Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6558
Views
15
Helpful
6
Replies

AP( AIR 1242AG-A-K9) suddenly stopped working and we are getting error "Invalid event 38 & state 3"

NSG Manager
Level 1
Level 1

‎01-15-2017 11:41 PM - edited ‎07-05-2021 06:21 AM

Hi team,

AP suddenly stopped working . It currently shows RED color in status LED. All other APs are working fine . We have changed POE switch port but still issue persists.  We have other 31 Cisco APs which are working the same way it is working ( lightweight ) , switch port configuration for all APs are same . Please help us on this issue .

error logs

***********

*Jan 16 07:05:39.119: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER
*Jan 16 07:05:49.120: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 16 07:07:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.11.225 peer_port: 5246
*Jan 16 07:08:00.637: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.11.225
*Jan 16 07:08:00.637: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Jan 16 07:08:00.637: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.11.225:5246
*Jan 16 07:08:00.638: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
*Jan 16 07:09:03.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 16 07:07:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.11.225 peer_port: 5246
*Jan 16 07:08:00.630: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.11.225
*Jan 16 07:08:00.630: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Jan 16 07:08:00.631: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.11.225:5246
*Jan 16 07:08:00.632: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

in WLC, SSC and MIC already enabled.

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

‎01-16-2017 12:12 AM

*Jan 16 07:08:00.630: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.11.225
*Jan 16 07:08:00.630: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.

Post the complete output to the following commands: 

1.  WLC:  sh sysinfo; 

2.  AP:  sh inventory

I suspect the certificate in the AP has expired.

NSG Manager
Level 1
Level 1
In response to Leo Laohoo

‎01-19-2017 06:38 AM

Hi,

is there any fix to this issue.

A-AP#sho inventory
NAME: "AP1240", DESCR: "Cisco Aironet 1240 Series (IEEE 802.11a/g) Access Point"
PID: AIR-AP1242AG-A-K9 , VID: V01, SN: FHK104540F9

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to NSG Manager

‎01-19-2017 08:00 AM

If you followed the link and the certificate is fine, then maybe the AP is bad. You can probably find the same model pretty cheap online. 

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to NSG Manager

‎01-19-2017 12:50 PM

FHK104540F9

Serial number tells me the AP was manufactured back in 2006.  So this means the certificate has expired.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎01-16-2017 08:58 AM

Just to add. These AP's are old so the certificate might be expired. Take a look at this link also:

https://supportforums.cisco.com/document/12453081/lightweight-ap-fail-create-capwaplwapp-connection-due-certificate-expiration

-Scott 

*** Please rate helpful posts *** 

-Scott
*** Please rate helpful posts ***

NSG Manager
Level 1
Level 1
In response to Scott Fella

‎01-17-2017 10:24 PM

Hi, that was very helpful in identifying the issue, thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card