Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1716
Views
10
Helpful
6
Replies

AP communication via Port udp 16670

jan.kunze
Level 1
Level 1

‎01-26-2022 07:17 AM

Hi there,

we are using an new 9800 WLC with old 28xx and new 91xx APs. After some time we noticed UDP traffic hitting our firewall on Port 16670 between some differnt APs. I was not aware that APs "talk" to each other. Is this normal behavior?

The usual communication is between the WLC and the AP back and forth.

 

Thanks in Advance

Jan

Labels:
0 Helpful
6 Replies 6

Scott Fella
Hall of Fame
Hall of Fame

‎01-26-2022 07:26 AM

AP's from what I know, only talks to the controller.  There is a old port matrix out there for ports used by various wireless devices and 16670 is not one of them.

-Scott
*** Please rate helpful posts ***
0 Helpful

jan.kunze
Level 1
Level 1

‎01-27-2022 06:21 AM

Hi Scott,

 

thanks for your information. I found this old matrix, its' from the 5508 Series. In this Matrix the UDP Port 16670 is mentioned but only in the communication between AP and WLC.#
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344-cuwn-ppm.html

Anyone has an idea?

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to jan.kunze

‎01-27-2022 08:00 AM

That is the matrix I was talking about.  This port is not used by Cisco, you can look up that port.  If this is something that you want to diagnose more, then I would say either open a TAC case, or block that port on your FW and see what happens.  AP's do not communicate to each other, they communicate back to the controller.

-Scott
*** Please rate helpful posts ***
0 Helpful

Reinvtv
Level 1
Level 1

‎04-05-2022 12:25 AM

We are running into the same issue.

 

Have you found anything about this?

 

Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.36(5261) (Vlan103 009e.00c2.0400) -> 10.48.66.50(16670), 6 packets 
Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.35(5250) (Vlan103 009e.00be.0000) -> 10.48.66.50(16670), 3 packets 
Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.36(5261) (Vlan103 009e.00be.0000) -> 10.48.66.50(16670), 6 packets 
Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.36(5261) (Vlan103 009e.00be.0000) -> 10.48.66.47(16670), 3 packets 
Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.36(5261) (Vlan103 009e.00c2.0400) -> 10.48.66.47(16670), 2 packets 
Apr  5 2022 09:06:49.781 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.35(5250) (Vlan103 009e.00c2.0400) -> 10.48.66.50(16670), 2 packets 
Apr  5 2022 09:06:54.572 CEST: %SEC-6-IPACCESSLOGP: list ACL-IN-VJL103-CLN-Wireless denied udp 10.48.34.35(5250) (Vlan103 009e.00c2.0400) -> 10.48.66.38(16670), 1 packet

(We are blocking inter-switch traffic on our vlans, that is how we noticed in the first place)

 

(both IP's are Access points, but on different switches (but physically close to each other)

0 Helpful

Rich R
VIP
VIP

‎02-14-2023 12:00 PM

Thanks @Alejandro Ramirez Gomez can you ask WNBU devs for more info on exactly what "client policies" is or does?  What are the APs communicating to each other?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card