cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
4
Helpful
2
Replies

problem with AP1130

mathiasivn
Level 1
Level 1

Ap 1130 are not getting register with wireless controller .

error msg poing on ap's

LWAPP_CLIENT_ERROR: lwapp_name_lookup - Could Not resolve

CISCO-LWAPP-CONTROLLER.

I have enabled DHCP option 43 ..

please guide where im doing wrong

2 Replies 2

mathiasivn
Level 1
Level 1

Debug on the controller shows..

LWAPP Join-Request does not includevalid certificate in CERTIFICATE_PAYLOAD from AP..

how to upgrade the certificate ?? or any other solution

Hi Mathias,

Here is some info for why you may be getting this error (see which one seems to apply to your setup);

Q. I have converted my AP to Lightweight AP Protocol (LWAPP), but the AP does not register with the controller. I get the message "LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP". What causes this problem?

A. This error means that the X.509 digital certificates are not valid. There is a possibility that you have hit Cisco bug ID CSCsd42296 ( registered customers only) , the workaround for which is to reset the APs to the factory defaults.

Another possibility is that the self-signed certificate (SSC) is not registered at the WLC. Manual addition of the SSC at the controller can be necessary. Refer to Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs for the procedure.

Q. The lightweight access points (LAPs) do not register with the controller. What could be the possible problem? I see these error messages at the controller: Thu Feb 3 03:20:47 2028: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:f4:f0. Thu Feb 3 03:20:47 2028: Unable to free public key for AP 00:0B:85:68:F4:F0

A. When the access point (AP) sends the Lightweight Access Point Protocol (LWAPP) Join Request to the WLC, it embeds its X.509 certificate in the LWAPP message. It also generates a random session ID that is also included in the LWAPP Join Request. When the WLC receives the LWAPP Join Request, it validates the signature of the X.509 certificate using the APs public key and checks that the certificate was issued by a trusted certificate authority. It also looks at the starting date and time for the AP certificate validity interval and compares that date and time to its own date and time.

**This problem is due to an incorrect clock setting on the WLC. In order to set the clock on the WiSM modules you can use the show time and config time commands.

Q. A Lightweight Access Point Protocol (LWAPP) AP is unable to join its controller. The WLC log display a message similar to this: LWAPP Join-Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:0b:85:68:ab:01

A. The LWAPP tunnel between the AP and the WLC traverses a network path with an MTU under 1500 bytes. This causes the fragmentation of the LWAPP packets. This is a known bug in the controller ( Cisco bug ID CSCsd39911 ( registered customers only) ).

The solution is to upgrade the controller firmware to 4.0(155).

From this good Q & A doc;

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

From this doc;

http://www.cisco.com/en/US/products/ps6521/products_configuration_example09186a00806a426c.shtml

Hope this helps!

Rob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: