cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
0
Helpful
6
Replies

How to force AP18xx to accept WLC certificate

liboucher
Beginner
Beginner

Hello All,

 

My client bought a vWLC in "small" version but today needs a "large" version as he must deal with more than 200 APs.

We have installed a new VM in version 8.2.170 (his small is in 8.2.151) and had no problem adding the configuration or migrating AP1600 or AP1700.

As for his AP 1852 and 1832, they cannot join the new WLC because of failed/expired certificate.

 

My colleague told me he had the same problem and had to erase the AP's config before the AP accepted to associate to the new controller.

The problem here is that the client has more than 100 18xx APs and it would be terribly complex to erase the config and modify the primary controller.

 

Does anyone know a way to force the APs to accept the "large"vWLC's certificate ?

 

Thank you for your help

 

Anne

L2 Support Technician

6 Replies 6

pieterh
VIP Engager VIP Engager
VIP Engager

just for the record it'not the ap that rejects the vWLC's certificate, but the WLC that rejects the AP's certificate

 

try this command on the vWLC (Field Notice: FN - 63942 )

ap cert-expiry-ignore {mic|ssc} enable

Hi Pieterh,

 

Thanks for your answer.

I have tried the command but it says that it is already enabled for both mic and ssc.

 

Anne

Can you check if you're maybe also affected by this bug (same error message in boot log on console of AP):
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd76589

There are a few other similar bugs, but 8.2.x is never mentioned as an affected release. Could still be affected though:
https://bst.cloudapps.cisco.com/bugsearch/search?kw=certificate vwlc&pf=prdNm&sb=anfr

Hi Anne,

 

Can you pls help with below two outputs from AP and WLC.

 

WLC: sh sysinfo

AP: sh version

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Hi,

I have attached the sysinfo and the show version of one 1850 which is still on the first controller, and of another one which is not associated.

 

Anne

The 1850KO did not get a valid IP address or is not able to reach the gateway with the supplied DHCP configuration.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers