Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3150
Views
0
Helpful
0
Comments

The "[ERROR] spam_lrad.c 1553: spamProcessJoinRequest :spamDecodeJoinReq failed" error message appears during the upgrade of AP from Autonomous to LWAPP mode and is connected to the Wireless LAN Controller that runs version 3.2

TCC_2
Level 10
Level 10

‎06-22-2009 05:38 PM - edited ‎11-18-2020 02:42 AM

Core Issue

With self-signed certificate access points (SSC APs), the SSC AP policy is disabled. The reason is that the AP Auth List has to have the hash keys as the WLC needs the key-hash with the MAC address of the access point and accept ssc enabled for them to join the WLC.

In such cases, you see this error message on the controller:

Wed Aug  9 17:20:21 2006  [ERROR] spam_lrad.c 1553: spamProcessJoinRequest
  :spamDecodeJoinReq failed
Wed Aug  9 17:20:21 2006  [ERROR] spam_crypto.c 1509: Unable to free public key for
  AP 00:12:44:B3:E5:60
Wed Aug  9 17:20:21 2006  [ERROR] spam_lrad.c 4880: LWAPP Join-Request does not include
  valid certificate in CERTIFICATE_PAYLOAD from AP 00:12:44:b3:e5:60.
Wed Aug  9 17:20:21 2006  [CRITICAL] sshpmPkiApi.c 1493: Not configured to accept 
  Self-signed AP cert

Resolution

You need to complete these steps and perform one of these two actions:

Issue the show auth-list command at the controller CLI in order to check for whether the controller is configured to accept APs with SSCs.

This is a sample output of show auth-list command:

#show auth-list

Authorize APs against AAA ....................... disabled

Allow APs with Self-signed Certificate (SSC) .... enabled


Mac Addr  Cert Type  Key Hash

-----------------------  ----------  ------------------------------------------

00:09:12:2a:2b:2c  SSC  1234567890123456789012345678901234567890Choose Security > AP Policies in the GUI.

Check whether the Accept Self Signed Certificate check box is enabled. If not, enable it.

Choose SSC as the certificate type.

Add AP to the authorization list with MAC address and key-hash.

This key-hash can be obtained from the output of the debug pm pki enable command. Refer to the Cause 4 section of LWAPP Upgrade Tool Troubleshoot Tips for more information on how to get the key-hash value.

Refer to the Cause 3 section of LWAPP Upgrade Tool Troubleshoot Tips for more information about the error message.

Refer to these documents for more information:

Problem Type

Upgrade

Error message

Products

Wireless LAN Controllers

LAP 1000

LAP 1200

LAP 1100

Topology

LWAPP network

Product OS

IOS

Device Access Method

Terminal Server / Console

GUI Interface

Telnet

Wireless Devices Errors, Warnings, Statistics and Log Messages

Wireless LAN Controller Errors, Warnings and Log Messages

SW Features

Lightwieght Access Point Protocol (LWAPP)

Autonomous mode

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents