AP cannot join WLC

It is strange. I have never seen this kind of log message in ap. after I replaced the WLC with vWLC, the situation is same as previous. Attached file below is message log when it boots

Log.txt

never seen this either. seems to me like it tries to resolve the mentionned name and uses broadcast. i would try and set a nameserver in the config.

from a google search

Does this apply to you?

If you connect the service port Ito the network, that subnet should not be able to communicate with the management interface of the WLC. I would remove the service port from the switch. Also, place the AP in the same subnet as the WLC management interface and see if the AP joins. Then you can move the AP to another vlan. The time on the WLC needs to be set right also or else the AP will never join

Thank you for your fast reply. I adjust both time to same(but cannot exact same) and check service port etc, I could not any abnormal. but after unplug WLC, the AP can ping the wlc no longer, however, the log message is still same as before. That means the AP cannot communicate with  WLC effectively though AP was able to ping WLC. 

or wlc does not answer the broadcast. are both in the same lan ?

Both ap and wlc are vlan10. and wlc is connected to switch by SFP trunk
Diagram is like this: AP ----- switch(sfp trunk)-----wlc

I reset the ap, and add all basic config except ap ip address. Once adding ip address for the AP, the same log message begin to appear. I doubt if the ap has some physical issue.

i don t think so. seems to me like some discovery mechanism used by the ap to find the wlc

note that they should be in the same lan amd not just vlan.

try and set the correct broadcast address for this lan rather than 4x255

if that does not  help, i would probably check with a sniffer whether said broadcast packets reach the wlc.

btw, i assume you changed the ips for privacy  if you did not, your config is totally wrong. you need to use lan addresses

No, this is lab. i do not change ip. looks like you find issue? Can you please.. thanks

Can you check the image installed on the AP if it's lightweight or Autonomous AP?

Also try to do debug capwap and check what you're getting.

As per your configuration it should work since the IP is on the same range of the controller, I suggest to try to factory default the AP and don't use a static, use DHCP instead 

Thank you for your reply. Please see below output for two versions, one is for 4400, second is for vwlc
The issue is still there. I tried to make ap-manager ip subnet same as management.
and I change wlc to vwlc which does not have ap-manager interface and has higher version:


4400 -----------------------------------

(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.252.0
RTOS Version..................................... 7.0.252.0
Bootloader Version............................... 4.0.217.0
Emergency Image Version.......................... N/A
Build Type....................................... DATA + WPS

System Name...................................... Cisco_68:ca:03
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.0.100.24
System Up Time................................... 0 days 0 hrs 6 mins 14 secs
System Timezone Location.........................

Configured Country............................... US  - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +32 C

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:1B:D5:68:CA:00
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25


(Cisco Controller) >show ntp

Ntp Authentication Key Details...................
     Key Index
    ------------
(Cisco Controller) >show country
Configured Country............................. US  - United States
Configured Country Codes
        US  - United States............................. 802.11a Indoor,Outdoor / 802.11b / 802.11g

vwlc -----------------------------------------------------------------------------------------------------------------

(Cisco Controller) >show sysinfo          
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.0.152.0
RTOS Version..................................... 8.0.152.0
Bootloader Version............................... 8.3.15.96
Emergency Image Version.......................... 8.0.152.0

Build Type....................................... DATA + WPS

System Name...................................... Cisco_0c:52:86
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 10.0.100.24
IPv6 Address..................................... ::
System Up Time................................... 0 days 7 hrs 25 mins 55 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... US  - United States

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

Burned-in MAC Address............................ 00:0C:29:0C:52:86
Maximum number of APs supported.................. 200
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1

(Cisco Controller) >

(Cisco Controller) >show ntp

Ntp Authentication Key Details...................
     Key Index
    ------------

(Cisco Controller) >show country
Configured Country............................. US  - United States
Configured Country Codes
        US  - United States............................. 802.11a Indoor,Outdoor / 802.11b / 802.11g



(Cisco Controller) >show interface summary
 Number of Interfaces.......................... 3
Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       1    untagged 10.0.100.24     Static  Yes    No  
service-port                     N/A  N/A      192.168.1.100   Static  No     No  
virtual                          N/A  N/A      2.2.2.2         Static  No     No  
(Cisco Controller) >

Ok so the AP won't join the 4400 with 7.0 code, so I'd give up on that one unless you can get the right code for it.

The vWLC - you have the management interface untagged. In the 4400 you have configured it on VLAN 10. How have you configured the Port Group for the VM? Is it tagging VLAN 10?

Topology is like this: AP ----------- f0/3-Switch-f0/5------------PC(vw-workstation-vwlc)
Looks like vwlc management interface has to be untagged. interface f0/3 and f0/5 are in vlan 10. I tried untagging the two interfaces in switch, but it still cannot work. AP can ping PC, but cannot ping vwlc. Maybe this is reason. Not sure if the management interface should be untagged. Do we have to set untagged in management interface?
Since this is in vm workstation, I did not do any config on Port Group.

Management interface can be untagged, but usually we tag it to make sure management traffic stays on that VLAN. If you're running on a PC though set it to untagged to make networking easier.

Assuming the PC is on VLAN 10, check the interfaces you've attached to the VM are correct too. The vWLC uses 2 NICs - one is the service port and one is the management port. You may only have the service port attached. You don't have to configure the service port but if you put it on an untagged port, set the switchport VLAN ID to something other than 10 as the service port and management port can't be on the same subnet.

It can work after vm connection issue is resolved! Thank you!