Joining a Cisco LWAP to a vWLC

In this video, we take a look at what is required to join a Cisco Lightweight Access Point (LWAP) to a Cisco Virtual Wireless Controller (vWLC).

Devices in this video include:
  1. Cisco vWLC
  2. Cisco LWAP c1600 series
  3. Windows Server 2012 R2 
     

     

     

     

    Updated Notes: 28/09/2019
     
    Having worked with AP’s and WLC’s some more, I wanted to share some more notes from things observed in my lab.
     
    The output below is generated from a C1600 series AP that I have in my lab. The syslog output is generated when the AP attempts to join the WLC. While looking into this, I found a few workarounds and potential bugs associated with this.
     

     

     

*Sep 28 19:38:19.066: AP has SHA2 MIC certificate – Using SHA2 MIC certificate for DTLS.

*Sep 28 19:38:18.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.101.2 peer_port: 5246

*Sep 28 19:38:23.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest

*Sep 28 19:38:23.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.101.2:5246

*Sep 28 19:38:24.003: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.101.2:5246

 

You can find some potential workarounds in the above field notice, however if the field notice doesn’t provide you with a solution, you could try the following.
 
  • Configure the WLC to ignore expired certificates using the following command: 
     
     

config ap cert-expiry-ignore ssc enable

config ap cert-expiry-ignore mic enable

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: