AP wont connect

billy-kemp · ‎06-07-2007

I have a large wireless network, and everything works very well except on location. I have tried several APs on this WS-2950. The error Im getting is:

Tue Jun 5 14:06:15 2007 [ERROR] spam_lrad.c 1162: Processing of Discovery Request failed from AP 00:0b:85:56:17:90

Tue Jun 5 14:05:55 2007 [ERROR] spam_lrad.c 1628: spamProcessJoinRequest : spamDecodeJoinReq failed

Tue Jun 5 14:05:55 2007 [ERROR] spam_crypto.c 1543: Unable to free public key for AP 00:0B:85:77:AD:A0

Tue Jun 5 14:05:55 2007 [ERROR] spam_lrad.c 5287: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:77:ad:a0.

This is a locally connected site, and I can see one Roque in this area call Free-Public Wifi. Im wondering if this is the reason for the error "unable to free public key for AP". Has anyone seen these errors?

Rob Huffman · ‎06-08-2007

Hi Billy,

I don,t think the two are related, there is this exact error in Question number 2 "unable to free public key for AP" which is related to a Time setting ;

Here is some info for why you may be getting this error;

Q. I have converted my AP to Lightweight AP Protocol (LWAPP), but the AP does not register with the controller. I get the message "LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP". What causes this problem?

A. This error means that the X.509 digital certificates are not valid. There is a possibility that you have hit Cisco bug ID CSCsd42296 ( registered customers only) , the workaround for which is to reset the APs to the factory defaults.

Another possibility is that the self-signed certificate (SSC) is not registered at the WLC. Manual addition of the SSC at the controller can be necessary. Refer to Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs for the procedure.

Q. The lightweight access points (LAPs) do not register with the controller. What could be the possible problem? I see these error messages at the controller: Thu Feb 3 03:20:47 2028: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:f4:f0. Thu Feb 3 03:20:47 2028: Unable to free public key for AP 00:0B:85:68:F4:F0

A. When the access point (AP) sends the Lightweight Access Point Protocol (LWAPP) Join Request to the WLC, it embeds its X.509 certificate in the LWAPP message. It also generates a random session ID that is also included in the LWAPP Join Request. When the WLC receives the LWAPP Join Request, it validates the signature of the X.509 certificate using the APs public key and checks that the certificate was issued by a trusted certificate authority. It also looks at the starting date and time for the AP certificate validity interval and compares that date and time to its own date and time.

**This problem is due to an incorrect clock setting on the WLC. In order to set the clock on the WiSM modules you can use the show time and config time commands.

Q. A Lightweight Access Point Protocol (LWAPP) AP is unable to join its controller. The WLC log display a message similar to this: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:ab:01

A. The LWAPP tunnel between the AP and the WLC traverses a network path with an MTU under 1500 bytes. This causes the fragmentation of the LWAPP packets. This is a known bug in the controller ( Cisco bug ID CSCsd39911 ( registered customers only) ).

The solution is to upgrade the controller firmware to 4.0(155).

From this good Q & A doc;

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

From this doc;

http://www.cisco.com/en/US/products/ps6521/products_configuration_example09186a00806a426c.shtml

Hope this helps!

Rob