cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
30701
Views
80
Helpful
26
Replies

WLC NMSP status is inactive

jcmazdausa
Level 1
Level 1

I am running the following

WLC: 7.0.220

MSE: 7.0.220

NCS:  1.0.2.29

NCS shows Controller is not reachable from MSE.

I am able to ping to and from the Controller and MSE.

Sychronization service is showing everything being synchronize. Removed and MSE from NCS and add it back in several times. Not really sure where to go from here.

26 Replies 26

Hi Ric,

 

This got resolved after enabling TLSV1.0

We ensured that TLSv1.0 is enabled on MSE as MSE is running on version 8.0.150.0 use TLSv1.2 by default.

TLSv1.2 support on WLC came only after 8.3.108.0 release. This behavior is documented in the bug, CSCvh68000

 

-- Binish

 

Hi Binish,

Thanks for coming back to let us know the final solution! Please mark your reply as the answer so others will see it too :).

Thanks,
Ric
-----------------------------
Please rate helpful / correct posts

Answer

Answer

 From https://community.cisco.com/t5/other-wireless-mobility-subjects/controller-keyhash-matches-with-the-mse/m-p/3377668 richard wakefield explains the workaround. enable option 23 on MSE

 

  1. Invoke the setup script in the MSE:
  • /opt/mse/setup/setup.sh
  1. Select option 23
  2. Save the settings by selecting the option#25

This fix worked for me. Thanks!

 

Abdul H. Malik

Ric,
Thank you. Your recommendations helped solve the problem with NMSP status is inactive on my MSE (Cisco MSE 8.0.150, Cisco Prime 3.4.0.0.348, Cisco WLC 8.2.170).

Hi all!

For CMX 10.x and WLC 8.5.x i had the same problem and found a solution. I am posting this for future reference.

 

WLC 8.5.140.0

CMX 10.4.1-28

 

On WLC connection was down, cipher high option was enabled:

WLC > show nmsp status
NMSP Cipher High Option......................... Enabled
Max number of Nmsp Connections supported : 4
MSE IP Address Echo Resp Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------

 

WLC > show nmsp statistics connection

NMSP Connection Counters

0.0.0.0
Connection status: DOWN

 

Debug shows SSL wrong version number and Decode Failure detected at MSE:

WLC > debug nmsp all enable

SSL routines:ssl3_get_client_hello:wrong version number

Decode Failure detected at MSE: Sending out keys to MSE

 

On CMX:

cmxctl config controllers show
+------------+------+-----------+------+----------+
| IP Address | Type | Version | SHA2 | Status |
+------------+------+-----------+------+----------+
| 172.29.0.4 | WLC | 8.5.140.0 | Yes | INACTIVE |
+------------+------+-----------+------+----------+

 

The solution was to disable NMSP cipher high option:

WLC > config nmsp cipher-option high disable

NMSP high cipher option will be enabled/disabled after WLC Reboot.
Power MUST be ON while 'save config' is getting executed.

 

Both controllers need to be rebooted for this to work, as stated above. If your controllers are in HA, you can reboot one at the time without service interruption - reset system self

 

After reboot:

cmxctl config controllers show
+------------+------+-----------+------+--------+
| IP Address | Type | Version | SHA2 | Status |
+------------+------+-----------+------+--------+
| 172.29.0.4 | WLC | 8.5.140.0 | Yes | ACTIVE |
+------------+------+-----------+------+--------+

 

WLC > show nmsp status
NMSP Cipher High Option......................... Disabled


Max number of Nmsp Connections supported : 4


MSE IP Address Echo Resp Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
172.29.0.11 22 22 937 10

 

Downside to turning off cipher high is the loss of advanced security. I hope someone from Cisco can clarify this.

 

I hope this helps.

 

BR,

Tom

When using the show nmsp status command im not seeing the cipher option, however I am also on 8.5.140


MSE IP Address Tx Echo Resp Rx Echo Req Tx Data Rx Data
-------------- ------------ ----------- ------- -------
XXXXXX                  242114 242114 9089556 8

 

Any idea? On CMX the controller is shown as inactive. Other WLCs work great.

Thanks for that Tom, it was very helpful post.

 

I ran into the same problem setting up CMX 10.4.1-15 with WLC 8.5.140.0


I was getting the following error when running the debug command on the WLC:

 

*spectrumNMSPTask: May 24 11:06:52.717: [PA] NMSP Send Msg To Task failed - All NMSP connections are down

 

Setting the 'NMSP Cipher High Option' to 'Disabled' appears to have resolve it.

I'm running this in a dev environment but would like some feedback from Cisco regarding the implications of disabling this the cipher high option before moving to a production environment.

Tanks Tom!
I had the same problem with the same versions and it's work like a charm.

Lee.

Verify “configureCiscoJ.sh status” on Primary MSE?

 

If the output shows disabled, enable it by running the below command.

 

configureCiscoJ.sh enable

 

Restart MSED services.

 

Service msed restart

 

worked for me.

 

Thanks

Review Cisco Networking for a $25 gift card