In this video, we take a look at what is required to join a Cisco Lightweight Access Point (LWAP) to a Cisco Virtual Wireless Controller (vWLC).
Cisco LWAP c1600 series
Windows Server 2012 R2Updated Notes: 28/09/2019Having worked with AP’s and WLC’s some more, I wanted to share some more notes from things observed in my lab.The output below is generated from a C1600 series AP that I have in my lab. The syslog output is generated when the AP attempts to join the WLC. While looking into this, I found a few workarounds and potential bugs associated with this.
*Sep 28 19:38:19.066: AP has SHA2 MIC certificate – Using SHA2 MIC certificate for DTLS.
*Sep 28 19:38:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.101.2 peer_port: 5246
*Sep 28 19:38:23.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Sep 28 19:38:23.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.101.2:5246
*Sep 28 19:38:24.003: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.101.2:5246
Configure the WLC to ignore expired certificates using the following command:
config ap cert-expiry-ignore ssc enable
config ap cert-expiry-ignore mic enable
- Clear the AP private-config:
debug capwap console cli
clear capwap private-config