06-12-2016 09:17 PM - edited 07-05-2021 05:12 AM
dear All,
i wanna ask something, i keep this problem till 1 week with no resolve anything. here's the history. after i migrated the WLC from distribution switch to core switch in our network. AP falls joining to existing WLC. its just few AP not all AP. so we force it and give it a static IP address of existing controller. please note: we have 3 WLC, which is 1 is 4404 with v7.230, second is 5508 with v.8.1.102. and last is 5508 with newer version v.8.1.122.0. we upgrade WLC 4404 from 7.230 to 7.252 which is resolution from TAC, he mentioned that AP can join to WLC 5508 from v.7.252 to v8.102. but, we found the problem that many AP joining the last WLC 5508 with v.8.1.122. the few AP;s that missing from existing, joined to WLC 5508 with newer version. when i revert back to existing (WLC 5508 v.8.102), it always rejoin to newer.
how can this happen? any suggestion i would thank you.
regards,
06-12-2016 09:20 PM
here is the output from AP, message is "
*Jun 13 03:58:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 03:58:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jun 13 03:58:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.144.8 peer_port: 5246
*Jun 13 03:59:14.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xA684B10!
*Jun 13 03:59:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 03:59:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Jun 13 03:59:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.144.8 peer_port: 5246
*Jun 13 04:00:14.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xA684B10!
*Jun 13 04:00:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 04:00:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS."
as i mentioned, is there a problem with max retransmission? i already give a long transmission time from default 5-3 second, to 8-5 seconds.
regards,
06-13-2016 06:59 PM
06-13-2016 08:52 PM
Hi,
thanks for the reply,
our WLC already upgraded to version 8.1.102. which is your link problem face to v.8.0.100.
regards,
06-12-2016 11:01 PM
Hi,
Configure each manually for primary/secondary and teritary WLC IP and name.
Check this posts:
https://mrncciew.com/2013/04/07/ap-failover/
Info: you can also use AP authorization method so that AP will only join to specific WLC.
http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html
Regards
Dont forget to rate helpful posts
06-13-2016 12:36 AM
hi,
ive already use your first step. unfortunately i cant use AP authorization since i dont have aaa for AP.
06-13-2016 02:52 AM
Its not possible...
If you assign the APs statcially primary and secondary then there is no chance to connect other WLCs.
You must check if your AP can reach to primary WLC or not !!!
Regards
Dont forget to rate helpful posts
06-13-2016 08:51 PM
Hi Sandeep,
thanks for the reply.
unfortunately yes its possible, my issue faces like that, AP keeps join to other WLC instead of join the existing WLC.
ping from AP to WLC has successful.
regards,
06-13-2016 09:32 PM
06-20-2016 12:26 AM
Hi Forum,
please help, existing AP cant join to WLC, but easly join to other WLC.
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide