Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1068
Views
10
Helpful
8
Replies

Controller command

Wifi_Eshwar92
Level 1
Level 1

‎05-17-2017 05:55 AM - edited ‎07-05-2021 07:02 AM

Hi All,

I have enabled this "config ap dtls-wlc-mic SHA1/SHA2" on the controller for this error "*AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS." Now i want to remove that command. How to disable it? will this command affect the aps joining in future or other aps if rebooted ? Thanks!

Labels:
0 Helpful
8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎05-17-2017 06:22 AM

I dont think you can disable that...

either you need to enable SHA1 or SHA2!!

Regards

Dontf orget to arte helpful posts

0 Helpful

Wifi_Eshwar92
Level 1
Level 1
In response to Sandeep Choudhary

‎05-17-2017 06:26 AM

Yeah couldnot see command to disable it.. Any idea will it affect already joined aps in the event of reboot?

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Wifi_Eshwar92

‎05-17-2017 06:32 AM

did you configure SHA2 or SHA1 on WLC ?

What was earlier configured ?

Regards

Doint forget to rate helpful posts

0 Helpful

Wifi_Eshwar92
Level 1
Level 1
In response to Sandeep Choudhary

‎05-17-2017 06:50 AM

How to check that.. what all certificates need for ap to join.. ? 

by the way we have many 1242 models which are pretty old..

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Wifi_Eshwar92

‎05-17-2017 06:53 AM

ohk then old AP must have SHA1 certificates.

So if you configure SHA2 on WLC then these old AP will have trouble to join again after reboot.

So better to keep SHA1 on wlc.

Reagrds

Dont forget to rate helpful posts

0 Helpful

Wifi_Eshwar92
Level 1
Level 1
In response to Sandeep Choudhary

‎05-17-2017 07:00 AM

Thanks for the response..

okay.. it sounds like only one certificate will be enabled on the controller? I mean, wont it have all the certificates enabled if we give those command? I have actually given both the commands in order.. SHA1 and then SHA2 as well.. (is there any other certificates aps will come up with- just curious :))

I could also try reboot one ap and test, but it seems like it will take time ... 

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Wifi_Eshwar92

‎05-17-2017 07:10 AM

Hi,

As far as I Know: The WLC supports SHA-2 certificates since release 8.0.100, so at this moment this is the only release where this is supported on.

More info:

https://supportforums.cisco.com/blog/13184416/wlc-sha2-cert-support-clarification

Regards

Dont forget to rate helpful posts and also mark it as answered, it may help others

Wifi_Eshwar92
Level 1
Level 1
In response to Sandeep Choudhary

‎05-17-2017 07:19 AM

Now running on 8.0.140.0.. may be i can try rebooting 1 ap and see if any issues.. then revert back to SHA1 if needed.. I will update back here,,

Many thanks for your time 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card