Aironet 1200 Series AP in Lightweight Mode

m-anne.roux · ‎02-09-2006

I try to connect an Aironet 1200 Series AP in Lightweight Mode to a Cisco 2000 Series Controller. This AP had a SSC (Self Signed Certificate). I need his SHA1 Key Hash in order to add this AP in the Autorization List of the controller. How can I get this Key Hash? or how can I connect this AP to the controller without this key?

Thanks for your help!

chris.van.krieken · ‎02-10-2006

Did you upgrade the AP from fat to thin yourself ?

If so, the hash key is in the file configxxxx.csv generated by the upgrade tool.

If you bought a LWAPP ready 1200 AP, there is no need to add the AP in the authorization list on the ctl. It should join out of the box.

bastiaantopper · ‎02-10-2006

Hello, it looks like I am having the same problem. I've bought 2 C1232AG ap's. With the normal IOS version. Our distributor told as it was very easy to convert them to lwapp mode. On the cisco site I read that you have to use the convert tool. Our distributor told me it was easier to do it without. I tried the whole morning with no succes. I get errors saying that the certificate isn't right, something like that.

I tried to contact our distributor but the responsible person has a day off today and I would like to go on. (already behind on my time schedule)

Could someone help me?

Thnx!

chris.van.krieken · ‎02-13-2006

You need a controller to get the job done.

Go here and follow the procedure:

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_technical_reference09186a00804fc3dc.html

shh5455 · ‎02-14-2006

You have to use the upgrade tool to convert. The upgrade tool does more than just load a new image. It also creates the self signed certificate (SSC). It also adds the AP to the controller authorization list.

I too am trying to find out the SHA1 Key Hash from a previously converted AP.

wififofum · ‎02-15-2006

Looks like the Upgrade Tool 1.0 did not generate the hash properly. I have a zero-byte Config_15Feb2006_174732 file. Any suggestions?

chris.van.krieken · ‎02-16-2006

I have run into this problem too, when performing the upgrade without a WLC. You need to have a controller connected, the the key hash is generated properly.

wififofum · ‎02-16-2006

Thanks Chris,

I have a WLC on a L3 interface from the AP. Trying to use Option 43 - getting the IP but not the option so far. It looks like the Upgrade Tool logged into the WLC but didn't enter the cert.

From log files:

(Cisco Controller)

User: ********

Password:********

(Cisco Controller) >config auth-list add ssc

Incorrect input! Use 'config auth-list add '

(Cisco Controller) >

(Cisco Controller) >config auth-list ap-policy ssc enable

(Cisco Controller) >

(Cisco Controller) >save config

Are you sure you want to save? (y/n) y

Configuration Saved!

(Cisco Controller) >

(Cisco Controller) >logout

2006/02/15 17:48:31 DEBUG 172.16.95.9 Opening a telnet connection to the Controller

2006/02/15 17:48:32 DEBUG 172.16.95.9 Telnet connection to the Controller opened

2006/02/15 17:48:32 DEBUG 172.16.95.9 Configuring the Controller with

2006/02/15 17:48:32 DEBUG 172.16.95.9 Successfully configured the Controller with 132.183.54.86

2006/02/15 17:48:32 DEBUG 172.16.95.9 Upgrade Tool is exiting, Saving Controller configuration.

2006/02/15 17:48:32 DEBUG 172.16.95.9 Controller Configuration has been saved successfully.

2006/02/15 17:48:32 DEBUG Upgrade process is completed