in our infra AP model is 3702 and some automation tred logging into AP and post that AP reloaded

 Would be interesting get this AP and console to it to see the logs. Sounds weird.  The AP could reload due something else.

 Is it replicable?

Hi,pls find the logs:

logs May 23 08:29:56 sshd[5389]: Did not receive identification string from 10.10.10.10 port 43287
May 23 08:29:57 sshd[5397]: Invalid user zyfwp from 10.10.10.10 port 46576
May 23 08:29:58 sshd[5397]: error: Could not get shadow information for NOUSER
May 23 08:29:58 sshd[5397]: Failed password for invalid user zyfwp from 10.10.10.10 port 46576 ssh2
May 23 08:29:59 sshd[5432]: Did not receive identification string from 10.10.10.10 port 54082
May 23 08:29:59 sshd[5365]: error: Received disconnect from 10.10.10.10 port 4                                                                             6538:3: com.jcraft.jsch.JSchException: Auth fail [preauth]
May 23 08:29:59 sshd[5365]: Disconnected from invalid user root 10.10.10.10po                                                                             46538 [preauth]
May 23 08:31:10 kernel: [*05/23/2023 08:31:10.2620]
May 23 08:31:31 sshd[6571]: Did not receive identification string from 10.10.10.10 port 48398
May 23 08:37:59 kernel: [*05/23/2023 08:37:59.5960]
May 23 08:38:21 kernel: [*05/23/2023 08:37:59.5960]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:21 kernel: [*05/23/2023 08:38:21.3452]
May 23 08:38:21 kernel: [*05/23/2023 08:38:21.3452]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:21 kernel: [*05/23/2023 08:38:21.6262]
May 23 08:38:21 kernel: [*05/23/2023 08:38:21.6262]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:21 kernel: [*05/23/2023 08:38:21.9475]
May 23 08:38:22 kernel: [*05/23/2023 08:38:21.9475]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:22 kernel: [*05/23/2023 08:38:22.6104]
May 23 08:38:23 kernel: [*05/23/2023 08:38:22.6104]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:23 kernel: [*05/23/2023 08:38:23.8903]
May 23 08:38:26 kernel: [*05/23/2023 08:38:23.8903]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:26 kernel: [*05/23/2023 08:38:26.3452]
May 23 08:38:26 kernel: [*05/23/2023 08:38:26.3452]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:26 kernel: [*05/23/2023 08:38:26.4501]
May 23 08:38:31 kernel: [*05/23/2023 08:38:26.4501]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:31 kernel: [*05/23/2023 08:38:31.7624]
May 23 08:38:42 kernel: [*05/23/2023 08:38:31.7624]  *** RSN ERROR: Received a data frame when no keys are plumbed
May 23 08:38:42 kernel: [*05/23/2023 08:38:42.0023]
May 23 08:40:09 kernel: [*05/23/2023 08:38:42.0024]  *** RSN ERROR: Received a data frame when no keys are plumbedRe-Tx Count=1, Max Re-Tx Value=8, SendSeqNum=108, NumofPendingMsgs=6

Regards,

Anjana

Can you see if the command "show version" is avaible and share the output is does?

AP#sh ver
Restricted Rights Legend

Use, duplication, or disclosure by the Government is subject to
restrictions as set forth in subparagraph (c) of the Commercial
Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and
subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

This product contains some software licensed under the
"GNU General Public License, version 2" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html

This product contains some software licensed under the
"GNU Library General Public License, version 2" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Library
General Public License, version 2", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html

This product contains some software licensed under the
"GNU Lesser General Public License, version 2.1" provided
with ABSOLUTELY NO WARRANTY under the terms of "GNU Lesser
General Public License, version 2.1", available here:
http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

This product contains some software licensed under the
"GNU General Public License, version 3" provided with
ABSOLUTELY NO WARRANTY under the terms of
"GNU General Public License, Version 3", available here:
http://www.gnu.org/licenses/gpl.html.

This product contains some software licensed under the
"GNU Affero General Public License, version 3" provided
with ABSOLUTELY NO WARRANTY under the terms of
"GNU Affero General Public License, version 3", available here:
http://www.gnu.org/licenses/agpl-3.0.html.

Cisco AP Software, (ap3g3), C3802, RELEASE SOFTWARE
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Sun Dec 11 12:24:24 GMT 2022

ROM: Bootstrap program is U-Boot boot loader
BOOTLDR: U-Boot boot loader Version 2013.01-g2ee3a18aa (Jun 03 2022 - 11:27:17)

AP uptime is 100 days, 23 hours, 12 minutes
Last reload time : Sat Feb 11 12:55:37 UTC 2023
Last reload reason : Image Upgrade

cisco AIR-AP3802I-D-K9 ARMv7 Processor rev 1 (v7l) with 1028224/552564K bytes of memory.
Processor board ID FGL21xxxxx
AP Running Image : 8.10.183.0
Primary Boot Image : 8.10.183.0
Backup Boot Image : 8.10.151.0
Primary Boot Image Hash: 9d4d6a3cd23c5eb44befaf32e4c1e1430f0f2443fbe55b060862c89 8f15de3146e00c8e15487b983aff115170b6a279d4fba5972815af3c8bfe821ed417f033b
Backup Boot Image Hash: 5340d8bf3771b3f47e2d086cb09b7cffeb22635e33afcbe72fe7959 4307f78fc3ece9977bfd7cd3d2cc75b81170665e4a90763e6f9ccce80ffce0582fc5481d6
1 Multigigabit Ethernet interfaces
1 Gigabit Ethernet interfaces
2 802.11 Radios
Radio Driver version : 9.0.5.5-W8964
Radio FW version : 9.1.8.1
NSS FW version : 2.4.28

Base ethernet MAC Address : A0:23:ff:98:FA:cc
Part Number : 73-017278-06
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number : FOC2xxxxxxx
Top Assembly Part Number : 068-100531-01
Top Assembly Serial Number : FGL2xxxxxxx
Top Revision Number : A0
Product/Model Number : AIR-AP3802I-D-K9

Interesting, look what was the reason for the last reload:

"Last reload reason : Image Upgrade"

and the uptime is huge:

AP uptime is 100 days, 23 hours, 12 minutes

So, no, this AP did not reboot by something accessing it.