Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5508 LSC/CA Server/CA server URL

I'm trying to implement certificate authentication between my access points and my 5508.

In one document I read that a Cisco router equipped with the Security release software could act as a CA.  I had such a router and followed the instructions to set up the CA on this router.  When I had completed this, I noted that the CA could be accessed via http://router/cgi-bin/pkiclient.exe with a query string following the URL.

In trying to get my 5508 to use the new CA, I tried a variety of different entries in the "CA server URL" field, but no matter what I used, it didn't work correctly, the access points would print the message "LSC CA cert successfully imported" several times, and then reboot about once every 10 minutes.  If I unchecked "Enable LSC on Controller" the access points would operate correctly.

Any suggestions on where I should look? I've looked high and low for documentation on the value of the "CA server URL" and have found examples showing how to interface to MS CA, but not to IOS CA.



AP output:

*Sep 17 14:30:21.407: %CLEANAIR-6-STATE: Slot 0 disabled
*Sep 17 14:30:21.407: %CLEANAIR-6-STATE: Slot 1 disabled
*Sep 17 14:31:11.175: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on frequency 5320 MHz
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported

Writing out the event log to flash:/event.log ... *Sep 17 14:43:18.071: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: LSC Provision max retries. *Sep 17 14:43:18.071: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN
Everyone's tags (3)
New Member



try to debug, i think, scep is not working .

CreatePlease login to create content