11-27-2012 01:58 AM - edited 07-03-2021 11:07 PM
Ap's at remote location intermittently joins unjoins the WLC controller 5508. AP's getting IP's from DHCP server located at locan end.
Please find below debug logs from controller.
Anyone can help to troubleshoot teh problem and how to recover from it.
8785)since DTLS session is not established
*spamApTask0: Nov 27 10:37:28.438: 00:27:0d:eb:f5:20 DTLS connection was closed
*spamApTask5: Nov 27 10:37:32.772: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.8.159:48822)since DTLS session is not established
*spamApTask7: Nov 27 10:37:32.962: 00:27:0d:eb:e9:80 Duplicate sequence number in request message
*spamApTask1: Nov 27 10:37:36.506: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.9.20:48829)since DTLS session is not established
*spamApTask3: Nov 27 10:37:37.285: 00:27:0d:ec:89:40 DTLS connection was closed
*spamApTask5: Nov 27 10:37:42.311: 00:27:0d:eb:e8:70 DTLS connection was closed
*spamApTask5: Nov 27 10:37:44.758: 00:27:0d:eb:ed:30 DTLS connection was closed
*spamApTask3: Nov 27 10:37:46.673: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.8.111:48844)since DTLS session is not established
*spamApTask6: Nov 27 10:37:47.151: 00:27:0d:4a:7c:50 Duplicate sequence number in request message
*spamApTask4: Nov 27 10:37:47.707: 00:27:0d:eb:e7:b0 Duplicate sequence number in request message
*spamApTask7: Nov 27 10:37:48.018: 00:27:0d:eb:e9:80 DTLS connection was closed
*spamApTask3: Nov 27 10:37:50.751: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.8.137:48826)since DTLS session is not established
*spamApTask1: Nov 27 10:37:53.632: 00:27:0d:eb:e8:80 DTLS connection was closed
*spamApTask5: Nov 27 10:37:56.193: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.8.172:48785)since DTLS session is not established
*spamApTask2: Nov 27 10:37:57.470: 00:27:0d:eb:f0:b0 Duplicate sequence number in request message
*spamApTask0: Nov 27 10:37:58.439: 00:27:0d:eb:f5:20 DTLS connection was closed
*spamApTask1: Nov 27 10:38:00.236: 00:27:0d:eb:e7:a0 Duplicate sequence number in request message
*spamApTask5: Nov 27 10:38:02.774: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.8.159:48822)since DTLS session is not established
*spamApTask1: Nov 27 10:38:06.508: 00:1d:a1:68:ec:00 Discarding non-ClientHello Handshake OR DTLS encrypted packet from 161.5.9.20:48829)since DTLS session is not established
*spamApTask3: Nov 27 10:38:07.286: 00:27:0d:ec:89:40 DTLS connection was closed
*spamApTask0: Nov 27 10:38:07.370: 00:27:0d:eb:f5:20 Duplicate sequence number in request message
Solved! Go to Solution.
11-30-2012 08:46 AM
I had a similar issue with a 5508 controller running version 7.0.116.0 of code. Turns out we were running into this bug:
http://www.cisco.com/en/US/customer/ts/fn/635/fn63537.html
I upgraded my controllers to version 7.0.235.3 code and have not seen the issue since then.
11-27-2012 04:03 AM
Do you have a firewall between the two sites or maybe an acl that is blocking UDP 5246 & 5247?
If you take one if those AP's and connect it locally where the WLC resides, does it join. Do you have any AP's on the WLC at all?
Some things to always check for is to make sure the time is set properly on the WLC and the country code configured on the WLC matches the country code that you purchased for the access points.
Sent from Cisco Technical Support iPhone App
11-27-2012 05:11 AM
We have firewall but both the ports are open.
We connect to remote site location through IPsec tunnel and MPLS.
Yes it joins and alsk we have AP's locally which are able to join and workign fine.
Regulatory Domain is Austria and set properly on controller.
How do I confirm controller time and AP time,
We have NTP server configured on the controller and also time is set in Commands menu->set time tab, but there is a difference between AP and controller time. How do I sunchronize both.
11-27-2012 05:15 AM
So you have eliminated any issues with the WLC and AP since you can connect it locally. I would check to see what the FW is dropping and make sure there are no ACL's, since its looking like something is blocking the connection.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-27-2012 05:48 AM
Hi Scott,
Thanks for the prompt reply, checked on firewall nothing is blocking, but there is a tunnel to remote site, is that needs to be worry of.
Also don;t kknow what needs to done further except for WLC software upgrade I can think of
Please shed more comments if you have.
11-27-2012 05:55 AM
Scott,
Thanks for the reply will check and reconfirm the redirection traffic on the firewall, please bear with me and reply how it goes.
11-27-2012 04:52 PM
When the WAP joins, what is the "Uptime"?
11-30-2012 08:46 AM
I had a similar issue with a 5508 controller running version 7.0.116.0 of code. Turns out we were running into this bug:
http://www.cisco.com/en/US/customer/ts/fn/635/fn63537.html
I upgraded my controllers to version 7.0.235.3 code and have not seen the issue since then.
12-03-2012 12:38 AM
Yes we did upgrade the WLC IOS and now everything works fine but it was before p.dave post we tried that and it worked.
Upgrded to 7.3.101.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide