The "[ERROR] spam_lrad.c 1553: spamProcessJoinRequest :spamDecodeJoinReq failed" error message appears during the upgrade of AP from Autonomous to LWAPP mode and is connected to the Wireless LAN Controller that runs version 3.2

Document

Jun 22, 2009 5:38 PM
Jun 22nd, 2009

Core Issue

With self-signed certificate access points (SSC APs), the SSC AP policy is disabled. The reason is that the AP Auth List has to have the hash keys as the WLC needs the key-hash with the MAC address of the access point and accept ssc enabled for them to join the WLC.

In such cases, you see this error message on the controller:

Wed Aug  9 17:20:21 2006  [ERROR] spam_lrad.c 1553: spamProcessJoinRequest
  :spamDecodeJoinReq failed
Wed Aug  9 17:20:21 2006  [ERROR] spam_crypto.c 1509: Unable to free public key for
  AP 00:12:44:B3:E5:60
Wed Aug  9 17:20:21 2006  [ERROR] spam_lrad.c 4880: LWAPP Join-Request does not include
  valid certificate in CERTIFICATE_PAYLOAD from AP 00:12:44:b3:e5:60.
Wed Aug  9 17:20:21 2006  [CRITICAL] sshpmPkiApi.c 1493: Not configured to accept 
  Self-signed AP cert

Resolution

You need to complete these steps and perform one of these two actions:

Issue the show auth-list command at the controller CLI in order to check for whether the controller is configured to accept APs with SSCs.

This is a sample output of show auth-list command:

#show auth-list

Authorize APs against AAA ....................... disabled

Allow APs with Self-signed Certificate (SSC) .... enabled


Mac Addr  Cert Type  Key Hash

-----------------------  ----------  ------------------------------------------

00:09:12:2a:2b:2c  SSC  1234567890123456789012345678901234567890Choose Security > AP Policies in the GUI.

Check whether the Accept Self Signed Certificate check box is enabled. If not, enable it.

Choose SSC as the certificate type.

Add AP to the authorization list with MAC address and key-hash.

This key-hash can be obtained from the output of the debug pm pki enable command. Refer to the Cause 4 section of LWAPP Upgrade Tool Troubleshoot Tips for more information on how to get the key-hash value.

Refer to the Cause 3 section of LWAPP Upgrade Tool Troubleshoot Tips for more information about the error message.

Refer to these documents for more information:

Problem Type

Upgrade

Error message

Products

Wireless LAN Controllers

LAP 1000

LAP 1200

LAP 1100

Topology

LWAPP network

Product OS

IOS

Device Access Method

Terminal Server / Console

GUI Interface

Telnet

Wireless Devices Errors, Warnings, Statistics and Log Messages

Wireless LAN Controller Errors, Warnings and Log Messages

SW Features

Lightwieght Access Point Protocol (LWAPP)

Autonomous mode

Average Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 5:38 PM
Stats:
Comments:0 Avg. Rating:0
Views:1919 Contributors:0
Shares:0

Related Content

Documents Leaderboard