cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live- Understanding How Multicast Works with Cisco
1153
Views
5
Helpful
4
Replies

2504 WLC to AIR-CAP3602I-A-K9 will not connect DTLS_ERROR

AIR-CAP3602I-A-K9 -> Configured Country...US - United States
*09:22:23.335 UTC Thu Aug 1 2019 -> Time...Thu Aug 1 10:22:30 2019 Timezone location...(GMT)

The regulatory domain is good but time is another issue.

When ever I set the WLC time in http://192.168.170.70 @ MONITOR->Set time to match the AP, the AP automatically adjusts to 1 hour less.  So I set the time on the WLC with "config time manual 08/01/19 07:01:00" and the same thing happened, the AP auto-sets 1 hour before the WLC!!!!!...


Posted to the following commands:
1. AP: sh clock
1. AP: sh version
2. AP: sh ip interface brief
3. WLC: sh sysinfo;
4. WLC: sh time;

 

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.168.1)

*Aug 1 08:48:57.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.170.70 peer_port: 5246
*Aug 1 08:49:26.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x53DBEF8!

*Aug 1 08:49:56.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.170.70:5246
*Aug 1 08:49:57.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.170.70 peer_port: 5246
*Aug 1 08:50:26.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x53DBEF8!

*Aug 1 08:50:56.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.170.70:5246
*Aug 1 08:51:17.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.170.70 peer_port: 5246
*Aug 1 08:51:46.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x53DC140!

*Aug 1 08:52:16.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 192.168.170.70:5246
Not in Bound state.
*Aug 1 08:52:32.499: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Aug 1 08:52:37.623: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 192.168.170.32, mask 255.255.255.0, hostname AP6c41.6ab1.f923

Translating "CISCO-CAPWAP-CONTROLLER"...domain server (192.168.168.1)

 

AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#sh clock
*08:04:29.335 UTC Thu Aug 1 2019
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#sh ver
Cisco IOS Software, C3600 Software (AP3G2-K9W8-M), Version 15.3(3)JA8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Fri 22-Apr-16 05:48 by prod_rel_team

ROM: Bootstrap program is C3600 boot loader
BOOTLDR: C3600 Boot Loader (AP3G2-BOOT-M) LoaderVersion 12.4(23)JY, RELEASE SOFTWARE (fc1)

AP6c41.6ab1.f923 uptime is 1 hour, 31 minutes
System returned to ROM by power-on
System image file is "flash:/ap3g2-k9w8-mx.153-3.JA8/ap3g2-k9w8-xx.153-3.JA8"
Last reload reason:

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
--More--
*Aug 1 08:53:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.170.70 peer_agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco AIR-CAP3602I-A-K9 (PowerPC) processor (revision A0) with 188398K/60928K bytes of memory.
Processor board ID FTX1726GL82
PowerPC CPU at 800Mhz, revision number 0x2151
Last reset from power-on
LWAPP image version 8.0.133.0
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 6C:41:6A:B1:F9:23
Part Number : 73-14521-02
PCA Assembly Number : 800-37501-02
PCA Revision Number : A0
PCB Serial Number : FOC1719432G
Top Assembly Part Number : 800-35852-02
Top Assembly Serial Number : FTX1726GL82
Top Revision Number : C0
Product/Model Number : AIR-CAP3602I-A-K9

 

Configuration register is 0xF

AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#sh ip int br
Interface IP-Address OK? Method Status Protocol
BVI1 192.168.170.32 YES DHCP up up
Dot11Radio0 unassigned NO unset up up
Dot11Radio1 unassigned NO unset up up
GigabitEthernet0 unassigned NO unset up up
Virtual-WLAN0 unassigned NO unset up up
Virtual-WLAN0.1 unassigned NO unset up up
Virtual-WLAN0.2 unassigned NO unset up up
Virtual-WLAN0.3 unassigned NO unset up up
Virtual-WLAN0.4 unassigned NO unset up up
Virtual-WLAN0.5 unassigned NO unset up up
Virtual-WLAN0.6 unassigned NO unset up up
Virtual-WLAN0.7 unassigned NO unset up up
Virtual-WLAN0.8 unassigned NO unset up up
Virtual-WLAN0.9 unassigned NO unset up up
Virtual-WLAN0.10 unassigned NO unset up up
Virtual-WLAN0.11 unassigned NO unset up up
Virtual-WLAN0.12 unassigned NO unset up up
Virtual-WLAN0.13 unassigned NO unset up up
Virtual-WLAN0.14 unassigned NO unset up up
Virtual-WLAN0.15 unassigned NO unset up up
Virtual-WLAN0.16 unassigned NO unset up up
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#
AP6c41.6ab1.f923#


(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.5.135.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 20.0


OUI File Last Update Time........................ Sun Sep 07 10:44:07 IST 2014


Build Type....................................... DATA + WPS

System Name...................................... Cisco_70:12:45
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 192.168.170.70
IPv6 Address..................................... ::
Last Reset....................................... Software reset
System Up Time................................... 0 days 1 hrs 44 mins 43 secs
System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh

--More-- or (q)uit
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180

Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
External Temperature............................. +40 C
Fan Status....................................... 3800 rpm

State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0

OUI Classification Failure Count................. 0

Burned-in MAC Address............................ F0:78:16:70:12:40
Maximum number of APs supported.................. 75
System Nas-Id....................................
WLC MIC Certificate Types........................ SHA1/SHA2

(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show time

Time............................................. Thu Aug 1 09:54:16 2019

Timezone delta................................... 0:0
Timezone location................................ (GMT) London, Lisbon, Dublin, Edinburgh

NTP Servers
NTP Version.................................. 3
NTP Polling Interval......................... 600

Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ---------------------------------------------------------------------


(Cisco Controller) >?

clear Clear selected configuration elements.
config Configure switch options and settings.
cping Send capwap echo packets to a specified mobility peer IP address.
debug Manages system debug options.
eping Send Ethernet-over-IP echo packets to a specified mobility peer IP address.
grep Print lines matching a pattern.
help Help
license Manage Software License
linktest Perform a link test to a specified MAC address.
logout Exit this session. Any unsaved changes are lost.
mping Send Mobility echo packets to a specified mobility peer IP address.
ping Send ICMP echo packets to a specified IP address.
reset Reboot (hard reload) options.
save Save switch configurations.
show Display switch options and settings.
test Test trigger commands
transfer Transfer a file to or from the switch.

(Cisco Controller) >

 

 

4 REPLIES 4
Highlighted
VIP Mentor

Re: 2504 WLC to AIR-CAP3602I-A-K9 will not connect DTLS_ERROR

Hi Clyde,

AP always go back to GMT, you can't set it to a local timezone.

Regarding AP registration issue, did you check you have licenses activated on your WLC ?

 

On WLC if you enable following debugs, you will get an clear understanding why it is failiing.

 

debug capwap events enable

debug capwap errors enable

 

Here is the best document to start troubleshooting on AP registration issues

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html

 

HTH

Rasika

*** Pls rate all useful responses ***

Re: 2504 WLC to AIR-CAP3602I-A-K9 will not connect DTLS_ERROR

Hi Rasika, This is the configuration that I used for the 2504, following.  I have a 2921 ASR at 192.168.170.1 on VLAN 111 that provides DHCP and NATing to the Internet.  As you can see, the 2504 is initialized to VLAN 0 and I can IP my PC (192.168.170.71) connect to port 1 and http://192.168.170.70 is good.  But when I put the 2504 on VLAN 111 and move my PC to a "switchport access vlan 111" I can't reach 192.168.170.71.

 

Is this the right way to use the 2504?  Put the management on the DHCP network that I want the AP wireless network?  This is what I want to do...

Wireless_Network_Diagram.png

Cisco 2504 Wireless LAN Controller - initial configuration top access GUI
(PC 192.168.170.71 connect to port 1 http://

Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup

Would you like to terminate autoinstall? [yes]:

System Name [Cisco_43:5c:04] (31 characters max): CORPWLC
Enter Administrative User Name (24 characters max): user
Enter Administrative Password (3 to 24 characters): password
Re-enter Administrative Password : password

Enable Link Aggregation (LAG) [yes][NO]: no

Management Interface IP Address: 192.168.170.70
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 192.168.170.1
Cleaning up Provisioning SSID
Management Interface VLAN Identifier (0 = untagged):
Management Interface Port Num [1 to 4]: 1

Management Interface DHCP Server IP Address: 192.168.170.1

Virtual Gateway IP Address: 1.1.1.1

Multicast IP Address: 239.255.1.60

Mobility/RF Group Name: CORP

Network Name (SSID): Employee

Configure DHCP Bridging Mode [yes][NO]: yes
Warning! Enabling Bridging mode will disable Internal DHCP server and DHCP Proxy feature.
May require DHCP helper functionality on external switches.

Allow Static IP Addresses [YES][no]: yes

Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

Enter Country Code list (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]: yes
Enable 802.11a Network [YES][no]: yes
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes

Configure a NTP server now? [YES][no]: no
Configure the system time now? [YES][no]: yes
Enter the date in MM/DD/YY format: 07/29/2015
Invalid response

Enter the date in MM/DD/YY format: 07/29/15
Enter the time in HH:MM:SS format: 16:49:00

Would you like to configure IPv6 parameters[YES][no]: no

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes
Cleaning up Provisioning SSID

Configuration saved!
Resetting system with new configuration...

Configuration saved!
Resetting system with new configuration...

VIP Mentor

Re: 2504 WLC to AIR-CAP3602I-A-K9 will not connect DTLS_ERROR

Hi Clyde,

 

"But when I put the 2504 on VLAN 111 and move my PC to a "switchport access vlan 111" I can't reach 192.168.170.71".

 

When you tag WLC management onto vlan 111, you need to ensure native vlan on that trunk between WLC & SW is not same vlan 111. It can be vlan 1 by default on switch side. Can you confirm it ?

 

 

"Is this the right way to use the 2504?  Put the management on the DHCP network that I want the AP wireless network?  This is what I want to do..."

 

Typically you would not want to put WLC management/AP management on the same vlan as wireless users. So you can define a "dynamic interface" on WLC & map Guest WiFi SSID to that new vlan. Else, you can keep vlan 111 for WiFi users and put AP & WLC management onto different vlan which is internal to your network.

 

HTH

Rasika

*** Pls rate all useful responses ***

Hall of Fame Community Legend

Re: 2504 WLC to AIR-CAP3602I-A-K9 will not connect DTLS_ERROR

Only the new APs that run u-boot can be configured to take the timezone of the WLC: config ap timezone enable use-controller all
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards