Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
8
Replies

AIR-CAP2602L-A-K9 gets IP from DHCP but cannot join WLC

doa
Level 1
Level 1

‎09-07-2023 08:02 AM

Hello,

2 AP AIR-CAP2602L-A-K9 lost connectivity to the WLC.

I see that it gest an ip but it does not join the controller.

Any ideas?

thanks in advance

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎09-07-2023 08:55 AM

connect the Console to AP and post complete boot logs here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

doa
Level 1
Level 1
In response to balaji.bandi

‎09-08-2023 12:37 AM

Thanks for your reply. Any official instruction I can take a look to see how to connect to console on AP?

I'm using the same cable I use on switchs that usually works fine and struggling to be able to connect on AP.

COM port on PC works fine and bellow default settings used on putty:

doa_0-1694158586636.png

What I am missing here?

thanks in advance

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to doa

‎09-08-2023 02:36 AM

make sure you connecting right port on the AP side :

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/2600/quick/guide/ap2600getstart.html

below works for me.

 

balajibandi_0-1694165608108.png

Other side check the console cable connecting other devices ? - is this works ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

doa
Level 1
Level 1
In response to balaji.bandi

‎09-08-2023 05:01 AM

Also tried with no Flow Control and I'm using the console port:

doa_0-1694174326363.png

tested on other pc and I'm sure about the COM port used  but the connection does not go trough on putty.
And also tried with other AP so I suppose I'm doing something wrong.
I think I need the weekend and give it a try next week

thanks for your tips.

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to doa

‎09-08-2023 10:53 AM

i suggest to try different console cable.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

doa
Level 1
Level 1
In response to balaji.bandi

‎09-11-2023 02:30 AM

Indeed with a third cable worked. Bad luck.

So here are the logs:

*Jun 26 22:26:57.555: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Jun 26 22:26:59.775: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 999.99.999.100, mask 255.255.254.0, hostname AP31

*Jun 26 22:27:07.531: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Jun 26 22:27:07.555: Using SHA-1 signed certificate for image signing validation.
%Default route without gateway, if not a point-to-point interface, may impact performance
*Jun 26 22:27:21.195: AP image integrity check PASSED

*Jun 26 22:27:21.199: Non-recovery image. PNP Not required.

*Jun 26 22:27:21.211: validate_sha2_block:No SHA2 Block present on this AP.

*Jun 26 22:27:21.231: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 26 22:27:22.335: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 26 22:27:22.343: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 26 22:27:23.335: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 26 22:27:23.443: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 26 22:27:24.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 26 22:27:31.327: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Jun 26 22:27:32.327: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER.domain.local"...domain server (999.99.999.50) [OK]

*Sep 11 09:21:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 999.99.999.60 peer_port: 5246
*Sep 11 09:21:12.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60
*Sep 11 09:21:12.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 999.99.999.60:5246
*Sep 11 09:22:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 999.99.999.60 peer_port: 5246
*Sep 11 09:22:17.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60
*Sep 11 09:22:17.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 999.99.999.60:5246

So something with the certificate. 
thanks in advance

0 Helpful

doa
Level 1
Level 1

‎09-11-2023 02:36 AM

And a few minutes later:

Not in Bound state.
*Sep 11 09:33:52.503: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Sep 11 09:33:55.575: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 999.99.999.101, mask 255.255.254.0, hostname AP31

and restarts error DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 999.99.999.60

0 Helpful

doa
Level 1
Level 1

‎09-11-2023 02:52 AM

Here is the result of the command show crypto pki certificates:

 

AP32>show crypto pki certificates
CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Root CA M2
o=Cisco
Validity Date:
start date: 13:00:18 UTC Nov 12 2012
end date: 13:00:18 UTC Nov 12 2037
Associated Trustpoints: Trustpool cisco-m2-root-cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 02
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA M2
o=Cisco
Subject:
cn=Cisco Manufacturing CA SHA2
o=Cisco
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crcam2.crl
Validity Date:
start date: 13:50:58 UTC Nov 12 2012
end date: 13:00:17 UTC Nov 12 2037
Associated Trustpoints: Trustpool Cisco_IOS_M2_MIC_cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 00
Certificate Usage: General Purpose
Issuer:
e=support@airespace.com
cn=ca
ou=none
--More--
*Sep 11 09:49:50.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.100.60 peer_port: 5246
*Sep 11 09:49:50.211: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 172.16.100.60
*Sep 11 09:49:50.211: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.1 o=airespace Inc
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=ca
ou=none
o=airespace Inc
l=San Jose
st=California
c=US
Validity Date:
start date: 23:38:55 UTC Feb 12 2003
end date: 23:38:55 UTC Nov 11 2012
Associated Trustpoints: airespace-old-root-cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 00
Certificate Usage: Signature
Issuer:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Validity Date:
start date: 13:41:22 UTC Jul 31 2003
end date: 13:41:22 UTC Apr 29 2013
Associated Trustpoints: airespace-new-root-cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 03
Certificate Usage: General Purpose
Issuer:
e=support@airespace.com
cn=Airespace Root CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Subject:
e=support@airespace.com
cn=Airespace Device CA
ou=Engineering
o=Airespace Inc.
l=San Jose
st=California
c=US
Validity Date:
start date: 22:37:13 UTC Apr 28 2005
end date: 22:37:13 UTC Jan 26 2015
Associated Trustpoints: airespace-device-root-cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 5FF87B282B54DC8D42A315B568C9ADFF
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Root CA 2048
o=Cisco Systems
Validity Date:
start date: 20:17:12 UTC May 14 2004
end date: 20:25:42 UTC May 14 2029
Associated Trustpoints: Trustpool cisco-root-cert
Storage:

Certificate
Status: Available
Certificate Serial Number (hex): 5721651200000002C1FC
Certificate Usage: General Purpose
Issuer:
cn=Cisco Manufacturing CA
o=Cisco Systems
Subject:
Name: AP3G2-7c69f68d3569
e=support@cisco.com
cn=AP3G2-7c69f68d3569
o=Cisco Systems
l=San Jose
st=California
c=US
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/cmca.crl
Validity Date:
start date: 02:31:21 UTC Aug 13 2013
end date: 02:41:21 UTC Aug 13 2023
Associated Trustpoints: Cisco_IOS_MIC_cert
Storage:

CA Certificate
Status: Available
Certificate Serial Number (hex): 6A6967B3000000000003
Certificate Usage: Signature
Issuer:
cn=Cisco Root CA 2048
o=Cisco Systems
Subject:
cn=Cisco Manufacturing CA
o=Cisco Systems
CRL Distribution Points:
http://www.cisco.com/security/pki/crl/crca2048.crl
Validity Date:
start date: 22:16:01 UTC Jun 10 2005
end date: 20:25:42 UTC May 14 2029
Associated Trustpoints: Trustpool Cisco_IOS_MIC_cert
Storage:

0 Helpful
Customers Also Viewed These Support Documents