Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
133
Views
5
Helpful
8
Replies
Highlighted
Wifi_Eshwar92
Beginner
Beginner
‎05-17-2017 05:55 AM
‎05-17-2017 05:55 AM

Controller command

Hi All,

I have enabled this "config ap dtls-wlc-mic SHA1/SHA2" on the controller for this error "*AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS." Now i want to remove that command. How to disable it? will this command affect the aps joining in future or other aps if rebooted ? Thanks!

Labels:
0 Helpful
Reply
8 REPLIES 8
Highlighted
Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor
‎05-17-2017 06:22 AM
‎05-17-2017 06:22 AM

I dont think you can disable that...

either you need to enable SHA1 or SHA2!!

Regards

Dontf orget to arte helpful posts

0 Helpful
Reply
Highlighted
Wifi_Eshwar92
Beginner
Beginner
In response to Sandeep Choudhary
‎05-17-2017 06:26 AM
‎05-17-2017 06:26 AM

Yeah couldnot see command to disable it.. Any idea will it affect already joined aps in the event of reboot?

0 Helpful
Reply
Highlighted
Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor
In response to Wifi_Eshwar92
‎05-17-2017 06:32 AM
‎05-17-2017 06:32 AM

did you configure SHA2 or SHA1 on WLC ?

What was earlier configured ?

Regards

Doint forget to rate helpful posts

0 Helpful
Reply
Highlighted
Wifi_Eshwar92
Beginner
Beginner
In response to Sandeep Choudhary
‎05-17-2017 06:50 AM
‎05-17-2017 06:50 AM

How to check that.. what all certificates need for ap to join.. ? 

by the way we have many 1242 models which are pretty old..

0 Helpful
Reply
Highlighted
Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor
In response to Wifi_Eshwar92
‎05-17-2017 06:53 AM
‎05-17-2017 06:53 AM

ohk then old AP must have SHA1 certificates.

So if you configure SHA2 on WLC then these old AP will have trouble to join again after reboot.

So better to keep SHA1 on wlc.

Reagrds

Dont forget to rate helpful posts

0 Helpful
Reply
Highlighted
Wifi_Eshwar92
Beginner
Beginner
In response to Sandeep Choudhary
‎05-17-2017 07:00 AM
‎05-17-2017 07:00 AM

Thanks for the response..

okay.. it sounds like only one certificate will be enabled on the controller? I mean, wont it have all the certificates enabled if we give those command? I have actually given both the commands in order.. SHA1 and then SHA2 as well.. (is there any other certificates aps will come up with- just curious :))

I could also try reboot one ap and test, but it seems like it will take time ... 

0 Helpful
Reply
Highlighted
Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor
In response to Wifi_Eshwar92
‎05-17-2017 07:10 AM
‎05-17-2017 07:10 AM

Hi,

As far as I Know: The WLC supports SHA-2 certificates since release 8.0.100, so at this moment this is the only release where this is supported on.

More info:

https://supportforums.cisco.com/blog/13184416/wlc-sha2-cert-support-clarification

Regards

Dont forget to rate helpful posts and also mark it as answered, it may help others

Reply
Highlighted
Wifi_Eshwar92
Beginner
Beginner
In response to Sandeep Choudhary
‎05-17-2017 07:19 AM
‎05-17-2017 07:19 AM

Now running on 8.0.140.0.. may be i can try rebooting 1 ap and see if any issues.. then revert back to SHA1 if needed.. I will update back here,,

Many thanks for your time 

0 Helpful
Reply
Latest Contents
How to manually connect a Cisco WLC to Cisco DNA Center for ...
Created by Richard Jang on 01-14-2021 05:50 PM
0
15
0
15
Table of Contents Table of ContentsOverviewConnecting a Catalyst 9800 WLC to Cisco DNA Center ManuallyConnecting an AireOS WLC to Cisco DNA Center ManuallyCisco DNA Center Assurance Deployment Guide References   Overview The purpose of this document... view more
IOS-XE PSK Blog
Created by SAY on 12-03-2020 07:33 AM
1
5
1
5
Securing devices without 802.1X   PSK (Pre-Shared-Key) WLAN is widely used for consumer & enterprise IoT onboarding as most of IoT device doesn’t support 802.1X. While PSK WLAN provides an easy way to onboard IoT, it also introduces challenges as... view more
Lightweight AP - Fail to create CAPWAP/LWAPP connection due ...
Created by timsmith on 12-02-2020 01:19 PM
39
55
39
55
Problem Description: Due to the certificate expiration, any new Control and Provisioning of Wireless Access Points (CAPWAP) or Light Weight Access Point Protocol (LWAPP) connection will fail to establish. The main feature that is affected will be the Acce... view more
Cisco WiFi Overkill for Homes
Created by quelopera58 on 11-23-2020 10:10 AM
3
5
3
5
Looking to provide wifi overkill in my home. It's two story with a basement. I am thinking two aironet 1600's. What do you think?Let me know if there is some other model I should be looking at.
Wireless Config Analyzer Express v 0.5.7
Created by Javier Contreras on 11-18-2020 08:00 AM
3
15
3
15
Where to download Attached files on this post Alternatively, cloud version (only summaries) General information: New implementation for the WLC Config Analyzer. it is a new re-write of the application, with clean up and improved checks Support for IOS... view more
Content for Community-Ad