broadcast LWAPP UDP port 12223 still seen in FW from 1142 APs running CAPWAP

larsaschim · ‎08-24-2010

Hi!

My firewall admin was asking me why UDP port 12223 and UDP port 5246 to broadcast (255.255.255.255) keep showing up as top blocked ports from my AP VLAN, I have not figured this out myself, maybe someone here knows?

I have the following setup

1142APs < - - > Firewall < - - > WLC 5508

Why does all my APs keep sending out broadcast messages on both CAPWAP and LWAPP ports even after they have successfully associated with the controller?

in the firewall

(SRC: <my AP subnet>, DST: <WLC IP> allow port 5246&5247)

My setup works quite well, I do not have any connectivity issues, the AP's get a DHCP address, then successfully resolve CISCO_CAPWAP_CONTROLLER from my DNS server, connect to the WLC5508 controller, is up and running fine.

it is a layer 3 setup with my firewall routing the requests to my WLC,

According to the cisco documentation I have been using, only CAPWAP ports have been opened from the APs to the controller.

wbr

-Lars

PS: using WLC 5508 with 6.0.196.0 software version

dancampb · ‎08-24-2010

They would send both a LWAPP and CAPWAP discovery request even though they couldn't join a LWAPP controller. Bug CSCtd19605 was filed so that the 1140's wouldn't send a LWAPP discovery request.

larsaschim · ‎08-25-2010

I found the solution to this problem. My APs were associated with my controller, but the AP provisioning profile did not have the IP and hostname to the primary controller set in the configuration. I did not know this was necessary since I have only one controller in my setup.

Maybe this can help others with the same issue

-Lars

larsaschim · ‎08-25-2010

I understand that when in the process of associating with the controller, I would see this traffic. However, I was seeing this traffic on a regular basis, several weeks after all my APs had successfully associated with my controller via layer 3 CAPWAP

wbr

Lars