Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
2
Replies

Cisco 1702i access point not able to join 1832 mobility express.

kashifglobal12
Level 1
Level 1

‎09-11-2019 04:50 AM - edited ‎07-05-2021 10:59 AM

Dear Community,

 

During the joining process of 1702i with 1832 mobility express i got the the following error.

 

*Apr 13 08:30:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.41 peer_port: 5246
*Apr 13 08:30:33.011: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_record.c:394 BD is not of DTLS Change Cipher Spec type
*Apr 13 08:30:33.011: %DTLS-5-SEND_ALERT: Send FATAL : Internal error Alert to 10.1.1.41:5246
*Apr 13 08:30:33.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.1.41:5246
*Apr 13 08:31:31.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 13 08:31:32.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.41 peer_port: 5246
*Apr 13 08:31:32.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 13 08:31:32.000: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.1.1.41:5246
*Apr 13 08:31:32.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.1.41:5246
*Apr 13 08:32:46.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

 

KIndly Help.

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎09-12-2019 02:51 AM - edited ‎09-12-2019 02:54 AM

1) look at this post for some optional causes

2) and this Field Notice: FN - 63916

that says: Some Wireless Access Points (APs) manufactured between August 2014 and October 2014 might have an incorrectly programmed SHA-2 certificate.

3) check the software version on the 1702 is compatible with the version ME version on the 1832

Cisco Mobility Express Solution Compatibility Matrix

 

0 Helpful

jonathga
Cisco Employee
Cisco Employee

‎09-13-2019 07:28 AM

Hello, try to use config ap dtls-version dtls_all command and check if the APs are able to connect to the WLC again. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card