Cisco Cisco 2000 Series Wireless LAN Controller 정보 가이드
Q. When I install the new Wireless Services Module (WiSM) blade in the
6509 switch and implement Protected Extensible Authentication Protocol
(PEAP) with the Microsoft IAS server, I receive this error:
6509 switch and implement Protected Extensible Authentication Protocol
(PEAP) with the Microsoft IAS server, I receive this error:
*Mar 1
00:00:23.526: %LWAPP−5−CHANGED: LWAPP changed state to
DISCOVERY *Mar 1 00:00:23.700: %SYS−5−RELOAD: Reload
requested by LWAPP CLIENT.Reload Reason: FAILED CRYPTO
INIT. *Mar 1 00:00:23.700: %LWAPP−5−CHANGED: LWAPP
changed state to DOWN *Mar 1 00:00:23.528:
%LWAPP−5−CHANGED: LWAPP changed state to DISCOVERY *Mar 1
00:00:23.557:
LWAPP_CLIENT_ERROR_DEBUG:lwapp_crypto_init_ssc_keys_and_certs
no certs in the SSC Private File *Mar 1 00:00:23.557:
LWAPP_CLIENT_ERROR_DEBUG: *Mar 1 00:00:23.557:
lwapp_crypto_init: PKI_StartSession failed *Mar 1
00:00:23.706: %SYS−5−RELOAD: Reload requested by LWAPP
CLIENT.
. Why?
A. RADIUS and dot1x debugs show that the WLC sends an access request, but there is no
response from the IAS server. Complete these steps in order to troubleshoot the problem:
response from the IAS server. Complete these steps in order to troubleshoot the problem:
Check and verify the IAS server configuration.
1.
Check the log file.
2.
Install software, such as Ethereal, which can give you authentication details.
3.
Stop and start the IAS service.
4.
Q. The lightweight access points (LAPs) do not register with the
controller. What might be the problem? I see these error messages on
the controller:
controller. What might be the problem? I see these error messages on
the controller:
Thu Feb 3 03:20:47 2028: LWAPP Join−Request
does not include valid certificate in CERTIFICATE_PAYLOAD
from AP 00:0b:85:68:f4:f0. Thu Feb 3 03:20:47 2028:
Unable to free public key for AP 00:0B:85:68:F4:F0
.
A. When the access point (AP) sends the Lightweight Access Point Protocol (LWAPP) Join
Request to the WLC, it embeds its X.509 certificate in the LWAPP message. It also generates
a random session ID that is included in the LWAPP Join Request. When the WLC receives
the LWAPP Join Request, it validates the signature of the X.509 certificate using the APs
public key and checks that the certificate was issued by a trusted certificate authority. It also
looks at the starting date and time for the AP certificate validity interval, and compares that
date and time to its own date and time.
Request to the WLC, it embeds its X.509 certificate in the LWAPP message. It also generates
a random session ID that is included in the LWAPP Join Request. When the WLC receives
the LWAPP Join Request, it validates the signature of the X.509 certificate using the APs
public key and checks that the certificate was issued by a trusted certificate authority. It also
looks at the starting date and time for the AP certificate validity interval, and compares that
date and time to its own date and time.
This problem can occur due to an incorrect clock setting on the WLC. In order to set the clock
on the WLC, issue the show time and config time commands.
on the WLC, issue the show time and config time commands.
Q. A Lightweight Access Point Protocol (LWAPP) AP is unable to join its
controller. The Wireless LAN Controller (WLC) log displays a message
similar to this:
controller. The Wireless LAN Controller (WLC) log displays a message
similar to this:
LWAPP Join−Request does not include valid
certificate in CERTIFICATE_PAYLOAD from AP