Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2026
Views
5
Helpful
20
Replies

Select Clients Dropping Wireless Connection On 5500 WLC

Go to solution
HoustonW
Level 1
Level 1

‎05-09-2024 07:53 PM

Recently, my system bought around 800 of the Lenovo Gen 4 Chromebooks. We already had around 2500 Gen 3 100e's that worked perfectly fine, still do. We divided the new laptops out to the locations, and 2 of the 10 locations are having issues where the laptop will disconnect from the WIFI (As in every new device drops off the WIFI within 30-45 minutes of using). We have two controllers, one 5500 for the two locations in question, and a 5520 for the other eight. The other eight locations have given us no grief. Which makes me think it could have something to do with the 5500. The only issue is, I'm not sure where to start looking. Any help would be appreciated.

We have a mix of AP's at the locations. At one location we have 1832 AP's with 1702 AP's, at the other newer location we have 9100 series AP's.

0 Helpful
20 Replies 20

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to HoustonW

‎05-10-2024 11:53 PM

 

        >...where the 1702i AP's are not wanting to get out of the download loop.
                 - Post console boot process of those APs

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
HoustonW
Level 1
Level 1
In response to marce1000

‎05-11-2024 04:04 PM

Does this help?

Username:
extracting ap3g2-k9w8-mx.153-3.JK10/triggerfish_cpld.img (2460 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/uart_firmware_upgrade.bin (18818 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/MCU.bin (9031 bytes)cisco
extracting ap3g2-k9w8-mx.153-3.JK10/info (292 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/img_sign_rel.cert (1468 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/img_sign_rel_sha2.cert (1545 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/file_hashes (8698 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/final_hash (141 bytes)
extracting ap3g2-k9w8-mx.153-3.JK10/final_hash.sig (512 bytes)
extracting info.ver (292 bytes)
*Apr 2 22:45:56.551: Currently running a Release Image

*Apr 2 22:45:56.575: Using SHA-2 signed certificate for image signing validation.
*Apr 2 22:45:56.647: %PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed. The certificate (SN: 02A79669ACDDF395D2103895880438649829) is not yet valid Validity period starts on 16:53:06 UTC Dec 7 2022
*Apr 2 22:45:56.647: Image signing certificate validation failed (1A).

*Apr 2 22:45:56.647: Failed to validate signature
*Apr
Password: 2 22:45:56.647: Digital Signature Failed Validation (flash:/update/ap3g2-k9w8-mx.153-3.JK10/final_hash)
*Apr 2 22:45:56.647: AP image integrity check FAILED
Aborting Image Download


*Apr 2 22:45:58.647: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_record.c:169 Pkt too old last_seq_num : 44869,Received sequence num: 1 distance: -44868
Download image failed, notify controller!!! From:8.10.130.0 to 8.10.190.0, FailureCode:3

0 Helpful

Go to solution
HoustonW
Level 1
Level 1
In response to HoustonW

‎05-11-2024 04:21 PM

Scratch that I moved the time to a date before dec 2022 and it looks like after a reboot my 1702i's are coming back.

0 Helpful

Go to solution
HoustonW
Level 1
Level 1
In response to marce1000

‎05-11-2024 04:07 PM

Do I need to set the date to a date after Dec 2022?

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to HoustonW

‎05-12-2024 06:54 AM

As I already said below - you must follow all the steps in the field notices.
- Update software to latest - 8.5.182.11 on 5508 and 8.10.190.0 on 5520
- Configure config ap cert-expiry-ignore mic enable on the WLC as per FN63942
- Set date back to allow APs to join and download
- Once APs have downloaded new software and config from WLC (telling them to ignore expired certs) then WLC time can be set back to NTP as normal.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
Rich R
VIP
VIP
In response to HoustonW

‎05-11-2024 05:25 AM

@HoustonW Have you followed all the steps in https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html ?

Also see https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70330.html and https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213317-understanding-various-ap-ios-flash-corru.html which often affects 1702 APs.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card