C9120 Access Points Do Not Start PnP or IOx

Problem Description

C9120 access points (APs) manufactured from November 2021 through July 2022 are unable to use Plug-and-Play (PnP) services to discover DNA Center (DNAC), and thus may be unable to join a Wireless Controller.

The AP console will show messages similar to the following:

[*04/21/2022 12:08:48.3470] systemd[1]: pnp_syslog.service failed.
[*04/21/2022 12:08:58.3550] env: can't execute 'python': No such file or directory

For non-PnP customers this only impacts the Application Hosting (Cisco^® IOx) feature on the AP.

Background

Some Cisco Catalyst 9100 APs are manufactured with Embedded Wireless Controller (EWC) software installed.  On such APs, a bootloader variable MEMODE is set to 1.  This variable is set to 0 on APs that do not have EWC software.  By mistake, some non-EWC APs were manufactured with MEMODE set to 1.  This causes the APs, when they boot up out of the box, not to load Python.  As a result, PnP discovery fails, and IOx cannot run.

This is Cisco bug  CSCwc02567 .

Workaround

Repair Via Console

You can console into the AP and excute the below command to set the MEMODE variable to 0 and then reboot :

c9120AP#ap-type capwap
c9120AP#capwap ap erase all

Non-Console Procedure, Where DNAC PnP Is Required

If consoling to the AP is inconvenient, then follow the instructions below, to have the AP join a controller (without PnP), then reconfigure the AP type, and reset to factory defaults, so that PnP can run.

1. Configure a Non-PnP AP Join Method

- DNS resolution (CISCO-CAPWAP-CONTROLLER.domain)

- Layer 2 discovery / IP helper

- DHCP Option 43 as documented in Configure DHCP OPTION 43 for Lightweight Access Points.  In this case, allow up to 20 minutes for the APs to discover the WLC, as they will need to time out PnP discovery.

2. Reconfigure AP Type

After the AP joins the controller, you proceed with the below options to set the ME mode variable back to 0:

1) from the C9800 controller CLI :

9800wlc#ap name <AP-NAME> remote enable
9800wlc#ap name <AP-NAME> remote command "ap-type capwap"
9800wlc#ap name <AP_Name> remote disable

2) from the AireOS controller CLI :

(AireOS_WLC) >debug ap enable <AP_Name>
(AireOS_WLC) >debug ap command "ap-type capwap" <AP_Name>
(AireOS_WLC) >debug ap disable <AP_Name>

3) from the SSH AP :

c9120AP#ap-type capwap

3. Remove AP Join Method

Remove the AP join method that been used in the first step, to make sure that the AP will use PnP.

4. Factory Reset the AP

Factory reset the AP via reset button as documented in Factory Reset or reset the CAPWAP config by executing one of the following commands:

AP SSH CLI

c9120#capwap ap erase all

9800 or AireOS CLI

9800wlc#clear ap config <AP_Name>

5. Synchronize the WLC to DNAC

Synchronize the WLC to DNAC to change the AP state to Unavailable in the DNAC inventory:

a. Browse to https://<DNAC_IP>/dna/provision/devices/inventory/list

b. WLC will be listed. If many devices are present, a filter can be used to search WLC

c. Select WLC, then choose Actions-->Inventory-->Resync Device.

6. Claim the AP in DNAC.

Claim the AP and the PnP should be working by now. You can check the PnP status on the AP by using the below command :

c9120AP#show pnp status

Non-Console Procedure, Where Cisco IOx Is Required

To get IOx services to work, reconfigure the AP type and reload by one of the below options.  There is no need to reset the AP to factory defaults.

1) from the C9800 controller CLI :

9800wlc#ap name <AP-NAME> remote enable
9800wlc#ap name <AP-NAME> remote command "ap-type capwap"
9800wlc#ap name <AP_Name> remote disable
9800wlc#ap name <AP_Name> reset

2) from the AireOS controller CLI :

(AireOS_WLC) >debug ap enable <AP_Name>
(AireOS_WLC) >debug ap command "ap-type capwap" <AP_Name>
(AireOS_WLC) >debug ap disable <AP_Name>
(AireOS_WLC) >config ap reset <AP_Name>

3) from the SSH AP :

c9120AP#ap-type capwap
c9120AP#reload