Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1766
Views
5
Helpful
4
Replies

AP's Not Connecting to WLAN Controller 2500

Go to solution
JDT69RR
Level 1
Level 1

‎11-30-2021 04:34 PM

After factory resetting the AP's this is what i am getting...

No connection to the WLC. This happened to two AP's out of 4.

*Mar 1 00:00:13.514: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed (15)
*Mar 1 00:00:13.517: *** CRASH_LOG = YES

*Mar 1 00:00:13.517: 64bit PCIE devices
*Mar 1 00:00:14.624: %SOAP_FIPS-2-SELF_TEST_HW_SUCCESS: HW crypto FIPS self test passed (1-6)
*Mar 1 00:00:14.624: Security Core found.

*Mar 1 00:00:14.637: Registering HW DTLS
Base Ethernet MAC address: 28:94:0F:26:29:D4

*Mar 1 00:00:16.870: %LINK-6-UPDOWN: Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.213: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0 (4)
*Mar 1 00:00:18.220: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:00:18.339: loading Power Tables from ram:/Z2.bin. Class = A
*Mar 1 00:00:18.339: record size of 2ss: 404 read_ptr: 2758100

*Mar 1 00:00:21.535: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1 (4)
*Mar 1 00:00:21.585: loading Power Tables from ram:/Z5.bin. Class = A
*Mar 1 00:00:21.585: record size of 2ss: 404 read_ptr: 2758100
capwap_read_version_info: Info file flash:/ap3g1-k9w8-mx.152-2.JB2/info not find
*Nov 30 21:01:54.119: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C3500 Software (AP3G1-K9W8-M), Version 15.3(3)JC9, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Fri 20-Oct-17 19:26 by prod_rel_team
*Nov 30 21:01:54.119: %SNMP-5-COLDSTART: SNMP agent on host AP2894.0f26.29d4 is undergoing a cold start
*Nov 30 21:01:54.305: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 30 21:01:54.468: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Nov 30 21:01:54.468: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to uplwapp_crypto_init: MIC Present and Parsed Successfully

*Nov 30 21:01:55.185: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
*Nov 30 21:02:02.317: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.20.84, mask 255.255.255.0, hostname AP2894.0f26.29d4

*Nov 30 21:02:11.647: Currently running a Release Image
validate_sha2_block: Failed to get certificate chain
*Nov 30 21:02:11.666: Using SHA-1 signed certificate for image signing validation.%Default route without gateway, if not a point-to-point interface, may impact performance
*Nov 30 21:02:17.372: AP image integrity check PASSED

*Nov 30 21:02:17.382: Non-recovery image. PNP Not required.

*Nov 30 21:02:17.445: validate_sha2_block:No SHA2 Block present on this AP.

*Nov 30 21:02:17.473: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Nov 30 21:02:17.473: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Nov 30 21:02:24.699: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Nov 30 21:02:25.790: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Nov 30 21:02:26.791: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Nov 30 21:02:27.583: Logging LWAPP message to 255.255.255.255.

*Nov 30 21:02:27.590: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 0 CLI Request Triggered
*Nov 30 21:02:27.602: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 255.255.255.255 port 514 started - CLI initiated
*Nov 30 21:02:27.885: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up%No matching route to delete
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (75.75.75.75)
*Nov 30 21:02:38.609: %CAPWAP-5-DHCP_OPTION_43: Controller address 192.168.20.13 obtained through DHCP (75.75.76.76)

*Nov 30 21:03:25.078: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
*Nov 30 21:22:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.20.13 peer_port: 5246
*Nov 30 21:22:01.207: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.20.13
*Nov 30 21:22:01.207: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.20.13:5246

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Wes Schochet
Level 3
Level 3

‎12-01-2021 08:42 AM

The certificates on those APs are expired.  Try this command from the CLI:

 

config ap cert-expiry-ignore mic enable

 

View solution in original post

4 Replies 4

Go to solution
Nithin Eluvathingal
VIP
VIP

‎11-30-2021 05:09 PM

Post your question in Wireless section. 



Response Signature


0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎11-30-2021 10:50 PM - edited ‎11-30-2021 10:53 PM

@JDT69RR I moved your post over to the Wireless section of the community as you had posted it in Collaboration, Voice and Video -> Phones and IP Telephony.



Response Signature


0 Helpful

Go to solution
JDT69RR
Level 1
Level 1
In response to Roger Kallberg

‎12-08-2021 03:14 PM

Thank You. I also posted it there as well once it was suggested I do so.
0 Helpful

Go to solution
Wes Schochet
Level 3
Level 3

‎12-01-2021 08:42 AM

The certificates on those APs are expired.  Try this command from the CLI:

 

config ap cert-expiry-ignore mic enable

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card