LWAPP conversion of 1131 does not have SSC or MIC hash

Answered Question
Mar 15th, 2010

Upgraing several 1131s to LWAPP, conversion goes fine EXCEPT that the log file on the upgrade tool there in no info, no hash and the AP does not register in the AP policies with any info either.  I have backed off to autonomous and tried the upgrade several times and on several different APs.  I have not had any issues with this in the past.

Got two WLC4404's running 5.2.157.0 and a newly built CiscoSecure ACS 4.2 windows 2K3 server.  (Server was a migration from Win2K running 4.1)

I've tried looking in the TAC and done numerous google searches, but can't find anything that comes close to explaining this.  Thoughts?

I have this problem too.
0 votes
Correct Answer by dancampb about 6 years 9 months ago

Almost all of the 1131's out there should have MIC's which would not show a hash in the conversion tool logs.  You can see if there is a MIC installed on the AP with the command "test pb display".  If the number of certs is more than zero the AP has a MIC.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dancampb Mon, 03/15/2010 - 10:45

Almost all of the 1131's out there should have MIC's which would not show a hash in the conversion tool logs.  You can see if there is a MIC installed on the AP with the command "test pb display".  If the number of certs is more than zero the AP has a MIC.

robert-meyer Mon, 03/15/2010 - 10:52

Thanks for the quick reply.  So as you can see I do have a cert, but then how do I get it into the WLC so that the LWAP will allow end users to connect to the LWAP.

LAP-017#test pb display
------------------------------
Display of the Parameter Block
------------------------------
Total Number of Records : 7
Number of Certs : 6
Number of Keys : 1

dancampb Mon, 03/15/2010 - 11:32

That shows the AP has a MIC.  There aren't any hash entries that need to be added to the controller.  That's only needed for SSC's.

robert-meyer Tue, 03/16/2010 - 08:08

That was great help.  By simply adding the MAC of the converted AP to the AP policies list and indicating it was a MIC cert.  The AP is working like a charm! 

Your info was great!

Leo Laohoo Mon, 03/15/2010 - 14:21

Hi Robert,

I'd recommend that you stay away from 5.X firmware because there's a number of unresolved bugs.  If you have 1130 APs, 4.X and 6.X will support.

robert-meyer Tue, 03/16/2010 - 08:10

TAC also suggested changing code on controllers.  Have to go to 6.0 from 5.2 or there may be issues with protocol on the APs.

Thanks for the heads up on the code!

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network