Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DTLS-3-HANDSHAKE_FAILURE

I have a remote site with 2 AIR 2602i APs that were working up until a few days ago.  One AP still connects fine but the second will not connect and keeps generating this error:

 

*spamApTask3: Sep 18 10:16:09.249: #DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:687 Failed to complete DTLS handshake with peer 970200748.0.144.127 for AP 97:cc:79:13b0b000:10507114:13040000

 

I have powered off and on both APs several times but still keep getting the same problem.  Both APs are getting their config from DHCP and as part of that, a timesource.  I can see traffic back and forth to/from both APs. 

 

Any ideas on what the cause could be?

 

2504 WLC with free licenses on 7.6.120.0

 

 

2 REPLIES

Are the regulatory domains of

  • Are the regulatory domains of the access-points the same?
  • Has the other access-point been connected to an other WLC in the past?
    • If so please do a "test capwap erase" and a "test capwap restart" on the access-point (those are "hidden" commands).
  • If that still does not help the process, please post the output for the following commands on the WLC while the access-point is trying to join:
    • debug capwap events enable
    • debug capwap error enable
    • debug pm pki enable
    • debug disable-all (to turn of the debugs)

Also include all console information of a access-point while it is booting and trying to join the WLC.

New Member

Thank you very much for the

Thank you very much for the reply. I opened a TAC case and they identified an openssh bug in .120 and suggested to go to .130. This did solve the handshake issue, at least for now, but introduced a couple other issues that I may post about in another thread. Thanks for the help.
668
Views
0
Helpful
2
Replies
CreatePlease login to create content