取消
显示结果 
搜索替代 
您的意思是: 
cancel
6660
查看次数
26
有帮助
5
评论
suzhouxiaoniu
Spotlight
Spotlight
本帖最后由 suzhouxiaoniu 于 2018-6-3 21:27 编辑
故障现象:AP无法加入无线控制器,比如AP或者WLC一直没问题,但是重启自后就无法关联


WLC上会出现类似日志:大概的意思是“加入请求证书有效负载中不包含有效证书。。。


故障原因:思科早期AP 证书有效期为10年,比如2005年7月出厂的具有MIC的最早的AP(1120,1130,1230,1310系列)


意味着在2015年7月开始无法加入控制器【很多淘二手设备的小伙伴经常遇到吧】


解决方法1:
如果AP是2005年生产,把WLC的系统时间配置成在2015年之前试试



解决方法2:
1:把WLC升级成8.0.120以上版本
2:在WLC上关闭AP证书的检测功能:
config apcert-expiry-ignore {mic|ssc} enable
3:WLC上设置,让AP下载WLC的证书SSC\MIC\LSC


评论
yangkai_716
Spotlight
Spotlight
很实用的tips,感谢楼主分享
zhengwei272
Spotlight
Spotlight
学习了lol
StevenZhang9478
Level 1
Level 1
在WLC上关闭AP证书的检测功能:
config apcert-expiry-ignore {mic|ssc} enable
这个命令在2106控制器上不能执行?
以下是我ap不能注册到控制器的提示:
*Mar 6 16:01:29.003: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 6 16:01:45.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Mar 6 16:01:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.198 peer_port: 5246
*Mar 6 16:01:45.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Mar 6 16:01:45.393: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.1.198
*Mar 6 16:01:45.393: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Mar 6 16:01:45.393: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.198 has closed connection.
*Mar 6 16:01:45.393: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.198:5246
*Mar 6 16:01:45.393: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 6 16:02:50.003: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 6 16:02:50.003: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 6 16:03:07.166: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Mar 6 16:03:06.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.198 peer_port: 5246
*Mar 6 16:03:06.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Mar 6 16:03:06.393: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.1.198
*Mar 6 16:03:06.393: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Mar 6 16:03:06.393: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.198 has closed connection.
*Mar 6 16:03:06.393: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.198:5246
*Mar 6 16:03:06.393: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
logging facility kern
^
% Invalid input detected at '^' marker.
*Mar 6 16:04:11.003: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 6 16:04:11.003: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Mar 6 16:04:27.055: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Mar 6 16:04:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.198 peer_port: 5246
*Mar 6 16:04:27.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Mar 6 16:04:27.393: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.1.198
*Mar 6 16:04:27.393: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Mar 6 16:04:27.393: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.198 has closed connection.
*Mar 6 16:04:27.393: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.1.198:5246
*Mar 6 16:04:27.396: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
StevenZhang9478
Level 1
Level 1
2106的老控制器IOS版本是7.0 无法在WLC上关闭AP证书的检测功能命令无效,WLC也不能升级官网没有升级固件,WLC时间已经设置在ap到期前,请问这怎么办?
StevenZhang9478
Level 1
Level 1
WLC上如何设置,让AP下载WLC的证书SSC\MIC\LSC ?
1142c的ap注册到控制器总是提示:未知证书警告来自控制器的ap管理ip地址
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接