The ports which you have enabled is fine but I believe your AP and WLC are in different subnets correct? If yes then they will not be able to join till the time we return management ip address of WLC to the AP via option 43 configured on DHCP server.
If AP and WLC are in same subnet then they can send a layer 2 broadcast and can get the WLC management ip address and would have joined.
Or another option available is connect the AP to management vlan of WLC so that it can join the controller being in same subnet and then management ip address of controller will be saved in NVRAM of AP and then you can bring the AP into another subnet and if AP has a route from that subnet to management vlan it will join controller.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...