11-27-2020 09:21 AM - edited 07-05-2021 12:50 PM
*spamApTask2: Nov 27 18:14:50.099: 00:5f:86:1e:66:e0 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 100, joined Aps =0
*spamApTask2: Nov 27 18:14:50.099: 00:5f:86:1e:66:e0 Primary Discovery Response sent to 10.40.94.199:15203
*spamApTask6: Nov 27 18:14:50.249: c4:0a:cb:5c:7a:90 Primary Discovery Request from 10.40.94.114:48716
*spamApTask6: Nov 27 18:14:50.249: c4:0a:cb:5c:7a:90 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 100, joined Aps =0
*spamApTask6: Nov 27 18:14:50.250: c4:0a:cb:5c:7a:90 Primary Discovery Response sent to 10.40.94.114:48716
*spamApTask6: Nov 27 18:14:50.250: c4:0a:cb:5c:7a:90 Primary Discovery Request from 10.40.94.114:48716
*spamApTask6: Nov 27 18:14:50.250: c4:0a:cb:5c:7a:90 Join Priority Processing status = 0, Incoming Ap's Priority 1, MaxLrads = 100, joined Aps =0
*spamApTask6: Nov 27 18:14:50.250: c4:0a:cb:5c:7a:90 Primary Discovery Response sent to 10.40.94.114:48716
*spamApTask4: Nov 27 18:14:50.251: c4:0a:cb:2d:c3:d0 Primary Discovery Request from 10.40.94.59:1321
Do you have any suggestions?
many thanks
Regards Antonio
Solved! Go to Solution.
11-28-2020 03:46 AM
*Nov 28 12:38:27.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.40.92.8:5246
*Nov 28 12:38:27.051: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Nov 28 12:38:27.064: %CAPWAP-3-ERRORLOG: Binding Config Initialization failed for binding 1
*Nov 28 12:38:27.070: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Nov 28 12:38:27.089: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 28 12:38:28.077: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Nov 28 12:38:28.099: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Nov 28 12:38:28.105: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 28 12:38:29.124: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 28 12:38:30.125: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Nov 28 12:38:37.086: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 28 12:42:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.40.92.9 peer_port: 5246
*Nov 28 12:42:51.128: %PKI-3-CERTIFICATE_INVALID_EXPIRED: Certificate chain validation has failed. The certificate (SN: 3948E4B6000000317F37) has expired. Validity period ended on 05:40:06 UTC Jul 2 2020Peer certificate verification failed 001A
*Nov 28 12:42:51.128: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Nov 28 12:42:51.128: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Nov 28 12:42:51.128: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.40.92.9:5246
*Nov 28 12:42:51.128: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.40.92.9:5246
*Nov 28 12:42:51.132: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
I Have problems with the ceriticates
How I can fix it?
thanks
11-28-2020 04:05 AM
the solution should be this command. but I don't know what I'm doing wrong?
Can you help me?
(Cisco Controller) >config ap cert-expiry-ignore {mic|ssc} enable
Incorrect usage. Use the '?' or <TAB> key to list commands.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS
System Name...................................... WLC-2
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
Redundancy Mode.................................. Disabled
IP Address....................................... 10.40.92.8
Last Reset....................................... Software reset
System Up Time................................... 2 days 21 hrs 34 mins 25 secs
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
Configured Country............................... Multiple Countries:IT,US
Operating Environment............................ Commercial (0 to 40 C)
--More-- or (q)uit
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +45 C
External Temperature............................. +32 C
Fan Status....................................... OK
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 6
Number of Active Clients......................... 14
Memory Current Usage............................. Unknown
Memory Average Usage............................. Unknown
CPU Current Usage................................ Unknown
CPU Average Usage................................ Unknown
Burned-in MAC Address............................ 70:CA:9B:C9:45:80
Power Supply 1................................... Present, OK
Power Supply 2................................... Absent
Maximum number of APs supported.................. 100
11-27-2020 12:48 PM
More information:
11-27-2020 12:49 PM - edited 11-27-2020 12:59 PM
Also as it was indicated before, check the date/time
11-27-2020 01:39 PM
(Cisco Controller) >show time
Time............................................. Fri Nov 27 22:38:48 2020
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 86400
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 0 10.39.90.244 AUTH DISABLED
11-27-2020 01:57 PM
(Cisco Controller) >show time
Time............................................. Fri Nov 27 22:57:16 2020
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 86400
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------
1 0 10.39.90.244 AUTH DISABLED
11-27-2020 10:13 AM - edited 11-27-2020 10:48 AM
do you use DHCP WLC discovery, i.e. you specify the IP address of WLC in DHCP Server?
do you config AP-mangamer as management IP? are they in same Subnet?
Make sure the AP can connect to both management IP and AP-manger of WLC, i.e. check the routing from AP to WLC.
NOTE:- if this is new AP join then make sure the MASTER mode is enable under WLC.
11-27-2020 11:01 AM
HI MHM Cisco Wold,
I use static Ip address on the controller.
The Aps and the controller are in the same subnet.
Sorry I foget to mention that in my infrastrcuture there are 3 controllers Cisco 5508 with 100 licenses on each.In total I have 230 APS, 200 are working without problems on the first 2 controllers. On the third one i should have abot 30 APs, but i cannot see them.
thanks
11-27-2020 11:22 AM - edited 11-27-2020 11:23 AM
master mode disable on the two full and make master enable for third with empty AP join list.
the AP receive discovery from the three WLC and send join to wrong one.
try this method and check the AP join.
after AP join disable Master mode.
11-27-2020 11:43 AM
11-27-2020 11:52 AM - edited 11-27-2020 11:59 AM
I see you have configured IT (Italy) and US (United States) as countries
11-27-2020 11:57 AM
11-27-2020 12:15 PM
11-27-2020 04:37 PM
As a final note, if the issue is an expired certificate on the AP, go to the WLC and apply:
config ap cert-expiry-ignore mic enable
By default is DISABLED, meaning that IGNORE is not considered so the validation of the certificate takes place.
11-27-2020 04:59 PM
it is not working
(Cisco Controller) config>
(Cisco Controller) config> ap cert-expiry-ignore mic enable
Incorrect usage. Use the '?' or <TAB> key to list commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide