11-23-2020 02:59 AM - edited 07-05-2021 12:49 PM
Hey everyone,
recently changed the company I work for and had no hand over at all, from the former network engineer.
And now I have a problem, in this very old envirement, on joining Cisco Air-LAP1242AG (FW: 12.4(25e)JAP12) to a Cisco WLC 5508 running on 8.0.152.0
I don´t have a guess at all now...
Already set up a dhcp scope for the accepoint... It receives an IP but within the logfile I can´t see the LWAPP/CAPWAP request, from this AP...
The AP is in a remote location and I wasn´t able to get someone to connect a console cable to the "new" AP.
If anyone has a idea, I would be verry happy.
Solved! Go to Solution.
11-23-2020 03:55 AM
11-23-2020 03:55 AM
11-23-2020 06:53 AM - edited 11-23-2020 07:00 AM
Thanks Leo, checked the WLCs Cert and is still valid. Any hint how to check the APs cert? I am now able to get a connection to it with putty...
Also, after raading the above article, I decided to let them reconnect another AP, which was initially reported as broken. This AP is at least shown in the WLCs logging, with following Message:
*spamApTask0: Nov 23 15:48:26.819: %LWAPP-3-RX_ERR3: spam_l2.c:441 The system has received LWAPP packet with invalid sequence number (got 4expected 5) - from AP 68:ef:bd:9c:07:16
*spamApTask0: Nov 23 15:48:24.483: %LWAPP-3-PAYLOAD_MISSING: spam_lrad.c:6774 Join request does not contain BOARD_DATA payload
Update after 5 min:
*spamApTask7: Nov 23 15:55:29.062: %DTLS-5-ESTABLISHED_TO_PEER: openssl_dtls.c:777 DTLS connection established to 192.168.186.102
*spamApTask7: Nov 23 15:57:29.091: %DTLS-5-PEER_DISCONNECT: openssl_dtls.c:901 DTLS peer 192.168.186.102 has closed connection.
11-23-2020 09:13 AM
- That is a pointer to compatibility-conflicts :
https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html
M.
11-23-2020 07:06 AM
ok, on the second controller there was this log entry:
*spamApTask7: Nov 23 16:06:44.708: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:852 Failed to complete DTLS handshake with peer 192.168.186.102
*spamApTask7: Nov 23 16:06:44.708: %DTLS-4-BAD_CERT: openssl_dtls.c:1326 Certificate verification failed. Peer IP: 192.168.186.102
*spamApTask7: Nov 23 16:06:44.708: %SSHPM-4-AP_CERT_EXPIRED: sshpmPkiApi.c:2528 AP certificate time 2010/03/22/14:53:54 - 2020/03/22/15:03:54 is not valid.
11-23-2020 09:10 AM
- That definitely includes Leo's remark :
M.
11-23-2020 09:16 AM
11-23-2020 01:47 PM
friend just make sure the time/date in WLC is same as AP.
that is your issue here.
11-23-2020 08:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide