Cisco无线控制器C9800-CL:配置AP上线

Cisco无线控制器C9800-CL:配置AP上线

(1)AP与无线控制器在同一个二层环境。AP加电进行启动。

(2)无线控制器的管理ip

图片.png

图片.png


图片.png

(3)AP配置上线

AP与无线控制器在同一个二层环境。可以正常发现到AP。

图片.png


排除Troubleshooting

图片.png

debugTrace_88f0.317e.dc2c.txt

2024/12/22 17:35:59.094042 {wncd_x_R0-0}{1}: [ewlc-dtls-sessmgr] [20050]: (ERR): DTLS cert-chain config not done or not available, dropping packet
2024/12/22 17:35:59.094175 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [20050]: (ERR): DTLS session init failure for remote-IP: 192.168.125.143, local-port: 5246
2024/12/22 17:35:59.094393 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [20050]: (ERR): IPv4: 192.168.125.143 Failed to Process DTLS Hello message from loadbalancer server
2024/12/22 17:35:59.094399 {wncd_x_R0-0}{1}: [loadbalance-notify] [20050]: (ERR): MAC: 88f0.317e.dc2c  DTLS msg from server handling failed, reason: Invalid argument



查看上不了线的原因:DTLS cert-chain not available

图片.png


验证9800 WLC是否已启用AP身份验证列表。
WLC#show ap auth
WLC#show ap auth-list
Authorize APs against MAC                     : Disabled
Authorize APs against Serial Num              : Disabled
Authorize APs using Calling ID                : Disabled
Authorization Method List                     : default
WLC#
WLC#



WLC#show crypto pki certificates
Router Self-Signed Certificate
  Status: Available
  Certificate Serial Number (hex): 01
  Certificate Usage: General Purpose
  Issuer:
    cn=IOS-Self-Signed-Certificate-1763817938
  Subject:
    Name: IOS-Self-Signed-Certificate-1763817938
    cn=IOS-Self-Signed-Certificate-1763817938
  Validity Date:
    start date: 17:22:10 UTC Dec 22 2024
    end   date: 17:22:10 UTC Dec 22 2034

  Associated Trustpoints: TP-self-signed-1763817938
  Storage: nvram:IOS-Self-Sig#1.cer
CA Certificate
  Status: Available
  Certificate Serial Number (hex): 01
  Certificate Usage: Signature
  Issuer:
    cn=Cisco Licensing Root CA
    o=Cisco
  Subject:
    cn=Cisco Licensing Root CA
    o=Cisco
  Validity Date:
    start date: 03:48:47 UTC May 31 2013
    end   date: 03:48:47 UTC May 31 2038
  Associated Trustpoints: SLA-TrustPoint Trustpool
  Storage: nvram:CiscoLicensi#1CA.cer
WLC#    


查看ap的证书时间:

AP88f0.317e.dc2c#show crypto pki certificates
CA Certificate
  Status: Available
  Certificate Serial Number (hex): 00
  Certificate Usage: General Purpose
  Issuer:
    e=support@airespace.com
    cn=ca
    ou=none
    o=airespace Inc
    l=San Jose
    st=California
    c=US
  Subject:
    e=support@airespace.com
    cn=ca
    ou=none
    o=airespace Inc
    l=San Jose
    st=California
    c=US
  Validity Date:
    start date: 23:38:55 UTC Feb 12 2003
    end   date: 23:38:55 UTC Nov 11 2012
  Associated Trustpoints: airespace-old-root-cert
  Storage:

CA Certificate
  Status: Available
  Certificate Serial Number (hex): 00
  Certificate Usage: Signature
  Issuer:
    e=support@airespace.com
    cn=Airespace Root CA
    ou=Engineering
    o=Airespace Inc.
    l=San Jose
    st=California
    c=US
  Subject:
    e=support@airespace.com
    cn=Airespace Root CA
    ou=Engineering
    o=Airespace Inc.
    l=San Jose
    st=California
    c=US
  Validity Date:
    start date: 13:41:22 UTC Jul 31 2003
    end   date: 13:41:22 UTC Apr 29 2013
  Associated Trustpoints: airespace-new-root-cert
  Storage:

