02-12-2020 11:02 AM - edited 07-05-2021 11:42 AM
Hello Cisco Community, (I am sorry if I am in the wrong section - this one sounded right.)
To start off I will explain my situation. I recently started a new job at this company to keep the network alive and well. The ones who originally set everything up are long gone and now i'm tasked with getting things operational and staying operational. I need assistance with today is an issue with getting our access point back up and running.
I have been cleaning the network room and decided to move the Cisco 2504 WLC to the rack mount to make it cleaner. This involved me unwittingly unplugging the WLC and then plugging it back up on the rack mount. I am pretty sure this is the moment where I may have caused something in the configuration to mess up. Later on that day I noticed the access points [AIR-LAP1242AG-A-K9] was no longer green light - they was red/orange/ and sometimes blinking different codes. I tried looking up these codes and it seems like each device is giving different codes.
I did a reset on the WLC and the AP's, but nothing seems to want to communicate properly. I tracked down that the AP's are setup to run into the server room and into a "Nortel BeS5OFE-24T PWR - Business Ethernet Switch". I assume they used this because on one-side it has all the Power-Over-Ethernet connections - while the other side has normal rj45 connections. All the AP's run into the POE slots and the connection to the WLC is on the normal side.
Then into the WLC:
The biggest indicator to my problem is that after putty into the WLC,
(Thankfully after finding all the info on a piece of paper), is that when I type in the "Show AP Summary":
It seems I need to configure the AP's - but I am not 100% sure exactly how to do that - because I can't even console into them because I don't know the configurations that are already there.
I have tried quite a few things on the hardware end - this leads me to believe I need to do something on the software end:
- Switching the AP's
- Power cycling all the devices involved.
- Moving the AP and WLC to a different switch without POE. (using the power adapter instead)
- Changing the sources of the power.
As you can tell I am not that good at dealing with older Cisco AP's and WLC's.
My Cisco knowledge isn't that great - the most I have done is small stuff like setup vlans on Cisco switches.
Please if you can provide any assistance or any tips - please let me know.
Thank-you for reading.
02-12-2020 11:17 AM
Hi There,
Can you please collect the following info.
On the WLC:
On the AP:
02-12-2020 12:48 PM
Thank you so much for your assistance.
Here is the information you wish for me to provide.
wlc sys info:
wlc time:
ap log:
Xmodem file system is available. flashfs[0]: 9 files, 3 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 15998976 flashfs[0]: Bytes used: 7637504 flashfs[0]: Bytes available: 8361472 flashfs[0]: flashfs fsck took 29 seconds. Base ethernet MAC Address: 9c:af:ca:01:6f:88 Initializing ethernet port 0... Reset ethernet port 0... Reset done! ethernet link up, 100 mbps, full-duplex Ethernet port 0 initialized: link is up Loading "flash:/c1240-k9w8-mx.124-23c.JA3/c1240-k9w8-mx.124-23c.JA3"...######### ################################################################################ ######################################################################################################### ######################################################################################################### ######################################################################################################### ################################################## File "flash:/c1240-k9w8-mx.124-23c.JA3/c1240-k9w8-mx.124-23c.JA3" uncompressed and installed, entry point : 0x3000 executing... Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, C1240 Software (C1240-K9W8-M), Version 12.4(23c)JA3, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Tue 18-Oct-11 15:07 by prod_rel_team Proceeding with system init Proceeding to unmask interrupts Initializing flashfs... flashfs[1]: 9 files, 3 directories flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1]: Total bytes: 15740928 flashfs[1]: Bytes used: 7637504 flashfs[1]: Bytes available: 8103424 flashfs[1]: flashfs fsck took 4 seconds. flashfs[1]: Initialization complete....done Initializing flashfs. Radio0 present A506 7100 E8000000 A0000000 80000000 3 Radio1 present A506 6700 E8000100 A0040000 80010000 2 This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco AIR-LAP1242AG-A-K9 (PowerPCElvis) processor (revision A0) with 27638K/5120K bytes of memory. Processor board ID FTX1403B0WG PowerPCElvis CPU at 262Mhz, revision number 0x0950 Last reset from power-on LWAPP image version 7.0.220.0 1 FastEthernet interface 2 802.11 Radio(s) 32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 9C:AF:CA:01:6F:88 Part Number : 73-9925-07 PCA Assembly Number : 800-26579-06 PCA Revision Number : A0 PCB Serial Number : FOC140258GM Top Assembly Part Number : 800-29151-03 Top Assembly Serial Number : FTX1403B0WG Top Revision Number : A0 Product/Model Number : AIR-LAP1242AG-A-K9 % Please define a domain-name first. Press RETURN to get started!
02-12-2020 01:46 PM
It seems like you are hitting the Field Notice 63942 issue, based on your WLC software version and AP serial number.
In short, the AP's certificate expires 10 years after manufacturing, your AP serial number indicates it was manufactured in January 2010. Since your WLC is set to the correct date, it won't be able to join the WLC, typically while everything is online your AP will stay connected even if the cert has expired until it's connection gets disrupted to the WLC by a power disruption or in your case unplugged the WLC from the network.
There is a workaround however, your current software version will require an upgrade as this version don't support the command. To do a quick verification if you are indeed affected by the expired certificate you can do a "show crypto pki certificates" or just roll your WLC's clock back to two years.
If you are going to upgrade the WLC's consider using Cisco TAC's recommended AireOS versions. In your case 8.0 will be the highest you will be able to go when it comes to the Cisco 1242 AP.
Once you upgraded to version 8.0 you should be able to run this command in the cli
config ap cert-expiry-ignore {mic|ssc} enable
This will allow you to run your clock with the current date and time while still allowing the AP's to connect to the WLC.
02-13-2020 05:28 AM
Thank you so much for all your help and your information.
I hate to ask - but how and where do I obtain the AireOS 8.0?
02-13-2020 07:40 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: