Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2456
Views
0
Helpful
6
Replies

RADIO crypto FIPS test failed

figs
Level 1
Level 1

‎07-03-2006 04:07 AM - edited ‎07-04-2021 12:32 PM

AP loaded with IOS 12.3(8) and attached log shows FIPS failures on the Radio interface. Have reloaded IOS more than once with same result.

All documentation simply suggests 'check Radio image'

How do I check radio image - is there anything else other than the IOS firmware I can try?

What does the error message mean and how can I recover to get the AP operational again?

*Mar 1 00:00:04.216: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self t

est passed

*Mar 1 00:00:05.358: %SOAP_FIPS-2-SELF_TEST_RAD_FAILURE: RADIO crypto FIPS self

test failed at 128 bit AMAC AES encrypt for TX on interface Dot11Radio 0

-Process= "Init", ipl= 0, pid= 3

*Mar 1 00:00:05.358: %SOAP_FIPS-2-SELF_TEST_RAD_FAILURE

test failed at 128 bit AMAC AES decrypt for RX on interface Dot11Radio 0

-Process= "Init", ipl= 0, pid= 3

*Mar 1 00:00:05.359: %SOAP_FIPS-2-SELF

SPARE-AP1>_TEST_RAD_FAILURE: RADIO crypto FIPS self test failed at 128 bit AEC C

CM encrypt on interface Dot11Radio 0

-Process= "Init", ipl= 0, pid= 3

*Mar 1 00:00:05.360: %SOAP_FIPS-2-SELF_TEST_RAD_FAILURE: RADIO crypto FIPS self

test failed at 128 bit AEC CCM decrypt on interface Dot11Radio 0

-Process= "Init", ipl= 0, pid= 3

*Mar 1 00:00:05.404: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to do

wn

*Mar 1 00:00:06.433: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio

0, changed state to down

*Mar 1 00:00:07.433: %SYS-6-LOGGERSTART: Logger process started

*Mar 1 00:00:07.435: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to

up

*Mar 1 00:00:08.032: %SYS-5-CONFIG_I: Configured from memory by console

*Mar 1 00:00:08.032: %SYS-5-RESTART: System restarted --

Cisco IOS Software, C1200 Software (C1200-K9W7-M), Version 12.3(8)JA, RELEASE SO

FTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Mon 27-Feb-06 09:09 by ssearch

*Mar 1 00:00:08.033: %SNMP-5-COLDSTART: SNMP agent on host SPARE-AP1 is undergo

ing a cold start

*Mar 1 00:00:08.051: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r

eset

*Mar 1 00:00:08.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern

et0, changed state to up

*Mar 1 00:00:08.730: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, chan

ged state to up

---------------------------------------

Thanks in advance

Paul Figgins

Labels:
0 Helpful
6 Replies 6

scottmac
Level 10
Level 10

‎07-03-2006 04:32 AM

Which version of radio hardware is in the AP?

The older 802.11a radios do not support AES (a "20" series ... I don't remember the actual part number).

The current "a" radios are "21", and there are upgrade "a" radios you can purchase as replacements.

It may be the same for the 802.11g radios.

You can check the radio hardware version from the web GUI in the interface page for each of the radios.

Good Luck

Scott

0 Helpful

figs
Level 1
Level 1
In response to scottmac

‎07-03-2006 06:24 AM

Thanks Scott.

The AP is an AP1231G-E-K9 (it has been working before)

Radio type is AIR-MP2!G (note the ! is not a typo, this is what is displayed, whereas other similar AP's I have deployed are AIR-MP21G).

Firmware is 5.90.8

Any ideas? ....

If the radio card is corrupt is there any way to zap it with a refresh or is a hardware replacement needed?

Cheers

Paul

0 Helpful

scottmac
Level 10
Level 10
In response to figs

‎07-03-2006 09:53 AM

I'm pretty sure (though not absolutely certain) that there is no way to re-flash the radio module (I don't think it has flash, just ROM).

Given the last info, I believe you should pursue an RMA on the radio module.

Mine is version 5.80.12, the GUI, under "Interfaces|Radio0-802.11G|Detailed Status" shows:

Radio AIR-MP31G

The 802.11a radio is an AIR-RM21A and the same version.

So, I suppose it is possible that the radio module does not suppport AES (i.e., "too old"), but the exclamation point in the part number leads me to believe it's just a corrupt module.

Good Luck

Scott

0 Helpful

figs
Level 1
Level 1
In response to scottmac

‎07-03-2006 11:11 PM

I tend to agree.

One last shot though - when you look up the error message in various troubleshooting guides the suggested action is:

'check Radio image'

What does this mean and what procedures, tools or commands are available to help?

0 Helpful

scottmac
Level 10
Level 10
In response to figs

‎07-04-2006 04:08 AM

That is likely to be a message to the repair tech.

I don't recall ever seeing any radio-specific firmware on the CCO software download page for the wireless stuff.

The internal radio is a mini-pci, same as what would be used on recent laptops. That could also be a message presented to IOS from the radio's internal diagnostics.

Again, I'm not completely sure, but that's what makes sense to me.

Good Luck, Happy & Safe Fourth of July!

Scott

0 Helpful

figs
Level 1
Level 1
In response to scottmac

‎07-06-2006 03:47 AM

Just for information and anyone else who might be interested I tried a new AIR-MP21G card and it didnt fix the problem.

Regards

Paul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card