AIR-OEAP602I-E-K9 LSC

sean-anthony · ‎06-12-2012

Hi All,

Looking for some assistance, iv deployed a number 3602i's and 1142's and have been using LSC's rather than the MIC certificates.

I know that my CA is correctly configured as is the controller as I have 14 APs that have succesfully requested and installed LSC certs, and I also just tried another 1142 as a test and it was fine, but I cant get the 602's to install a LSC.

Do the 602i's support this as the most I am able to see in the logs of the controller is below, a packet capture on the CA shows no attempt from the WLC to request the cert.

Also the 600 never reboots as the other devices have done when provisining LSC's the other office extend AP's have been fine, these are the 1142's, the controller is running 7.2.110.0

*sshpmLscTask: Jun 12 19:25:53.619: sshpmLscTask: LSC Task received a message 4

I also have the following in the ap log but this could be unrelated,

failed to validate vendor specific message element type 94 len 8

Thanks for any help

Sean

Saravanan Lakshmanan · ‎06-12-2012

cisco doesn't support self-signed certs on the OEAP-600, nor are LSC (local significant certificates) supported.

Saravanan Lakshmanan · ‎06-12-2012

cisco do not support self-signed certs on the OEAP-600, nor are LSC (local significant certificates) supported.

sean-anthony · ‎06-12-2012

Thanks for the reply, is there anywhere this is documented, as I havent been able to find any mention of it anywhere, hopefully a code upgrade will address this at some point then, as I would prefer to use LSC certs

Saravanan Lakshmanan · ‎06-12-2012

My apologies, didn't look at the code version.

http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_lwap.html#wp1465430

sean-anthony · ‎06-12-2012

Thanks, im guessing then I will just have to make do with MIC certs on the 600's then, and hope the functionality comes into a future update

wireless wlc · ‎09-01-2012

Hi Sean,

I am trying to make LSC certs work on AP1252 and WLC2504 in the lab. I have done AP provisioning successfully and AP is having the LSC cert. When i disable MIC now and reboot the AP, its not able to join the controller and the message is :

MIC AP is not allowed to join by config

is there any way to force the AP to use only LSC when its joining ? or should it automatically try it ? When i enable MIC, its joining smoothly again, but not with LSC. Not sure if i am missing something here. ..

regards

Joe

show certificate lsc summary

LSC Enabled...................................... Yes

LSC CA-Server.................................... http://10.10.210.6/certsrv/mscep/mscep.dll

LSC AP-Provisioning.............................. Yes

Provision-List............................... Not Configured

LSC Revert Count in AP reboots............... 10

LSC Params:

Country...................................... US

State........................................ lab

City......................................... lab

Orgn......................................... lab

Dept......................................... lab

Email........................................ abc@abc.com

KeySize...................................... 2048

LSC Certs:

CA Cert...................................... Present

RA Cert...................................... Not Configured

(WLC3-2504) >show certificate lsc ap-provision

LSC AP-Provisioning.............................. Yes

Provision-List................................... Present

Idx Mac Address

--- -------------

1 00:25:45:cf:c8:3e