LAP1142N do not join a WLC4402 using CAPWAP over WAN link

Unanswered Question
Feb 26th, 2009

We have a WLC4402 with FW At the WLC site LAP1142N have no problems to join the WLC. This might be a prove to have a CAPWAP enabled image.

00:1c:f6:XX:XX:XX.......................................... Joined (1131)

00:1d:45:XX:XX:XX.......................................... Joined (1242 H-REAP)

00:22:90:XX:XX:XX.......................................... Joined (1142 on WLC site)

The LAP1142N comes out of the box. In the branch site we've a DSL WAN link with IP-Tunnel between 2 2800 Series ISR. There are no access lists which may block CAPWAP. A LAP1242AG has joined immediately without any problems.

On the access point console I get these informations:


*Mar 1 01:19:07.057: CAPWAP Control mesg Sent to 192.168.X.X, Port 5246

*Mar 1 01:19:07.057: Msg Type : CAPWAP_DISCOVERY_REQUEST

*Mar 1 01:19:07.057: Msg Length : 29

*Mar 1 01:19:07.057: Msg SeqNum : 0

*Mar 1 01:19:07.057: CAPWAP Control mesg Sent to, Port 5246

*Mar 1 01:19:07.057: Msg Type : CAPWAP_DISCOVERY_REQUEST

*Mar 1 01:19:07.057: Msg Length : 29

*Mar 1 01:19:07.057: Msg SeqNum : 0

The WLC has been discovered and the packets will be sent to the correct IP address.

On the WLC I see following errors in debug:


*Feb 26 15:14:00.371: 00:22:90:XX:XX:XX AP not registering with BASE MAC.

*Feb 26 15:14:00.371: Failed to parse CAPWAP packet from 192.168.X.X:2331

*Feb 26 15:14:00.371: Failed to process packet from 192.168.X.X:2331

Now I run out of ideas about this problem.

Kind regards


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Leo Laohoo Thu, 02/26/2009 - 14:43

Console into the AP and type the following commands:

lwapp ap controller ip add

thomaslegler Fri, 03/13/2009 - 08:51

Thanks for your answer. Unfortunately this is no solution.

The access point comes out of the box. When it starts, the controller could be found via DNS query. The controller has been contacted but the controller is unable to parse the received frame header.

Because the frame is really small I don't believe in an MTU problem.

Moreover the command is not possible to give. It responds an error. I attempt it several times.

dennischolmes Fri, 03/13/2009 - 12:02

Are you using a firewall? If you are the old UDP ports for LWAPP are no longer valid. 12222 and 12223 will no longer need to be open. You need 5246 for control and 5247 for data to be open in your firewalls.

rseiler Fri, 03/13/2009 - 18:18

Do you have the clock set on the controller? Are you using NTP on the controller?

I'm assuming you have firewall policy/ACLs to permit the CAPWAP protocol vs LWAPP.

The last item to check is when you say DSL and WAN link, what does that mean? Is this a VPN link over the Internet?

Are you using a VPN tunnel? What is an "IP-tunnel" you refer to? GRE/IP? IPSEC?

What is the config of the DSL? ATM or PPPoE?

This may be an IP MTU issue. Try the 'ip tcp mss-adjust 1380' command on the *inside* LAN interface on both ends of the connection.

Leo Laohoo Sun, 03/15/2009 - 18:36

Ok then. Connect your 1142 into the same LAN segment with your WLC and prime it.

If there no WLC at the branch site, are you using H-REAP?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode