detection report-interval 10
 rogue detection min-rssi -90
 rogue detection transient-rogue-interval 0
 rogue detection client-threshold 0
 rogue detection security-level custom
 rogue ap aaa-auth disable

 rogue ap aaa-auth polling-interval 0

 rogue ap ssid alarm

 rogue ap valid-client alarm

 rogue adhoc enable

 rogue adhoc alert

 rogue ap rldp disable

 rogue ap rldp schedule disable

 rogue auto-contain level 1  


 rogue containment flex-connect disable
 rogue containment auto-rate disable
 rogue client aaa disable

 rogue client mse disable

 serial baudrate 38400

 snmp version v2c enable

 snmp version v3 enable

 snmp snmpEngineId 00003763000098997732320a


snmp community ipsec ike auth-mode pre-shared-key ****


 switchconfig strong-pwd case-check enabled

 switchconfig strong-pwd consecutive-check enabled

 switchconfig strong-pwd default-check enabled

 switchconfig strong-pwd username-check enabled

 switchconfig strong-pwd position-check disabled

 switchconfig strong-pwd case-digit-check disabled

 switchconfig strong-pwd minimum upper-case 0

 switchconfig strong-pwd minimum lower-case 0

 switchconfig strong-pwd minimum digits-chars 0

 switchconfig strong-pwd minimum special-chars 0

 switchconfig strong-pwd min-length 3

 sysname WLC-HQ1

 stats-timer realtime 5

 stats-timer normal 180

 tacacs fallback-test interval 0


 time ntp interval 604800 

 time ntp server 1 178.79.162.34 


 rf-profile create 802.11a High-Client-Density-802.11a 

 rf-profile create 802.11b High-Client-Density-802.11bg 

 rf-profile create 802.11a Low-Client-Density-802.11a 

 rf-profile create 802.11b Low-Client-Density-802.11bg 

 rf-profile create 802.11a Typical-Client-Density-802.11a 

 rf-profile create 802.11b Typical-Client-Density-802.11bg 



 rf-profile tx-power-min 7 High-Client-Density-802.11a 

 rf-profile tx-power-min 7 High-Client-Density-802.11bg 



 rf-profile tx-power-control-thresh-v1 -65 High-Client-Density-802.11a 

 rf-profile tx-power-control-thresh-v1 -60 Low-Client-Density-802.11a 

 rf-profile tx-power-control-thresh-v1 -65 Low-Client-Density-802.11bg 




 rf-profile data-rates 802.11a disabled 6 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a disabled 9 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 12 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 18 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 24 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 36 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 48 High-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 54 High-Client-Density-802.11a 

 rf-profile data-rates 802.11b disabled 1 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 2 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 5.5 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 11 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 6 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 9 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b mandatory 12 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 18 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 24 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 36 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 48 High-Client-Density-802.11bg 

 rf-profile data-rates 802.11a mandatory 6 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 9 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 12 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 18 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 24 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 36 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 48 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 54 Low-Client-Density-802.11a 

 rf-profile data-rates 802.11b mandatory 1 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b mandatory 2 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b mandatory 5.5 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b mandatory 11 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 6 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 9 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 12 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 18 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 24 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 36 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 48 Low-Client-Density-802.11bg 

 rf-profile data-rates 802.11a mandatory 6 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 9 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 12 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 18 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a mandatory 24 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 36 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 48 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11a supported 54 Typical-Client-Density-802.11a 

 rf-profile data-rates 802.11b disabled 1 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 2 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 5.5 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 11 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b disabled 6 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 9 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b mandatory 12 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 18 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 24 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 36 Typical-Client-Density-802.11bg 

 rf-profile data-rates 802.11b supported 48 Typical-Client-Density-802.11bg 









 rf-profile rx-sop threshold medium High-Client-Density-802.11a 

 rf-profile rx-sop threshold medium High-Client-Density-802.11bg 

 rf-profile rx-sop threshold low Low-Client-Density-802.11a 

 rf-profile rx-sop threshold low Low-Client-Density-802.11bg 











 rf-profile coverage data -90 Low-Client-Density-802.11a 

 rf-profile coverage data -90 Low-Client-Density-802.11bg 


 rf-profile coverage voice -90 Low-Client-Density-802.11a 

 rf-profile coverage voice -90 Low-Client-Density-802.11bg 


 rf-profile coverage exception 2 Low-Client-Density-802.11a 

 rf-profile coverage exception 2 Low-Client-Density-802.11bg 










 rf-profile client-network-preference default High-Client-Density-802.11a 

 rf-profile client-network-preference default High-Client-Density-802.11bg 

 rf-profile client-network-preference default Low-Client-Density-802.11a 

 rf-profile client-network-preference default Low-Client-Density-802.11bg 

 rf-profile client-network-preference default Typical-Client-Density-802.11a 

 rf-profile client-network-preference default Typical-Client-Density-802.11bg 

 trapflags client nac-alert enable

 trapflags client webAuthUserLogin enable

 trapflags client webAuthUserLogout enable

 trapflags ap ssidKeyConflict disable

 trapflags ap timeSyncFailure disable

 trapflags mfp disable

 trapflags adjchannel-rogueap disable

 trapflags mesh excessive hop count disable

 trapflags mesh sec backhaul change disable

 trapflags mesh psk auth failure disable

 wlan create 1 Charlies_SSID Charlies_SSID

 wlan nac snmp disable 1 


 wlan nac radius disable 1 

 wlan multicast interface 1 disable

 wlan band-select allow disable 1 

 wlan load-balance allow disable 1 

 wlan assisted-roaming prediction disable 1


 wlan assisted-roaming neighbor-list enable 1


 wlan assisted-roaming dual-list disable 1


 wlan dms enable 1

 wlan bssmaxidle enable 1

 wlan bss-transition disassociation-imminent timer 200 1

 wlan bss-transition disassociation-imminent oproam-timer 40 1

 wlan multicast buffer disable 0 1


 wlan session-timeout 1 1800

 wlan flexconnect local-switching 1 enable

 wlan flexconnect learn-ipaddr 1 enable

 wlan wgb broadcast-tagging disable 1 

 wlan security splash-page-web-redir disable 1

 wlan security wpa akm 802.1x enable 1

 wlan security wpa akm cckm timestamp-tolerance  1000 1

 wlan security ft adaptive enable 1


 wlan security wpa gtk-random disable 1


 wlan security pmf association-comeback 1 1


 wlan security pmf saquery-retrytimeout 200 1




 wlan profiling radius dhcp disable 1 

 wlan profiling radius http disable 1 

 wlan enable 1

 WMM-AC disabled 

 HS2 QOS disabled 


 coredump disable

media-stream multicast-direct disable




media-stream message url 
media-stream message email 
media-stream message phone 
media-stream message note denial 
media-stream message state disable

802.11a media-stream multicast-direct enable
802.11b media-stream multicast-direct enable

802.11a media-stream multicast-direct radio-maximum 0
802.11b media-stream multicast-direct radio-maximum 0

802.11a media-stream multicast-direct client-maximum 0
802.11b media-stream multicast-direct client-maximum 0

802.11a media-stream multicast-direct admission-besteffort disable
802.11b media-stream multicast-direct admission-besteffort disable

802.11a media-stream video-redirect enable
802.11b media-stream video-redirect enable

 ipv6 neighbor-binding timers reachable-lifetime 300

 ipv6 neighbor-binding timers stale-lifetime 86400

 ipv6 neighbor-binding timers down-lifetime 30

 ipv6 neighbor-binding ra-throttle disable

 ipv6 neighbor-binding ra-throttle allow at-least 1 at-most 1

 ipv6 neighbor-binding ra-throttle max-through 10

 ipv6 neighbor-binding ra-throttle throttle-period 600

 ipv6 neighbor-binding ra-throttle interval-option passthrough

 ipv6 ns-mcast-fwd disable

 ipv6 na-mcast-fwd enable

 ipv6 enable

 nmheartbeat disable

 ipv6 slaac service-port disable 


 sys-nas 

 tunnel eogre heart-beat interval 60 

 tunnel eogre heart-beat primary-fallback-timeout 30 

 tunnel eogre heart-beat max-skip-count 3 

 cloud-services wsa mode Disable 

 WSA Backhaul SSID  

 WSA Backhaul Username  

 WSA Backhaul Authentication Type psk 

Eap Type ........................................ <none> 
cloud-services server url  https://data.cmxcisco.com 

 cloud-services cmx disabled 

 WLAN Express Setup - False 


Flex Avc Profile Configuration
  Peer_IP        Peer_Role        Peer_Status        Peer_Upg_Status        Peer_version
----------------------------------------------------------------------------------------------

Internal Error


Internal Error


Internal Error


Internal Error

config hitLess-upgrade start grouping 

  Peer_IP 	Peer_Role	 Peer_Status	 Peer_Upg_Status	 Peer_version
-----------------------------------------------------------------------------------------------
config hitLess-upgrade abort

(Cisco Controller) >show intefac   rface summary


 Number of Interfaces.......................... 3

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       1    untagged 10.50.50.119    Static  Yes    N/A  
service-port                     N/A  N/A      0.0.0.0         DHCP    No     N/A  
virtual                          N/A  N/A      1.1.1.1         Static  No     N/A  

(Cisco Controller) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 00:50:56:95:98:99
IP Address....................................... 10.50.50.119
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.50.50.254
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::250:56ff:fe95:9899/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged  
Quarantine-vlan.................................. 0
Physical Port.................................... 1         
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 10.10.10.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
IPv4 ACL......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
URL ACL.......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. N/A
L2 Multicast..................................... Enabled

(Cisco Controller) >show time

Time............................................. Wed Oct  5 10:07:46 2016

Timezone delta................................... 0:0
Timezone location................................ 

NTP Servers
    NTP Polling Interval.........................     604800

     Index     NTP Key Index                  NTP Server                Status          NTP Msg Auth Status
    -------  ----------------------------------------------------------------------------------------------
       1              0                               178.79.162.34     In Sync              AUTH DISABLED


(Cisco Controller) >show ap join stats summary all

Number of APs.............................................. 4 

Base Mac             AP EthernetMac       AP Name                 IP Address         Status

00:62:ec:4b:58:7c    N A                  AP0062.ec4b.587c        10.50.50.104       Not Joined

05:d0:f4:57:00:00    N A                  N A                     10.50.50.103       Not Joined

79:cf:f4:57:00:00    N A                  N A                     10.50.50.103       Not Joined

91:d0:f4:57:00:00    N A                  N A                     10.50.50.103       Not Joined


(Cisco Controller) >

Open in new window

0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:David Haycox
ID: 41830239
We now have 4 of the 6 APs working using WLC v8.0.140, but the remaining two won't connect with the following error:

Oct  5 15:48:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.50.50.119 peer_port: 5246
*Oct  5 15:48:35.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x7C58280!

Open in new window


One of them was working previously but had a factory reset; the other is out of the box.  I will ask another question if necessary.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 41830277
Can you do a debug from the WLC CLI?

debug capwap events enable
debug capwap packet enable
0
 
LVL 1

Accepted Solution

by:
David Haycox earned 0 total points
ID: 41830309
It looks like I just needed some patience; I've got them all connected now and their IPs set to static.  Thanks.
0
 
LVL 1

Author Closing Comment

by:David Haycox
ID: 41875981
Solved problem myself, with some assistance
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now