Re: AP1852E Not joined WLC5520

duyle2 · ‎09-11-2024

Xin chào tất cả,
Nhật ký AP1852E
[*09/11/2024 11:16:00.0222] CAPWAP trạng thái: DTLS Teardown
[*09/11/2024 11:16:04.7807] Không còn quản lý AP Không phải vậy. .
[*09/11/2024 11:16:04.7807] Trình quản lý hợp lệ AP không thể tìm thấy cho bộ điều khiển 'SWS-test' (ip: 192.168.10.1) 2024
11:16: 04.7807 ] Không thể tham số kiểm tra SWS-test.
[*09/11/2024 11:16:04.7807] Can't tham gia điều khiển.
[*09/11/2024 11:16:04.8807]
[*09/11/2024 11:16:04.8807] Trạng thái CAPWAP: Khám phá
[*09/11/2024 11:16:04.8907] Yêu cầu khám phá gửi đến 192.168.10.1, loại khám phá STATIC_CONFIG(1)
[*09/11/2024 11:16:04.8907] ham phá STATIC_CONFIG(1)
[*09/11/ 2024 11:16:04.8907] Yêu cầu khám phá được gửi đến 255.255.255.255, khám phá loại UNKNOWN(0) Nhật
ký WLC5520

*spamApTask7: 11/09 12:17:35.089: %CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:9079 34:f8:e7:16:03:00: Không thể tạo kết nối DTLS cho AP 192.168.10.9 (52 64 ) .
*spamapTask7: 11/9 12:17:35.089: %DTLS-3-PKI_ERROR: openssl_dtls.c:483 Lỗi khởi tạo PKI: Khởi tạo chỉ thất bại
*spmApTask7: 11/9 7:35.089: %LOG - 3-Q_IND : sshpmcert.c:885 Truth nhập chứng chỉ chỉ trước khi
khởi động so
*spamapTask6: 11/9 12:17:33.086: %CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:9079 d4:6d:50:f3:8f:c7 : Không thể tạo DTLS kết nối cho AP 192.168.10.10 (14590 ).
*spamApTask6: 11/09 12:17:33.086: %DTLS-3-PKI_ERROR: openssl_dtls.c:483 Lỗi khởi tạo PKI: Khởi tạo chứng chỉ không thành công

Mark Elsen · ‎09-11-2024

- Look at this solution https://community.cisco.com/t5/wireless/ap-s-wont-connect-to-5508-wlc-after-update-to-8-3-143-pki/m-p/3690389#M111597

and use the last supported release for the 5520 being 8.10.196.0

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-11-2024

Thank, I cannot upgrade my WLC5520 to other versions because of errors, I have tried versions such as 8.10, 8.5 and 8.3, the current version I am using is 8.2.166. When upgrading, the error "“result_string: Failure while validating the signature" will appear.

Mark Elsen · ‎09-11-2024

- Upgrade CIMC too according to version(s) being pointed out in :
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn810mr11.html#cimc-upgrade

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

My CIMC is on version C220M4.4.0.2h.0.0301211703, which version should I upgrade to?

Mark Elsen · ‎09-12-2024

- That CIMC version is probably OK , also note from https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn810mr11.html
when looking at Table 2 you can not go directly from 8.2 to 8.10 , you must go to 8.5.x first

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

Yes, I can't upgrade to 8.3 and 8.5 from version 8.2, it has an error like the picture I sent "“result_string: Failure while validating the signature"
- 8.2 to 8.3 has the same problem and the same problem from 8.2 to 8.5

Mark Elsen · ‎09-12-2024

- Could you execute from the CLI : show certificate all
If you get no results then execute this procedure https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/4931-blogs-wireless-mobility/50/1/8540_5520_cert_recover_0.pdf

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

I did it but the result is still the same

(Cisco Controller) >show certificate all

--------------- Verification Certificates ---------------

-------------- Identification Certificates --------------

Mark Elsen · ‎09-12-2024

- Hm , that is probably mandatory (this is probably the)
reason that the APs could not join too) ; you can try it again to verify correctness , otherwise I can't help
much further and you must contact TAC ,

- You could also consider making a backup of the controller's configuration and erasing the config.
Then try this and upgrades again on a maiden device (e.g.)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

Can you check for me using ultraview or anydesk? I'm preparing the device, so I don't have to worry about the data

Mark Elsen · ‎09-12-2024

- As far as I try to help as much as possible , I am not available for that support level ,

Kind Regards ,
Mark.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

yes, thank you very much, so my device is having certificate problems, I need to contact TAC for support, right?

Mark Elsen · ‎09-12-2024

Yes , you can also explain everything that has been done so far ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

duyle2 · ‎09-12-2024

yes, thank you very much.
With the error of not having a certificate, the only way to handle it is by opening TAC, right?
Because I bought this device from another party, I don't know how to open the TAC for support