I ran into an interesting problem today. We were retiring our aging B/G radios with brand new dual-band N radios. To fill this need we purchased Cisco Aironet 3502i wireless access points. The Wireless LAN Controller we were using was a Cisco WLC 2106 and could support 6 simultaneous radios. We had confirmed the Wireless LAN Controller was on the latest software release. We attached the first access point and it connected just fine. It discovered, joined and downloaded the updated software from the controller without incident. It showed up in the Cisco management software ready for additional configuration.
We attached the next access point and it got stuck. The status light would alternate green, then red, then off. When we debugged the access point through the console session we could see that it had discovered the correct controller and was sending JOIN commands. However, the handshake would never complete and it would keep cycling the interfaces up and down. It would also give up and occasionally reboot as well, or, show a status that it had reached the maximum number of retries.
We pulled out two more access points – same deal. It seemed so odd because the first one had worked so effortlessly. We knew we weren’t at the maximum radios for the WLC and we knew we didn’t have any problems with territory or county code mismatches. We also checked the WLC clock, certificate, and authentication lists.
The fix was actually quite simple. The 3 WAPs had gone into MESH mode. To remove them from MESH mode was an interesting fix. This is how you do it.
Log into your Wireless LAN Controller.
Select the Security tab.
Expand AAA and select AP Policies.
Click the Add button in the far right.
Under Add AP to Authorization List, enter the MAC Address of the Access Point in the MAC Address text box. (The MAC Address can be found either on the bottom of the Access Point on the serial number sticker, or, by starting a console session to the Access Point. When in the console session the default hostname is the MAC Address of the AP).
Click the Add button.
Click the Apply button.
Click the Wireless tab.
All access-points currently in your network should show up on the Wireless tab. Also, your problem access point should show up here now as well. If not, then your AP may already be at the maximum number of handshake retries. In that case, reboot the Access Point and wait a few minutes. Then refresh the page.
When the AP finally does show up under the Wireless tab, check the AP Mode column. It may operate in ‘Bridge’ mode. This is incorrect. It should be in ‘Local’ mode.
If your AP is in ‘Bridge’click the name of the AP under the AP Name column.
Under the General tab, click the AP Mode drop-down box and select ‘Local’.
Click the Apply button in the top right.
Your AP should now be working fine.
You can also confirm the operating mode of the Access Point by connecting a console cable to it and running the following command from the CLI.
show capwap client rcb