Shulou(Shulou.com)06/01 Report--

A few days ago, users called and said that the wireless network in the administrative building was out of order, and all AP turned on red light! It's strange, because it was used normally the day before, so why didn't it all work well?

Rushed to the user site to log in to WLC, found that WLC on a lot of less AP, and these AP are 1131, other models 1142, 1602 are working normally, is it really broken?

Check the WLC log, see the log, vaguely remember to read an article, said that AP because of the use of certificate problems can not pay attention to the controller, in order to verify this problem, I found a confirmed good AP access to the network, found that the good AP still can not register with the controller. It seems that the certificate is really out of date.

Further inspection of the document found that: AP in the factory, there will be a certificate, when the use of time exceeds the validity of the certificate, AP is no longer join to WLC, this time is usually 10 years, and users recall that this batch of 1131 AP is indeed almost 10 years ago.

Look at the official Cisco documents and find that this is a BUG:CSCuq19142.

If you view the log on WLC, you will get similar information as follows:

* osapiBsnTimer: Oct 29 11 DTLS-3-HANDSHAKE_FAILURE 04.571: # DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2962 Failed to complete DTLS handshake with peer 192.168.202.8

The log information on my controller is not saved, but it is the same as shown.

Run show ap inventory all on the controller

* * the following is excerpted from Cisco's official website *

(Cisco Controller) > show ap inventory all

Inventory for lap1130-sw3-9

NAME: "Cisco AP", DESCR: "Cisco Wireless Access Point"

PID: AIR-LAP1131AG-E-K9, VID: V01, SN: FCZ1128Q0PE

NAME: "Dot11Radio0", DESCR: "802.11g Radio"

PID: UNKNOWN, VID:, SN: GAM112706LC

NAME: "Dot11Radio1", DESCR: "802.11A Radio"

PID: UNKNOWN, VID:, SN: ALP112706LC

The AP chassis SN is in the first section of the output, for example: PID: AIR-LAP1131AG-E-K9, VID: V01, SN: FCZ1128Q0PE

The serial number format is: "LLLYYWWSSSS"; where "YY" is the year of manufacture and "WW" is the week of manufacture. The date code can be found in the 4 middle digits of the serial number.

Manufacturing Year Codes:

01 = 1997 06 = 2002 11 = 2007 16 = 2012

02 = 1998 07 = 2003 12 = 2008 17 = 2013

03 = 1999 08 = 2004 13 = 2009 18 = 2014

04 = 2000 09 = 2005 14 = 2010

05 = 2001 10 = 2006 15 = 2011

Manufacturing Week Codes:

1-5: January 15-18: April 28-31: July 41-44: October

6-9: February 19-22: May 32-35: August 45-48: November

10-14: March 23-27: June 36-40: September 49-52: December

Example: SN FCZ1128Q0PE has year code 11, meaning it was manufactured in 2007. The week code is 12, meaning it was manufactured in March.

The SN can also be found using Prime Infrastructure Reporting to find SNs for all of the APs.

*

I checked the AP information in my controller as follows:

NAME: "Cisco AP", DESCR: "Cisco Wireless Access Point"

PID: AIR-LAP1131AG-C-K9, VID: V01, SN: FOC12172U3Q

NAME: "Dot11Radio0", DESCR: "802.11g Radio"

PID: UNKNOWN, VID:, SN: GAM12172U3Q

NAME: "Dot11Radio1", DESCR: "802.11A Radio"

PID: UNKNOWN, VID:, SN: ALP12172U3Q

NAME: "Cisco AP", DESCR: "Cisco Wireless Access Point"

PID: AIR-LAP1131AG-C-K9, VID: V01, SN: FOC12174E38

NAME: "Dot11Radio0", DESCR: "802.11g Radio"

PID: UNKNOWN, VID:, SN: GAM12174E38

NAME: "Dot11Radio1", DESCR: "802.11A Radio"

PID: UNKNOWN, VID:, SN: ALP12174E38

Through comparison, it is found that my AP was manufactured in April 2008.

I didn't expect to catch up with AP and the catastrophe of life and death!

At present, there are two ways to deal with this problem:

(1) upgrade the wireless controller. At present, some new versions have disabled the life cycle validity check of MIC and SSC, allowing AP with more than 10 years of MIC or SSC to join. But the upgrade may face a problem, that is, the upgraded WLC does not support some of the older models of AP. This point needs careful consideration.

(2) modify the WLC time, modify it forward, but don't move forward too long, otherwise some new AP will not be supported.

Our solution here is to modify the time of the WLC and adjust the time forward for 4 years. After the adjustment, we observe the WLC and find that those AP that are offline for a while are registered normally. At this point, the fault is solved!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.