Cisco Wireless :: WLC5500 And 1140 APs Not Associating - DTLS Error Messages
Dec 25, 2012
I have a WLC 5508 and several 1142 access points. The APs are not showing up in the WLC. When i console into the APs, im getting the following errors,
*Dec 26 23:04:28.035: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 65.125.15.212:5246
*Dec 26 23:04:28.074: %CAPWAP-5-CHANGED: CAPWAP changed state to
[Code]....
Ive tried resetting the WLC, reloading the APs. I even factory defaulted one of the APs and still getting the same message.Ive verified that the WLC is set to accept MICs and SSCs.
View 6 Replies
ADVERTISEMENT
Jan 12, 2011
I have just upgraded one of our 4400 to 7.0.98.0. Most of the AP re-registered with out issues. I have two AIR-LAP1142N-E-K9 on a remote site that will not re-register.I have pointed them to another 2125 WLC (7.0.98.0) and they register fine. Point them to yet another 4400 (7.0.98.0) I get the same issue.I am getting this error when the register on the 4400s.*Jan 11 14:39:24.000: %CAPWAP-3-ERRORLOG: Selected MWAR 'abzewwlc'(index 1).*Jan 11 14:39:24.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller *Jan 11 07:05:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 144.46.211.5 peer_port: 5246*Jan 11 07:06:55.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 144.46.211.5:5246 I suspect it may be as they both have In the client config.Then again maybe not.Configured Switch 1 Addr 158.139.177.203Configured Switch 2 Addr 144.46.214.25
Question 1 if I do a "clear config except static IP" will I still be able to telnet tp them or will they default to no telnet no ssh ?
Question 2 any idea how to get past this DTLS error ?
View 4 Replies
View Related
Feb 18, 2013
i have currently a 2504 WLC and some 1602i AP's.Basically so far i have configured the WLC as per the guidelines on the startup and now i want to join the AP's (which i haven't managed to do yet) and the setup the wireless network.I can get the AP to join and pickup an ip address and that is it. It comes up with different error messages from the WLC, and through hyper terminal, none of which i understand but the main jist is the following:
*spamApTask4: Feb 19 15:05:56.171: #CAPWAP-3-DECODE_ERR: capwap_ac_sm.c:3844 Error decoding Join request from AP 6c:20:56:0e:23:e0
AND
0Tue Feb 19 15:06:19 2013AP with MAC 6c:20:56:0e:23:e0 (AIR-CAP1602I-E-K9 ) is unknown.
AND
View 8 Replies
View Related
Nov 27, 2012
I am constantly getting a few errors in my ASA 5510 and 5505 from the same IP. The IP of my NMS server, which has also stopped recieving SNMP data from these two VPNs.
Syslog Id: 713048 Error process payload: Payload ID: 1
Syslog ID: 713902 Removing peer from peer table failed. No Match.
Syslog ID: 713903 Error: Unable to remove PeertblEntry
I have tried to configure ACL to let traffic through. SNMP traffic to be more precise, but since I am fairly new to cisco firewalls and SNMP in general this has proven very difficult.
View 8 Replies
View Related
Jan 20, 2011
Our building used to have a very old server that basically just served as a place for teachers to store files and not much else. We have just changed ISPs and decided that we no longer needed the server at all. I disconnected the server from the network and replaced the old ISP's modem with the new ISP's modem. At first, everything seemed OK. My computer and several other teachers' connected to the Internet with no problem. However, some of the computers in the building could not connect. We get error messages with "limited or no connectivity." Part of me thought that perhaps the connections themselves are bad. However, when I take my laptop to classrooms with trouble connecting - mine connects easily using their cables. If I move their computers to my room, their laptops still won't connect. I have put my computer side-by-side with another one to make sure the settings were the same (auto-detect IP, DNS, etc.) and can't find differences. This problems is affecting our Windows 7, Vista, and XP computers the same.
View 11 Replies
View Related
Oct 12, 2012
Yesterday after booting my comp up I wanted to get on the internet but for the first time in years with my set up it just wouldn't connect, never done this before, we have a wireless O2 box upstairs which my son has a ethernet directly from the wireless router into his comp and my other son has a notebook (same as mine) and both of them were online but mine just wouldn't connect although I had nothing to say anything was wrong, o2 told me that if the other computers were online then it must be something on my comp that is causing the trouble ? but what could it be ? after three hours offline I rebooted and it was fine and got onto the internet no trouble, this morning it again wouldn't let me online and then bingo it just came on again at 4pm very strange to me
View 3 Replies
View Related
May 10, 2012
We started getting the below syslog messages from one of our ASA5520 which was recently upgraded to 8.4(2). Any bugs on 8.4(2) that cause this or its simply the RAM failure?
