请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科社区 关注
思科社区

   思科 CCO 登录 推荐
 找回密码
 立即注册

搜索
热搜: 邮件服务器
查看: 434|回复: 2

【原创】解决原AP无法注册到新控制器

[复制链接]
发表于 2019-6-20 18:53:12 | 显示全部楼层 |阅读模式
断电家里原有的虚拟控制器挂了无法启动,虽然有备份但是是升级之前的老版本,趁这个机会用OVA新部署了个控制器,版本8.3.150。
过程略,初始化、导入原有配置,重启后发现原有AP无法注册。
控制器信息如下:
  1. *osapiBsnTimer: Jun 20 18:33:17.521: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
  2. *osapiBsnTimer: Jun 20 18:30:16.481: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
  3. *osapiBsnTimer: Jun 20 18:27:21.213: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
  4. *osapiBsnTimer: Jun 20 18:23:51.001: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
  5. *osapiBsnTimer: Jun 20 18:20:36.401: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3191 Failed to complete DTLS handshake with peer 192.168.50.248
  6. *spamApTask1: Jun 20 18:15:41.869: %LWAPP-3-REPLAY_ERR: spam_lrad.c:42504 The system has received replay error on slot 0, WLAN ID 1, count 1 from AP a0:ec:f9:e1:0a:20
  7. *spamApTask5: Jun 20 18:14:38.549: %CAPWAP-3-DTLS_CLOSED_ERR: capwap_ac_sm.c:6985 f4:7f:35:f6:1b:80:  DTLS connection closed forAP  192:168:50:251 (11090), Controller: 192:168:50:249 (5246) AP Message Timeout
  8. *spamApTask5: Jun 20 18:14:38.549: %CAPWAP-3-MAX_RETRANSMISSIONS_REACHED: capwap_ac_sm.c:7533 Max retransmissions reached on AP(f4:7f:35:f6:1b:80),message (CAPWAP_CONFIGURATION_UPDATE_REQUEST
  9. ),number of pending messages(1)
复制代码
AP信息如下
  1. *Jun 20 10:24:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.249 peer_port: 5246
  2. *Jun 20 10:24:26.000: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF

  3. *Jun 20 10:24:26.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:509 Certificate verified failed!
  4. *Jun 20 10:24:26.000: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.50.249:5246
  5. *Jun 20 10:24:26.003: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.249:5246
  6. *Jun 20 10:25:30.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

  7. *Jun 20 10:25:36.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.50.249 peer_port: 5246
  8. *Jun 20 10:25:41.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
  9. *Jun 20 10:25:41.999: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 192.168.50.249:5246
  10. *Jun 20 10:25:41.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.50.249:5246
  11. *Jun 20 10:27:12.235: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
复制代码
看了下是新控制器证书问题。

解决如下:
  1. XX-Home-LAP1702I#delete flash:lwapp_*
  2. Delete filename [lwapp_*]?
  3. Delete flash:/lwapp_non_apspecific_reap.cfg? [confirm]
  4. Delete flash:/lwapp_mm_mwar_hash.cfg? [confirm]
  5. Delete flash:/lwapp_officeextend.cfg? [confirm]
  6. Delete flash:/lwapp_reap.cfg.bak? [confirm]
  7. Delete flash:/lwapp_reap.cfg? [confirm]
  8. XX-Home-LAP1702I#
复制代码
删除相关配置文件后重启即可。删除配置后AP的原有地址等都还在。

补充:瘦AP默认远程登陆情况下无法删除文件。方法如下:
有个隐藏的命令可以开启瘦AP远程文件操作和配置操作。
debug capwap console cli
命令敲完后瘦AP就可以配置了。。。。

立竿见影重启完成后AP直接加入了新控制器
  1. (Cisco Controller) >show ap uptime

  2. Number of APs.................................... 1
  3. Global AP User Name.............................. hale
  4. Global AP Dot1x User Name........................ Not Configured

  5. AP Name              Ethernet MAC       AP Up Time               Association Up Time
  6. ------------------   -----------------  -----------------------  -----------------------
  7. XX-Home-LAP1702I     00:27:e3:05:XX:XX  0 days, 00 h 02 m 01 s   0 days, 00 h 00 m 07 s

  8. (Cisco Controller) >  
  9. (Cisco Controller) >show ap summary

  10. Number of APs.................................... 1

  11. Global AP User Name.............................. hale
  12. Global AP Dot1x User Name........................ Not Configured

  13. AP Name             Slots  AP Model              Ethernet MAC       Location          Country     IP Address       Clients   DSE Location  
  14. ------------------  -----  --------------------  -----------------  ----------------  ----------  ---------------  --------  --------------
  15. XX-Home-LAP1702I     2     AIR-CAP1702I-H-K9     00:27:e3:05:XX:XX  XXXXXXX           CN          192.168.50.248     0       [0 ,0 ,0 ]

  16.                
复制代码


  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分5 (1 评价)
发表于 2019-6-21 10:06:49 | 显示全部楼层
感谢您的分享~
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
发表于 2019-7-12 09:02:22 | 显示全部楼层
支持支持,謝謝分享
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科社区  

GMT+8, 2019-7-22 10:07 , Processed in 0.086714 second(s), 35 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表