Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2565
Views
5
Helpful
5
Replies

AP cannot join vWLC when it move from workstation to ESXi

Go to solution
wfqk
Level 5
Level 5

‎04-10-2021 02:32 PM - edited ‎07-05-2021 01:07 PM

Hello,

I have a question. vWLC 8.0 is installed at vmware workstation and then the ap3702 can join the vWLC, but if the same vWLC installed in ESXi6.7, the same ap cannot join the same vWLC at ESXi. I got the below message, some of them show “Bad certificate Alert to ... " but i dont think it is certificate issue because the error message cannot show up in the workstation.

Based on document of cisco, the vswitch port promiscuous mode is enabled. but it still cannot work. Not sure where the problem is. Anyone has suggestions? Thank you

 

AP#sho capwap ip confi

LWAPP Static IP Configuration
IP Address 10.0.10.112
IP netmask 255.255.255.0
Default Gateway 10.0.10.1
Primary Controller 10.0.10.85

%Error opening flash:/configs/AP_HREAP_L2_ACL_PAYLOAD_file (No such file or directory)
%Error opening flash:/configs/AP_HREAP_L2_ACL_PAYLOAD_file (No such file or directory)
*Apr 10 04:30:18.999: %LWAPP-3-CLIENTERRORLOG: Switching to Standalone mode
*Apr 10 04:30:19.023: %LWAPP-4-CLIENTEVENTLOG:
Checksum required saved version = 8.0.152.0, file flash:/lwapp_reap.cfg
cfg_lwapp_reap_ssid_command: ssid SSID_10_83, command failed.May be ssid not created or invallid ssid name
cfg_lwapp_reap_ssid_command: ssid SSID_10_83, command failed.May be ssid not created or invallid ssid name
*Apr 10 04:30:19.075: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 10 04:30:19.739: %LWAPP-4-CLIENTEVENTLOG: No REAP configuration file to load. Connect to controller to get configuration file
*Apr 10 04:30:19.739: %LWAPP-4-CLIENTEVENTLOG: No Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 10 04:30:19.739: %LWAPP-4-CLIENTEVENTLOG: No LS Flex ACL map configuration file to load. Connect to controller to get configuration file
*Apr 10 04:30:19.739: %LWAPP-4-CLIENTEVENTLOG: No Central Dhcp map configuration file to load. Connect to controller to get configuration file
*Apr 10 04:30:19.859: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Apr 10 04:30:20.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 10 04:30:20.095: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 10 04:30:20.523: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 10 04:30:20.851: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 10 04:30:21.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 10 04:30:24.775: %DOT11-6-FREQ_USED: Interface Dot11Radio1, frequency 5825 selected
*Apr 10 04:30:24.787: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Apr 10 04:30:24.795: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Apr 10 04:30:25.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 10 04:30:25.787: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Apr 10 04:30:25.815: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Apr 10 04:30:25.823: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Apr 10 04:30:25.831: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Apr 10 04:30:26.815: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Apr 10 04:30:26.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Apr 10 04:30:26.851: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Apr 10 04:30:27.851: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Apr 10 04:30:28.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:29:29.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:29:29.003: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF

*Apr 10 17:29:29.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:508 Certificate verified failed!
*Apr 10 17:29:29.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.0.10.85:5246
*Apr 10 17:29:29.007: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
*Apr 10 17:30:33.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:30:37.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:30:42.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 10 17:30:42.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.0.10.85:5246
*Apr 10 17:30:42.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Apr 10 17:31:54.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:31:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:32:06.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 10 17:32:06.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.0.10.85:5246
*Apr 10 17:32:06.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246

*Apr 10 17:32:57.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:33:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:33:01.003: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF

*Apr 10 17:33:01.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:508 Certificate verified failed!
*Apr 10 17:33:01.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.0.10.85:5246
*Apr 10 17:33:01.007: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
*Apr 10 17:34:05.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:34:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:34:11.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 10 17:34:11.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.0.10.85:5246
*Apr 10 17:34:11.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
*Apr 10 17:35:10.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:35:11.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:35:24.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 10 17:35:24.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.0.10.85:5246
*Apr 10 17:35:24.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)

*Apr 10 17:36:28.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:36:05.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:36:05.003: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF

*Apr 10 17:36:05.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:508 Certificate verified failed!
*Apr 10 17:36:05.003: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.0.10.85:5246
*Apr 10 17:36:05.007: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246
*Apr 10 17:37:09.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Apr 10 17:37:13.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.0.10.85 peer_port: 5246
*Apr 10 17:37:18.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Apr 10 17:37:18.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 10.0.10.85:5246
*Apr 10 17:37:18.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.10.85:5246

0 Helpful
1 Accepted Solution

Accepted Solutions
5 Replies 5

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎04-10-2021 04:59 PM

You don’t need to keep opening new threads. Stick with one thread so folks do t keep asking the same questions.
-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
wfqk
Level 5
Level 5
In response to Scott Fella

‎04-10-2021 06:07 PM - edited ‎04-10-2021 06:28 PM

Thank you MHM very much! It works! 

Go to solution
MHM Cisco World
VIP
VIP
In response to wfqk

‎04-11-2021 07:20 AM

You are welcome Bro
please mention that this issue is solved. 

0 Helpful

Go to solution
wfqk
Level 5
Level 5
In response to MHM Cisco World

‎04-11-2021 07:26 AM

Yes I just did it. Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card