Solved: Re: vWLC and Cisco 1130 - Page 2

Ditter · ‎06-12-2024

Hi to all,

coming back to an old subject which i digged into but no answer in my case.

I have an number of old 1130s still working and need to transfer these from an old WISM to a vWLC.

Th problem is that they do not want to register to this vWLC (Ip address10.10.32.4) .

The debug messages i get are the following:

*Jun 12 10:02:26.765: status of voice_diag_test from WLC is false
*Jun 12 10:01:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.32.4 peer_port: 5246
*Jun 12 10:01:06.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jun 12 10:01:06.014: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jun 12 10:01:06.015: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jun 12 10:01:06.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Jun 12 10:01:06.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.10.32.4
*Jun 12 10:01:06.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.10.32.4:5246
*Jun 12 10:01:06.016: %DTLS-3-BAD_RECORD: Erroneous record received from 10.10.32.4: Malformed Certificate
*Jun 12 10:01:06.016: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.32.4:5246
*Jun 12 10:01:06.016: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

The IOS the vWLC runs is :

Maximum number of APs supported.................. 200
Press Enter to continue or <ctrl-z> to abort

System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
RTOS Version..................................... 8.0.150.0
Bootloader Version............................... 7.6.110.0
Emergency Image Version.......................... 7.6.110.0

Build Type....................................... DATA + WPS

The access points run :

>show version
Cisco IOS Software, C1130 Software (C1130-K9W8-M), Version 12.4(23c)JA10, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Fri 20-Mar-15 13:37 by prod_rel_team

ROM: Bootstrap program is C1130 boot loader
BOOTLDR: C1130 Boot Loader (C1130-BOOT-M) Version 12.3(8)JEA, RELEASE SOFTWARE (fc2)

AP0021.d847.86b8 uptime is 4 days, 20 hours, 49 minutes
System returned to ROM by power-on
System image file is "flash:/c1130-k9w8-mx.124-23c.JA10/c1130-k9w8-mx.124-23c.JA10"

According to cisco the 8.0.150 version supports the 1130s. Please refer to the attached png.

However , not able to get them registered to the WLC.

I also changed the time back to 2010 , as i have seen a relative post with no luck.

Any ideas?

Thaks,

Ditter.

Ditter · ‎06-13-2024

Yes off course , if you see above there is no ntp running :

(Cisco Controller) >show time

Time............................................. Thu Jun 13 11:20:20 2013

Timezone delta................................... 0:0
Timezone location................................ (GMT +2:00) Jerusalem

NTP Servers
NTP Polling Interval......................... 3600

Index NTP Key Index NTP Server NTP Msg Auth Status
------- ---------------------------------------------------------------

(Cisco Controller) >

Leo Laohoo · ‎06-13-2024

@Ditter wrote:
Top Assembly Serial Number : FCZ1242Q188

The AP was manufactured in 2008, therefore the vWLC can only be set between 2009 and 2017 (and reboot the AP after setting the year).

If the AP still would not join the vWLC, post the entire bootup of the AP.

Ditter · ‎06-13-2024

Still having the vWLC to 2013.

Still after the reboot the AP does not register to 10.10.32.4 (vWLC).

The boot of the AP shows:

flashfs[0]: 48 files, 14 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 15998976
flashfs[0]: Bytes used: 12832256
flashfs[0]: Bytes available: 3166720
flashfs[0]: flashfs fsck took 39 seconds.
Base ethernet MAC Address: 00:21:d8:47:86:b8
Initializing ethernet port 0...
Reset ethernet port 0...
Reset done!
ethernet link up, 100 mbps, full-duplex
Ethernet port 0 initialized: link is up
Loading "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx"...################################################################################################################################################################################################################################################################

File "flash:/c1130-rcvk9w8-mx/c1130-rcvk9w8-mx" uncompressed and installed, entry point: 0x3000
executing...

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.4(21a)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 08-Jun-09 16:07 by prod_rel_team

Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...

flashfs[1]: 48 files, 14 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 15998976
flashfs[1]: Bytes used: 12832256
flashfs[1]: Bytes available: 3166720
flashfs[1]: flashfs fsck took 5 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-AP1131AG-E-K9 (PowerPCElvis) processor (revision A0) with 24566K/8192K bytes of memory.
Processor board ID FCZ1242Q188
PowerPCElvis CPU at 262Mhz, revision number 0x0950
Last reset from power-on
LWAPP image version 3.0.51.0
1 FastEthernet interface

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:21:D8:47:86:B8
Part Number : 73-8962-14
PCA Assembly Number : 800-24818-13
PCA Revision Number : A0
PCB Serial Number : FOC12374G8S
Top Assembly Part Number : 800-29230-02
Top Assembly Serial Number : FCZ1242Q188
Top Revision Number : A0
Product/Model Number : AIR-AP1131AG-E-K9
% Please define a domain-name first.

