11-20-2006 08:59 PM - edited 07-03-2021 01:16 PM
I am getting the following errors on the ap after conversion.
*Mar 1 00:00:23.535: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Mar 1 00:00:23.550: LWAPP_CLIENT_ERROR_DEBUG: lwapp_crypto_init_ssc_keys_and_c
erts no certs in the SSC Private File
*Mar 1 00:00:23.550: LWAPP_CLIENT_ERROR_DEBUG:
*Mar 1 00:00:23.551: lwapp_crypto_init: PKI_StartSession failed
*Mar 1 00:00:23.720: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Re
ason: FAILED CRYPTO INIT.
*Mar 1 00:00:23.721: %LWAPP-5-CHANGED: LWAPP changed state to DOWN
The ap will reload after 30 seconds and start the process over again. Any help on this would be great.
11-20-2006 09:57 PM
Hi Friend,
I believe you have a SSC(self signed certificate) AP. So once you hace converted to lwapp AP also add the SSC certificate and its mac address under Ap authorisation list in controller and you will be good to go.
HTH
Ankur
03-06-2007 09:03 PM
Dear all,
How to get ssc keys from ap?
Thank you
nitass
03-07-2007 05:58 AM
Hi Nitass,
In the case of the SSC APs, no certificate is created on the controller. The upgrade tool has the AP generate a Rivest, Shamir, and Adelman (RSA) key pair that is used to sign a self-generated certificate (the SSC). The upgrade tool adds an entry to the controller authentication list with the MAC address of the AP and public key-hash. The controller needs the public key-hash in order to validate the SSC signature.
If the entry has not been added to the controller, check the output CSV file. There should be entries for each AP. If you find the entry, import that file into the controller. If you use the controller command-line interface (CLI) (with use of the config auth-list command) or the switch web, you must import one file at a time. With a WCS, you can import the whole CSV file as a template.
Here is an excellent doc that outlines this process;
Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
http://www.cisco.com/en/US/products/ps6521/products_configuration_example09186a00806a426c.shtml
Hope this helps!
Rob
03-08-2007 07:21 PM
Hi Rob.huffman
I have a mistake with procedure of the converting ap.
I didn't use upgrade tool.
This means I don't have csv file.
Could you please advise me?
It has something to do with ap to get ssc key, or not?
Or how to convert this ap back from lwapp.
Thank you
nitass
03-09-2007 05:52 AM
Hi Nitass,
The AP can be converted back to Autonomous (IOS) using the following method (then try using the LWAPP Upgrade tool for the conversion to obtain the SSC Key);
Reverting the Access Point Back to Autonomous Mode
Converting a Lightweight Access Point Back to Autonomous Mode
You can convert an access point from lightweight mode back to autonomous mode by loading a Cisco IOS Release that supports autonomous mode (Cisco IOS release 12.3(7)JA or earlier). If the access point is associated to a controller, you can use the controller to load the Cisco IOS release. If the access point is not associated to a controller, you can load the Cisco IOS release using TFTP.
Using a TFTP Server to Return to a Previous Release
Follow these steps to revert from LWAPP mode to autonomous mode by loading a Cisco IOS release using a TFTP server:
--------------------------------------------------------------------------------
Step 1 The static IP address of the PC on which your TFTP server software runs should be between 10.0.0.2 and 10.0.0.30.
Step 2 Make sure that the PC contains the access point image file (such as c1200-k9w7-tar.122-15.JA.tar for a 1200 series access point) in the TFTP server folder and that the TFTP server is activated.
Step 3 Rename the access point image file in the TFTP server folder to c1200-k9w7-tar.default for a 1200 series access point, c1130-k9w7-tar.default for an 1130 series access point, and c1240-k9w7-tar.default for a 1240 series access point.
Step 4 Connect the PC to the access point using a Category 5 (CAT5) Ethernet cable.
Step 5 Disconnect power from the access point.
Step 6 Press and hold MODE while you reconnect power to the access point.
Step 7 Hold the MODE button until the status LED turns red (approximately 20 to 30 seconds) and then release.
Step 8 Wait until the access point reboots, as indicated by all LEDs turning green followed by the Status LED blinking green.
Step 9 After the access point reboots, reconfigure it using the GUI or the CLI.
From this doc;
Hope this helps!
Rob
03-11-2007 09:13 PM
Dear Rob,
Thank you so much.
For now, It already converted to ios.
I will convert to lwapp again by upgarde tools.
nitass
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide