Solved: Re: Mobility Express Access

danielrattee · ‎04-24-2023

Hello,

I am configuring a Aironet 1830 and have completed the first steps of configuring the controller settings. I am able to connect to the "Employee Network" I set up during the initial configuration.

When I attempt to access the controller at the I receive the error:

Secure Connection Failed

An error occurred during a connection to 10.X.X.X. Peer using unsupported version of security protocol.

Error code: SSL_ERROR_UNSUPPORTED_VERSION

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

This website might not support the TLS 1.2 protocol, which is the minimum version supported by Firefox.

I have tried in chrome as well with the same result. I have googled a bit and have not found a way to go around this.

Does anyone have any suggestions?

danielrattee · ‎04-24-2023

config network secureweb cipher-option high [enables TLSv1.2] was able to get it working. I found this at:

https://community.cisco.com/t5/wireless/enabling-tls-for-management-access-in-wlc/td-p/2673565

View solution in original post

Flavio Miranda · ‎04-24-2023

Hi

Try to access using HTTP instead or use a different browser. Try to access in Incognito mode.

danielrattee · ‎04-24-2023

When attempting a different browser:

This site can’t provide a secure connection

10.X.X.X uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Same when trying in incognito mode

danielrattee · ‎04-24-2023

config network secureweb cipher-option high [enables TLSv1.2] was able to get it working. I found this at:

https://community.cisco.com/t5/wireless/enabling-tls-for-management-access-in-wlc/td-p/2673565

Rich R · ‎05-17-2023

That would have been default on a recent version of software so that suggests you may be using an old version of AireOS.

Refer to the TAC recommended versions link below for what you should be using - currently 8.10.185.0.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390