After rebuilding the vWLC with the same IP address, the AP failed to register to the new vWLC.
*Jul 5 10:56:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.24.70 peer_port: 5246
*Jul 5 10:56:02.015: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF
*Jul 5 10:56:02.015: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:509 Certificate verified failed!
*Jul 5 10:56:02.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.24.70:5246
*Jul 5 10:56:02.015: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.24.70:5246
It didn't look right to me, and after trying a few things, this error didn't go away. So what I have to do is to remove write erase the AP. You can do it from console or telnet, if telnet is enabled. I have got telnet enabled so I telnet to my AP, and use the following commands:
! This command is the most important, without this you can't use the clear capwap commands
debug capwap console cli
then
clear capwap private-config
Or you can also simply write erase the AP. After that, configure option 43 hex in the dhcp pool. I've only one controller so the prefix to add is f104, follows by the hex of my controller IP address 192.168.24.70.
option 43 hex f104.c0a8.1846
Too lazy to convert it manually, I just used the calculator here:
And now all works great! Everything back to normal!
No comments:
Post a Comment