欢迎来访~

AP注册不上控制器- DTLS_CLIENT_ERROR

今天1个AP出现注册不上控制器的情况,随手记一下。
日志提示 DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x306C3AC is already there for this server port 5246, Deleting it. Number of connections: 1
检查AP的配置,证书时间等均是正确的,重启AP问题依旧。
完整日志如下:
*Jun  1 06:53:52.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 06:53:52.511: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 06:53:52.511: %CAPWAP-5-SENDJOIN: sending Join Request to 172.17.10.10
*Jun  1 06:53:52.523: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
*Jun  1 06:54:02.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 06:54:01.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 06:54:01.000: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:224 Connection 0x306C3AC is already there for this server port 5246, Deleting it. Number of connections: 1
*Jun  1 06:54:01.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
*Jun  1 06:54:01.011: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:929 Unexpected message received while expecting HelloVerifyRequest
*Jun  1 06:54:01.011: %DTLS-5-SEND_ALERT: Send FATAL : Unexpected message Alert to 172.17.10.105246
*Jun  1 06:54:01.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.17.10.10:5246
 

原因分析

由于该AP是Root AP,想到可能是mac地址没有自动加入AP Policies,因此去搜索了一下,果然没有添加这个mac,原因找到。

解决方法

添加AP的mac到AP Policies即可。
 
首先show version获取AP的mac地址
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: D4:D7:48:6D:F0:E0
Part Number                          : 73-13538-01
PCA Assembly Number                  : 800-31224-01
PCA Revision Number                  : 03
PCB Serial Number                    : FOC15491L54
Top Assembly Part Number             : 800-34851-02
Top Assembly Serial Number           : FTX1542P367
Top Revision Number                  : A0
Product/Model Number                 : AIR-CAP1552E-A-K9   
然后按照下图添加mac地址,就可以了。
 
 
添加之后检查该AP是否注册上控制器。
在AP上看到日志如下,显然已经注册成功了。
*Jun  1 07:02:23.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 07:02:23.495: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.17.10.10 peer_port: 5246
*Jun  1 07:02:23.495: %CAPWAP-5-SENDJOIN: sending Join Request to 172.17.10.10
*Jun  1 07:02:24.395: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WLC5508
*Jun  1 07:02:24.519: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun  1 07:02:24.863: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Jun  1 07:02:25.239: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 2 due to not using AES encryption or encryption is not disabled
*Jun  1 07:02:25.239: %DOT11-4-NO_HT: Interface Dot11Radio0, Mcs rates disabled on vlan 3 due to not using AES encryption or encryption is not disabled
*Jun  1 07:02:25.275: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jun  1 07:02:25.283: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jun  1 07:02:26.263: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun  1 07:02:26.275: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jun  1 07:02:26.303: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jun  1 07:02:26.311: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jun  1 07:02:26.319: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jun  1 07:02:27.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jun  1 07:02:27.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jun  1 07:02:27.343: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jun  1 07:02:28.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jun  1 07:02:50.971: %CLEANAIR-6-STATE: Slot 0 enabled
*Jun  1 07:02:52.763: %CLEANAIR-6-STATE: Slot 1 enabled
 
控制器上再次检查,可以看到,已经注册成功了。
 
 
赞(4)
可附来源转载:姜维驿站 » AP注册不上控制器- DTLS_CLIENT_ERROR

富强、民主、文明、和谐、自由、平等、公正、法治、爱国、敬业、诚信、友善