Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Problem with registration Access point on WLC

Hi,

 

I have wlc AIR-WLC2112-K9 and eight ap AIR-LAP1231G-E-K9   , but one ap won't register and he worked just fine for some time. 

WLC supported 12 access points. 

error log :

 


*Mar  1 00:00:04.468: %SOAP_FIPS-2-SELF_TEST_IOS_SUCCESS: IOS crypto FIPS self test passed
*Mar  1 00:00:05.744: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 0
*Mar  1 00:00:07.301: %SOAP_FIPS-2-SELF_TEST_RAD_SUCCESS: RADIO crypto FIPS self test passed on interface Dot11Radio 1
*Mar  1 00:00:07.359: %LWAPP-3-CLIENTEVENTLOG: Read and initialized AP event log (contains, 927 messages)

*Mar  1 00:00:07.386:  status of voice_diag_test from WLC is false
*Mar  1 00:00:08.411:  STUB Called : crypto_ssl_init
*Mar  1 00:00:09.455: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up
*Mar  1 00:00:09.500: %SYS-5-RESTART: System restarted --
Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:55 by prod_rel_team
*Dec 22 17:14:48.097: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Dec 22 17:14:48.142: %LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init (SSC): no certs in the SSC Private File
*Dec 22 17:14:48.145: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Dec 22 17:14:48.145: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Dec 22 17:14:48.209: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Dec 22 17:14:48.215: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Dec 22 17:14:48.225: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Dec 22 17:14:48.952: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up
*Dec 22 17:14:49.144: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Dec 22 17:14:49.144: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Dec 22 17:14:56.268: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0 assigned DHCP address 10.11.11.152, mask 255.255.0.0, hostname AP0014.6a91.b579


Writing out the event log to nvram...


*Dec 22 17:15:06.913: %LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init: could not start PKI session
*Dec 22 17:15:06.913: %LWAPP-3-CLIENTERRORLOG: Failed to initialize Crypto. Rebooting
*Dec 22 17:15:06.955: %SYS-5-RELOAD: Reload requested by CAPWAP CLIENT. Reload Reason: FAILED CRYPTO INIT.
*Dec 22 17:15:06.956: %LWAPP-5-CHANGED: CAPWAP changed state to DOWNXmodem file system is available.

flashfs[0]: 11 files, 3 directories

flashfs[0]: 0 orphaned files, 0 orphaned directories

flashfs[0]: Total bytes: 7741440

flashfs[0]: Bytes used: 5380096

flashfs[0]: Bytes available: 2361344

flashfs[0]: flashfs fsck took 14 seconds.

Reading cookie from flash parameter block...done.

Base ethernet MAC Address: 00:14:6a:9*****

Initializing ethernet port 0...

Reset ethernet port 0...

Reset done!

ethernet link up, 100 mbps, full-duplex

Ethernet port 0 initialized: link is up

Loading "flash:/c1200-k9w8-mx.124-23c.JA2/c1200-k9w8-mx.124-23c.JA2"...##################################################################################################################################################################################################


File "flash:/c1200-k9w8-mx.124-23c.JA2/c1200-k9w8-mx.124-23c.JA2" uncompressed and installed, entry point: 0x3000

executing...


              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

           cisco Systems, Inc.
           170 West Tasman Drive
           San Jose, California 95134-1706

 

Cisco IOS Software, C1200 Software (C1200-K9W8-M), Version 12.4(23c)JA2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 13-Apr-11 12:55 by prod_rel_team


Proceeding with system init

Proceeding to unmask interrupts
Initializing flashfs...

flashfs[1]: 11 files, 3 directories
flashfs[1]: 0 orphaned files, 0 orphaned directories
flashfs[1]: Total bytes: 7483392
flashfs[1]: Bytes used: 5382144
flashfs[1]: Bytes available: 2101248
flashfs[1]: flashfs fsck took 2 seconds.
flashfs[1]: Initialization complete....done Initializing flashfs.

Radio0  present A506 5100 E8000000 A0000000 80000000 3
Radio1  present A506 6700 E8000100 A0040000 80010000 2
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-LAP1230B-E-K9     (PowerPC405GP) processor (revision A0) with 15038K/1336K bytes of memory.
Processor board ID FHK0*****
PowerPC405GP CPU at 196Mhz, revision number 0x0145
Last reset from power-on
LWAPP image version 7.0.116.0
1 FastEthernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:14:6A:*****+
Part Number                          : 73-8704-09
PCA Assembly Number                  : 800-23211***
PCA Revision Number                  : A0
PCB Serial Number                    : FOC*******
Top Assembly Part Number             : 800-2330***
Top Assembly Serial Number           : FHK*******
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1230B-E-K9    
% Please define a domain-name first.
no ip http server
       ^
% Invalid input detected at '^' marker.

3 REPLIES
VIP Purple

Hi,As per your logs:*Dec 22

Hi,

As per your logs:

*Dec 22 17:14:48.142: %LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init (SSC): no certs in the SSC Private File

*Dec 22 17:15:06.913: %LWAPP-3-CLIENTERRORLOG: LWAPP Crypto Init: could not start PKI session
*Dec 22 17:15:06.913: %LWAPP-3-CLIENTERRORLOG: Failed to initialize Crypto. Rebooting
*Dec 22 17:15:06.955: %SYS-5-RELOAD: Reload requested by CAPWAP CLIENT. Reload Reason: FAILED 

You must add the SSC and its MAC address under the AP Authentication list in the controller.

Check the cause number 8 in this doc :

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/69339-lwapp-upg-tool.html

add ssc to wlc:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/70341-manual-add-ssc.html#add

Hope it helps.

Regards

Dont forget to rate helpful posts

New Member

hi , thanks for reply. When I

hi , thanks for reply.

 

When I try to add AP to Authorization List. I don't now value for SHA1 Key Hash . Picture is in attachment.

VIP Purple

Hi,You can locate the SHA1

Hi,

You can locate the SHA1 Key Hash:

you can issue a debug command on the WLC in order to retrieve the SHA1 Key Hash.

Complete these steps:

Turn on the AP and connect it to the network.

Enable the debugging on the WLC command-line interface (CLI).

The command is debug pm pki enable.

For complete guide check this:

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/70341-manual-add-ssc.html#add

 

Regards

177
Views
0
Helpful
3
Replies
CreatePlease to create content