My firewall admin was asking me why UDP port 12223 and UDP port 5246 to broadcast (255.255.255.255) keep showing up as top blocked ports from my AP VLAN, I have not figured this out myself, maybe someone here knows?
I have the following setup
1142APs < - - > Firewall < - - > WLC 5508
Why does all my APs keep sending out broadcast messages on both CAPWAP and LWAPP ports even after they have successfully associated with the controller?
in the firewall
(SRC: <my AP subnet>, DST: <WLC IP> allow port 5246&5247)
My setup works quite well, I do not have any connectivity issues, the AP's get a DHCP address, then successfully resolve CISCO_CAPWAP_CONTROLLER from my DNS server, connect to the WLC5508 controller, is up and running fine.
it is a layer 3 setup with my firewall routing the requests to my WLC,
According to the cisco documentation I have been using, only CAPWAP ports have been opened from the APs to the controller.
PS: using WLC 5508 with 188.8.131.52 software version