Ok, but "authorize mic aps against auth-list or AAA" is enable or disable, because this option, unless you want to authorizate your AP against AAA or MAc-filtering must be disabled.
Cheers 2014-02-05 <[email protected]>: > Send CCIE_Wireless mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Wireless digest..." > > > Today's Topics: > > 1. Re: CCIE_Wireless Digest, Vol 58, Issue 18 (cisco 2006) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 5 Feb 2014 09:11:11 +0000 (GMT) > From: cisco 2006 <[email protected]> > To: Raul Manzano <[email protected]>, > "[email protected]" > <[email protected]> > Subject: Re: [OSL | CCIE_Wireless] CCIE_Wireless Digest, Vol 58, Issue > 18 > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > > > Yes , I did the accept manufacture installed certificate but I recieved > this : > > > > Reason For Last Unsuccessful Attempt ? ?RADIUS authorization is pending > for the AP > > > > > On Wednesday, 5 February 2014, 11:57, Raul Manzano <[email protected]> > wrote: > > Try ti review in Security / AP policies that "accept manufacture installed > certificate" are enabled, also "authorize mic aps against auth-list or AAA" > are disabled unless you are using a AAA or internal MAC-filter to authorize > the join in this WLC. > > Cheers > > > > 2014-02-05 <[email protected]>: > > Send CCIE_Wireless mailing list submissions to > >? ? ? ? [email protected] > > > >To subscribe or unsubscribe via the World Wide Web, visit > >? ? ? ? http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless > >or, via email, send a message with subject or body 'help' to > >? ? ? ? [email protected] > > > >You can reach the person managing the list at > >? ? ? ? [email protected] > > > >When replying, please edit your Subject line so it is more specific > >than "Re: Contents of CCIE_Wireless digest..." > > > > > >Today's Topics: > > > >? ?1. Re: AP not joined to WLC (cisco 2006) > > > > > >---------------------------------------------------------------------- > > > >Message: 1 > >Date: Wed, 5 Feb 2014 08:46:25 +0000 (GMT) > >From: cisco 2006 <[email protected]> > >To: Brendon Hwang <[email protected]> > >Cc: "[email protected]" > >? ? ? ? <[email protected]> > >Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC > >Message-ID: > >? ? ? ? <[email protected]> > >Content-Type: text/plain; charset="iso-8859-1" > > > >I can only get these output > > > > > > > >(Cisco Controller) debug>capwap errors enable? > > > >(Cisco Controller) debug>*spamApTask1: Feb 04 22:06:27.284: > sshpmFreePublicKeyHandle: freeing public key > > > >*spamApTask0: Feb 04 23:40:31.348: d0:c7:89:0b:1f:40 State machine > handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308 > > > >?? > >(Cisco Controller) debug> > >(Cisco Controller) debug> ?*spamApTask0: Feb 04 23:40:31.348: > d0:c7:89:0b:1f:40 Failed to parse CAPWAP packet from 10.128.20.13:8308 > > > >*spamApTask1: Feb 04 23:42:01.311: 00:00:00:00:00:00 Invalid event > Capwap_heart_beat_timer_expiry & state Capwap_no_state combination > > > >*spamApTask1: Feb 04 23:42:01.311: d0:c7:89:0b:1f:40 Event = > Capwap_heart_beat_timer_expiry State = Capwap_no_state > > > >*spamApTask1: Feb 04 23:42:01.311: Failed to process timer message 1 > > > >? > > > >(Cisco Controller) debug>capwap events enable? > > > >(Cisco Controller) debug>*spamApTask1: Feb 04 23:43:31.927: > d0:c7:89:0b:1a:b0 DTLS connection not found, creating new connection for > 10:128:20:12 (38710) 10:128:20:10 (5246) > > > >*spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Allocated index from > main list, Index: 127 > > > >*spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS keys for > Control Plane are plumbed successfully for AP 10.128.20.12. Index 128 > > > >*spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS Session > established server (10.128.20.10:5246), client (10.128.20.12:38710) > >*spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Starting wait join > timer for AP: 10.128.20.12:38710 > > > >*spamApTask1: Feb 04 23:43:37.403: d0:c7:89:0b:1a:b0 Join Request from > 10.128.20.12:38710 > > > >*spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 Deleting AP entry > 10.128.20.12:38710 from temporary database. > >*spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 MIC AP is not > allowed to join by config > > > > > > > > > >On Wednesday, 5 February 2014, 11:30, Brendon Hwang <[email protected]> > wrote: > > > >Hello, > > > >You can try below. ?I am not sure what info had been delivered from you > to other guys hence I just ask few useful information you can gather if > console is possible. > > > >show capwap client config > >show capwap client rcb > > > >- do this if AP keeps on rebooting > >Debug capwap client no-r ?? > > > >- mainly you can use below for useful info. > >debug capwap client event > > > > > >Regards, > >Brendon > > > > > > > > > >On 5 Feb 2014, at 6:38 pm, cisco 2006 <[email protected]> wrote: > > > >No I don't have . > >But if it is neccesary need I will try to access the AP . But what > outputs of commands do you want.? > > > > > >Please not that all interfaces in the same vlan? > > > >Interfaces Entries 1 - 6 of 6 > >Interface Name VLAN Identifier IP Address Interface Type Dynamic AP > Management ? > >? > > > > > > > >On Wednesday, 5 February 2014, 10:30, Brendon Hwang <[email protected]> > wrote: > > > >Do you have a console connection to AP by any chance? > > > > > >Regards, > >Brendon > > > > > > > > > >On 5 Feb 2014, at 6:24 pm, cisco 2006 <[email protected]> wrote: > > > >It is 5508? > > > > > > > >On Wednesday, 5 February 2014, 10:15, Andreas di Zazzo < > [email protected]> wrote: > > > >Btw what controller is it? Since it looks like the access-points are > running MESH image. The virtual WLC do not support that. > >? > >From:[email protected] [mailto: > [email protected]] On Behalf Of cisco 2006 > >Sent: den 5 februari 2014 08:03 > >To: Jeff Rensink > >Cc: [email protected] > >Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC > >? > >Also see this output? > >? > >? > >(Cisco Controller) >debug capwap errors enable? > >(Cisco Controller) >*spamApTask1: Feb 04 03:18:49.454: d0:c7:89:0b:1f:40 > Join Request: Total msgEleLen = 0? > >? > >*spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 State machine > handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308 > >? > >*spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 Failed to parse > CAPWAP packet from 10.128.20.13:8308 > >? > >*spamApTask1: Feb 04 21:58:25.977: d0:c7:89:0b:1a:b0 Echo Timer Expiry: > Missing Echo from APd0:c7:89:0b:1a:b0, Closing dtls Connection. > >*spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 State machine > handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.12:38711 > >? > >*spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 Failed to parse > CAPWAP packet from 10.128.20.12:38711 > >? > >q*spamApTask0: Feb 04 21:59:08.726: d0:c7:89:0b:1f:40 DTLS connection was > closed > >*spamApTask1: Feb 04 21:59:24.357: d0:c7:89:0b:1f:40 State machine > handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8309 > >? > >*spamApTask1: Feb 04 21:59:24.358: d0:c7:89:0b:1f:40 Failed to parse > CAPWAP packet from 10.128.20.13:8309 > >? > >*spamApTask1: Feb 04 21:59:35.981: d0:c7:89:0b:1a:b0 DTLS connection was > closed > >? > >? > >On Wednesday, 5 February 2014, 9:53, cisco 2006 <[email protected]> > wrote: > >The following are the output of the controller . Also notice that the > exchange of control data is in plain text as follows > >? > >Wireless > all aps > ap > advanced > ?Current Data Encryption > Status???????plain text > >? > >Please let me know if need any further information . > >? > >? > >(Cisco Controller) >show ap retransmit all > >Global control packet retransmit interval: 3 > >Global control packet retransmit count: 5 > >AP Name???????????? Retransmit Interval? Retransmit count > >------------------? -------------------? ------------------- > >AP6c41.6a29.7355?????? N/A(Mesh mode)????? N/A(Mesh mode) > >? > >? > >(Cisco Controller) >show country code > >Configured Country............................. US? - United States > >Configured Country Codes > >??????? US? - United States............................. 802.11a > Indoor,Outdoor / 802.11b / 802.11g > >? > >? > >? > >On Wednesday, 5 February 2014, 2:11, Jeff Rensink <[email protected]> > wrote: > >What do you mean by this? ?Can you give us a screenshot of your Country > codes screen? (or a "show country" command in the CLI) > > > > > >Regards, > >? > >Jeff Rensink : Sr Instructor : iPexpert > >CCIE # 24834 :: Wireless / R&S > >:: World-Class Cisco Certification Training > > > > > >Direct: +1.810.326.1444 > >:: Free Videos > >:: Free Training / Product Offerings > >:: CCIE Blog > >:: Twitter > >? > >On Tue, Feb 4, 2014 at 9:22 AM, cisco 2006 <[email protected]> wrote: > > > > > >also when I configured the country code , it appairs not configured in > regularity domains. > > > > > > > > > > > > > >------------------------------ > >On Tue, Feb 4, 2014 6:02 PM AST (Arabian) Maxim Risman wrote: > > > >>Hello, what is the WLC version code you are running ? > >> > >>Thank you. > >> > >> > >>On Tue, Feb 4, 2014 at 4:56 AM, cisco 2006 <[email protected]> wrote: > >> > >>> Dear All, > >>> I need you help to solve this issue in my wireless LAN . > >>> When I connect the AP 3600 to the Switch the AP get the IP from the > DHCP > >>> but it is not joined with the WLC 5508 and I get > >?this output from the > >>> controller . I have to mention that the mangement interface , dynamic > >>> interface and APs in the same VLAN . > >>> > >>> > >>> > >>> > >>> ?*All APs* > >>> ? ? *Entries 1 - 2 of 2* > >>> > >>> ?*Current Filter* > >>> ?*None* > >>> > >>> ?[Change Filter] [Clear Filter] > >>> > >>> ? ?*Number of APs* > >>> > >>> > >>> ?*AP Name* > >>> > >>> ?*AP Model* > >>> ?*AP MAC* > >>> ?*AP Up Time* > >>> ?*Admin Status* > >>> ?*Operational Status* > >>> ?*Port* > >>> ?*AP Mode* > >>> ?*Certificate Type* > >>> ?*OEAP* > >>> ?*Primary SW version* > >>> ?*Backup SW version* > >>> ?*AP Sub Mode* > >>> ?*Download Status* > >>> ?*Upgrade Role (Master/Slave)* > >>> > >>> > >>> > >>> > >>> ?*AP Join Stats* > >>> ? ?*Entries 1 - 2 of 2* > >>> > >>> ? ?*Current Filter:* > >>> ?None > >>> > >>> ?[Change Filter] [Clear Filter] > >>> > >>> > >>> > >??*Base Radio MAC* > >>> ?*AP Name* > >>> ?*Status* > >>> ?*Ethernet MAC* > >>> ?*IP Address* > >>> ?*Last Join Time* > >>> > >>> > >>> > >>> > >>> > >>> ?*AP Join Stats Detail >* > >>> > >>> ? ?*General* > >>> > >>> ? Base MAC Address > >>> ? ? AP Name > >>> ? ? Ethernet MAC Address > >>> ? ? IP Address > >>> ? ? Status > >>> ? ? *Last AP Join* > >>> > >>> ? *Timestamp* > >>> ?*Message* > >>> > >?? ? ? ?*Discovery Phase Statistics* > >>> > >>> ? Requests Received > >>> ? ? Responses Sent > >>> ? ? Unsuccessful Request Processed > >>> ? ? Reason For Last Unsuccessful Attempt > >>> ? ? Last Successful Attempt Time > >>> ? ? Last Unsuccessful Attempt Time > >>> ? ? *Join Phase Statistics* > >>> > >>> ? Requests Received > >>> ? ? Responses Sent > >>> ? ? Unsuccessful Request Processed > >>> ? ? Reason For Last Unsuccessful Attempt > >>> ? ? Last Successful Attempt Time > >>> ? ? Last Unsuccessful Attempt Time > >>> ? ? *Configuration Phase Statistics* > >>> > >>> ? Requests Received > >>> ? ? Responses Sent > >>> ? ? Unsuccessful Request Processed > >>> ? ? Reason For Last Unsuccessful Attempt > >>> ? ? Last Successful Attempt Time > >>> ? ? Last Unsuccessful Attempt Time > >>> > >>> ?*Last Error Summary* > >>> > >>> ? Last AP Message Decryption Failure > >>> ? ? Last AP Connection Failure > >>> ? ? Last AP Disconnect Reason > >>> ? ? Last Error Occurred > >>> ? ? Last Error Occurred Reason > >>> ? ? Last Join Error > >?Timestamp > >>> > >>> > >>> _______________________________________________ > >>> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos > :: > >>> > >>> iPexpert on YouTube: www.youtube.com/ipexpertinc > >>> > >> > >> > >> > >>-- > >>Best Regards > >> > >>Maxim Risman > > > >_______________________________________________ > >Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > > >iPexpert on YouTube: www.youtube.com/ipexpertinc > >? > >? > >? > >_______________________________________________ > >Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > > >iPexpert on YouTube: www.youtube.com/ipexpertinc > >? > > > >_______________________________________________ > >Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > > >iPexpert on YouTube: www.youtube.com/ipexpertinc > >-------------- next part -------------- > >An HTML attachment was scrubbed... > >URL: > </archives/ccie_wireless/attachments/20140205/2c65df39/attachment.html> > > > >------------------------------ > > > >_______________________________________________ > >Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > > >iPexpert on YouTube: www.youtube.com/ipexpertinc > > > >End of CCIE_Wireless Digest, Vol 58, Issue 18 > >********************************************* > > > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > </archives/ccie_wireless/attachments/20140205/48f384fe/attachment.html> > > ------------------------------ > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > > End of CCIE_Wireless Digest, Vol 58, Issue 20 > ********************************************* >
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
