cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
201
Views
4
Helpful
5
Replies

APs dropping from WLC

WILLIAM STEGMAN
Level 4
Level 4

We've recently had dozens of APs located at spoke sites losing their joined status to our central WLC.  No recent upgrades to the controller or our WAN infrastructure, which is Cisco SDWAN that uses 2 broadband links for transports.  We've discovered that if we change the preferred transport/color that capwap uses so that it prefers vendor B instead of vendor A (Comcast), the AP rejoins the WLC.  Packet captures indicate good communication up until a change cipher spec packet, after which the communication eventually times out, about a minute.  The packets are dropped somewhere as is evident by a corresponding packet capture at the far end not showing the transmitted packet.  It's a bit bizarre.  If it's the service provider, how could they drop only certain packets that are wrapped in an encrypted tunnel?  We've bumped the MTU down to under 1300 as a test (previously it was 1414) but no change.  Not a firewall issue as we manage the firewall in the path and are running a capture there. 

5 Replies 5

marce1000
VIP
VIP

 

             - What is the WLC model and software version running on it ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

WLC 5520 running 8.10.183.0

 

  - In essence that version is too old ; as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
   A 5520 should run 8.10.196.0   ; 'should' in the sense that because of aireos platforms being phased out it's  kind of
   a basic need to use the last release made of the particular model , to have all possible bugfixes.
   There is no support anymore 'afterwards'

   BUT as you are already saying ; most likely it is due to some network parameters being changed from one of the external providers to induce the issue because noting is or was changed on the 'isolated controller'.
           Yet to handle or be able to correct all possible issues my first point  remains very mandatory ,

 M.
 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

@WILLIAM STEGMAN 

 What is happening in the path is not possible to say but something you can try in order to workaround this is increase the capwap tunnel timers on the WLC.

 

 

WILLIAM STEGMAN
Level 4
Level 4

This looks like it's impacting more than just AP registration.  We've found some SMB communication that breaks down too.  It seems most likely it's ISP related.  Thanks everyone for your suggestions.  

Review Cisco Networking for a $25 gift card