Cisco 2106 and LAP1142 wierdness.

Setting up a real Wireless network for a charity I decided to leverage the used Cisco gear out there.  I got a nice 2106 WLC and a few LAP1142's for cheap that will serve them nicely.    Get everything installed and the AP never ever shows up.   so I take one down,  connect the serial cable and power it on the network.   It starts complaining about expired keys.   All kinds of searching the Cisco forums and there is no answer except for the default "your time is wrong" comment that is actually useless because LAP's and a WLC don't care what time it is.

So I dig for a few hours and discover that Cisco had a bug in their firmware.  The certs they bake in are only 10 years of life and will self explode to encourage people to replace gear.   Thanks, cisco.   The problem is you can't just set the time back if someone EVER updated the WLC it freaks out about the LAP's certs.

I found an answer.

in the WLC console enter the following command.

config ap lifetime-check mic enable

then blow out the NTP server settings and set the date to 1/1/10 at 01:01:01

now power cycle the LAP's.   they will pull the firmware update from the WLC.   WLC needs to be at at a minimum becasue that is when Cisco extended the cert to 2020.   Gee thanks Cisco.

Honestly, I would set the time at a correct date and time but keep it 10 years out of date to avoid the "make them buy new gear" timebomb they decided to add to the equipment.

Also if you are setting up a simple "guest network"   you can make these act like standard consumer wifi by going in the WLAN security and setting it to WPA/WPA2  security is WPA2  then set the auth to psk psk format ascii and then enter the phrase the customer wants.   This works great for a WLAN attached to a VLAN that is only allowed internet access or goes to a captive portal like you use for hotels.