I built a test environment with 2 APs (1142 and 1252) and 2 4402 WLCs.
I configured them for failover.
The APs join the 1st one and work fine.
After a couple of simulated fails (cable disconnects) though, the APs cannot join any of the WLCs any more.
I get the following error at the APs:
*Aug 14 10:26:10.000: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!
*Aug 14 10:26:10.000: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 192.168.33.22 is reached.
Does anyone know what could cause this?
After I reboot the APs, they work fine again.
Good research man! A little about CAPWAP though. CAPWAP on the 4400, 2100, WiSM, 3750, and ISR series controllers replace LWAPP as the encrypted transport for the AP management traffic only. This is achieved in a DTLS tunnel. All client traffic is still sent in the clear. With a 5500 series controller ALL traffic is sent in the DTLS tunnel. This includes AP management and client traffic and is the most powerful form of CAPWAP security but also the most processor and memory intensive and as such is the reason that the 5508 only can at this time support it. The 5508 can be set to perform just like an older series controller and thus reduce the hardware resources load on the controller as an option. This is generally how I configure the controller as I don't worry too much unless I am in a very secure environment about traffic on the copper cables. I assume that a good IPS box exists on the physical plant to protect incursions.
As for your rating your own post, I know this is a big problem with this new format. Just pick the answer that makes you the happiest of all and the post will show as solved. When a viewer researches your problem they will still show it as solved.