Posts

Common outputs from the WLC for further analysis

How to restore the factory settings on a Cisco Access Point

1. Through the CLI via console or SSH:

  1. login to the AP using Cisco/Cisco

  • If you want to reset the access point to its default settings and a static IP address, use the write erase or erase /all nvram command.
  • If you want to erase everything including the static IP address, in addition to the above commands, use the erase and erase boot static-ipaddr static-ipmask command.

2. Through the MODE button:

  1. Power off the AP
  2. While keeping the MODE button pressed, power on the AP.
  3. Still keep the MODE button pressed until the Status LED turns to red and then release it.

3. Installing via recovery image:

  1. Download the recovery image for 3500 from Cisco site.
  2. on AP Console write the command “Debug capwap console cli”
  3. Then write the commadn “Archive download-sw /overwrite /reload tftp:///”

 

Clearing the Controller Configuration on a Cisco Wireless LAN Controller

1. Through the CLI via console or SSH:

  1. login to the WLC

  1. Enter clear config and enter y at the confirmation prompt to confirm the action.

  2. Enter reset system. At the confirmation prompt, enter n to reboot without saving configuration changes. When the controller reboots, the configuration wizard starts automatically.

  3. Follow the instructions in the “Using the Configuration Wizard” section on page 4-2 to complete the initial configuration.

 

Erasing the Controller Configuration on a Cisco Wireless LAN Controller

1. Through the CLI via console or SSH:

  1. login to the WLC

  1. Enter reset system. At the confirmation prompt, enter y to save configuration changes to NVRAM. The controller reboots.

  2. When you are prompted for a username, enter recover-config to restore the factory default configuration. The controller reboots and the configuration wizard starts automatically.

  3. Follow the instructions in the “Using the Configuration Wizard” section on page 4-2 to complete the initial configuration.

Cisco WLC AP cert issue: %DTLS-3-HANDSHAKE_FAILURE

WLC error log message: *spamApTask6:  %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:844 Failed to complete DTLS handshake with peer

or:

Failed to complete DTLS handshake with peer 10.32.41.96 for AP 00:1d:45:36:97:30 
*spamReceiveTask: Sep 19 21:42:59.855: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:631 Failed to complete DTLS handshake with peer 1.2.3.4 for AP 00:11:22:33:44:55

By default, if an AP and/or WLC certificate has expired, then the DTLS connection will fail. To get around this we had to enable a command in the WLC that ignored the AP cert. The happened because the Manufacturer Installed Certificate (MIC) has now become older than ten years and has expired. To allow AP’s to join a WLC after certificate expiration, upgrade to the fixed software version, then use the following commands:

With “config ap lifetime-check {mic|ssc} enable” or “config ap cert-expiry-ignore {mic|ssc} enable” in effect, the WLC and AP will ignore the expiration date on the devices’ MICs and SSCs. The above-noted commands must remain in effect as long as devices with expired MIC or SSC certificates are used.

Solution:

SSH into the WLC and run the following commands:

if that doesn’t help try