AP can fail to join a controller for many reasons: a RADIUS authorization is pending;
self-signed certificates are not enabled on the controller; the AP and the controller
regulatory domains do not match, and so on.
Controller software enables you to configure the AP to send all CAPWAP-related errors to
a syslog server. You do not have to enable any debug commands on the controller. View
all the of the CAPWAP error messages from the syslog server itself.
The AP is not maintained on the controller until it receives a CAPWAP join request from
the AP. Therefore, it can be challenging to determine why the CAPWAP discovery request
from a particular AP was rejected. To troubleshoot such joining problems without
enabling CAPWAP debug commands on the controller, the controller collects information
for all APs that send a discovery message and maintains information for any AP that has
successfully joined it.
The controller collects all join-related information for each AP that sends a CAPWAP
discovery request to the controller. The collection begins with the first discovery
message received from the AP and ends with the last configuration payload sent from the
controller to the AP.
When the controller maintains join-related information for the maximum number of APs, it
does not collect information for any more APs.
An AP sends all syslog messages to IP address 255.255.255.255 by default.
You can also configure a DHCP server to return a syslog server IP address to the AP
using option 7 on the server. The AP then starts sending all syslog messages to this IP
address.
You can configure the syslog server for APs and view the AP join information only from
the controller CLI interface.