Solved: Re: Aironet 2800 disconnected from WLC

atalebzadeh · ‎12-24-2020

Hi everyone

I have some cisco Aironet 2800. i joined this access point to vWLC version 8.10.130. but after while they disconnected from wlc randomly. in first i check network connection between AP and WLC everything is ok, while access point disconnected from WLC they can ping each other. (WLC and AP are in same subnet)

this is access point log when disconnected from WLC, I think a problem about receiving data keepalive.

[*12/22/2020 11:00:19.0003] CAPWAP State: DTLS Setup

[*12/22/2020 11:00:19.3941]

[*12/22/2020 11:00:19.3941] CAPWAP State: Join

[*12/22/2020 11:00:19.3976] Sending Join request to 192.168.10.10 through port 5264

[*12/22/2020 11:00:19.4036] Join Response from 192.168.10.10

[*12/22/2020 11:00:19.4037] AC accepted join request with result code: 0

[*12/22/2020 11:00:19.4163] Received wlcType 0, timer 30

[*12/22/2020 11:00:20.6106]

[*12/22/2020 11:00:20.6106] CAPWAP State: Image Data

[*12/22/2020 11:00:20.6111] AP image version 8.10.130.0 backup 0.0.0.0, Controller 8.10.130.0

[*12/22/2020 11:00:20.6111] Version is the same, do not need update.

[*12/22/2020 11:00:20.6387] upgrade.sh: Script called with args:[NO_UPGRADE]

[*12/22/2020 11:00:20.6959] do NO_UPGRADE, part2 is active part

[*12/22/2020 11:00:20.7027]

[*12/22/2020 11:00:20.7027] CAPWAP State: Configure

[*12/22/2020 11:00:25.2174]

[*12/22/2020 11:00:25.2174] CAPWAP State: Run

[*12/22/2020 11:00:25.2473] AP has joined controller Cisco-0050.56a8.a78b

[*12/22/2020 11:00:25.3670] Flexconnect Switching to Connected Mode!

[*12/22/2020 11:00:25.8709] USB Device Disconnected from the AP

[*12/22/2020 11:00:26.8365] chpasswd: password for user changed

[*12/22/2020 11:00:27.1096] Setting efficientUpgradeState 0

[*12/22/2020 11:00:27.2752] DOT11_CFG[0]: New RADIUS server "Primary Auth Radius Server" already exists

[*12/22/2020 11:00:27.2756] DOT11_CFG[1]: New RADIUS server "Primary Auth Radius Server" already exists

[*12/22/2020 11:00:27.2763] DOT11_CFG[0]: New RADIUS server "Secondary Auth Radius Server" already exists

[*12/22/2020 11:00:27.2886] DOT11_CFG[1]: New RADIUS server "Secondary Auth Radius Server" already exists

[*12/22/2020 11:00:27.3605] Got WSA Server config TLVs

[*12/22/2020 11:00:27.7544]

[*12/22/2020 11:00:27.7544] Same LSC mode, no action needed

[*12/22/2020 11:00:50.4514] CAPWAP HW tunnel params changed, UPDATING the existing

[*12/22/2020 11:00:51.6175] set cleanair [slot0][band0] disable

[*12/22/2020 11:00:51.6192] set cleanair [slot0][band1] disable

[*12/22/2020 11:00:51.6205] set cleanair [slot1][band1] disable

[*12/22/2020 11:01:50.9897] Warning, unencrypted data keepalive failed

[*12/22/2020 11:01:50.9898]

[*12/22/2020 11:01:50.9898] Going to restart CAPWAP (reason : data keepalive not received)...

[*12/22/2020 11:01:50.9898]

[*12/22/2020 11:01:50.9900] Restarting CAPWAP State Machine.

[*12/22/2020 11:01:50.9907] Flexconnect Switching to Standalone Mode!

atalebzadeh · ‎01-26-2021

Hi Guys

Finally i can find problem, the core switch of my customer have problem with ARP table and lost ARP entries, This issue caused Keep-alive drop and capwap restarted. for temporary, I configure IP SLA on core switch to ping controller and access points for hold ARP entries until find root problem in core switch.

View solution in original post

Scott Fella · ‎12-24-2020

Can you provide additional info. Is this a new setup and or do you have other access points joined to this controller?

-Scott
*** Please rate helpful posts ***

atalebzadeh · ‎12-24-2020

this is a new setup and i checked this Items:

- Network connections

- Time and NTP

- Country and regularity

- license status

everything is ok!

marce1000 · ‎12-24-2020

- Check if you have this command : test ap unencrypted-data-keepalive disable ? ,if so use it on the ap involved as a test

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

atalebzadeh · ‎12-24-2020

This command must run on AP or WLC ?

marce1000 · ‎12-24-2020

- WLC

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

atalebzadeh · ‎01-24-2021

I try this command on WLC but problem still exist

Arshad Safrulla · ‎12-26-2020

I have seen similar messages in my lab, when WLC IP was duplicated, but not the code you are running though.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

atalebzadeh · ‎01-24-2021

thank for your advice, i check network and no duplicated address exist.

patoberli · ‎01-25-2021

Is this a LAN or WAN link? There was an issue in 8.10.130.0 with DTLS encrypted traffic over a WAN link. In that case you need to disable DTLS encryption for that AP. It's fixed in 8.10.142.0.

The error message in my case was a bit different though.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu58082

atalebzadeh · ‎01-26-2021

Hi Guys

Finally i can find problem, the core switch of my customer have problem with ARP table and lost ARP entries, This issue caused Keep-alive drop and capwap restarted. for temporary, I configure IP SLA on core switch to ping controller and access points for hold ARP entries until find root problem in core switch.