i am puzzled with situation where lots of WAPs are trying to reach to destination IP address 126.96.36.199 via udp/5246 port.
We have on prem WLC that has no traces of these WAPs; Prime Infrastructure shows info about only one access point in its database.. The firewall is blocking this type of traffic but just want to know if anyone experienced this behaviour and why would this be happening.
Any input appreciated.
- Well according to the numbers that was not your lucky day :-) Anyway the IP-address is from Xerox , but more important the udp-port is used for capwap-control. Have these AP's being configured with a correct controller-destination IP ?
Yup, they might even be lucky numbers, who knows :-)
Yes, the IP is related to Xerox; one of those WAPs was associated with WLC at some point but rest of them not;
WAPs are getting WLC info from DHCP.
I have appr 1400 WAPs working fine with these DHCP settings.
I can get to console of WAP to obtain a bit more info but that would require some investigation about WAPs location; i have no accurate inventory map
- You will indeed need to develop some means to examine these AP's let alone whether they are yours or not. 2) Are they still using 'valid DHCP' , 3) etc...,
I can see traces in Prime Infrastructure of only one AP. Cannot see others
We are not using option 43 for WLC discovery, just DNS.
It is weird that just some numbers of WAPs are causing this behavior and none of these listed IPs are reachable at this moment.
Enable DHCP Option 43 and see if those APs join the correct controller.
Since you're able to see that the APs are trying to go to 188.8.131.52, then I suspect someone has console access to the AP/APs.
What happens if the following are entered into the AP/APs (enable mode):
debug capwap console cli clear capwap private clear capwap controller ip address capwap ap primary-base <CONTROLLER NAME> <CONTROLLER IP ADDRESS>
Thank you guys for all your suggestions; i will get the console access to see what is going on as well will do the option 43 for testing.
Will post updates shortly.