AP Not Joining WLC - Error Msg: Max retransmission count reached!

kellyezekwe · ‎01-07-2013

I'm getting this error msg with my AP. It sees the IP address of the AP Manager of the WLC 44002, however it times out.

Note: The operating mode for this AP is H-REAP

The WLC is at the DataCenter.

We have APs working at other remote site (MPLS, Network)

The AP (1262) i'm having an issue with is at a remote with regular internet.

I have already configured port fowarding on the Linksys router for port 5246

Please Help!

======

Jan 7 14:28:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.99.3 peer_port: 5246

*Jan 7 14:29:25.003: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!

*Jan 7 14:29:25.003: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.99.3 is reached.

*Jan 7 14:29:55.048: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.1.99.3:5246

*Jan 7 14:29:55.102: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY

*Jan 7 14:29:55.162: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down

*Jan 7 14:29:55.162: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down

*Jan 7 14:29:55.171: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

*Jan 7 14:29:55.180: status of voice_diag_test from WLC is false

*Jan 7 14:29:55.180: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up

*Jan 7 14:29:55.190: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up

*Jan 7 14:29:55.199: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset

*Jan 7 14:31:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.1.99.3 peer_port: 5246

*Jan 7 14:31:04.000: %CAPWAP-5-CHANGED: CAPWAP changed state to

VH-SAT-AP1-1262#

*Jan 7 14:31:34.003: DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2017 Max retransmission count reached!

*Jan 7 14:31:34.003: %DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.99.3 is reached.

Amjad Abdullah · ‎01-07-2013

Hi,

Allow port forwarding for udp port 5247 as well.
udp port 5246 is used for control while udp 5247 is used for data.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"

kellyezekwe · ‎01-07-2013

Amjad:

Thanks I did also. Still not working.

Stephen Rodriguez · ‎01-07-2013

Make sure you enable the 5246 to both the management and AP-Manager IP address.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

kellyezekwe · ‎01-07-2013

Stephen:

Thanks,

Not sure i understand what you mean by,:

I already enableed port forwarding on the Linksys router for the inside ip address of the AP.

Stephen Rodriguez · ‎01-07-2013

I was speaking of the outbound direction.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Leo Laohoo · ‎01-07-2013

Can you post the following command outputs:

1. WLC: sh sysinfo;

2. AP: sh version; and

3. AP: sh inventory

kellyezekwe · ‎01-07-2013

leolaohoo:

Thanks,

///////////////////////////////////

AP1-1262#sh sysinfo

^

% Invalid input detected at '^' marker.

!!

AP1-1262 uptime is 2 minutes

System returned to ROM by power-on

System image file is "flash:/ap3g1-k9w8-mx.124-23c.JA5/ap3g1-k9w8-mx.124-23c.JA5"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco AIR-LAP1262N-N-K9 (PowerPC460exr) processor (revision A0) with 81910K/49152K bytes of memory.

Processor board ID FTX1616E48X

PowerPC460exr CPU at 666Mhz, revision number 0x18A8

Last reset from power-on

LWAPP image version 7.0.235.0

1 Gigabit Ethernet interface

2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.

Base ethernet MAC Address: 2C:54:2D:9E:02:DE

Part Number : 73-12175-05

PCA Assembly Number : 800-32268-05

PCA Revision Number : A0

PCB Serial Number : FOC16140D19

Top Assembly Part Number : 800-33866-01

Top Assembly Serial Number : FTX1616E48X

Top Revision Number : A0

Product/Model Number : AIR-LAP1262N-N-K9

Configuration register is 0xF

!!!

AP1-1262#sho inventory

NAME: "AP1260", DESCR: "Cisco Aironet 1260 Series (IEEE 802.11n) Access Point"

PID: AIR-LAP1262N-N-K9 , VID: V01, SN: FTX1616E48X

Leo Laohoo · ‎01-07-2013

Go to the WLC and post the output to the command "sh sysinfo".

kellyezekwe · ‎01-08-2013

Leolaohoo:

Thanks.

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.235.0

RTOS Version..................................... 7.0.235.0

Bootloader Version............................... 4.0.219.0

Emergency Image Version.......................... N/A

Build Type....................................... DATA + WPS

System Name...................................... WLC-4400

System Location..................................

System Contact...................................

System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3

IP Address....................................... 10.1.99.5

System Up Time................................... 32 days 23 hrs 18 mins 28 secs

System Timezone Location.........................

Configured Country............................... US - United States

Operating Environment............................ Commercial (0 to 40 C)

Internal Temp Alarm Limits....................... 0 to 65 C

Internal Temperature............................. +37 C

--More-- or (q)uit

State of 802.11b Network......................... Enabled

State of 802.11a Network......................... Enabled

Number of WLANs.................................. 5

Number of Active Clients......................... 6

Burned-in MAC Address............................ 00:18:B9:EA:91:00

Crypto Accelerator 1............................. Absent

Crypto Accelerator 2............................. Absent

Power Supply 1................................... Absent

Power Supply 2................................... Present, OK

Maximum number of APs supported.................. 50

Leo Laohoo · ‎01-08-2013

PID: AIR-LAP1262N-N-K9

Configured Country............................... US - United States

And there's your answer why.

Your AP has a regulatory domain of "-N" whilst your controller is configured for the US (regulatory domain "-A").

My next question would be: WHERE is the location of this AP's installation?

kellyezekwe · ‎01-08-2013

leolaohoo

Thanks.

This issue came up originally when we got the AP, but don't remember what became of it.

WLC and APs are installed in TX.

See this AP works on a MPLS network site (AP was primed with the WLC Management Private IP address).

But this remote site, also in TX,.

The AP was primed (with the WLC Manangment Public IP address) before deployment. remote-worker at this site only have regular intermet

Leo Laohoo · ‎01-09-2013

Ok, the WLC and the AP are located in the US. I have a solution but it's not recommended.

1. Talk to your authorized Cisco reseller and get them to replace the AP with the correct regulatory domain; or

2. Go to Wireless > Country and add Mexico.

Option 2 is not recommended because there are some regulatory rules that may not be compatible with the US.

This issue came up originally when we got the AP, but don't remember what became of it.

Now you know what "became of it": Somebody didn't care and shoved it under the carpet

kellyezekwe · ‎01-09-2013

Leolaohoo:

Thanks for taking the time to help me with this issue.

So here is the question: Using the same AP ( AIR-LAP1262N-N-K9), how come HREAP worked on an MPLS network, but not work on a regular internet?

Scott Fella · ‎01-09-2013

Explain to us what you mean by Internet? The AP can join if it in your mpls but not Internet?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***