09-11-2019 04:50 AM - edited 07-05-2021 10:59 AM
Dear Community,
During the joining process of 1702i with 1832 mobility express i got the the following error.
*Apr 13 08:30:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.41 peer_port: 5246
*Apr 13 08:30:33.011: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_record.c:394 BD is not of DTLS Change Cipher Spec type
*Apr 13 08:30:33.011: %DTLS-5-SEND_ALERT: Send FATAL : Internal error Alert to 10.1.1.41:5246
*Apr 13 08:30:33.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.1.41:5246
*Apr 13 08:31:31.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 13 08:31:32.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.1.41 peer_port: 5246
*Apr 13 08:31:32.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 13 08:31:32.000: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.1.1.41:5246
*Apr 13 08:31:32.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.1.41:5246
*Apr 13 08:32:46.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
KIndly Help.
09-12-2019 02:51 AM - edited 09-12-2019 02:54 AM
1) look at this post for some optional causes
2) and this Field Notice: FN - 63916
that says: Some Wireless Access Points (APs) manufactured between August 2014 and October 2014 might have an incorrectly programmed SHA-2 certificate.
3) check the software version on the 1702 is compatible with the version ME version on the 1832
Cisco Mobility Express Solution Compatibility Matrix
09-13-2019 07:28 AM
Hello, try to use config ap dtls-version dtls_all command and check if the APs are able to connect to the WLC again.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: