I have a multiple 7500 flex controller deployed with over 2000 APs each on them and I notice that APs occasionally drop off. When I find these APs I am able to telnet to them and I have found a fix for getting them back on the controller, but I want to know why this happens and if there is a way to avoid the problem.
The APs have telnet enabled so I can get to the CLI. Once in I do a dir command and see that there is little to no memory available (512 bytes to 0 bytes) in the flash memory. I see that there are 5 large log files, file names are in the commands below. When I do a show logging command I see the following over and over again
*Oct 3 20:31:44.125: CRYPTO_PKI: New CRL Not Valid - expired (router time not synched to CA?)
*Oct 3 20:31:44.125: CRL expires: 05:29:39 UTC Mar 3 2012
*Oct 3 20:31:44.125: Router time: 20:31:44 UTC Oct 3 2013
*Oct 3 20:31:44.125: %PKI-4-CRLINSERTFAIL: Trustpoint "Trustpool2" unknown (error 1804:E_VALIDITY : validity period start later than end)Peer certificate verification failed 0059
The working theory is that the flash gets filled up with log files and is unable to download the certificate from the controller during the join process. I delete the logs with the commands below and then do a wr mem and a copy run start and then reload. This will fix the problem every time.
delete /force flash:ap_log_r0_0.log
delete /force flash:ap_log_r1_0.log
delete /force flash:ap_log_r0_1.log
delete /force flash:ap_log_r0_2.log
delete /force flash:ap_log_r1_1.log
delete /force flash:ap_log_r1_2.log
- currently running an engineering code of 220.127.116.11 on one 7500 and 7.4.110 on another, both seem to be having this issue. I do not have this issue on a 5508 running 7.5 code. Currently getting 7.4 vetted for deployment.
I have seen this issue, but only with older model access points and it doesn't have to be flexconnect and it doesn't matter what WLC code version your running. Problamatic access points, I always check the flash to verify if there are logs or not, and do delete them in order to get the AP back up. Again, I have only seen this with older non-802.11n access points.
Help out other by using the rating system and marking answered questions as "Answered"