Default DTLS passphrase is in use AP230

  • 1
  • Question
  • Updated 3 years ago

We just bought 20 AP's with our school and the first 6 new AP230's we installed give an major alarm after we pushed a new config to the AP's.

"Default DTLS passphrase is in use. Push a complete config to update the passphrase automatically, or set it manually and push a complete or delta config."

I have tried everything: reboot, set to default en do it over again, reset the password but nothing works.... We stil have an orange 'major' alarm.

Has anyone an idea to fix this problem?

We are waithing for a solution before we use the other new AP's...


Photo of Davy Temmerman

Davy Temmerman

  • 5 Posts
  • 0 Reply Likes
  • frustrated

Posted 3 years ago

  • 1
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Davy, 
Have you created a new passphrase in HiveManager? Navigate to Home, Administration, HiveManager Services, and check the CAPWAP Server settings to change the passphase. Then you should be able to push complete configs to your APs and clear the alarms.

Best,
BJ 

Photo of Davy Temmerman

Davy Temmerman

  • 5 Posts
  • 0 Reply Likes

Hi BJ


Unfortunally I don't have that option in my Hivemanager so I can't change this option. I have already reset the passphrase on the AP but that could not solve my problem. ..

Do you have other suggestions?


Many Thanks!
Davy

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Hi Davy,

Are you sure that you actually have a problem and it's not something cosmetic?

Have you moved the AP to be in the correct Network Policy?

That alarm will be shown when you first connect an AP as it uses the default passphrase to get a CAPWAP connection to HiveManager.

When you upload and activate the configuration, it should change to using a different, unique passphrase.

If you SSH to an affected AP and run the following command:
show running-config | include capwap

Do you get a line saying:

capwap client dtls hm-defined-passphrase *** key-id 1

If so, the warning is stale and you don't need to worry about it and can delete it.

Nick

(Edited)
Photo of Davy Temmerman

Davy Temmerman

  • 5 Posts
  • 0 Reply Likes

Hi Nick

I have never tried contacting our AP's via SSH. Where can I find the password of root to contact my AP's via SSH?

Thanks for the help!

Davy

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Go to Home >> Device Management Settings >> Other Global Settings and retrieve or set a Device Password.

You will need to upload the configuration to the APs if you change it.

The username for SSH access is admin.
(Edited)
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You could also avoid using SSH by doing:


...And look for the capwap command that specifies the passphrase.
(Edited)
Photo of Davy Temmerman

Davy Temmerman

  • 5 Posts
  • 0 Reply Likes

It's weird i can't login into the devices. I tried our other AP's who are AP330 and there I can connect to the AP's with SSH and the same password...

Thanks for the tip ! I thought that the username was root.

Photo of Davy Temmerman

Davy Temmerman

  • 5 Posts
  • 0 Reply Likes

Found the solution!

The switch where the AP was connected to was not oke! He had the wrong VLANS and smartport was not disabled in the Cisco-switch. Now it's oké!

Thanks for all the help!

Photo of Piri

Piri

  • 1 Post
  • 0 Reply Likes
I am new to Aerohive and recently began turning up my AP's.  I have a HMOL configuration running in ENT mode and was having this issue right off the bat.  After much troubleshooting realized the SSID/VLAN configurations were causing the issue.  I set the VLAN's up correct to match my switch configurations (I have a MGMT VLAN/Subnet along with client side VLAN's/Subnets) and once those were lined up the errors stopped and everything is green.

I've done some work with Aerohive before but had everything on the network lined up before we even began unboxing.  In my most recent situation I was not so lucky to be able to preplan and preconfig everything as much.  Hope this might save someone a few days of frustration.