断电家里原有的虚拟控制器挂了无法启动,虽然有备份但是是升级之前的老版本,趁这个机会用OVA新部署了个控制器,版本8.3.150。
过程略,初始化、导入原有配置,重启后发现原有AP无法注册。
控制器信息如下:
*osapiBsnTimer: Jun 20 18:33:17.521: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
*osapiBsnTimer: Jun 20 18:30:16.481: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
*osapiBsnTimer: Jun 20 18:27:21.213: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
*osapiBsnTimer: Jun 20 18:23:51.001: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
*osapiBsnTimer: Jun 20 18:20:36.401: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
*spamApTask1: Jun 20 18:15:41.869: %LWAPP-3-REPLAY_ERR: spam_lrad.c:42504 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP a0:ec:f9:e1:0a:20
*spamApTask5: Jun 20 18:14:38.549: %CAPWAP-3-DTLS_CLOSED_ERR: capwap_ac_sm.c:6985 f4:7f:35:f6:1b:80: DTLS connection closed forAP 192:168:50:251 (11090), Controller: 192:168:50:249 (5246) AP Message Timeout
*spamApTask5: Jun 20 18:14:38.549: %CAPWAP-3-MAX_RETRANSMISSIONS_REACHED: capwap_ac_sm.c:7533 Max retransmissions reached on AP(f4:7f:35:f6:1b:80),message (CAPWAP_CONFIGURATION_UPDATE_REQUEST
),number of pending messages(1)
AP信息如下
*Jun 20 10:24:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.249 peer_port: 5246
*Jun 20 10:24:26.000: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
*Jun 20 10:24:26.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:509 Certificate verified failed!
*Jun 20 10:24:26.000: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.50.249:5246
*Jun 20 10:24:26.003: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.249:5246
*Jun 20 10:25:30.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jun 20 10:25:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.249 peer_port: 5246
*Jun 20 10:25:41.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Jun 20 10:25:41.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.50.249:5246
*Jun 20 10:25:41.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.249:5246
*Jun 20 10:27:12.235: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
看了下是新控制器证书问题。
解决如下:
XX-Home-LAP1702I#delete flash:lwapp_*
Delete filename [lwapp_*]?
Delete flash:/lwapp_non_apspecific_reap.cfg? [confirm]
Delete flash:/lwapp_mm_mwar_hash.cfg? [confirm]
Delete flash:/lwapp_officeextend.cfg? [confirm]
Delete flash:/lwapp_reap.cfg.bak? [confirm]
Delete flash:/lwapp_reap.cfg? [confirm]
XX-Home-LAP1702I#
删除相关配置文件后重启即可。删除配置后AP的原有地址等都还在。
补充:瘦AP默认远程登陆情况下无法删除文件。方法如下:
有个
隐藏的命令可以开启瘦AP远程文件操作和配置操作。
debug capwap console cli
命令敲完后瘦AP就可以配置了。。。。
立竿见影重启完成后AP直接加入了新控制器
(Cisco Controller) >show ap uptime
Number of APs.................................... 1
Global AP User Name.............................. hale
Global AP Dot1x User Name........................ Not Configured
AP Name Ethernet MAC AP Up Time Association Up Time
------------------ ----------------- ----------------------- -----------------------
XX-Home-LAP1702I 00:27:e3:05:XX:XX 0 days, 00 h 02 m 01 s 0 days, 00 h 00 m 07 s
(Cisco Controller) >
(Cisco Controller) >show ap summary
Number of APs.................................... 1
Global AP User Name.............................. hale
Global AP Dot1x User Name........................ Not Configured
AP Name Slots AP Model Ethernet MAC Location Country IP Address Clients DSE Location
------------------ ----- -------------------- ----------------- ---------------- ---------- --------------- -------- --------------
XX-Home-LAP1702I 2 AIR-CAP1702I-H-K9 00:27:e3:05:XX:XX XXXXXXX CN 192.168.50.248 0 [0 ,0 ,0 ]