AP join to AP-Manger IP

Unanswered Question
Aug 12th, 2009
User Badges:

Hi all:

i meet a problem is that all my lightweight ap join the controller with AP-Manager IP but i pretty sure the DNS a record is point to the management ip of controller ,not the AP-Manager IP.

The log show as below :

*Aug 11 19:11:12.470: %CAPWAP-3-ERRORLOG: Go join a capwap controller

*Aug 11 19:11:12.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: peer_port: 5246

*Aug 11 19:11:13.402: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: peer_port: 5246

*Aug 11 19:11:13.403: %CAPWAP-5-SENDJOIN: sending Join Request to

*Aug 11 19:11:13.403: %CAPWAP-5-CHANGED: CAPWAP changed state to JOIN

*Aug 11 19:11:13.408: %DTLS-5-ALERT: Received WARNING : Close notify alert from

*Aug 11 19:11:13.408: %DTLS-5-PEER_DISCONNECT: Peer has closed connection.


Please help to verify and let me know what's the problem here, thanks a lot!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dancampb Wed, 08/12/2009 - 04:37
User Badges:
  • Cisco Employee,

That is the correct behavior. The AP sends a discovery request to the management interface of the controller. The controller responds with all of the ap-manager interfaces. The AP picks the best one and sends the join request to the ap-manager to build the LWAPP tunnel. It is done this way because depending if you are running LAG or not you could have multiple ap-manager interfaces configured.

samuelwai Wed, 08/12/2009 - 17:40
User Badges:

Hi dancampb :

Many thx for your message , i am clearly now. But My controller still close the AP join request by the error log as below :

*Aug 11 20:01:01.289: Join resp: Unable to encode CAPWAP Control IPV4 Address

*Aug 11 20:01:01.289: 00:21:d8:44:29:b0 Failed to encode Join response to 172.16


*Aug 11 20:01:01.290: 00:21:d8:44:29:b0 Config Response Failure: Unable to send

Join response to

*Aug 11 20:01:01.292: 00:21:d8:44:29:b0 State machine handler: Failed to process

msg type = 3 state = 0 from

*Aug 11 20:01:01.292: Failed to process CAPWAP packet from

*Aug 11 20:01:01.292: Failed to process packet from

*Aug 11 20:01:01.295: Discarding non-ClientHello Handshake OR DTLS encrypted pac

ket from DTLS session is not established


Many thx for all of your help , Please help to see the error in my WLC and i attach the capwap log file from WCL.

Scott Fella Thu, 08/13/2009 - 06:29
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Console into the AP and apply this command below. It will make it join the WLC and quickly reboot. See if this works

test capwap controller ip x.x.x.x

samuelwai Thu, 08/13/2009 - 16:00
User Badges:

hi fella5 :

As i have 100 more Lightweight AP , Any method i can make ap join wcl without console ?

i console to one AP and i can see the ap ip address , gateway , controller ip is correct and controller ip point to controller management ip address. Would you mind let me know i also need to use your command or not ?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode