Like others have stated, the problem is because you got "Authorize MIC APs against auth-list or AAA" checked - it will do a RADIUS lookup. Please un-check this option and it should work.
And leave "Accept Manufactured Installed Certificate (MIC)" checked. -----Original Message----- From: [email protected] on behalf of cisco 2006 Sent: Wed 2/5/2014 10:11 AM To: Raul Manzano; [email protected] Subject: Re: [OSL | CCIE_Wireless] CCIE_Wireless Digest, Vol 58, Issue 18 Yes , I did the accept manufacture installed certificate but I recieved this : Reason For Last Unsuccessful Attempt RADIUS authorization is pending for the AP On Wednesday, 5 February 2014, 11:57, Raul Manzano <[email protected]> wrote: Try ti review in Security / AP policies that "accept manufacture installed certificate" are enabled, also "authorize mic aps against auth-list or AAA" are disabled unless you are using a AAA or internal MAC-filter to authorize the join in this WLC. Cheers 2014-02-05 <[email protected]>: Send CCIE_Wireless mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://onlinestudylist.com/cgi-bin/mailman/listinfo/ccie_wireless or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of CCIE_Wireless digest..." Today's Topics: 1. Re: AP not joined to WLC (cisco 2006) ---------------------------------------------------------------------- Message: 1 Date: Wed, 5 Feb 2014 08:46:25 +0000 (GMT) From: cisco 2006 <[email protected]> To: Brendon Hwang <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" I can only get these output (Cisco Controller) debug>capwap errors enable? (Cisco Controller) debug>*spamApTask1: Feb 04 22:06:27.284: sshpmFreePublicKeyHandle: freeing public key *spamApTask0: Feb 04 23:40:31.348: d0:c7:89:0b:1f:40 State machine handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308 <http://10.128.20.13:8308/> ?? (Cisco Controller) debug> (Cisco Controller) debug> ?*spamApTask0: Feb 04 23:40:31.348: d0:c7:89:0b:1f:40 Failed to parse CAPWAP packet from 10.128.20.13:8308 <http://10.128.20.13:8308/> *spamApTask1: Feb 04 23:42:01.311: 00:00:00:00:00:00 Invalid event Capwap_heart_beat_timer_expiry & state Capwap_no_state combination *spamApTask1: Feb 04 23:42:01.311: d0:c7:89:0b:1f:40 Event = Capwap_heart_beat_timer_expiry State = Capwap_no_state *spamApTask1: Feb 04 23:42:01.311: Failed to process timer message 1 ? (Cisco Controller) debug>capwap events enable? (Cisco Controller) debug>*spamApTask1: Feb 04 23:43:31.927: d0:c7:89:0b:1a:b0 DTLS connection not found, creating new connection for 10:128:20:12 (38710) 10:128:20:10 (5246) *spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Allocated index from main list, Index: 127 *spamApTask1: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS keys for Control Plane are plumbed successfully for AP 10.128.20.12. Index 128 *spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 DTLS Session established server (10.128.20.10:5246 <http://10.128.20.10:5246/> ), client (10.128.20.12:38710 <http://10.128.20.12:38710/> ) *spamApTask2: Feb 04 23:43:32.403: d0:c7:89:0b:1a:b0 Starting wait join timer for AP: 10.128.20.12:38710 <http://10.128.20.12:38710/> *spamApTask1: Feb 04 23:43:37.403: d0:c7:89:0b:1a:b0 Join Request from 10.128.20.12:38710 <http://10.128.20.12:38710/> *spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 Deleting AP entry 10.128.20.12:38710 <http://10.128.20.12:38710/> from temporary database. *spamApTask1: Feb 04 23:43:37.404: d0:c7:89:0b:1a:b0 MIC AP is not allowed to join by config On Wednesday, 5 February 2014, 11:30, Brendon Hwang <[email protected]> wrote: Hello, You can try below. ?I am not sure what info had been delivered from you to other guys hence I just ask few useful information you can gather if console is possible. show capwap client config show capwap client rcb - do this if AP keeps on rebooting Debug capwap client no-r ?? - mainly you can use below for useful info. debug capwap client event Regards, Brendon On 5 Feb 2014, at 6:38 pm, cisco 2006 <[email protected]> wrote: No I don't have . But if it is neccesary need I will try to access the AP . But what outputs of commands do you want.? Please not that all interfaces in the same vlan? Interfaces Entries 1 - 6 of 6 Interface Name VLAN Identifier IP Address Interface Type Dynamic AP Management ? ? On Wednesday, 5 February 2014, 10:30, Brendon Hwang <[email protected]> wrote: Do you have a console connection to AP by any chance? Regards, Brendon On 5 Feb 2014, at 6:24 pm, cisco 2006 <[email protected]> wrote: It is 5508? On Wednesday, 5 February 2014, 10:15, Andreas di Zazzo <[email protected]> wrote: Btw what controller is it? Since it looks like the access-points are running MESH image. The virtual WLC do not support that. ? From:[email protected] <mailto:from%[email protected]> [mailto:[email protected]] On Behalf Of cisco 2006 Sent: den 5 februari 2014 08:03 To: Jeff Rensink Cc: [email protected] Subject: Re: [OSL | CCIE_Wireless] AP not joined to WLC ? Also see this output? ? ? (Cisco Controller) >debug capwap errors enable? (Cisco Controller) >*spamApTask1: Feb 04 03:18:49.454: d0:c7:89:0b:1f:40 Join Request: Total msgEleLen = 0? ? *spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 State machine handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8308 <http://10.128.20.13:8308/> ? *spamApTask0: Feb 04 21:58:15.193: d0:c7:89:0b:1f:40 Failed to parse CAPWAP packet from 10.128.20.13:8308 <http://10.128.20.13:8308/> ? *spamApTask1: Feb 04 21:58:25.977: d0:c7:89:0b:1a:b0 Echo Timer Expiry: Missing Echo from APd0:c7:89:0b:1a:b0, Closing dtls Connection. *spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 State machine handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.12:38711 <http://10.128.20.12:38711/> ? *spamApTask1: Feb 04 21:58:42.448: d0:c7:89:0b:1a:b0 Failed to parse CAPWAP packet from 10.128.20.12:38711 <http://10.128.20.12:38711/> ? q*spamApTask0: Feb 04 21:59:08.726: d0:c7:89:0b:1f:40 DTLS connection was closed *spamApTask1: Feb 04 21:59:24.357: d0:c7:89:0b:1f:40 State machine handler: Failed to process ?msg type = 3 state = 0 from 10.128.20.13:8309 <http://10.128.20.13:8309/> ? *spamApTask1: Feb 04 21:59:24.358: d0:c7:89:0b:1f:40 Failed to parse CAPWAP packet from 10.128.20.13:8309 <http://10.128.20.13:8309/> ? *spamApTask1: Feb 04 21:59:35.981: d0:c7:89:0b:1a:b0 DTLS connection was closed ? ? On Wednesday, 5 February 2014, 9:53, cisco 2006 <[email protected]> wrote: The following are the output of the controller . Also notice that the exchange of control data is in plain text as follows ? Wireless > all aps > ap > advanced > ?Current Data Encryption Status???????plain text ? Please let me know if need any further information . ? ? (Cisco Controller) >show ap retransmit all Global control packet retransmit interval: 3 Global control packet retransmit count: 5 AP Name???????????? Retransmit Interval? Retransmit count ------------------? -------------------? ------------------- AP6c41.6a29.7355?????? N/A(Mesh mode)????? N/A(Mesh mode) ? ? (Cisco Controller) >show country code Configured Country............................. US? - United States Configured Country Codes ??????? US? - United States............................. 802.11a Indoor,Outdoor / 802.11b / 802.11g ? ? ? On Wednesday, 5 February 2014, 2:11, Jeff Rensink <[email protected]> wrote: What do you mean by this? ?Can you give us a screenshot of your Country codes screen? (or a "show country" command in the CLI) Regards, ? Jeff Rensink : Sr Instructor : iPexpert CCIE # 24834 :: Wireless / R&S :: World-Class Cisco Certification Training Direct: +1.810.326.1444 :: Free Videos :: Free Training / Product Offerings :: CCIE Blog :: Twitter ? On Tue, Feb 4, 2014 at 9:22 AM, cisco 2006 <[email protected]> wrote: also when I configured the country code , it appairs not configured in regularity domains. ------------------------------ On Tue, Feb 4, 2014 6:02 PM AST (Arabian) Maxim Risman wrote: >Hello, what is the WLC version code you are running ? > >Thank you. > > >On Tue, Feb 4, 2014 at 4:56 AM, cisco 2006 <[email protected]> wrote: > >> Dear All, >> I need you help to solve this issue in my wireless LAN . >> When I connect the AP 3600 to the Switch the AP get the IP from the DHCP >> but it is not joined with the WLC 5508 and I get this output from the >> controller . I have to mention that the mangement interface , dynamic >> interface and APs in the same VLAN . >> >> >> >> >> ?*All APs* >> ? ? *Entries 1 - 2 of 2* >> >> ?*Current Filter* >> ?*None* >> >> ?[Change Filter] [Clear Filter] >> >> ? ?*Number of APs* >> >> >> ?*AP Name* >> >> ?*AP Model* >> ?*AP MAC* >> ?*AP Up Time* >> ?*Admin Status* >> ?*Operational Status* >> ?*Port* >> ?*AP Mode* >> ?*Certificate Type* >> ?*OEAP* >> ?*Primary SW version* >> ?*Backup SW version* >> ?*AP Sub Mode* >> ?*Download Status* >> ?*Upgrade Role (Master/Slave)* >> >> >> >> >> ?*AP Join Stats* >> ? ?*Entries 1 - 2 of 2* >> >> ? ?*Current Filter:* >> ?None >> >> ?[Change Filter] [Clear Filter] >> >> >> ?*Base Radio MAC* >> ?*AP Name* >> ?*Status* >> ?*Ethernet MAC* >> ?*IP Address* >> ?*Last Join Time* >> >> >> >> >> >> ?*AP Join Stats Detail >* >> >> ? ?*General* >> >> ? Base MAC Address >> ? ? AP Name >> ? ? Ethernet MAC Address >> ? ? IP Address >> ? ? Status >> ? ? *Last AP Join* >> >> ? *Timestamp* >> ?*Message* >> ? ? ? ?*Discovery Phase Statistics* >> >> ? Requests Received >> ? ? Responses Sent >> ? ? Unsuccessful Request Processed >> ? ? Reason For Last Unsuccessful Attempt >> ? ? Last Successful Attempt Time >> ? ? Last Unsuccessful Attempt Time >> ? ? *Join Phase Statistics* >> >> ? Requests Received >> ? ? Responses Sent >> ? ? Unsuccessful Request Processed >> ? ? Reason For Last Unsuccessful Attempt >> ? ? Last Successful Attempt Time >> ? ? Last Unsuccessful Attempt Time >> ? ? *Configuration Phase Statistics* >> >> ? Requests Received >> ? ? Responses Sent >> ? ? Unsuccessful Request Processed >> ? ? Reason For Last Unsuccessful Attempt >> ? ? Last Successful Attempt Time >> ? ? Last Unsuccessful Attempt Time >> >> ?*Last Error Summary* >> >> ? Last AP Message Decryption Failure >> ? ? Last AP Connection Failure >> ? ? Last AP Disconnect Reason >> ? ? Last Error Occurred >> ? ? Last Error Occurred Reason >> ? ? Last Join Error Timestamp >> >> >> _______________________________________________ >> Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: >> >> iPexpert on YouTube: www.youtube.com/ipexpertinc >> > > > >-- >Best Regards > >Maxim Risman _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc ? ? ? _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc ? _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc -------------- next part -------------- An HTML attachment was scrubbed... URL: </archives/ccie_wireless/attachments/20140205/2c65df39/attachment.html> ------------------------------ _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc End of CCIE_Wireless Digest, Vol 58, Issue 18 ********************************************* _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
