01-16-2023 01:52 AM
On changing from the default certificate on our DNA center to a signed certificate by our internal CA assurance data is no longer received. We followed the Cisco's DNA Center hardening guide for certificate creation.
We have tried many things to resolve the issue including deleting all the assurance config from the WLC, removing it from DNA and putting it back in and a Force Update for telemetry.
Each time we seem to run into a TLS error.
{pubd_R0-0}{1}: [pubd] [1330]: (note): CNDP_MGR:conn_id[]TLS handshake failure [SSL error]
2023/01/16 09:33:11.907702 {pubd_R0-0}{1}: [pubd] [1330]: (note): CNDP_MGR:conn_id[]TLS ECODE[SSL error]
2023/01/16 09:33:11.907337 {pubd_R0-0}{1}: [pubd] [1330]: (note): CNDP_MGR:conn_id[]Resume TLS Handshake
Does anyone have any suggestions on what the issue can be.
01-16-2023 02:10 AM
- What is the WLC model and software version ?
M.
01-16-2023 05:50 AM
Hi it's a C9800 running 17.3.
01-16-2023 06:15 AM
- Could be a bug , you may want to look into : https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html , but going beyond 17.3.x is only possible if you no longer have older access point models.
- You may find the following commands useful for debugging telemetry issues in general :
show telemetry ietf subscription all
show telemetry ietf subscription 23 detail
show telemetry internal subscription all stats
show telemetry internal connection 1 detail (e.g.)
show telemetry ietf subscription configured
show iox detail
M.
01-16-2023 05:52 AM
Also DNAC is on 2.3.4
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide