09-07-2023 08:02 AM
Hello,
2 AP AIR-CAP2602L-A-K9 lost connectivity to the WLC.
I see that it gest an ip but it does not join the controller.
Any ideas?
thanks in advance
09-07-2023 08:55 AM
connect the Console to AP and post complete boot logs here.
09-08-2023 12:37 AM
Thanks for your reply. Any official instruction I can take a look to see how to connect to console on AP?
I'm using the same cable I use on switchs that usually works fine and struggling to be able to connect on AP.
COM port on PC works fine and bellow default settings used on putty:
What I am missing here?
thanks in advance
09-08-2023 02:36 AM
make sure you connecting right port on the AP side :
https://www.cisco.com/c/en/us/td/docs/wireless/access_point/2600/quick/guide/ap2600getstart.html
below works for me.
Other side check the console cable connecting other devices ? - is this works ?
09-08-2023 05:01 AM
Also tried with no Flow Control and I'm using the console port:
tested on other pc and I'm sure about the COM port used but the connection does not go trough on putty.
And also tried with other AP so I suppose I'm doing something wrong.
I think I need the weekend and give it a try next week
thanks for your tips.
09-08-2023 10:53 AM
i suggest to try different console cable.
09-11-2023 02:30 AM
Indeed with a third cable worked. Bad luck.
So here are the logs:
*Jun 26 22:26:57.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Jun 26 22:26:59.775: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 999.99.999.100, mask 255.255.254.0, hostname AP31
*Jun 26 22:27:07.531: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Jun 26 22:27:07.555: Using SHA-1 signed certificate for image signing validation.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Jun 26 22:27:21.195: AP image integrity check PASSED
*Jun 26 22:27:21.199: Non-recovery image. PNP Not required.
*Jun 26 22:27:21.211: validate_sha2_block:No SHA2 Block present on this AP.
*Jun 26 22:27:21.231: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 26 22:27:22.335: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 26 22:27:22.343: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 26 22:27:23.335: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 26 22:27:23.443: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 26 22:27:24.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 26 22:27:31.327: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Jun 26 22:27:32.327: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER.domain.local"...domain server (999.99.999.50) [OK]
*Sep 11 09:21:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 999.99.999.60 peer_port: 5246
*Sep 11 09:21:12.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60
*Sep 11 09:21:12.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 999.99.999.60:5246
*Sep 11 09:22:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 999.99.999.60 peer_port: 5246
*Sep 11 09:22:17.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60
*Sep 11 09:22:17.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 999.99.999.60:5246
So something with the certificate.
thanks in advance
09-11-2023 02:36 AM
And a few minutes later:
Not in Bound state.
*Sep 11 09:33:52.503: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Sep 11 09:33:55.575: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 999.99.999.101, mask 255.255.254.0, hostname AP31
and restarts error DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60
09-11-2023 02:52 AM
Here is the result of the command show crypto pki certificates:
AP32>show crypto pki certificates
CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Root CA M2
o=Cisco
Validity Date:
start date: 13:00:18 UTC Nov 12 2012
end date: 13:00:18 UTC Nov 12 2037
Associated Trustpoints: Trustpool cisco-m2-root-cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 02
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Manufacturing CA SHA2
o=Cisco
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crcam2.crl
Validity Date:
start date: 13:50:58 UTC Nov 12 2012
end date: 13:00:17 UTC Nov 12 2037
Associated Trustpoints: Trustpool Cisco_IOS_M2_MIC_cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 00
Certificate Usage: General Purpose
Issuer:
e=support@airespace.com
cn=ca
ou=none
--More--
*Sep 11 09:49:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.60 peer_port: 5246
*Sep 11 09:49:50.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 172.16.100.60
*Sep 11 09:49:50.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.1 o=airespace Inc
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=ca
ou=none
o=airespace Inc
l=San Jose
st=California
c=US
Validity Date:
start date: 23:38:55 UTC Feb 12 2003
end date: 23:38:55 UTC Nov 11 2012
Associated Trustpoints: airespace-old-root-cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 00
Certificate Usage: Signature
Issuer:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Validity Date:
start date: 13:41:22 UTC Jul 31 2003
end date: 13:41:22 UTC Apr 29 2013
Associated Trustpoints: airespace-new-root-cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 03
Certificate Usage: General Purpose
Issuer:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=Airespace Device CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Validity Date:
start date: 22:37:13 UTC Apr 28 2005
end date: 22:37:13 UTC Jan 26 2015
Associated Trustpoints: airespace-device-root-cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 5FF87B282B54DC8D42A315B568C9ADFF
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Root CA 2048
o=Cisco Systems
Validity Date:
start date: 20:17:12 UTC May 14 2004
end date: 20:25:42 UTC May 14 2029
Associated Trustpoints: Trustpool cisco-root-cert
Storage:
Certificate
Status: Available
Certificate Serial Number (hex): 5721651200000002C1FC
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: AP3G2-7c69f68d3569
e=support@cisco.com
cn=AP3G2-7c69f68d3569
o=Cisco Systems
l=San Jose
st=California
c=US
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 02:31:21 UTC Aug 13 2013
end date: 02:41:21 UTC Aug 13 2023
Associated Trustpoints: Cisco_IOS_MIC_cert
Storage:
CA Certificate
Status: Available
Certificate Serial Number (hex): 6A6967B3000000000003
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Manufacturing CA
o=Cisco Systems
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crca2048.crl
Validity Date:
start date: 22:16:01 UTC Jun 10 2005
end date: 20:25:42 UTC May 14 2029
Associated Trustpoints: Trustpool Cisco_IOS_MIC_cert
Storage:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide