Re: Connection problem between Cisco-vWLC-AIR-CTVM-7-3-101-0.ova and A - Page 2

medzeinmaaloum · ‎01-01-2023

Hi there,

I deployed vWLC version 7-3-101-0 on ESXI 5.5:

When I put the ESXI (vWLC) and the AP on the same network the vWLC did not display AP

See the Message Logs from vWLC:

*spamApTask6: Jan 01 01:39:32.302: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.74.10

*spamApTask6: Jan 01 01:38:27.284: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.74.10

*spamApTask5: Jan 01 01:37:11.976: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.74.10

*spamApTask5: Jan 01 01:36:08.957: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:681 Failed to complete DTLS handshake with peer 192.168.74.10

*fp_main_task: Jan 01 01:29:41.047: #LOG-3-Q_IND: sisf_shim_utils.c:316 Internal error, NULL entry in sisf_sw_policy_get_cfg_ptr[...It occurred 3 times.!]

*fp_main_task: Jan 01 01:29:41.036: #SISF-3-INTERNAL: sisf_shim_utils.c:316 Internal error, NULL entry in sisf_sw_policy_get_cfg_ptr

*fp_main_task: Jan 01 01:29:41.035: #SISF-3-INTERNAL: sisf_shim_utils.c:316 Internal error, Can't create the acl for 0000019F

*fp_main_task: Jan 01 01:29:40.358: #MM-3-MEMBER_ADD_FAILED: mm_dir.c:1193 Could not add Mobility Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, IP: 0.0.0.0

*mfpKeyRefreshTask: Jan 01 01:29:37.863: #SSHPM-3-NOT_INIT: bsnrandom.c:620 Random context not initialized

*fp_main_task: Jan 01 01:29:37.835: #CNFGR-3-INV_COMP_ID: cnfgr.c:2667 Invalid Component Id : Unrecognized (36) in cfgConfiguratorInit.

And see the AP message logs via Putty:

*Jan 1 01:48:44.005: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255

*Jan 1 01:48:54.289: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Jan 1 01:49:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.74.240 peer_port: 5246

*Jan 1 01:49:59.490: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.74.240

*Jan 1 01:49:59.490: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.

*Jan 1 01:49:59.490: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.74.240:5246

*Jan 1 01:49:59.491: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

*Jan 1 01:51:04.004: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Jan 1 01:49:59.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.74.240 peer_port: 5246

*Jan 1 01:49:59.487: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.74.240

*Jan 1 01:49:59.487: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.

*Jan 1 01:49:59.488: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.74.240:5246

*Jan 1 01:49:59.488: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

logging facility kern

^

% Invalid input detected at '^' marker.

logging trap emergencies

^

% Invalid input detected at '^' marker.

Summary of the config:

Enter Administrative User Name (24 characters Max):mohamed

Enter Administrative Password (3 to 24 characters):1974Med

Re-enter Administrative Password :1974Med

service Interface IP Address Configuration [static] [DHCP]:static

service Interface IP Address:192.168.1.1

service Interface Netmask:255.255.255.0

Management Interface IP Address :192.168.74.240

Management Interface Netmask :255.255.255.0

Management Interface Default Router :192.168.74.254

Management Interface VLAN Identifier (0 = untagged):0

Management Interface Port Num [1 to 1] :1

Management Interface DHCP Server IP Address :192.168.74.254

Virtual Gatewaye IP Address :1.1.1.1

Mobility/RF Groupe Name:Mobility

Network Name (SSID): Projets-Education

Cinfigure DHCP Bridging Mode [yes][NO]:

Allow Static IP Addresses [YES][no]:

Configure a RADIUS Server now? [YES][no]:no

Enter Country Code list (enter 'help' for a list of countries) [US]:MA

Enable 802.11b Network [YES][no]:YES

Enable 802.11a Network [YES][no]:YES

Enable 802.11g Network [YES][no]:YES

Enable Auto-RF [YES][no]:YES

Configure a NTP server now? [YES] [no]:yes

Enter the NTP server's IP address : 192.168.74.254

Enter a polling interval between 3600 and 604800 secs:3600

Configuration correct? if yes, system will save it and reset. [yes][NO]: yes

Note: there is no configuration in the Switch.

merci

medzeinmaaloum · ‎01-03-2023

good day

Finally, I deployed AIR-CTVM-K9-8-0-150-0.ova and used AIR-CAP2702I-E-K9, the vWLC saw the AP.

