Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1668
Views
5
Helpful
4
Replies

AP's Not Connecting to WLAN Controller 2500

Go to solution
JDT69RR
Level 1
Level 1

‎11-30-2021 04:34 PM

After factory resetting the AP's this is what i am getting...

No connection to the WLC. This happened to two AP's out of 4.

*Mar 1 00:00:13.514: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:13.517: *** CRASH_LOG = YES

*Mar 1 00:00:13.517: 64bit PCIE devices
*Mar 1 00:00:14.624: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (1-6)
*Mar 1 00:00:14.624: Security Core found.

*Mar 1 00:00:14.637: Registering HW DTLS
Base Ethernet MAC address: 28:94:0F:26:29:D4

*Mar 1 00:00:16.870: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.213: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:18.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.339: loading Power Tables from ram:/Z2.bin. Class = A
*Mar 1 00:00:18.339: record size of 2ss: 404 read_ptr: 2758100

*Mar 1 00:00:21.535: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:21.585: loading Power Tables from ram:/Z5.bin. Class = A
*Mar 1 00:00:21.585: record size of 2ss: 404 read_ptr: 2758100
capwap_read_version_info: Info file flash:/ap3g1-k9w8-mx.152-2.JB2/info not find
*Nov 30 21:01:54.119: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.3(3)JC9, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Fri 20-Oct-17 19:26 by prod_rel_team
*Nov 30 21:01:54.119: %SNMP-5-COLDSTART: SNMP agent on host AP2894.0f26.29d4 is undergoing a cold start
*Nov 30 21:01:54.305: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 30 21:01:54.468: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Nov 30 21:01:54.468: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully

*Nov 30 21:01:55.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Nov 30 21:02:02.317: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.20.84, mask 255.255.255.0, hostname AP2894.0f26.29d4

*Nov 30 21:02:11.647: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Nov 30 21:02:11.666: Using SHA-1 signed certificate for image signing validation.%Default route without gateway, if not a point-to-point interface, may impact performance
*Nov 30 21:02:17.372: AP image integrity check PASSED

*Nov 30 21:02:17.382: Non-recovery image. PNP Not required.

*Nov 30 21:02:17.445: validate_sha2_block:No SHA2 Block present on this AP.

*Nov 30 21:02:17.473: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 30 21:02:17.473: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 30 21:02:24.699: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Nov 30 21:02:25.790: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 30 21:02:26.791: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Nov 30 21:02:27.583: Logging LWAPP message to 255.255.255.255.

*Nov 30 21:02:27.590: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Nov 30 21:02:27.602: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated
*Nov 30 21:02:27.885: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (75.75.75.75)
*Nov 30 21:02:38.609: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.20.13 obtained through DHCP (75.75.76.76)

*Nov 30 21:03:25.078: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Nov 30 21:22:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.20.13 peer_port: 5246
*Nov 30 21:22:01.207: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.20.13
*Nov 30 21:22:01.207: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.20.13:5246

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Wes Schochet
Level 3
Level 3

‎12-01-2021 08:42 AM

The certificates on those APs are expired.  Try this command from the CLI:

 

config ap cert-expiry-ignore mic enable

 

View solution in original post

4 Replies 4

Go to solution
Nithin Eluvathingal
VIP
VIP

‎11-30-2021 05:09 PM

Post your question in Wireless section. 



Response Signature


0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎11-30-2021 10:50 PM - edited ‎11-30-2021 10:53 PM

@JDT69RR I moved your post over to the Wireless section of the community as you had posted it in Collaboration, Voice and Video -> Phones and IP Telephony.



Response Signature


0 Helpful

Go to solution
JDT69RR
Level 1
Level 1
In response to Roger Kallberg

‎12-08-2021 03:14 PM

Thank You. I also posted it there as well once it was suggested I do so.
0 Helpful

Go to solution
Wes Schochet
Level 3
Level 3

‎12-01-2021 08:42 AM

The certificates on those APs are expired.  Try this command from the CLI:

 

config ap cert-expiry-ignore mic enable

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card