06-12-2012 12:59 PM - edited 07-03-2021 10:17 PM
Hi All,
Looking for some assistance, iv deployed a number 3602i's and 1142's and have been using LSC's rather than the MIC certificates.
I know that my CA is correctly configured as is the controller as I have 14 APs that have succesfully requested and installed LSC certs, and I also just tried another 1142 as a test and it was fine, but I cant get the 602's to install a LSC.
Do the 602i's support this as the most I am able to see in the logs of the controller is below, a packet capture on the CA shows no attempt from the WLC to request the cert.
Also the 600 never reboots as the other devices have done when provisining LSC's the other office extend AP's have been fine, these are the 1142's, the controller is running 7.2.110.0
*sshpmLscTask: Jun 12 19:25:53.619: sshpmLscTask: LSC Task received a message 4
I also have the following in the ap log but this could be unrelated,
failed to validate vendor specific message element type 94 len 8
Thanks for any help
Sean
06-12-2012 01:04 PM
cisco doesn't support self-signed certs on the OEAP-600, nor are LSC (local significant certificates) supported.
06-12-2012 01:05 PM
cisco do not support self-signed certs on the OEAP-600, nor are LSC (local significant certificates) supported.
06-12-2012 01:09 PM
Thanks for the reply, is there anywhere this is documented, as I havent been able to find any mention of it anywhere, hopefully a code upgrade will address this at some point then, as I would prefer to use LSC certs
06-12-2012 01:35 PM
My apologies, didn't look at the code version.
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp1465430
06-12-2012 01:44 PM
Thanks, im guessing then I will just have to make do with MIC certs on the 600's then, and hope the functionality comes into a future update
09-01-2012 11:37 AM
Hi Sean,
I am trying to make LSC certs work on AP1252 and WLC2504 in the lab. I have done AP provisioning successfully and AP is having the LSC cert. When i disable MIC now and reboot the AP, its not able to join the controller and the message is :
MIC AP is not allowed to join by config
is there any way to force the AP to use only LSC when its joining ? or should it automatically try it ? When i enable MIC, its joining smoothly again, but not with LSC. Not sure if i am missing something here. ..
regards
Joe
show certificate lsc summary
LSC Enabled...................................... Yes
LSC CA-Server.................................... http://10.10.210.6/certsrv/mscep/mscep.dll
LSC AP-Provisioning.............................. Yes
Provision-List............................... Not Configured
LSC Revert Count in AP reboots............... 10
LSC Params:
Country...................................... US
State........................................ lab
City......................................... lab
Orgn......................................... lab
Dept......................................... lab
Email........................................ abc@abc.com
KeySize...................................... 2048
LSC Certs:
CA Cert...................................... Present
RA Cert...................................... Not Configured
(WLC3-2504) >show certificate lsc ap-provision
LSC AP-Provisioning.............................. Yes
Provision-List................................... Present
Idx Mac Address
--- -------------
1 00:25:45:cf:c8:3e
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide