取消
显示结果 
搜索替代 
您的意思是: 
cancel
5824
查看次数
0
有帮助
6
回复

1142无法注册到Vwlc上,能帮看下是什么原因吗?

iliaodong
Level 1
Level 1
本帖最后由 iliaodong 于 2019-11-19 23:38 编辑
AP反馈如下:
*Nov 19 14:23:27.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Nov 19 14:23:27.016: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.1.53
*Nov 19 14:23:27.016: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.53:5246
*Nov 19 14:23:27.016: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.1.53: Malformed Certificate
*Nov 19 14:23:27.016: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.53:5246
*Nov 19 14:23:27.017: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Nov 19 14:24:31.158: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Nov 19 14:24:31.158: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Nov 19 14:24:31.245: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Nov 19 14:24:31.245: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Nov 19 14:24:31.248: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 19 14:24:31.255: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 19 14:24:31.286: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 19 14:24:31.299: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 19 14:24:31.311: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 19 14:24:31.325: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 19 14:24:34.286: status of voice_diag_test from WLC is false
*Nov 19 14:24:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.53 peer_port: 5246
*Nov 19 14:24:44.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Nov 19 14:24:44.047: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Nov 19 14:24:44.047: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 19 14:24:44.048: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Nov 19 14:24:44.048: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.1.53
*Nov 19 14:24:44.048: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.53:5246
*Nov 19 14:24:44.048: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.1.53: Malformed Certificate
*Nov 19 14:24:44.048: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.53:5246
*Nov 19 14:24:44.048: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Nov 19 14:25:49.138: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Nov 19 14:25:49.139: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Nov 19 14:25:49.219: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Nov 19 14:25:49.219: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Nov 19 14:25:49.228: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 19 14:25:49.246: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 19 14:25:49.260: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 19 14:25:49.272: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 19 14:25:49.286: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Nov 19 14:25:52.246: status of voice_diag_test from WLC is false
*Nov 19 14:26:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.53 peer_port: 5246
*Nov 19 14:26:02.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Nov 19 14:26:02.014: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Nov 19 14:26:02.014: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 19 14:26:02.014: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Nov 19 14:26:02.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.1.53
*Nov 19 14:26:02.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.53:5246
*Nov 19 14:26:02.015: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.1.53: Malformed Certificate
*Nov 19 14:26:02.015: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.53:5246
*Nov 19 14:26:02.016: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.1.1) [OK]
*Nov 19 14:32:03.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.53 peer_port: 5246
*Nov 19 14:32:04.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Nov 19 14:32:04.013: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Nov 19 14:32:04.013: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 19 14:32:04.013: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Nov 19 14:32:04.013: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.1.53
*Nov 19 14:32:04.013: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.53:5246
*Nov 19 14:32:04.013: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.1.53: Malformed Certificate
*Nov 19 14:32:04.014: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.53:5246
*Nov 19 14:32:04.014: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
AP可以获取IP地址,在AP join上可以看到有AP,但就是无法注册。
感觉可能是证书的问题,已经尝试将wlc的时间改为2006年,但仍然无法注册
另把这两个选项也勾选了



Accept Self Signed Certificate (SSC)
Accept Manufactured Installed Certificate (MIC)

还有其他办法吗???
1142之前在2106上是正常使用的,2106上解决证书的办法是把系统时间改成2006年,但Vwlc上无法凑效…
2106被停电一次就无法启动了…太郁闷了
有兄弟能帮忙的吗,谢了~~
另Vwlc的版本使用了8.1和8.2版本,两个版本都是这个问题。
参考了这篇文章,改了时间,还是不行:http://bbs.csc-china.com.cn/home.php?mod=space&uid=28691&do=blog&id=1927
6 条回复6

HaifengLi
Cisco Employee
Cisco Employee
试一下下面的命令
(wireless-vwlc-2) >config ap cert-expiry-ignore mic disable
Expire MIC Mode allow is already configured.
(wireless-vwlc-2) >config ap cert-expiry-ignore ?
mic Configures cert-expiry-ignore check operation for MIC.
ssc Configures cert-expiry-ignore check operation for SSC.
(wireless-vwlc-2) >config ap cert-expiry-ignore ssc disable
Expire SSC Mode allow is already configured.
(wireless-vwlc-2) >
(wireless-vwlc-2) >
(wireless-vwlc-2) >save config
Are you sure you want to save? (y/n) y
Configuration Saved!
(wireless-vwlc-2) >

wuhao0015
Spotlight
Spotlight
看下控制器证书的时间,将时间改在这个区间范围之内。。。

iliaodong
Level 1
Level 1
haifeli 发表于 2019-11-21 08:42
试一下下面的命令

找到原因了,因为之前的2106的配置还留在AP上,无法登录AP查看证书时间,证书的时间和VWLC的还是对不上,所以无法加入,按mode键进入AP后台把配置删了再按证书时间配置,就好了

Yanli Sun
Community Manager
Community Manager
iliaodong 发表于 2019-11-23 17:24
找到原因了,因为之前的2106的配置还留在AP上,无法登录AP查看证书时间,证书的时间和VWLC的还是对不上, ...

感谢楼主分享解决方案:handshake

minggu25319
Level 1
Level 1
请问下哪位师傅有 Cisco WLC 4404的升级软件?

iliaodong
Level 1
Level 1
minggu25319 发表于 2020-1-9 16:36
请问下哪位师傅有 Cisco WLC 4404的升级软件?

上次找到一个7.0.250的要的话可以私我给你
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接