Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
0
Helpful
2
Replies

AP 3700e cannot join converged WLAN controller c3650, error message: CAPWAP-3-DATA_TUNNEL_DELETE_ERR2.

Isaias1010
Level 1
Level 1

‎10-02-2018 06:57 PM - edited ‎07-05-2021 09:15 AM

Hi

I have a c3650 cluster with controller enabled  to just allow a simple AP 3700e but every time the AP tries to join to the controller it sends the next error: 

 

      ...AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

 

>Meanwhile in the controller side it says:

 

 CAPWAP-3-DATA_TUNNEL_DELETE_ERR2: 1 wcm: Failed to delete CAPWAP data tunnel with interface id: 0x0 from internal database. Reason: AVL database entry not found

 

SWM1-81-1#sh trace messages group-ap
[10/03/18 00:29:22.392 8e59 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:22.392 8e5a 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:22.401 8e5b 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:22.404 8e5c -1] %DTLS: Did not find DTLS session 0xac85606 0xac85609 5246 55130 0!!
[10/03/18 00:29:22.751 8e5d 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:22.751 8e5e 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:22.760 8e5f 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:23.105 8e60 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:23.105 8e61 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:23.120 8e62 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:23.466 8e63 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:23.466 8e64 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:23.475 8e65 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:33.818 8e66 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:33.818 8e67 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:33.824 8e68 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:33.825 8e69 -1] %DTLS: Did not find DTLS session 0xac85606 0xac85609 5246 55130 0!!
[10/03/18 00:29:34.175 8e6a 288] %DTLS: dtls_add_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130
[10/03/18 00:29:34.175 8e6b 288] %DTLS: anchor_port iifd 1072f000000001a capwap_iifd 0 session type 0 sw_num 0 asic 0 bk_sw_num 0 bk_asic 0
[10/03/18 00:29:34.185 8e6c 288] %DTLS: dtls_delete_dtls_session_db_entry: sip = 0xac85606 dip = 0xac85609 sport =5246 dport=55130

 

>I verified some parameters on the 3650 cluster  and it has enabled the MIC AP policy as shown:

 

SWM1-81-1#sh ap auth-list
Authorize MIC APs against AAA : Enabled

APs Allowed to Join:
AP with Manufacturing Installed Certificate : Enabled
AP with Self-Signed Certificate : Enabled

 

>these are my SW and AP versions:

 

+++++++++++Cluster SW +++++++++++++

SWM1-81-1#

...

cisco WS-C3650-24PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO2038E3Y4
3 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
252000K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1611414K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.

Base Ethernet MAC Address : a0:3d:6f:16:f4:00
Motherboard Assembly Number : 73-15899-06
Motherboard Serial Number : FDO20390QNP
Model Revision Number : N0
Motherboard Revision Number : A0
Model Number : WS-C3650-24PS
System Serial Number : FDO2038E3Y4


Switch Ports  Model  SW Version  SW Image             Mode
------ ----- ----- ---------- ---------- ----
* 1 28 WS-C3650-24PS 03.06.06.E cat3k_caa-universalk9 BUNDLE
2 28 WS-C3650-24PS 03.06.06.E cat3k_caa-universalk9 BUNDLE


Switch 02
---------
Switch uptime : 4 days, 57 minutes
Base Ethernet MAC Address : 18:80:90:2d:50:00
Motherboard Assembly Number : 73-15899-07
Motherboard Serial Number : FDO21211LGS
Model Revision Number : Q0
Motherboard Revision Number : A0
Model Number : WS-C3650-24PS
System Serial Number : FDO2122E034

Configuration register is 0x102



+++++++++AP 3700e+++++++++

It has loaded this version:

ap3g2-k9w8-tar.153-3.JI1.tar

 

 

> I´ve primed the AP with the cluster IP addres used by the controller

 

#capwap ap ip address 10.200.86.9 255.255.255.128
#capwap ap controller ip address 10.200.86.6

 

>The controller IP is:

!
interface Vlan703
ip address 10.200.86.6 255.255.255.128

 

I also verified AP country and is OK: 

 

ap country MX

 

Does anyone know what could be the problem?

 

Thanks in advance

 

Isa

Labels:
0 Helpful
2 Replies 2

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎10-13-2018 09:58 PM

Hi,

 

I too faced this kind of issue, But not on 3700 model. It was on 1800 series on WLC model 3504.

 

Issue resolved post activating the License and setting the appropriate time on the WLC.

 

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

Isaias1010
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎12-07-2018 06:28 PM

In fact, it was an Image compatibility version problem, i just follow the release notes for for c3850 series sw (though my switch was c3650 model). I downgrade my AP image version to ap3g2-k9w8-tar.152-4.JB6.tar (a minor version than the maximun supported by my sw) and it worked.

 

 

 

cheers.

Preview file
262 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card