This is a good thing, but the wireless network is not detected by my laptop or my mobile phone, it may be broadcasting on 5Ghz, how can I change the frequency to 2.4Ghz?

merci

medzeinmaaloum · ‎01-03-2023

On the AP mode I don’t see FlexConnet:

Which mode should I choose?

marce1000 · ‎01-03-2023

- Concerning both items : flexconnect support and band-seeing check : https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html , -> 2700 series AP model(s) need at minimum 7.6.120.0 , your vm controller is only running 7.3.x

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-03-2023

My vWLC is :

AIR-CTVM-K9-8-0-150-0.ova

marce1000 · ‎01-03-2023

- Sorry about that (it conflicts with the subject of the post) : start by having a checkup of the controller configuration with : https://cway.cisco.com/wireless-config-analyzer/ , for that the particular tool needs the output of the running configuration without breaks or prompts as explained in : https://community.cisco.com/t5/networking-knowledge-base/show-the-complete-configuration-without-breaks-pauses-on-cisco/ta-p/3115114#toc-hId-1039672820
Or you could also upload the configuration to an external server through TFTP (e.g.)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-03-2023

I didn't quite understand!

Do I have to save the vWLC configuration in a .text file then the analyzer will analyze the configuration from the .text file?

marce1000 · ‎01-03-2023

- Yes , but if you use TFTP to upload the configuration then you will have the needed text file automatically ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-03-2023

ok I Upload file (Config03012023) on the analyzer and I did run, but no massage after !

marce1000 · ‎01-03-2023

- Attach it here , I could review it and or try myself ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-04-2023

# WLC Config Begin <Tue Jan 3 07:31:37 2023>

config wlan exclusionlist 1 60
config wlan create 1 Projets Projets
config wlan interface 1 management
config wlan broadcast-ssid enable 1
config wlan session-timeout 1 1800
config wlan mfp client enable 1
config wlan wmm allow 1
config wlan security web-auth server-precedence 1 local radius ldap
config wlan security wpa wpa2 ciphers aes disable 1
config wlan security wpa wpa2 disable 1
config wlan security wpa akm 802.1x disable 1
config wlan security wpa disable 1
config wlan enable 1
config network rf-network-name Mobility
config network webmode enable
config network telnet enable
config network multicast l2mcast disable service-port
config network multicast l2mcast disable virtual
config mdns service origin all AirTunes
config mdns service create AirTunes _raop._tcp.local. origin all lss disable
config mdns service origin all Airplay
config mdns service create Airplay _airplay._tcp.local. origin all lss disable
config mdns service origin all HP_Photosmart_Printer_1
config mdns service query enable HP_Photosmart_Printer_1
config mdns service create HP_Photosmart_Printer_1 _universal._sub._ipp._tcp.local. origin all lss disable query enable
config mdns service origin all HP_Photosmart_Printer_2
config mdns service query enable HP_Photosmart_Printer_2
config mdns service create HP_Photosmart_Printer_2 _cups._sub._ipp._tcp.local. origin all lss disable query enable
config mdns service origin all HomeSharing
config mdns service query enable HomeSharing
config mdns service create HomeSharing _home-sharing._tcp.local. origin all lss disable query enable
config mdns service origin all Printer-IPP
config mdns service create Printer-IPP _ipp._tcp.local. origin all lss disable
config mdns service origin all Printer-IPPS
config mdns service create Printer-IPPS _ipps._tcp.local. origin all lss disable
config mdns service origin all Printer-LPD
config mdns service create Printer-LPD _printer._tcp.local. origin all lss disable
config mdns service origin all Printer-SOCKET
config mdns service create Printer-SOCKET _pdl-datastream._tcp.local. origin all lss disable
config mdns profile service add default-mdns-profile AirTunes
config mdns profile service add default-mdns-profile Airplay
config mdns profile service add default-mdns-profile HP_Photosmart_Printer_1
config mdns profile service add default-mdns-profile HP_Photosmart_Printer_2
config mdns profile service add default-mdns-profile HomeSharing
config mdns profile service add default-mdns-profile Printer-IPP
config mdns profile service add default-mdns-profile Printer-IPPS
config mdns profile service add default-mdns-profile Printer-LPD
config mdns profile service add default-mdns-profile Printer-SOCKET
config mdns profile create default-mdns-profile
config ap packet-dump capture-time 10
config ap packet-dump truncate 0
config ap packet-dump buffer-size 2048
config ap preferred-mode ipv4 all
config interface port management 1
config interface dhcp management primary 192.168.74.254
config interface dhcp service-port disable
config interface address management 192.168.74.217 255.255.255.0 192.168.74.254
config interface address service-port 192.168.1.1 255.255.255.0
config interface address virtual 1.1.1.1
config certificate generate webadmin
config 802.11b cac voice sip codec g711 sample-interval 20
config 802.11b cac voice sip bandwidth 64 sample-interval 20
config 802.11b 11gsupport enable
config mobility group domain Mobility
config time ntp interval 3600
config time ntp server 1 192.168.74.254
config sysname Cisco_d8:40:b3
config advanced 802.11b channel add 1
config advanced 802.11b channel add 5
config advanced 802.11b channel add 9
config advanced 802.11b channel add 13
config advanced 802.11a channel add 36
config advanced 802.11a channel add 40
config advanced 802.11a channel add 44
config advanced 802.11a channel add 48
config advanced 802.11a channel add 52
config advanced 802.11a channel add 56
config advanced 802.11a channel add 60
config advanced 802.11a channel add 64
config database size 2048
config country MA
config switchconfig strong-pwd lockout attempts mgmtuser 3
config switchconfig strong-pwd lockout time mgmtuser 5
config mgmtuser add encrypt mohamed 1 1a566d456f888365e71065aeaaa1c405 192651c61099b1f527f216ff24786079bcc941f1 16 73029f187476091a0e693cfb170adcf80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write
config 802.11a cac voice sip codec g711 sample-interval 20
config 802.11a cac voice sip bandwidth 64 sample-interval 20
transfer upload serverip 192.168.74.13
transfer upload path /Config03012022/
transfer upload filename Config03012023
transfer upload datatype config
transfer download serverip 192.168.74.13
transfer download path /Config03012022/
transfer download filename Config03012023

# WLC Config End <Tue Jan 3 07:31:37 2023>

marce1000 · ‎01-04-2023

- Doesn't seem to work indeed , it also seems incomplete as it does not contain administrative authentication info's etc. Please try the show run-config method with no breaks as mentioned in https://community.cisco.com/t5/networking-knowledge-base/show-the-complete-configuration-without-breaks-pauses-on-cisco/ta-p/3115114#toc-hId-1039672820 , the output (also) needs to be saved in a text file (indeed) , but if you connect to the controller with tools such as PuTTY you can configure to keep an operator log , to save all outputs (for instance) , of course when disconnecting from the controller you then need to clean it up a bit before providing the configuration-only data to the WirelessAnalyzer tool.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-04-2023

marce1000 · ‎01-04-2023

- This is only a partial screenshot , open panes accordingly and at least all red-flagged items should be corrected , (open the other yellow advisories too and correct according to urgency)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

medzeinmaaloum · ‎01-04-2023

According to the 1st message, I have to migrate to version 8.10, but I couldn't download because as I don’t have Service Contract!

marce1000 · ‎01-04-2023

- That is beyond my resolving capabilities , you could contact TAC and or argue business need (f)or testing , or saying you have an important security problem, they are sensitive to that ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Connection problem between Cisco-vWLC-AIR-CTVM-7-3-101-0.ova and AIR-L