BugZero | Cisco BugID CSCvy30606 - Catalyst 17.x fails to update sdn-network-infra-iw...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us
Legal

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCvy30606 - Catalyst 17.x fails to update sdn-network-infra-iw...

ODD
Cisco
CSCvy30606

Cisco - Defect ID: CSCvy30606

Catalyst 17.x fails to update sdn-network-infra-iwan key after 1 year

ODD
Cisco
CSCvy30606

Cisco - Defect ID: CSCvy30606

Catalyst 17.x fails to update sdn-network-infra-iwan key after 1 year

Last updated on March 13th, 2026

BugZero Risk Score
8.0 High

Overall: 8.0

Severity: 8.2

Lifecycle: 9.1

Popularity: 6.9

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Views: 23

Description

Symptom

A wireless LAN controller stops sending telemetry data to Cisco DNA Center, so Assurance stops plotting health. "Show telemetry internal connection" will show the connection stuck in Connecting state.

Conditions

This applies to Catalyst 9800 controllers. This problem occurs exactly one year from the date that the wireless LAN controller is added to the site in Cisco DNA Center. The following syslog message confirms the problem: Aug 18 02:19:05.640: %PKI-3-KEY_CMP_MISMATCH: Key in the certificate and stored key does not match for Trustpoint-sdn-network-infra-iwan.

Workaround

Do the following to reconfigure the certificate: 1. In the Cisco DNA Center GUI, choose Provision > Network Devices > Inventory. 2. Choose the device and from the Actions drop-down list, choose Telemetry > Update Telemetry Settings. 3. In the Update Telemetry Settings window, do the following: a. Check the Force Configuration Push check box to push the configuration changes to the device. b. Click Next. c. Click the Now radio button. d. Click Apply. 4. Wait 5-10 minutes for connection to reestablish. "show telemetry internal connection" will show the state change from Connecting to Active.

Further Problem Description

This issue occurs during PKI key rollover. PKI will name the new key to be 'keyname#' then rollover to using that key by deleting key 'keyname' and renaming 'keyname#' to 'keyname'. However SKA was never given rename capabilities so it leaves SKA with the old key. Adding this defect will fix the issue at next rollover but to remidy the issue a reload is required.

Change history

2026-01-06 Added: 17.3.2

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.3.2

Fixed versions: 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.2, 17.12.2a, 17.12.3, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, Bengaluru-17.6.2

Relevant Products

Click on a version to see all relevant bugs

Affected versions:17.3.2

Fixed versions: 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.2, 17.12.2a, 17.12.3, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.6.1, 17.6.1a, 17.6.1w, 17.6.1x, 17.6.1y, 17.6.1z, 17.6.1z1, 17.6.2, 17.6.3, 17.6.3a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.7.1, 17.7.1a, 17.7.1b, 17.7.2, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, Bengaluru-17.6.2

Top Cisco Defects

9.7Defect ID: CSCws52722
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
9.7Defect ID: CSCvm90995
ASR1000-RP2: Rommon fails to boot Cisco IOS software of 1GB size
9.7Defect ID: CSCvw95683
Catalyst 1000 Switch may exhibit random Crash/Hang/Silent-Reload.
9.7Defect ID: CSCvz07394
2960X Stack may observe hang/freeze of member switches or complete stack.
9.7Defect ID: CSCwa82553
ISE 3.1 default route is on the incorrect interface if bonding is configured

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise