04-13-2023 11:02 PM
hi team
i have wlc 2500 and running IOS ( 8.1.102.0 )
i have ap 3602i
but not join ap with wlc even i have runn below command
1 (Cisco Controller) >config ap dtls-wlc-mic sha2 ( its taken )
2
(Cisco Controller) >config ap cert-expiry-ignore mic enable
Incorrect usage. Use the '?' or <TAB> key to list
Even erro showing below
*Jan 1 00:34:40.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.31.33.250:5246
*Jan 1 00:34:40.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jan 1 00:34:41.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.31.33.250 peer_port: 5246
*Jan 1 00:35:10.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x7346F84!
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (255.255.255.255)
*Jan 1 00:35:40.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.31.33.250:5246
*Jan 1 00:36:08.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jan 1 00:35:51.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.31.33.250 peer_port: 5246
*Jan 1 00:35:51.011: %PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed. The certificate (SN: 5832A5BA00000002C661) is not yet valid Validity period starts on 03:37:53 UTC Aug 31 2015Peer certificate verification failed 001A
*Jan 1 00:35:51.011: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:497 Certificate verified failed!
*Jan 1 00:35:51.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 172.31.33.250:5246
*Jan 1 00:35:51.015: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.31.33.250:5246
how to fix it
Solved! Go to Solution.
04-13-2023 11:33 PM
- Ref : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
>....(Cisco Controller) >config ap cert-expiry-ignore mic enable
- You need 8.3.x or above to be able to use that command , also consider : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
M.
04-14-2023 12:10 AM
Look at the time and date of the AP.
Please post the complete output to the following commands:
04-13-2023 11:25 PM
%PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed. The certificate (SN: 5832A5BA00000002C661) is not yet valid Validity period starts on 03:37:53 UTC Aug 31 2015Peer certificate verification failed 001A
check the valid certs and also check the below FN :
https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
04-13-2023 11:33 PM
- Ref : https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html
>....(Cisco Controller) >config ap cert-expiry-ignore mic enable
- You need 8.3.x or above to be able to use that command , also consider : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
M.
04-14-2023 12:10 AM
Look at the time and date of the AP.
Please post the complete output to the following commands:
04-14-2023 08:37 AM
Read all the field notices below ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide