broadcast LWAPP UDP port 12223 still seen in FW from 1142 APs running CAPWAP

Unanswered Question
Aug 24th, 2010
User Badges:


My firewall admin was asking me why UDP port 12223 and UDP port 5246 to broadcast ( keep showing up as top blocked ports from my AP VLAN, I have not figured this out myself, maybe someone here knows?

I have the following setup

1142APs < - - > Firewall < - - > WLC 5508

Why does all my APs keep sending out broadcast messages on both CAPWAP and LWAPP ports even after they have successfully associated with the controller?

in the firewall

(SRC: <my AP subnet>, DST: <WLC IP> allow port 5246&5247)

My setup works quite well, I do not have any connectivity issues, the AP's get a DHCP address, then successfully resolve CISCO_CAPWAP_CONTROLLER from my DNS server, connect to the WLC5508 controller, is up and running fine.

it is a layer 3 setup with my firewall routing the requests to my WLC,

According to the cisco documentation I have been using, only CAPWAP ports have been opened from the APs to the controller.



PS: using WLC 5508 with software version

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
dancampb Tue, 08/24/2010 - 05:52
User Badges:
  • Cisco Employee,

They would send both a LWAPP and CAPWAP discovery request even though they couldn't join a LWAPP controller.  Bug CSCtd19605 was filed so that the 1140's wouldn't send a LWAPP discovery request.

larsaschim Wed, 08/25/2010 - 23:14
User Badges:

I found the solution to this problem. My APs were associated with my controller, but the AP provisioning profile did not have the IP and hostname to the primary controller set in the configuration. I did not know this was necessary since I have only one controller in my setup.

Maybe this can help others with the same issue


larsaschim Wed, 08/25/2010 - 23:51
User Badges:

I understand that when in the process of associating with the controller, I would see this traffic. However, I was seeing this traffic on a regular basis, several weeks after all my APs had successfully associated with my controller via layer 3 CAPWAP




This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode