Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
473
Views
0
Helpful
2
Replies

[5508,v8.0.133] Ghost APs - DTLS connection issue, Link Failure issue - software bug?

Gunter
Level 1
Level 1

ā€Ž07-29-2016 10:19 AM - edited ā€Ž07-05-2021 05:31 AM

Hi

I have 2x5508 working on the code version 8.0.133. Both controllers are in the same subnet and they are in one mobility group. After the upgrade to the code 8.0.133 (maybe this is only coincident) APs can not create DTLS tunnel and join WLCs. This is what I can see in the Message Logs:

*spamApTask3: Jul 29 22:09:51.476: %CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:8583 58:35:d9:70:10:46: Failed to create DTLS connection for AP  10.35.15.9 (43890).

There is a lot of message like this one for different APs. This message is display on the WLC1.

On the WLC 2 I have a lot of "Trap Logs" like this:

0    Fri Jul 29 21:49:08 2016    AP 'gdanwa1143ji', MAC: 00:3a:99:db:19:70 disassociated previously due to Link Failure. Uptime: 2 days, 07 h 53 m 45 s . Reason: Capwap WTP Event request.

1    Fri Jul 29 21:49:08 2016    AP on the 802.11a radio with Base Radio MAC 00:3a:99:db:19:70 (gdanwa1143ji) is unable to associate. The regulatory domain configured on it '-A' does not match the controller's regulatory domain: -DN

2    Fri Jul 29 21:46:11 2016    AP 'gdanwa1135ji', MAC: 00:3a:99:da:e3:00 disassociated previously due to Link Failure. Uptime: 3 days, 08 h 40 m 51 s . Reason: Capwap WTP Event request.

3    Fri Jul 29 21:46:11 2016    AP on the 802.11a radio with Base Radio MAC 00:3a:99:da:e3:00 (gdanwa1135ji) is unable to associate. The regulatory domain configured on it '-A' does not match the controller's regulatory domain: -DN

4    Fri Jul 29 20:44:13 2016    AP 'gpunwa2201ji', MAC: 58:ac:78:ee:66:80 disassociated previously due to Link Failure. Uptime: 6 days, 04 h 45 m 14 s . Reason: Capwap WTP Event request.

5    Fri Jul 29 20:44:07 2016    AP 'gjinwa2143', MAC: 5c:a4:8a:69:1c:c0 disassociated previously due to Link Failure. Uptime: 51 days, 01 h 47 m 49 s . Reason: Capwap Echo request.

6    Fri Jul 29 20:44:04 2016    AP 'gdanwa2140ji', MAC: 00:3a:99:db:17:f0 disassociated previously due to Link Failure. Uptime: 10 days, 12 h 54 m 35 s . Reason: Capwap Echo request.

And now when I reboot both controllers, logs are display opposite. WLC1 have "Trap logs" - Link Failure and WLC2 have "Failed to create DTLS tunnel". After some times half off the APs are not able to connect to any of the WLCs and I lose half of the network.

I will be appreciated any help or ideas how to resolve this issue.

Labels:
0 Helpful
2 Replies 2

d.friday
Level 4
Level 4

ā€Ž07-29-2016 12:49 PM

Looks like the WLC regulatory domain does not match the APs 

The regulatory domain configured on it '-A' does not match the controller's regulatory domain: -DN

To add your country into the regulatory domain on the WLC... go to Wireless > Country.

0 Helpful

Gunter
Level 1
Level 1
In response to d.friday

ā€Ž07-30-2016 03:02 AM

Hi

Yes I know about regulatory domain, and I fix this issue. Regulatory domain wasn't changed from a long time but I have this problem from a few weeks. Moreover problem with RD is related with the 5GHz which is disabled on this controller.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card