10-30-2024 01:04 PM
We've recently had dozens of APs located at spoke sites losing their joined status to our central WLC. No recent upgrades to the controller or our WAN infrastructure, which is Cisco SDWAN that uses 2 broadband links for transports. We've discovered that if we change the preferred transport/color that capwap uses so that it prefers vendor B instead of vendor A (Comcast), the AP rejoins the WLC. Packet captures indicate good communication up until a change cipher spec packet, after which the communication eventually times out, about a minute. The packets are dropped somewhere as is evident by a corresponding packet capture at the far end not showing the transmitted packet. It's a bit bizarre. If it's the service provider, how could they drop only certain packets that are wrapped in an encrypted tunnel? We've bumped the MTU down to under 1300 as a test (previously it was 1414) but no change. Not a firewall issue as we manage the firewall in the path and are running a capture there.
10-30-2024 01:17 PM
- What is the WLC model and software version running on it ?
M.
10-30-2024 01:19 PM
WLC 5520 running 8.10.183.0
10-30-2024 01:34 PM
- In essence that version is too old ; as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
A 5520 should run 8.10.196.0 ; 'should' in the sense that because of aireos platforms being phased out it's kind of
a basic need to use the last release made of the particular model , to have all possible bugfixes.
There is no support anymore 'afterwards'
BUT as you are already saying ; most likely it is due to some network parameters being changed from one of the external providers to induce the issue because noting is or was changed on the 'isolated controller'.
Yet to handle or be able to correct all possible issues my first point remains very mandatory ,
M.
10-30-2024 03:07 PM
What is happening in the path is not possible to say but something you can try in order to workaround this is increase the capwap tunnel timers on the WLC.
11-01-2024 05:58 AM
This looks like it's impacting more than just AP registration. We've found some SMB communication that breaks down too. It seems most likely it's ISP related. Thanks everyone for your suggestions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide