未加入 WLC Cisco 4400 系列的 AP

网络工程 思科 切入点 思科无线
2022-02-08 01:20:39

一些办公室 AP 在重新启动后没有加入 WLC,这是来自控制器的日志:

*spamReceiveTask: Feb 13 20:18:44.173: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.76.3
*spamReceiveTask: Feb 13 20:18:15.485: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.74.7.27
*spamReceiveTask: Feb 13 20:17:48.129: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.75.7.22
*spamReceiveTask: Feb 13 20:17:47.166: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.161.10
*spamReceiveTask: Feb 13 20:17:46.888: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.161.11
*spamReceiveTask: Feb 13 20:17:46.518: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.74.7.25
*spamReceiveTask: Feb 13 20:17:46.511: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.73.100.11
*spamReceiveTask: Feb 13 20:17:45.667: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.72.7.20
*spamReceiveTask: Feb 13 20:17:41.915: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.71.77.103
*spamReceiveTask: Feb 13 20:17:40.132: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.76.3
*spamReceiveTask: Feb 13 20:17:39.695: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.121.13
*spamReceiveTask: Feb 13 20:17:39.185: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.161.13
*spamReceiveTask: Feb 13 20:17:39.006: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.77.161.12
*spamReceiveTask: Feb 13 20:17:38.833: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 10.73.100.10
*spamReceiveTask: Feb 13 20:17:37.075: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445  (2) from AP 00:22:90:a1:b1:40
*spamReceiveTask: Feb 13 20:17:36.793: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445 Ignoring discovery request received on non-management interface (2) from AP 00:24:14:ff:73:10
*spamReceiveTask: Feb 13 20:17:30.021: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445 Ignoring discovery request received on non-management interface (2) from AP 88:43:e1:14:58:50
*spamReceiveTask: Feb 13 20:17:29.522: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445 Ignoring discovery request received on non-management interface (2) from AP 00:24:14:31:f6:b0
*spamReceiveTask: Feb 13 20:17:29.466: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445 Ignoring discovery request received on non-management interface (2) from AP 00:24:97:71:b9:b0
*spamReceiveTask: Feb 13 20:17:28.347: %LWAPP-3-DISC_INTF_ERR1: spam_lrad.c:1298 Ignoring discovery request received on non-management interface (2) in L3 LWAPP mode from AP 00:24:97:b7:03:b0
*spamReceiveTask: Feb 13 20:17:28.345: %CAPWAP-3-DISC_INTF_ERR1: capwap_ac_sm.c:1445 Ignoring discovery request received on non-management interface (2) from AP 00:24:97:b7:03:b0
*nim_t: Feb 13 20:17:28.293: %SIM-3-PORT_UP: sim.c:9820 Physical port 2 is up!.
*nim_t: Feb 13 20:17:28.290: %SIM-3-PORT_UP: sim.c:9820 Physical port 1 is up!.
*fp_main_task: Feb 13 20:17:28.069: %CNFGR-3-INV_COMP_ID: cnfgr.c:2221 Invalid Component Id : Unrecognized (77) in cfgConfiguratorInit.
*fp_main_task: Feb 13 20:17:27.987: %LOG-3-Q_IND: rrmCfg.c:1501 RRM LOG: Airewave Director: Configuration has been sanitized -- save configuration to commit
*fp_main_task: Feb 13 20:17:27.780: %RRM-3-RRM_LOGMSG: rrmCfg.c:1501 RRM LOG: Airewave Director: Configuration has been sanitized -- save configuration to commit
*fp_main_task: Feb 13 20:17:20.955: %MM-3-MEMBER_ADD_FAILED: mm_dir.c:926 Could not add Mobility Member. Reason: IP already assigned, Member-Count:1,MAC: 00:00:00:00:00:00, IP: 0.0.0.0
*fp_main_task: Feb 13 20:17:20.747: %DTL-3-DSNET_CONF_FAILED: dtl_ds.c:424 Unable to set symmetric mobility tunneling to disabled on Distribution Service interface.
*fp_main_task: Feb 13 20:17:03.486: %CNFGR-3-INV_COMP_ID: cnfgr.c:2221 Invalid Component Id : Unrecognized (36) in cfgConfiguratorInit.
*mfpKeyRefreshTask: Feb 13 20:17:03.485: %SSHPM-3-NOT_INIT: bsnrandom.c:621 Random context not initialized

我已连接到其中一个 AP 并从串行捕获以下内容:

*Feb 13 18:26:14.083: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 13 18:26:14.083: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Feb 13 18:26:14.135: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Feb 13 18:26:14.139: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Feb 13 18:26:14.139: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Feb 13 18:26:14.147: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Feb 13 18:26:14.163:  status of voice_diag_test from WLC is false
*Feb 13 18:26:14.163: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
*Feb 13 18:26:14.175: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Feb 13 18:26:14.183: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Feb 13 18:26:24.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.77.77.59 peer_port: 5246
*Feb 13 18:26:24.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Feb 13 18:26:24.099: %PKI-3-CERTIFICATE_INVALID_EXPIRED: Certificate chain validation has failed.  The certificate (SN: 3C1E27950000000C5C4B) has expired.    Validity period ended on 19:56:24 UTC Jan 17 2017
*Feb 13 18:26:24.099: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Feb 13 18:26:24.099: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Feb 13 18:26:24.099: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:352 Certificate verified failed!
*Feb 13 18:26:24.099: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 10.77.77.59
*Feb 13 18:26:24.099: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.77.77.59:5246
*Feb 13 18:26:24.099: %DTLS-3-BAD_RECORD: Erroneous record received from 10.77.77.59: Malformed Certificate
*Feb 13 18:26:24.099: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.77.77.59:5246

是证书问题吗?前提是证书实际上没有过期。

任何帮助将不胜感激。

1个回答

序列号为:3C1E27950000000C5C4B 的证书已于 2017 年 1 月 17 日过期。请仔细检查证书和配置的信任点。它可能是制造安装证书。我在这里发现了问题,检查您的情况是否不同。

其它你可能感兴趣的问题
上一篇每台交换机都具备网络接入服务器功能吗? 下一篇关于端口安全违规模式protected,新设备替换旧设备时需要采取什么措施?