Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2859
Views
0
Helpful
4
Replies

1232AG LWAP Problem

JASON SIMMONS
Level 2
Level 2

‎10-04-2010 10:02 AM - edited ‎07-03-2021 07:14 PM 

Recently several of our 123AG access points have failed to rejoin the WLC
after being rebooted. This only seems to happen with the 1232AG's.  When I console in to
the access point I see the following error messages:

*Mar  1 00:00:06.401: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:07.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0,
changed state to down
*Mar  1 00:00:24.541: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar  1 00:00:24.581: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_certs no
certs in the SSC Private File
*Mar  1 00:00:24.581: LWAPP_CLIENT_ERROR_DEBUG: 
*Mar  1 00:00:24.582: lwapp_crypto_init: PKI_StartSession failed
*Mar  1 00:00:24.614: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason:
FAILED CRYPTO INIT.
*Mar  1 00:00:24.614: %LWAPP-5-CHANGED: LWAPP changed state to DOWN

Does this mean that the access point has somehow lost its ssc key?  How can I prevent this
from happening in the future?  What is the easiest way to recover once this has happened? 

Our WLC is a 5508 and we are running version      7.0.98.0.

The access points are running       7.0.98.0.

All of the access points that I have had this issue with were once connected to the WLC. I've has this occured when the access points were unable to communicate with the controller for an extended period of time because I was upgrading the switch they were connected to.  I've also had this happen while moving an access point from one AP group to another.  
Thanks for you assistance.

Labels:
0 Helpful
4 Replies 4

Madhuri C
Cisco Employee
Cisco Employee

‎10-04-2010 09:04 PM

Hi,

A bug is been identified on this regard wherein of 1230 AP might lose certificate intermittently. The percentage identified is about   1 – 2 % APs. It might be possible that you are hitting this bug.

Bug ID : CSCsk93026
Ling to access the bug : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

You could manually add SSC for the APs. Link : http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml

If in case these were autonomous APs basically which you might have conveted LWAPs then you will need to convert it back to autonomous, reconvert it back to LWAP using upgrade tool. This will also load certificate.

Link : http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml

Regards,

Madhuri

0 Helpful

JASON SIMMONS
Level 2
Level 2
In response to Madhuri C

‎10-05-2010 07:36 AM

Thanks for replying.

So converting to Autonomous mode and back to LWAPP mode is the only way to recover?

Is there a way to archive the key and restore it to the LWAPP when this happens?

0 Helpful

Surendra BG
Cisco Employee
Cisco Employee
In response to JASON SIMMONS

‎10-05-2010 11:29 AM

nope.. currently there is not other way...

Regards
Surendra BG
0 Helpful

Madhuri C
Cisco Employee
Cisco Employee
In response to JASON SIMMONS

‎10-05-2010 04:59 PM

Hi,

There are only 2 ways to resolve this issue:

1. Reconversion.

2. Manually add SSC as mentioned earlier. You would run 'debug pm pki enable' command on WLC which would give the key to be added in the

    WLC. More information : http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml

Regards,

Madhuri

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card