Press RETURN to get started!

*Mar 1 00:00:06.379: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 1023 messages)

*Mar 1 00:00:08.430: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar 1 00:00:08.457: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1130 Software (C1130-RCVK9W8-M), Version 12.4(21a)JA, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Mon 08-Jun-09 16:07 by prod_rel_team
*Mar 1 00:00:08.476: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 1 00:00:09.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Mar 1 00:00:17.831: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.10.47.252, mask 255.255.240.0, hostname AP0021.d847.86b8

*Mar 1 00:00:32.502: %CDP_PD-4-POWER_OK: Full power - NEGOTIATED inline power source
Translating "CISCO-CAPWAP-CONTROLLER.capwap.my.domain"...domain server (192.168.100.90)

Translating "CISCO-LWAPP-CONTROLLER.capwap.my.domain"...domain server (192.168.100.90)

*Mar 1 00:00:38.400: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:00:38.402: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.capwap.my.domain
*Mar 1 00:00:38.404: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.capwap.my.domain
*Mar 1 00:00:49.405: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jun 13 11:18:37.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.32.4 peer_port: 5246
*Jun 13 11:18:38.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jun 13 11:18:38.014: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jun 13 11:18:38.014: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jun 13 11:18:38.014: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:326 Certificate verified failed!
*Jun 13 11:18:38.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.10.32.4
*Jun 13 11:18:38.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.10.32.4:5246
*Jun 13 11:18:38.015: %DTLS-3-BAD_RECORD: Erroneous record received from 10.10.32.4: Malformed Certificate
*Jun 13 11:18:38.015: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 10.10.32.4:5246
*Jun 13 11:18:38.016: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

Thanks,

Ditter.

Leo Laohoo · ‎06-13-2024

@Ditter wrote:

LWAPP image version 3.0.51.0

That is one old firmware right there!

Search for and download the filename "c1130-rcvk9w8-tar.124-25e.JAP10.tar". That's a recovery file but slightly "newer". It may help.

Ditter · ‎06-13-2024

Thanks Leo !

found the firmware , downloaded to the AP , via the command archive tftp://... (before this command i enabled debug capwap console cli) , it connected to the vWLC and downloaded the final software.

The final task now is to transfer all remaining 1131s and 1142s from the WISM they are registered now , to the vWLC. Is there a way to pass this software to these APs without going on site with an ethernet cable back to back?

Please see picture attached.

Thanks,

Ditter

Leo Laohoo · ‎06-13-2024

@Ditter wrote:
Is there a way to pass this software to these APs without going on site with an ethernet cable back to back?

There is and this entirely depends if the APs in question can be remotely accessed (telnet or SSH).

If remote access to the AP is possible, then do the following:

debug capwap console cli
delete /f /r flash:c1130*
archive download-sw tftp://<IP ADDRESS>/c1130-rcvk9w8-tar.124-25e.JAP10.tar

And then reboot the AP.

If, the "archive download-sw" does not work use an alternative method:

archive tar /x tftp://<IP ADDRESS>/c1130-rcvk9w8-tar.124-25e.JAP10.tar flash:

Ditter · ‎06-15-2024

Thanks Leo,

i succeeded in upgrading the remote 1130s as well, i believe the procedure will be the same for my 1140s that are also registered to my 6500's WISM module. Off course i will need to download the appropriate software for these APs also but now the process is clear.

Thanks again,

Ditter

Ditter · ‎06-16-2024

Hi to all,

does anybody know what happens to the APs registered to a vWLC when the demo licenses in vWLC expire, i suppose they deregister. Correct?

I am asking this because in my case although i purchased licenses back is 2014 , currently the vwlc runs on demo licenses (200 APs).

Digging through some old files i managed to find a purchased license file which i also uploaded but it is only for 15 APs.

The problem is that these licenses were a long ago smart software management and not even as PAKs loaded in the software center.

Any views on this?

Thanks,

Ditter