Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 8500 WLC 3600/3700 AP DTLS ERRORS

Anyone deployed a 8500 and running into issues with 3600/3700 APs joining the WLC? WLC is connected to a nexus 5K via two 10GB ports. See  AP errors below...

 

*May 15 14:29:46.743: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*May 15 14:29:52.671: %CAPWAP-3-ERRORLOG: Selected MWAR 'WLC IP'(index 0).
*May 15 14:29:52.671: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 15 14:31:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X.X peer_port: 5246
*May 15 14:31:53.007: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:90 First fragment for seq 2 is missing
*May 15 14:32:23.015: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
*May 15 14:32:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.x.x.x:5246
*May 15 14:32:52.999: %CAPWAP-3-ERRORLOG: Selected MWAR '10.X.X.X'(index 0).
*May 15 14:32:52.999: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*May 15 14:31:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.X.X.X peer_port: 5246
*May 15 14:31:53.007: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:90 First fragment for seq 2 is missing
*May 15 14:32:23.015: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2176 Max retransmission count reached!
*May 15 14:32:52.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.X.X.X

 

1 REPLY
Bronze

Hello,That's a Bug.AP join

Hello,

That's a Bug.

AP join fails with path MTU = 500
CSCul08933
Symptom:
A lightweight AP fails to join its WLC, although it can ping the WLC. The AP console shows the following errors:

*Oct 28 23:27:36.057: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Oct 28 23:27:38.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.200.30 peer_port: 5246
*Oct 28 23:27:38.123: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:90 First fragment for seq 2 is missing
*Oct 28 23:27:38.124: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_handshake.c:90 First fragment for seq 2 is missing
*Oct 28 23:28:08.119: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2134 Max retransmission count reached!
*Oct 28 23:28:37.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.200.30:5246

Conditions:
The IPv4 path between the WLC and the AP has an MTU of less than 576 (for example, 500.)

Workaround:
Redesign the network path between the AP and the WLC to have an MTU of at least 576.

Further Problem Description:
The CUWN design standard is to support lightweight APs joining via a network path of 500 bytes.

 

Hope that helps.

171
Views
0
Helpful
1
Replies
CreatePlease to create content