CA Certificate
  Status: Available
  Certificate Serial Number (hex): 03
  Certificate Usage: General Purpose
  Issuer:
    e=support@airespace.com
    cn=Airespace Root CA
    ou=Engineering
    o=Airespace Inc.
    l=San Jose
    st=California
    c=US
  Subject:
    e=support@airespace.com
    cn=Airespace Device CA
    ou=Engineering
    o=Airespace Inc.
    l=San Jose
    st=California
    c=US  
  Validity Date:
    start date: 22:37:13 UTC Apr 28 2005
    end   date: 22:37:13 UTC Jan 26 2015
  Associated Trustpoints: airespace-device-root-cert
  Storage:

CA Certificate
  Status: Available
  Certificate Serial Number (hex): 5FF87B282B54DC8D42A315B568C9ADFF
  Certificate Usage: Signature
  Issuer:
    cn=Cisco Root CA 2048
    o=Cisco Systems
  Subject:
    cn=Cisco Root CA 2048
    o=Cisco Systems
  Validity Date:
    start date: 20:17:12 UTC May 14 2004
    end   date: 20:25:42 UTC May 14 2029
  Associated Trustpoints: Trustpool cisco-root-cert
  Storage:

Certificate
  Status: Available
  Certificate Serial Number (hex): 53F5677200000001B1DC
  Certificate Usage: General Purpose
  Issuer:
    cn=Cisco Manufacturing CA
    o=Cisco Systems
  Subject:
    Name: AP3G2-88f0317edc2c
    e=support@cisco.com
    cn=AP3G2-88f0317edc2c
    o=Cisco Systems
    l=San Jose
    st=California
    c=US
  CRL Distribution Points:
    http://www.cisco.com/security/pki/crl/cmca.crl
  Validity Date:
    start date: 14:53:03 UTC Apr 16 2014
    end   date: 15:03:03 UTC Apr 16 2024
  Associated Trustpoints: Cisco_IOS_MIC_cert
  Storage:

CA Certificate
  Status: Available
  Certificate Serial Number (hex): 6A6967B3000000000003
  Certificate Usage: Signature
  Issuer:
    cn=Cisco Root CA 2048
    o=Cisco Systems
  Subject:
    cn=Cisco Manufacturing CA
    o=Cisco Systems
  CRL Distribution Points:
    http://www.cisco.com/security/pki/crl/crca2048.crl
  Validity Date:
    start date: 22:16:01 UTC Jun 10 2005
    end   date: 20:25:42 UTC May 14 2029
  Associated Trustpoints: Trustpool Cisco_IOS_MIC_cert
  Storage:
AP88f0.317e.dc2c#       


AP注册需要查找的那个接口:
WLC#show wireless interface summary
Wireless Interface Summary
Interface Name Interface Type VLAN ID IP Address     IP Netmask     NAT-IP Address   MAC Address
--------------------------------------------------------------------------------------------------
Vlan1          Management     1       192.168.125.99 255.255.255.0  0.0.0.0          001e.e531.17ff
WLC#



图片.png



1、本站资源长期持续更新。
2、本资源基本为原创,部分来源其他付费资源平台或互联网收集,如有侵权请联系及时处理。
3、本站大部分文章的截图来源实验测试环境,请不要在生产环境中随意模仿,以免带来灾难性后果。

转载请保留出处:  www.zh-cjh.com珠海陈坚浩博客 » Cisco无线控制器C9800-CL:配置AP上线

作者: cjh


手机扫一扫,手机上查看此文章:

一切源于价值!

其他 模板文件不存在: ./template/plugins/comment/pc/index.htm

未雨绸缪、居安思危!

数据安全、有备无患!

注意操作、数据无价!

一切源于价值!