cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3929
Views
0
Helpful
8
Replies
cjd161280
Beginner

AP's intermittently joins unjoins the WLC controller 5508

Ap's at remote location intermittently joins unjoins the WLC controller 5508. AP's getting IP's from DHCP server located at locan end.

Please find below debug logs from controller.

Anyone can help to troubleshoot teh problem and how to recover from it.

8785)since DTLS session is not established

*spamApTask0: Nov 27 10:37:28.438: 00:27:0d:eb:f5:20 DTLS connection was closed
*spamApTask5: Nov 27 10:37:32.772: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.8.159:48822)since DTLS session is not established

*spamApTask7: Nov 27 10:37:32.962: 00:27:0d:eb:e9:80 Duplicate sequence number in request message

*spamApTask1: Nov 27 10:37:36.506: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.9.20:48829)since DTLS session is not established

*spamApTask3: Nov 27 10:37:37.285: 00:27:0d:ec:89:40 DTLS connection was closed
*spamApTask5: Nov 27 10:37:42.311: 00:27:0d:eb:e8:70 DTLS connection was closed
*spamApTask5: Nov 27 10:37:44.758: 00:27:0d:eb:ed:30 DTLS connection was closed
*spamApTask3: Nov 27 10:37:46.673: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.8.111:48844)since DTLS session is not established

*spamApTask6: Nov 27 10:37:47.151: 00:27:0d:4a:7c:50 Duplicate sequence number in request message

*spamApTask4: Nov 27 10:37:47.707: 00:27:0d:eb:e7:b0 Duplicate sequence number in request message

*spamApTask7: Nov 27 10:37:48.018: 00:27:0d:eb:e9:80 DTLS connection was closed
*spamApTask3: Nov 27 10:37:50.751: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.8.137:48826)since DTLS session is not established

*spamApTask1: Nov 27 10:37:53.632: 00:27:0d:eb:e8:80 DTLS connection was closed
*spamApTask5: Nov 27 10:37:56.193: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.8.172:48785)since DTLS session is not established

*spamApTask2: Nov 27 10:37:57.470: 00:27:0d:eb:f0:b0 Duplicate sequence number in request message

*spamApTask0: Nov 27 10:37:58.439: 00:27:0d:eb:f5:20 DTLS connection was closed
*spamApTask1: Nov 27 10:38:00.236: 00:27:0d:eb:e7:a0 Duplicate sequence number in request message

*spamApTask5: Nov 27 10:38:02.774: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.8.159:48822)since DTLS session is not established

*spamApTask1: Nov 27 10:38:06.508: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from  161.5.9.20:48829)since DTLS session is not established

*spamApTask3: Nov 27 10:38:07.286: 00:27:0d:ec:89:40 DTLS connection was closed
*spamApTask0: Nov 27 10:38:07.370: 00:27:0d:eb:f5:20 Duplicate sequence number in request message

1 ACCEPTED SOLUTION

Accepted Solutions
p.dave
Beginner

I had a similar issue with a 5508 controller running version 7.0.116.0 of code.  Turns out we were running into this bug:

http://www.cisco.com/en/US/customer/ts/fn/635/fn63537.html

I upgraded my controllers to version 7.0.235.3 code and have not seen the issue since then.

View solution in original post

8 REPLIES 8
Scott Fella
Hall of Fame Guru

Do you have a firewall between the two sites or maybe an acl that is blocking UDP 5246 & 5247?

If you take one if those AP's and connect it locally where the WLC resides, does it join. Do you have any AP's on the WLC at all?

Some things to always check for is to make sure the time is set properly on the WLC and the country code configured on the WLC matches the country code that you purchased for the access points.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

We have firewall but both the ports are open.

We connect to remote site location through IPsec tunnel and MPLS.

Yes it joins and alsk we have AP's locally which are able to join and workign fine.

Regulatory Domain is Austria and set properly on controller.

How do I confirm controller time and AP time,

We have NTP server configured on the controller and also time is set in Commands menu->set time tab, but there is a difference between AP and controller time. How do I sunchronize both.

So you have eliminated any issues with the WLC and AP since you can connect it locally.  I would check to see what the FW is dropping and make sure there are no ACL's, since its looking like something is blocking the connection.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Hi Scott,

Thanks for the prompt reply, checked on firewall nothing is blocking, but there is a tunnel to remote site, is that needs to be worry of.

Also don;t kknow what needs to done further except for WLC software upgrade I can think of

Please shed more comments if you have.

Scott,

Thanks for the reply will check and reconfirm the redirection traffic on the firewall, please bear with me and reply how it goes.

Leo L
VIP Community Legend

When the WAP joins, what is the "Uptime"?

p.dave
Beginner

I had a similar issue with a 5508 controller running version 7.0.116.0 of code.  Turns out we were running into this bug:

http://www.cisco.com/en/US/customer/ts/fn/635/fn63537.html

I upgraded my controllers to version 7.0.235.3 code and have not seen the issue since then.

Yes we did upgrade the WLC IOS and now everything works fine but it was before p.dave post we tried that and it worked.

Upgrded to 7.3.101.0

Create
Recognize Your Peers
Content for Community-Ad