写那么多,也是希望大家一起交流故障处理逻辑、思维、方法,而不仅仅是写一个开始,结果!
希望大家能够分享更多的案例,共同学习!分享一个昨天处理的无线故障,这个故障也是一个“坑”分享出来,大家遇到能够跳过此“坑” 节约时间
网络环境:
WLC2054 VER 8.0.X
AP1532 VER 匹配版本 数量:2台
本身并不复杂的环境,但是呢,调试好WLC之后,AP注册,问题就来了,两台AP只有一台能够加入到WLC,另外一台无法注册。
这就奇了怪了,两台型号都是一样的,怎么一台能够加入,另外一台无法加入呢?
WLC 查看配置:
show interface summary
show sysinfo
show time
show country
show lic
这些都没有问题,从一台AP 加入正常来看也是正常的配置
AP :
show ver
show ip int bri
show config
ping WLC IP
都很正常的说!
看日志报错如下:
*Apr 19 07:48:28.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.3.6:5246
*Apr 19 07:48:28.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.3.6:5246
*Apr 19 07:48:37.087: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
*Apr 19 07:48:37.087: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
*Apr 19 07:48:37.087: Mesh setting the ethernet port 0 state to 0
*Apr 19 07:48:37.087: %MESH-6-LINK_UPDOWN: Mesh station 500f.803b.0e14 link Down
*Apr 19 07:49:21.427: Mesh setting the ethernet port 0 state to 2
*Apr 19 07:49:22.427: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Apr 19 07:49:27.427: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:49:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:49:27.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:49:27.315: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.3.6
*Apr 19 07:49:27.319: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.3.6:5246
*Apr 19 07:49:37.323: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:50:07.323: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:50:07.323: %CAPWAP-5-SENDJOIN: sending Join Request to 172.16.3.6
*Apr 19 07:50:07.327: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.16.3.6:5246
*Apr 19 07:50:07.327: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:50:17.003: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.16.3.6 peer_port: 5246
*Apr 19 07:50:17.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x686EF540 is already there for this server port 5246, Deleting it. Number of connections: 1
经过查询强大的谷歌,大部分说是 time 国家代码问题,不过这台AP 是-H 的,所以应该都不是这两个问题。
也有说是MIC SSC 的问题,看了下配置也是勾选了的:
没办法,于是乎来一个大招,做了一个升级 ,升级为8.5.120
升级完成后以为功成身退啊, 谁知道 还是 not join ,AP 报错:
*Apr 19 07:48:28.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to
172.16.3.6:5246
*Apr 19 07:48:28.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to
172.16.3.6:5246
*Apr 19 07:48:37.087: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join timer expired
*Apr 19 07:48:37.087: %MESH-3-TIMER_EXPIRED: Mesh Lwapp join failed expired
*Apr 19 07:48:37.087: Mesh setting the ethernet port 0 state to 0
*Apr 19 07:48:37.087: %MESH-6-LINK_UPDOWN: Mesh station 500f.803b.0e14 link Down
*Apr 19 07:49:21.427: Mesh setting the ethernet port 0 state to 2
*Apr 19 07:49:22.427: %MESH-6-CAPWAP_RESTART: Mesh Capwap re-started
*Apr 19 07:49:27.427: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:49:27.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:49:27.315: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:49:27.315: %CAPWAP-5-SENDJOIN: sending Join Request to
172.16.3.6
*Apr 19 07:49:27.319: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to
172.16.3.6:5246
*Apr 19 07:49:37.323: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:50:07.323: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:50:07.323: %CAPWAP-5-SENDJOIN: sending Join Request to
172.16.3.6
*Apr 19 07:50:07.327: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to
172.16.3.6:5246
*Apr 19 07:50:07.327: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:07.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:50:17.003: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Apr 19 07:50:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:
172.16.3.6 peer_port: 5246
*Apr 19 07:50:17.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x686EF540 is already there for this server port 5246, Deleting it. Number of connections: 1
我当时就尴尬了,于是又各种查询,各种谷歌,各种群里问!
AP license 是够的,这个也毋庸置疑!
然后有个群里出了一个大招: 说前天他也遇到过这个故障,就差没有砸机器了!
最后通过开机按10秒 AP 的RESET 键就可以了(明确看了没有配置)
怀着90分怀疑的尝试,10秒 reset 后AP 开机完成,竟然注册上去了!!!! 简直没道理啊然后各种问,但是没有找到合理的解释,如若有人知道,可以分享一下原因!