Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Connect Cisco lwapp to Controller in DMZ ?

hi,

i have lwapp 1130 in internal network , i already configure dhcp with option 43, in my switch connected to ap i set vlan 1424 for management AP and the ap got ip addres from dhcp server. The wlc controller is in DMZ with ip 10.222.5.3, from switch connected to ap i can ping 10.222.5.3 , it aslo seperated by cisco asa firewall, i already set allow from 0.0.0.0 to 10.222.5.3 udp port 5246-5247 and 12222-12223.

but i dont see my lwapp join the controller

thx

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Connect Cisco lwapp to Controller in DMZ ?

Salam Ibrahim,

You can collect the following to isolate:

-From AP: Console output.

- From WLC:

   >debug capwap events enable

   >debug capwap errors enable

If your DHCP is behind the firewall then make sure to allow dhcp traffic on the ACL.

Make sure your option 43 configuration is correct.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
4 REPLIES

Connect Cisco lwapp to Controller in DMZ ?

Salam Ibrahim,

You can collect the following to isolate:

-From AP: Console output.

- From WLC:

   >debug capwap events enable

   >debug capwap errors enable

If your DHCP is behind the firewall then make sure to allow dhcp traffic on the ACL.

Make sure your option 43 configuration is correct.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"
Hall of Fame Super Silver

Re: Connect Cisco lwapp to Controller in DMZ ?

You can console into that LAP and issue: capwap ap controller ip address 10.222.5.3

If something is blocking, your ap will not join. Also the output from the console will tell you some good info also.

Why do you have the wlc in the dmz?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Connect Cisco lwapp to Controller in DMZ ?

This is the error from lwapp

*Aug  8 05:23:26.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip:

10.222.5.2

peer_port: 5246

*Aug  8 05:23:26.001: %CAPWAP-5-CHANGED: CAPWAP changed state to 

*Aug  8 05:23:48.209: %CDP_PD-4-POWER_OK: Full power - NON_CISCO-NO_CDP_RECEIVED inline power source

*Aug  8 05:23:48.248: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Aug  8 05:23:48.286: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Aug  8 05:23:49.209: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up

*Aug  8 05:23:49.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

*Aug  8 05:23:56.001: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!

*Aug  8 05:23:56.001: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for

10.222.5.2

is reached.

*Aug  8 05:24:25.999: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to

10.222.5.2

:5246

suddenly i realize i set the wrong wlc controller management and routing and some acl, the lwapp contact wlc ip

10.222.5.2 but is set in the network and dhcp 10.222.5.3. now it works

thx

Re: Connect Cisco lwapp to Controller in DMZ ?

Glad that it is now working

Rating useful replies is more useful than saying "Thank you"
488
Views
0
Helpful
4
Replies
CreatePlease login to create content