Solved: Air-AP1142N-K-K9 compatibles with WLC 2504

SeokGeunChoi73564 · ‎12-06-2021

Hi, I'm trying to connect AP to WLC

But I think firmware compatible doesn't match.

AP : Air-AP1142N-K-K9

c1140-k9w8-mx.153-3.JC8/c1140-k9w8-xx.153-3.JC8

WLC : WLC 2504

8.2.160.0

Am I have to do upgrade/downgrade of WLC or AP?

If I need to do, where I can find firmware files?

(AP1140 series firmware don't exist on software.cisco.com)

+

AP can't connect with WLC 2504 - 8.2.160.0 (192.168.1.91)

Dec 7 01:55:34.017: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:509 Certificate verified failed!
Dec 7 01:55:34.017: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.91:5246
Dec 7 01:55:34.018: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.91:5246
Dec 7 01:56:39.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.91 peer_port: 5246
Dec 7 01:56:45.001: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
Dec 7 01:56:45.001: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.1.91:5246
Dec 7 01:56:45.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.91:5246
Dec 7 01:57:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.91 peer_port: 5246
Dec 7 01:57:58.001: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
Dec 7 01:57:58.001: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.1.91:5246
Dec 7 01:57:58.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.91:5246
Dec 7 01:58:49.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.254.200 peer_port: 5246
Dec 7 01:59:18.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x28F52A0!

Sandeep Choudhary · ‎12-06-2021

Hi,

Looks like certificate of the access points had expired due to their age.

Please run the below mentioned command on WLC and check again.

WLC#config ap cert-expiry-ignore mic enable

Regards

Dont forget to rate helpful posts

View solution in original post

davidc_86 · ‎09-02-2022

Hi, i seem to have a problem like this, i have a 2504 in a lab setup that rejects the 1142 access points though i have a 3702 connected. i did try this conmmand and it did help, but still no good. if anyone has any ideas, i did update the wlc to 8.5. If anyone can see what ive done wrong that be great thanks.

WLC#config ap cert-expiry-ignore mic enable

Ap log:

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (10.0.30.1)

*Sep 2 10:54:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.30.109 peer_port: 5246
*Sep 2 10:54:19.430: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.30.109 peer_port: 5246
*Sep 2 10:54:19.430: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.30.109
*Sep 2 10:54:19.433: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.0.30.109
*Sep 2 10:54:19.433: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.30.109:5246
*Sep 2 10:54:19.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.30.109 peer_port: 5246
*Sep 2 10:54:19.430: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.0.30.109 peer_port: 5246
*Sep 2 10:54:19.431: %CAPWAP-5-SENDJOIN: sending Join Request to 10.0.30.109
*Sep 2 10:54:19.435: %DTLS-5-ALERT: Received WARNING : Close notify alert from 10.0.30.109
*Sep 2 10:54:19.435: %DTLS-5-SEND_ALERT