Guest

Preview Tool

Cisco Bug: CSCur50946 - APs mfg in Aug./Sept./Oct. 2014 unable to join an IOS-XE controller

Last Modified

Jun 04, 2018

Products (1)

  • Cisco 5700 Series Wireless LAN Controllers

Known Affected Releases

10.2(102.0)

Description (partial)

Symptom:An access point manufactured in August, September or October, 2014, may be unable to join an IOS-XE controller.
AP console logs at the time will look similar to the following:

*Oct 16 12:39:06.231: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Oct 16 13:14:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.255.4.3 peer_port: 5246Peer certificate verification failed FFFFFFFF

*Oct 16 13:14:56.127: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:496 Certificate verified failed!
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.255.4.3:5246
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.255.4.3:5246

Conditions:AP was manufactured in August, September or October of 2014.

IOS-XE controller/switch was manufactured in September of 2014, or later, and is running 3.6.0.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.