02-27-2009 09:30 AM - edited 07-03-2021 05:14 PM
I converted an aironet 1231 ap to LWAP with the newest LWAP image, but everytime it boots up it looks for the WLC but doesnt find it and keeps rebooting. If I try to login to the device before it reboots it wont let me (it acts like I typed the wrong password), but there has never been a password set on this device. Im not sure what to do to get this resolved...any suggestions?
02-27-2009 09:33 AM
Lightweight access points have several ways of finding the controller, so it depends on which method you're using. The easiest way to help it out is to place the AP on the same VLAN as the controller. The AP should find it by broadcast. You can then move it to another VLAN afterward and it will find the controller.
If that doesn't work, console into the AP and grab the logs of what it's saying before it reboots. That should help us out.
02-27-2009 10:00 AM
I have it in the same VLAN as the WLC so that I why I think that it is weird it isnt finding it.
Here is what the error log says right before it reboots:
*Mar 1 00:00:23.748: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_c
erts no certs in the SSC Private File
*Mar 1 00:00:23.748: LWAPP_CLIENT_ERROR_DEBUG:
*Mar 1 00:00:23.748: lwapp_crypto_init: PKI_StartSession failed
*Mar 1 00:00:25.087: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Re
ason: FAILED CRYPTO INIT.
*Mar 1 00:00:25.087: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
02-27-2009 05:41 PM
1230 AP's are a funny lot. This particular AP would reboot not just because it can't find the WLC. It can't find the WLC because the SSC keys are incorrect or not compatible.
Do you have any other 1230 joined with this WLC? If yes, look at the directory of that particular AP and look at the version of the RCV installed. Download and use the same RCV version when converting from Autonomous to LWAPP (using the conversion tool).
03-02-2009 10:35 AM
Unfortunatly I don't have any other 1231's joined to this WLC, I guess I will just try to convert it back to autonomous and then rerun the conversion tool. Im not sure what else to do at this point?
03-02-2009 02:33 PM
Give that a go and let us know the results (good and/or bad).
03-02-2009 04:06 PM
Hi David,
It sounds like you have an SSC (Self Signed Certificate) AP. Once you convert to LWAPP AP, add the SSC and its MAC address under the AP Authentication list in the controller.
From this good doc;
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008072d9a1.shtml#prob
In the case of the SSC APs, no certificate is created on the controller. The upgrade tool has the AP generate a Rivest, Shamir, and Adelman (RSA) key pair that is used to sign a self-generated certificate (the SSC). The upgrade tool adds an entry to the controller authentication list with the MAC address of the AP and public key-hash. The controller needs the public key-hash in order to validate the SSC signature.
If the entry has not been added to the controller, check the output CSV file. There should be entries for each AP. If you find the entry, import that file into the controller. If you use the controller command-line interface (CLI) (with use of the config auth-list command) or the switch web, you must import one file at a time. With a WCS, you can import the whole CSV file as a template.
Hope this helps!
Rob
03-03-2009 08:25 AM
Thanks for the help guys, I was finally able to resolve this problem. First I had to get around the AP rebooting every 30 seconds preventing me from doing anything on it. I was able to do that by setting a static IP in the range of 10.0.0.2 - 30 on my laptop and powering up the AP while holding the mode button down. This makes the AP automatically look for a TFTP server within the range above and download a new *.default image. Once I got it converted back to Autonomous mode by doing that I was able to recovert it to LWAP with the coversion tool and I had no problems after that. I think the issue was that I didnt use the conversion tool the first time I just loaded the new LWAP image onto the AP. This is how I was able to do it for all my 1252's so I just figured it would work the same, guess I was wrong.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide