cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
35354
Views
20
Helpful
20
Comments
Federico Lovison
Cisco Employee
Cisco Employee

Status:

This tool is not longer maintained, and its functionality has been integrated in WLAN Poller. Please use it instead:

https://developer.cisco.com/docs/wireless-troubleshooting-tools/#!wlan-poller-wlan-poller/wlan-poller

 

Current version

Filename apcertcheck-1.2.1.zip
Version 1.2.1
Date 2015-06-30

 

Description

The apCertCheck tool allows to collect information from Cisco Unified Wireless Access Points in order to assess the device certificate expiration date.


It automatically performs the steps described at this document, making data collection easier, especially on large deployments with several WLCs and APs:
https://supportforums.cisco.com/document/12453081/lightweight-ap-fail-create-capwaplwapp-connection-due-certificate-expiration

The output is presented in CSV format, for easy processing with any common spreadsheet application.

 

What's new?

  • Version 1.2.1

This version adds the capability to import AP information with no direct connection to the WLC, either through a static AP list specified in the config.ini file, or by importing the raw output of the "show ap join stats summary all" in one or more text files.

 

Requirements

 

Notes:

The “pip” command requires internet access to reach the PyPI repositories via HTTPs.
Should the above commands on CLI return a “file not found” error, execute the command after changing directory to the “Scripts” directory under the python installation, e.g. C:\Python27\Scripts\

 

  • The host running the script needs to have network connectivity (SSH and/or Telnet) to the Access Points.
    Connectivity to the Wireless LAN Controller(s) is also required unless AP information is imported through text files (version 1.2.1).

 

Installation and Configuration instructions:

Please refer to the release notes PDF document for more details.

 

Download:

The tool and documentation can be downloaded from this repository (CCO account required):

https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=wireless-esc-tools

Comments
Vinay Sharma
Level 7
Level 7

Thank you Federico for sharing essential information, much appreciated.

 

Regards,

Vinay Sharma,

Community Manager,

CCIE#44972

 

tgieser-bis
Level 1
Level 1

Hi,

I´m trying to run the script but I do not get an result in the reports:

c:\Python27>python C:\\apcertcheck-1.2.1\apCertCheck.py
Current ap_report.csv file found, reading entries...

Appending new entries to existing ap_report.csv file.

 > Waiting for AP data collection to complete
Done.


=================================
Summary
=================================
Total APs:      0
Known APs:      0
Processed APs:  0
Failed APs:     0

Duration:               0:00:00.016000
=================================

c:\Python27>

Federico Lovison
Cisco Employee
Cisco Employee

Hi,

it looks like a problem with the configuration ("config.ini" file) as the script is not processing any WLC nor any static list or import from text file.

If you send me your config.ini file I can review it (feel free to change the users/passwords, but please leave everything else as it is).

Regards,
Fede

tgieser-bis
Level 1
Level 1

Hi, thanks for the quick response...

 

Here the config file:

[General]
mode: ssh        ; config global mode for WLC connection: "ssh" or "telnet"
ap_mode: ssh     ; config global mode for AP connection: "ssh" or "telnet"

; Configures "config ap telnet/ssh enable <apname>" to ensure AP reachability
; Performance impact: uncomment only if unsure about AP config or if connection to some APs fails.
ap_enable_console: True

; set global WLC/AP credentials
wlc_user: xxxxxx
wlc_pasw: yyyyy
ap_user: xxxxxxx
ap_pasw: yyyyyyy

; Set max concurrent connections (if not specified, default = 10)
concurrent_connections: 30

; Filename suffix for CSV reports
output_file: report.csv

[c010-03AC01-t]              ; WLC-specific config, one section per WLC
active: True            ; defines if APs on this WLC will be processed or not: "True" or "False" (default: True)
ipaddr: 10.50.13.7    ; WLC IP address - this is mandatory

; Uncomment to override global credentials
; wlc_user: <wlc1-user>
; wlc_pasw: <wlc1-pasw>
; mode: ssh
; port: <custom-port>

;[WLC-Wlc2]
;active: False
;mode: telnet            ; override global
;ipaddr: <wlc2-ipaddress>

[AP-List]
 AP3462.8866.4830: 10.50.166.32

[AP-Import]
;; import from "show ap join stats summary all" output in text file
; <import_label>: <filename>

Federico Lovison
Cisco Employee
Cisco Employee

Please change the following:

  • WLC section name to:  [WLC-c010-03AC01-t] 

The "WLC-" prefix is needed to identify this as a section containing controller details.
By using hyphens on the name, you may see that the WLC name is incorrectly parsed while running the script (showing the name as "c010"), but this is just cosmetic as the actual WLC name used in the report is taken from the WLC itself.

  • in the AP list, remove the space in front of the AP name:
    [AP-List]
    AP3462.8866.4830: 10.50.166.32

After correcting these details, it should work :)

I hope it helps.

Regards,
Fede

tgieser-bis
Level 1
Level 1

I did it, but without any improvement in the result:

 

[WLC-c010-03AC01-t]               ; WLC-specific config, one section per WLC
active: True            ; defines if APs on this WLC will be processed or not: "True" or "False" (default: True)
ipaddr: 10.50.13.7    ; WLC IP address - this is mandatory

; Uncomment to override global credentials
; wlc_user: <wlc1-user>
; wlc_pasw: <wlc1-pasw>
; mode: ssh
; port: <custom-port>

;[WLC-Wlc2]
;active: False
;mode: telnet            ; override global
;ipaddr: <wlc2-ipaddress>

[AP-List]
AP3462.8866.4830: 10.50.166.32

[AP-Import]
;; import from "show ap join stats summary all" output in text file
; <import_label>: <filename>

 

 

Current ap_report.csv file found, reading entries...

Appending new entries to existing ap_report.csv file.

 > Waiting for AP data collection to complete
Done.


=================================
Summary
=================================
Total APs:      0
Known APs:      0
Processed APs:  0
Failed APs:     0

Duration:               0:00:00.021000
=================================

c:\Python27>

Federico Lovison
Cisco Employee
Cisco Employee

This is odd...

Please modify the value of the variable "verbose" inside the apCertCheck.py file as follows:

# global/defaults
verbose = True

Launch the script again and see what it prints.
We should be able to see what's going.

Thanks,
Fede

tgieser-bis
Level 1
Level 1

No, big difference:

 

c:\Python27>python C:\apcertcheck-1.2.1\apCertCheck.py
{}
[]
Current ap_report.csv file found, reading entries...

Appending new entries to existing ap_report.csv file.

Concurrent connections: 10
 > Waiting for AP data collection to complete
Done.


=================================
Summary
=================================
Total APs:      0
Known APs:      0
Processed APs:  0
Failed APs:     0

Duration:               0:00:00.018000
=================================

c:\Python27>

Federico Lovison
Cisco Employee
Cisco Employee

This output is actually very useful as it tells that the script is unable to access the config, most probably because of path issues and the way the script is launched:

c:\Python27>python C:\apcertcheck-1.2.1\apCertCheck.py
{}   <-- empty
[]   <-- empty

I just verified that if the config doesn't exist, the script just continues with an empty config, so I will enhance the script to print an error message when this happens.

By default the script looks for a config.ini file in the current directory, or you can specify the file path as an optional argument.

There are different ways you can overcome this:

  • Make sure python is on the system path list and execute the script from the same directory where the script is located, e.g.:
cd C:\apcertcheck-1.2.1\
C:\apcertcheck-1.2.1>python apCertCheck.py
  • Again from the the script directory, launch python using the full path, e.g.:
C:\apcertcheck-1.2.1>C:\Python27\python apCertCheck.py
  • Explicitly specify the config file path as a command argument, e.g.:
c:\Python27>python C:\apcertcheck-1.2.1\apCertCheck.py C:\apcertcheck-1.2.1\config.ini

I hope this works.

Thanks,
Fede

tgieser-bis
Level 1
Level 1

 > Retrieved 3 APs from WLC c010-03AC01-t
 > Waiting for AP data collection to complete
Done.


=================================
Summary
=================================
Total APs:      4
Known APs:      0
Processed APs:  4
Failed APs:     0

Duration:               0:00:07.906000
=================================

c:\Python27>

 

that worked!

 

thanks a lot!

Federico Lovison
Cisco Employee
Cisco Employee

I'm glad to hear this! :)

I'll publish a new version printing an error message if the config file is not found as soon as I can.

Have a nice day.

Regards,
Fede

dperowne
Level 1
Level 1

Hi Fede,

Can you add a WLC-Import section for clients with hundreds of WLCs?

Also, where AP CLI access needs two passwords (eg: login then enable?)

Cheers!
Dan

Federico Lovison
Cisco Employee
Cisco Employee

Hi Dan,

Thanks for the feedback.

I'll add your requests to the enhancements to be published in the next version of the script:
- WLC-Import from CSV file
- allow to specify separate enable password for AP CLI

At this moment I don't have a target date for the next release, but please follow this thread to be notified once it is available.

Regards,
Fede

Michael Gary
Level 1
Level 1

I am getting an Error that says SSH unavailable.    Even though I can run Putty and I can SSH to my controller just fine.   Ideas? 

gustavomam
Level 1
Level 1

Hi, 

 

I am not able to download the file . I double check and I was logged on my Cisco account, and neither my colleagues couldn't

We got this message. Maybe the file is in another repository

-----

Forbidden

You don't have permission to access /cgi-bin/swc/fileexg/main.cgi on this server.

Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request.


Apache/2.2 Server at upload-prod1-04.cisco.com Port 443

 

Could you share the new link?

 

Thank you.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: