AP not connecting with controller

aravi9092907772 · ‎07-20-2023

*Jul 20 09:31:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.3.1 peer_port: 5246
*Jul 20 09:31:06.351: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 192.168.3.1 peer_port: 5246
*Jul 20 09:31:06.351: %CAPWAP-5-SENDJOIN: sending Join Request to 192.168.3.1
*Jul 20 09:31:06.595: %DTLS-5-ALERT: Received WARNING : Close notify alert from 192.168.3.1
*Jul 20 09:31:06.595: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.3.1:5246
*Jul 20 09:31:06.683: %LWAPP-4-CLIENTEVENTLOG: Not sending change state post as the radio admin is down, lrad state = 5
*Jul 20 09:31:06.687: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jul 20 09:31:06.687: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jul 20 09:31:06.691: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 20 09:31:06.711: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 20 09:31:07.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 20 09:31:07.719: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jul 20 09:31:07.727: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jul 20 09:31:08.711: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 20 09:31:08.719: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jul 20 09:31:08.747: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jul 20 09:31:08.755: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jul 20 09:31:08.763: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jul 20 09:31:09.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jul 20 09:31:09.755: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jul 20 09:31:09.783: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jul 20 09:31:10.783: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jul 20 09:31:36.711: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

Rasika Nayanajith · ‎07-20-2023

Need more info about WLC firmware version & AP model detais

HTH
Rasika

aravi9092907772 · ‎07-20-2023

Air-CAP2702I-E-K9 Cisco Aironet 2700 series 802.11ac Dual band

L3 switch WLC version 03.06.08E

Flavio Miranda · ‎07-20-2023

Hi @aravi9092907772

It seems certificate problem due expiration timer. Use the workaround cisco provide

config ap cert-expiry-ignore mic enable

aravi9092907772 · ‎07-20-2023

Hi @Flavio Miranda

config ap cert-expiry-ignore mic enable

Where to type this command as i tried in WLC it says invalid command

Flavio Miranda · ‎07-20-2023

it should be on the WLC but it was for AirOS WLC. Are you running embebded WLC on switch right?

Rasika Nayanajith · ‎07-20-2023

Below option given for 9800 running IOSXE-16.x. Same workaround may work in your case as well

https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html

C9800 Command to Accept Expired Certificates

configure terminal
crypto pki certificate map map1 1
 issuer-name co cisco manufacturing ca
crypto pki certificate map map1 2
 issuer-name co act2 sudi ca

crypto pki trustpool policy
 match certificate map1 allow expired-certificate

HTH
Rasika
*** Pls rate all useful responses ***

aravi9092907772 · ‎07-24-2023

Ill try this and get back to you.

aravi9092907772 · ‎07-24-2023

yes,

iam running embeded WLC