Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP Cannot Attach to WLC In Particular Conditions

Hello,

I am struggling since many weeks for an issue in my Wireless infrastructure.

I have an LAP (1242AG) in one B site that I would like to attach (in H-REAP mode) to the WLC of site A(5508 v6.0.199.4). The topology is as follows:

MPLS - Site A - MAN - Site B.

When Site A is fully connected, all is fine, my AP of site B can successfully join the WLC of site A.

However, when the WAN interface of the router of site A is disconnected, the AP cannot associate successfully to the WLC. For us, it does not make any sense during that time, the AP of site B can successfully ping the WLC of site A and the traceroutes show the exact same path.

I took some debug on the AP and the WLC while the AP's was trying to associate to the WLC (when the WAN link of Site A was disconnected) and also when the AP could successfuly join the WLC when the WAN link of site A was reconnected.

Could anyone help me finding out what could be wrong ? I attached the debug log.

Thanks a lot !

With my best regards,

David

Everyone's tags (2)
7 REPLIES

Re: AP Cannot Attach to WLC In Particular Conditions

David: can you plz put a more clear logical graph about sites, apsand wlcs connectivity?

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
New Member

Re: AP Cannot Attach to WLC In Particular Conditions

Hello,

I will try to draw something understandable quickly. But in the meantime, we have redone tests and I could observe the following error messages in the WLC:


*May 31 09:23:29.115: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:2171 Failed to complete DTLS handshake with peer 10.35.67.137

The IP 10.35.67.137 is the IP of my access points which is not able to associate.

Does this message help you identify where the problem may come from ?

Thanks a lot,

David

Re: AP Cannot Attach to WLC In Particular Conditions

Hello,

The msg tells taht there is DTLS issue while initiating CAPWAP tunnel between WLC and AP but it does not tell the exact reason.

If time on WLC is not correct this could happen. If the certificate on the AP is not correct this could also possibly happen.

Is your AP.

Try the command (on WLC):

show ap join stats detailed 

What does it tell?

If you can provide AP console output that will be great.

Also, you can issue debugs on WLC:

debug mac addr

debug capwap events enable

debug capwap errors enable

debug pm pki enable

This tells a lot about the join process.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Re: AP Cannot Attach to WLC In Particular Conditions

Hello,

Please find attached the topology.

The command "show ap join stats detailed " returns the following:

Discovery phase statistics
- Discovery requests received.............................. 122
- Successful discovery responses sent...................... 61
- Unsuccessful discovery request processing................ 5
- Reason for last unsuccessful discovery attempt........... Discarding LWAPP Dis                                                                                        covery Request from AP Since entry exists in CAPWAP
- Time at last successful discovery attempt................ Jun 03 06:03:26.960
- Time at last unsuccessful discovery attempt.............. Jun 01 12:46:45.186

Join phase statistics
- Join requests received................................... 10
- Successful join responses sent........................... 10
- Unsuccessful join request processing..................... 0
- Reason for last unsuccessful join attempt................ Not applicable
- Time at last successful join attempt..................... Jun 03 06:03:39.002
- Time at last unsuccessful join attempt................... Not applicable

Configuration phase statistics
- Configuration requests received.......................... 30
- Successful configuration responses sent.................. 10
- Unsuccessful configuration request processing............ 0
- Reason for last unsuccessful configuration attempt....... Not applicable
- Time at last successful configuration attempt............ Jun 03 06:03:39.352

--More-- or (q)uit
- Time at last unsuccessful configuration attempt.......... Not applicable

Last AP message decryption failure details
- Reason for last message decryption failure............... Not applicable

Last AP disconnect details
- Reason for last AP connection failure.................... Number of message retransmission to the AP has reached maximum

Last join error summary
- Type of error that occurred last......................... AP got or has been disconnected
- Reason for error that occurred last...................... Number of message retransmission to the AP has reached maximum
- Time at which the last join error occurred............... Jun 03 05:57:37.491
Ethernet Mac : e8:b7:48:98:5b:32  Ip Address : 10.35.67.137

The debug file I posted at the beginning of the thread already contains the debug "capwap events enable". Should I do another test with the the other debugs enabled ?

Thanks a lot

Re: AP Cannot Attach to WLC In Particular Conditions

Hello David,

Thanks for the description.

From which WLC you collected the output command?

Do all WLCs have same version and configured with same configuration?

Are all WLCs on same mobility group?

I looked into the attached debugs but I could not find anything. possibly because I don't know for which WLCs the debugs belong.

Is the AP configured with primary, secondory and tertiary controllers? If yes what WLCs configured for the AP? all of them?

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Re: AP Cannot Attach to WLC In Particular Conditions

Hello,

The WLC I collected the command is the WLCA, which is the one on which the AP cannot associate if the Dash-blue link is down.

WLCA and WLCC are running the same version and have the same configuration.

However, WLCA and WLCC are not in the same mobility group.

Currently, the AP is configured to be have a primary WLC being WLCC (because, in case the dash blue link goes down and if the AP is attached to WLCA, it will disassociates, which will have an impact).

During the tests we did recently, we manually cut the dash-blue link and put a primary WLC to be WLCA and I observed the logs on WLCA as given at the first post.

David

New Member

Re: AP Cannot Attach to WLC In Particular Conditions

please check, capwap-ports 5246 and 5247 between siteA-man-siteB.

Acls, Firewalls,...

Sent from Cisco Technical Support iPad App

1912
Views
0
Helpful
7
Replies
CreatePlease login to create content