%ASA-3-105010: (Primary) Failover message block alloc failed
%ASA-3-321007: System is low on free memory blocks of size 1550 (0 CNT out of 18709 MAX)
View 2 Replies
View Related
Aug 8, 2011
About three(3) months ago, I attempted to set up a wired network between a laptop running w-7 and a desktop with w-xp, sp3. Shortly afterwards, I started getting blue screens with error messages and codes about device confilcts. After disconecting the laptop, I still have the problem sometimes. I looked into the system, and found twenty-seven(27) items with yellow exclamation marks on them. Should I delete them or just disable them?
View 3 Replies
View Related
Dec 26, 2010
I had these error messages on both my Cisco 2851 and on my Cisco Catalyst 6506.
On Cisco 2851:
%SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (4/4),process = SEA write CF process. [code]...
And on 6506:
Dec 27 15:20:55 MET: %SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (129/129),process = SEA write CF process.[ code]...
I have these IOS versions on my Cisco:
Cisco 2851: 15.0(1)M4
Cisco 6506: 12.2(33)SXI
View 3 Replies
View Related
Sep 30, 2012
We use C2950G switches with IOS 12.1(22)EA12 . Switches are set up to send logs to a server (informationnal level). On this server, we receive many of logs from those switches, but none about interfaces errors (even if interfaces statistics show interfaces errors). On C3548 switches it's work fine.How should I be sure the set up of switches is correct ? Why do I never receive messages as %LINK-4-ERROR:[char] is experiencing errors ?
View 2 Replies
View Related
Aug 15, 2011
I m getting below error messages in show logs -
Aug 12 15:30:57.127 IST: %ENVIRONMENT-3-RPS_FAILED: Faulty internal power supply detected
Aug 12 15:31:02.175 IST: %ENVIRONMENT-3-RPS_FAILED: Faulty internal power supply detected
Aug 12 15:31:08.219 IST: %ENVIRONMENT-3-RPS_FAILED: Faulty internal power supply detected
Aug 12 15:31:10.239 IST: %ENVIRONMENT-3-RPS_FAILED: Faulty internal power supply detected
there is no error messages related to PSU in "show env all " log .
here is show version -
------------------ show version ------------------
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA13, RELEASE SOFTWARE (fc2)
Technical Support: [URL]
Copyright (c) 1986-2009 by cisco Systems, Inc.
[Code] ....
View 8 Replies
View Related
Mar 29, 2012
We have 9 WLCs around a corporate network. Each of the WLCs was in the same mobility group for failover purposes, and to permit APs to reconnect back to their primary WLC in the event of a failover.
However one of the sites has now been sold and pending separation of the LAN infrastructure the APs need to be isolated and prevented from associating with any WLC other than their primary (on site). From our experience once the APs know about other WLCs they retain this list in NVRAM even if the secondary WLC is removed from the configuration they will still associate with one of the known APs if possible (Cisco document this). WLC v 8.1.185.
View 14 Replies
View Related
Jan 25, 2012
I'm starting to see an error creep up that I havn't seen since 2003/2004 on my brand new 5508 controllers. I'm recieving the following from my WCS: Receive Multicast Queue is full on Controller and then on the controller itself RX Multicast Queue Full. I understand this used to be due to a large influx of ARP requests or CDP packets on older controllers but, this was supposed to be fixed in an update many years ago.
Has seen this on their 5508's. These were advertised as having the horsepower to handle our user loads which arn't really that high at 300 users at any given time max.
View 2 Replies
View Related
Dec 20, 2009
AP = AIR-LAP1131G-E-K9
WLC = WS-C3750G-24WS-S25
Total 6 floors building, 2AP on each floor.Problem Statement:- Eg: Wireless Clients from ground floor are associating with AP on the 3rd floor.This happens throughout the whole building.I would expect that ground floor clients would be connected to ground floor AP.Is there a way to force clients on specific floors to connect to their designated floor APs?A thorough check indicate that, ground floor AP is not congested and only a few clients are connected to it.
View 11 Replies
View Related
Apr 4, 2012
One of the SSIDs in WLC 5500 (SV:7.2.103.0) is configured in web authentication mode. After authentication (local database) users can access http sites and can't access, for example, https sites.
View 2 Replies
View Related
Apr 16, 2013
We have a Cisco 5508 controller with 1142 LWAP's running version 7.4.100.We have several Dell laptops which will not associate to the access point UNLESS you stand directly underneath it, power off the wireless, turn it back on then eventually the PC will associate to the AP.Once the PC is associated to the AP and user is authenticated then all is well.
Have tried updating the wireless drivers downloaded from both Dell or INTEL. This does not happen to all of our laptops. However, without making any changes to the WLC or the PC's, we have begun to expirence this problem with laptop which previously did not have this issue.
View 4 Replies
View Related
May 20, 2012
I have a question regarding to the maximmum number of active SSID's on a WLC 5500 with 3500i, it's my understanding that the 3500i can support 16 active SSID's is it the same when connected to the WLC? Also, if possible would the WLC shutdown un-used Radios or maybe after hours?
View 1 Replies
View Related
Jan 18, 2013
I am setting up office extend with 1142 APs on a 5508 controller. All seems ok and I see my SSIDs on the remote AP. However when I try to connect I don't get a dhcp address and the connection fails. When I look at logs and some debugs I see dtls keepalive failures and the AP is actually disconnecting and re-associating with the controller.
View 24 Replies
View Related
Jun 17, 2012
Flex 7500
Software Version: 7.2.103.0
I have a Flex 7500 with 200 1142AP's working fine in remote office and local setup. We have since purchased 3 OEAP 602's and looking to distribute to teleworkers.
I have configured the OEAP to point to the NAT'd IP of the WLC, the OEAP does connect and is listed briefly in the WLC wireless listing but I am not able to make any configuration changes, it will then dissassociate and try the join process all over again. I have attached below the OEAP 600 event log. I see that the WLC does not support data DTLS encryption and looking to make this work.
I have tried to install the DTLS license file from the Cisco website, but says license failed to install, with no other errors.
*Jun 18 15:18:43.938: Build version 7.0.112.72 (compiled Feb 3 2012 at 01:56:39, [L]).
*Jun 18 15:18:47.859: CAPWAP State: Init.
*Jun 18 15:18:47.860: CAPWAP State: Discovery.
[Code]....
View 2 Replies
View Related
Feb 11, 2013
At the present, we have two WLCs (5508). There are a total of 84 LAPs (1242AG). One controller is configured as the master controller in which all our APs associate to. It's currently running software version 7.0.116.0 and some of our BYODs using Windows 8 are unable to connect to the wireless. The fix for this is to upgrade the software of the WLC so that the LAPs can obtain the update to solve this problem. Simple! However, before rolling this out into the production wireless network, I would like to test it out on our second WLC which has no LAP associations, a test WLAN configured, and a newer software image loaded (7.4.100.0). I have a spare LAP that was previously associated with the master controller running the same software version (7.0.116.0). What I'm looking to do is associate this LAP to the 2nd WLC instead of the master so that I can ensure that the LAP gets the newest software. Then, I would like to test a Windows 8 device to make sure it connects.So far, I have done the following:
1. Disabled the 1st WLC from using Master Controller Mode and rebooted AP - result was unsuccessful; still associated to 1st WLC.
2. Reset LAP configuration excluding static IP info and reset AP - result was unsuccessful; still associated to 1st WLC.
3. Compared config for both WLC but since I'm new to these devices, I'm not sure what needs to be configured/changed.
View 4 Replies
View Related
Mar 22, 2012
I have a Question i am testing mobility group with Failover for redundend connection between 2 Cisco 5500 Wlc.On both the controllers i got the mobility working And both the controllers have the same version.And configuration. But when i unplug the main controller the access-Points don't convers to the second one .The just keep on creaming can't find the main controllerAlso with this thus the second wlc need to have the same.Interface ip address like management.
View 8 Replies
View Related
Aug 2, 2012
I'm running a system that requires a third (and potentially fourth) DHCP server to be setup on each network in my network. The first two devices are Windows DHCP servers serving IPs from different address ranges for failover. The third DHCP is just a listener to receive OS information and device names to be logged in a database.
Currently this works like a charm for my wired clients as I can add in the third and fourth ip helper-address on each vlan and the information is received by the listeners. However, I cannot find anywhere in my WLC5500 to setup these extra two DHCP helper addresses.
The wireless vlan on my layer 3 switch has all the ip helper-addresses, but this doesn't seem to work, and the devices just use the DHCP servers set on the interface in the WLC.
View 5 Replies
View Related
Jan 6, 2013
Is it possible to disable DCA for a couple of APs and manually force the channels assignment ?
View 3 Replies
View Related
Apr 4, 2012
I have an ASA 5510 running 8.2.2 code with 30 VPN Phones connected. Of the 30 phones, I have 5 that do not negotiate DTLS and I'm having quality issues with these phones. I've checked the login process and I don't see any errors when these phone connect, they just don't even attempt DTLS. All the phones use the same VPN configuration.
View 4 Replies
View Related
Sep 17, 2012
My work laptop uses a Cisco AnyConnect VPN Client (Software Version 2.5.2006). The connection protocol is DTLS.I recently upgraded to a Cisco RV180 at home at it is running the latest software version (1.0.1.9).
Since the RV180 went into service the work laptop will connect intermittantly. Usually email works but web browsing and and other services do not. It is slight strange behaviour- and seems to defy what a VPN should do......
The behaviour is very repeatable. For example from the customers office the laptop connects perfectly via VPN and if I swap back to an older inferior make of router at home VPN also works normal without changes to the laptop configuration.
I work for a large company (70,000+ employees) and we use "standard" builds so altering the laptop configuration is not really an option.
It seems to me that the RV180 doesn't support the DLTS VPN connection (indeed DLTS passthrough isn't an option in the VPN passthrough list) and is possibly blocking some incoming packets on the WAN interface.
I haven't yet tried a firewall rule to allow a DLTS (or UDP perhaps?) connection back in from the WAN side (obviously from just the IPs at my work end) but this is the only option I can think of to make this machine connect "correctly".
View 3 Replies
View Related
Nov 25, 2012
I've been labbing on my asa5505 at home, setting up different VPN solutions for testing purposes. However, I can't get my anyconnect client to establish a DTLS tunnel when connecting (anyconnect only shows tls, and does not display any errors about not connecting with dtls)I have set dtls port to 444 and this port is open on the other side.
View 2 Replies
View Related
Feb 21, 2011
WLC 5508 running 7.0.98.0
Site was running fine until the WLC had a hardware failure.
A new WLC was shipped out, was running 6.0.99 then manually upgraded to 7.0.98. Clients cannot authenticatewith recurrent logs messages like this.
*dot1xMsgTask: Feb 23 17:05:03.648: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (3) exceeded for client 00:21:5c:<snip>*spamApTask0: Feb 23 17:05:01.926: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:629 Failed to complete DTLS handshake with peer 192.168.214.91
I have tried changing the key on the radius server to no avail.
View 4 Replies
View Related
Nov 20, 2012
how to disable radio on the AP 1140 from NCS script .
View 5 Replies
View Related
Jan 28, 2009
I tried to find the radiation pattern for the 1140 AP, but no luck so far. Where to find it?
View 7 Replies
View Related
Apr 18, 2012
I need a legible radiation pattern graph for the 1140 AP -- the antenna pattern. This is for a wireless deployment application which models signal strength. It needs to be specific for the 1140 AP as the antenna has a Maximum gain of 3 dBi which is different than the antenna gain on the 1130 AP.
View 2 Replies
View Related
Dec 19, 2010
I just installed an Aironet 1140 to replace a Netgear ProSafe access point that I had in my network prior. I'm having one issue that I can't figure out though. None of the client PCs can establish a connection to an external (over the internet) VPN server while on the Aironet wireless. If i unplug the AP and plug a PC into the same port that normall feeds the Aironet I can VPN just fine.
Is there any "VPN Passthrough" option that needs to be enabled somewhere on the 1140 that is blocking this traffic for some reason?
i'm running the following IOS BOOTLDR: C1140 Boot Loader (C1140-BOOT-M) Version 12.4(18a)JA3, RELEASE SOFTWARE (fc1) and I've included my running config below
Current configuration : 2092 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname ap!enable secret 5 [omitted]!no aaa new-model!!dot11 syslog!dot11 ssid MetroC authentication open authentication key-management wpa guest-mode mbssid guest-mode wpa-psk ascii 7 [omitted]!!!username Cisco password 7 [omitted]!!bridge irb!!interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid MetroC ! antenna gain 0 speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface Dot11Radio1 no ip address no ip route-cache ! encryption mode ciphers aes-ccm ! ssid MetroC ! antenna gain 0 no dfs band block speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. channel width 40-above channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 port-protected bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled!interface GigabitEthernet0 no ip address no ip route-cache duplex auto speed auto no keepalive bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled!interface BVI1 ip address 192.168.1.3 255.255.255.0 no ip route-cache!ip http serverno ip http secure-serverip http help-path [URL]
View 9 Replies
View Related
Mar 28, 2012
I try to setup a 1141 aironet AP to authenticate my user through our Ms Radius Server ( Win 2008 R2).Everything is fine with small Bussiness AP WAP4410N with the following configuration:But I can't setup successfully the aironet 1141 with the same settings and getting it works.Here is my configuration for the Aironet 1141 Vlan 1 is the ssid I want to get it work with Radius.
View 1 Replies
View Related
Dec 16, 2012
We have 6 aironet 1140's throughout the office I have them all configed as one ssid but I would like the DHCP to come from our Windows server. Right now I have set them up with ip dhcp pools. So what is the secret to get them to send dhcp requests to the Windows server?
View 3 Replies
View Related
