Configure NTP / MANUAL Time on WLC
Tuesday, December 22, 2009 at 1:00AM
George

Did you know if you don’t set the time on a WLC it is very likely your access points won't join your WLC. Why do you ask!?  LWAPP/CAPWAP access points contain certificates. If your controller's time is set outside of the access points certificate validity they wont join the WLC.

You can check your access points certificate validity with the following command from the AP CLI. A lot of information will be displayed with this syntax. You are interested in the section that states "Certificate". You need to insure your WLC time is set within the APs validity time frame.

(Cisco Controller) >show crypto ca certificates

Certificate
  Status: Available

  Certificate Serial Number: 3BC24B9600000012211221
  Certificate Usage: General Purpose
  Issuer:
  cn=Cisco Manufacturing CA
  o=Cisco Systems

  Subject:
   Name: C1130-001c58734445
   ea=support@cisco.com
   cn=C1130-001c58734445
   o=Cisco Systems
    l=San Jose
   st=California
     c=US

  CRL Distribution Points:

    http://www.cisco.com/security/pki/crl/cmca.crl

  Validity Date:

    start date: 12:56:31 UTC Jun 30 2007
    end   date: 13:06:31 UTC Jun 30 2017
    Associated Trustpoints: Cisco_IOS_MIC_cert

 

Lets set the time on the WLC. You can set the time manually which is locally stored on the WLC or via NTP server.

(Cisco Controller) >config time ?

manual         Configures the system time.
ntp               Configures the Network Time Protocol.
timezone      Configures the system's timezone

Lets look at the manual config:

(Cisco Controller) >config time manual ?
(Cisco Controller) >config time manual <MM/DD/YY> <HH:MM:SS>
(Cisco Controller) >config time manual 12/21/09 23:30:00

Lets now look at the NTP config:

(Cisco Controller) >config time ntp ?
interval       Configures the Network Time Protocol Polling Interval.
server         Configures the Network Time Protocol Servers. 

<Interval> is the polling interval the WLC will sync with the NTP server - between 3600 and 604800 (in seconds).
<Server> is the NTP server ip address. You also can index the NTP servers. By this it means you can add multple servers.

(Cisco Controller) >config time ntp server <index> <ip address>
(Cisco Controller) >config time ntp server 1 192.168.1.1 

Note: If you want to delete your NTP entry use 0.0.0.0 as your IP address.

The last part of the config is to set the time zone

Article originally appeared on my80211.com (http://www.my80211.com/).
See website for complete article licensing information.