Hi Sandeep,

Muhammad Hakim · ‎06-12-2016

dear All,

i wanna ask something, i keep this problem till 1 week with no resolve anything. here's the history. after i migrated the WLC from distribution switch to core switch in our network. AP falls joining to existing WLC. its just few AP not all AP. so we force it and give it a static IP address of existing controller. please note: we have 3 WLC, which is 1 is 4404 with v7.230, second is 5508 with v.8.1.102. and last is 5508 with newer version v.8.1.122.0. we upgrade WLC 4404 from 7.230 to 7.252 which is resolution from TAC, he mentioned that AP can join to WLC 5508 from v.7.252 to v8.102. but, we found the problem that many AP joining the last WLC 5508 with v.8.1.122. the few AP;s that missing from existing, joined to WLC 5508 with newer version. when i revert back to existing (WLC 5508 v.8.102), it always rejoin to newer.

how can this happen? any suggestion i would thank you.

regards,

Muhammad Hakim · ‎06-12-2016

here is the output from AP, message is "

*Jun 13 03:58:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 03:58:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jun 13 03:58:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.144.8 peer_port: 5246
*Jun 13 03:59:14.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xA684B10!

*Jun 13 03:59:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 03:59:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.

*Jun 13 03:59:45.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.10.144.8 peer_port: 5246
*Jun 13 04:00:14.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xA684B10!

*Jun 13 04:00:44.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.10.144.8:5246
*Jun 13 04:00:44.999: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS."

as i mentioned, is there a problem with max retransmission? i already give a long transmission time from default 5-3 second, to 8-5 seconds.

regards,

mohanak · ‎06-13-2016

Refer the link : http://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63916.html

Muhammad Hakim · ‎06-13-2016

Hi,

thanks for the reply,

our WLC already upgraded to version 8.1.102. which is your link problem face to v.8.0.100.

regards,

Sandeep Choudhary · ‎06-12-2016

Hi,

Configure each manually for primary/secondary and teritary WLC IP and name.

Check this posts:

https://mrncciew.com/2013/04/07/ap-failover/

Info: you can also use AP authorization method so that AP will only join to specific WLC.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html

Regards

Dont forget to rate helpful posts

Muhammad Hakim · ‎06-13-2016

hi,

ive already use your first step. unfortunately i cant use AP authorization since i dont have aaa for AP.

Sandeep Choudhary · ‎06-13-2016

Its not possible...

If you assign the APs statcially primary and secondary then there is no chance to connect other WLCs.

You must check if your AP can reach to primary WLC or not !!!

Regards

Dont forget to rate helpful posts

Muhammad Hakim · ‎06-13-2016

Hi Sandeep,

thanks for the reply.

unfortunately yes its possible, my issue faces like that, AP keeps join to other WLC instead of join the existing WLC.

ping from AP to WLC has successful.

regards,

Muhammad Hakim · ‎06-13-2016

Hi Sandeep,

here's the capture. believe it or not. ive trying so many times to reboot but no hope.

Muhammad Hakim · ‎06-20-2016

Hi Forum,

please help, existing AP cant join to WLC, but easly join to other WLC.

regards,

APs keep joining other newer version of WLC