无线密码即无线终端连接无线信号时需要的凭证。如果您忘记路由器的无线密码,请通过以下方式查看: [1] 使用网线将电脑连接到路由器的 1/2/3/4 任意一个 LAN 口; 注意 :如果环境中......
AP注册不上控制器- DTLS_CLIENT_ERROR
路由器教程
2022-08-30
今天1个AP出现注册不上控制器的情况,随手记一下。
日志提示 DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x306C3AC is already there for this server port 5246, Deleting it. Number of connections: 1
检查AP的配置,证书时间等均是正确的,重启AP问题依旧。
完整日志如下:
*Jun 1 06:53:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 06:53:52.511: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 06:53:52.511: %CAPWAP-5-SENDJOIN: sending Join Request to 172.17.10.10
*Jun 1 06:53:52.523: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
*Jun 1 06:54:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 06:54:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 06:54:01.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x306C3AC is already there for this server port 5246, Deleting it. Number of connections: 1
*Jun 1 06:54:01.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
*Jun 1 06:54:01.011: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Jun 1 06:54:01.011: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 172.17.10.105246
*Jun 1 06:54:01.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
原因分析
由于该AP是Root AP,想到可能是mac地址没有自动加入AP Policies,因此去搜索了一下,果然没有添加这个mac,原因找到。
解决方法
添加AP的mac到AP Policies即可。
首先show version获取AP的mac地址
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: D4:D7:48:6D:F0:E0
Part Number : 73-13538-01
PCA Assembly Number : 800-31224-01
PCA Revision Number : 03
PCB Serial Number : FOC15491L54
Top Assembly Part Number : 800-34851-02
Top Assembly Serial Number : FTX1542P367
Top Revision Number : A0
Product/Model Number : AIR-CAP1552E-A-K9
然后按照下图添加mac地址,就可以了。
添加之后检查该AP是否注册上控制器。
在AP上看到日志如下,显然已经注册成功了。
*Jun 1 07:02:23.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 07:02:23.495: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.17.10.10 peer_port: 5246
*Jun 1 07:02:23.495: %CAPWAP-5-SENDJOIN: sending Join Request to 172.17.10.10
*Jun 1 07:02:24.395: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC5508
*Jun 1 07:02:24.519: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 1 07:02:24.863: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Jun 1 07:02:25.239: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 2 due to not using AES encryption or encryption is not disabled
*Jun 1 07:02:25.239: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 3 due to not using AES encryption or encryption is not disabled
*Jun 1 07:02:25.275: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun 1 07:02:25.283: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun 1 07:02:26.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 1 07:02:26.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun 1 07:02:26.303: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun 1 07:02:26.311: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun 1 07:02:26.319: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun 1 07:02:27.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun 1 07:02:27.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun 1 07:02:27.343: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun 1 07:02:28.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun 1 07:02:50.971: %CLEANAIR-6-STATE: Slot 0 enabled
*Jun 1 07:02:52.763: %CLEANAIR-6-STATE: Slot 1 enabled
控制器上再次检查,可以看到,已经注册成功了。
标签: AP注册不上控制器
相关文章
