01-11-2022 04:53 AM - edited 01-11-2022 04:54 AM
Hello, colleagues! I deployed the WLC 9800 on ESXi, transferred the access point 9105AXI to a lightweight one with the command "ap-type capwap".
But then a problem arose: the access point receives its IP from DHCP (15 VLAN), the controller sees it, but they do not want to work, the point does not connect (not join). In the controller:
"Reason for last AP connection failure: DTLS cert-chain not available"
On AP the following:
What should I do?
Solved! Go to Solution.
01-11-2022 06:07 AM
Hi,
Looks like a trust point issue to me.
check this post:
https://gblogs.cisco.com/ch-tech/setup-your-lab-with-catalyst-9800-cl/
you can also manually create a trust point ....example:
WLC#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 ...
Regards
Dont forget to rate helpful posts
01-11-2022 05:27 AM
Hi
Most probably they are in diferrent time. Make sure both are on the same time.
01-11-2022 08:31 PM
Hi! At the moment, different time zones. What command can I use to change the time zone on the access point at the moment?
01-11-2022 06:07 AM
Hi,
Looks like a trust point issue to me.
check this post:
https://gblogs.cisco.com/ch-tech/setup-your-lab-with-catalyst-9800-cl/
you can also manually create a trust point ....example:
WLC#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 ...
Regards
Dont forget to rate helpful posts
01-11-2022 07:26 AM
Very common question - have you read previous posts on the subject?
03-21-2024 03:21 AM
I had a similar issue last night when upgrading a 9800-80 from 17.9.4a to 17.9.5. 1600 APs all refusing to connect with a "DTLS cert-chain not available" error.
There's nothing in the release notes to say that the config needs to be changed, but there's a clue as to what the certificate ought to be.
The command wireless management trustpoint CISCO_IDEVID_CMCA3_SUDI fixed it; all APs started pouring in, realised they needed to switch firmware, cleared off and came back.
9800WLC#sh ap image
Total number of APs : 0
Number of APs
Initiated : 0
Downloading : 0
Predownloading : 0
Completed downloading : 0
Completed predownloading : 0
Not Supported : 0
Failed to Predownload : 0
Predownload in progress : No
9800WLC#wireless config validate
wireless management trustpoint is not set
9800WLC#show wireless management trustpoint
Trustpoint Name :
Certificate Info : Not Available
Private key Info : Not Available
FIPS suitability : Not Applicable
9800WLC#conf t
Enter configuration commands, one per line. End with CNTL/Z.
9800WLC(config)#wireless management trustpoint CISCO_IDEVID_CMCA3_SUDI
9800WLC(config)#^Z
9800WLC#show wireless management trustpoint
Trustpoint Name : CISCO_IDEVID_CMCA3_SUDI
Certificate Info : Available
Certificate Type : MIC
Certificate Hash : ****HIDDEN****
Private key Info : Available
FIPS suitability : Not Applicable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide