Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23279
Views
16
Helpful
8
Replies

CAPWAP State: DTLS Teardown

Jeza-925
Level 1
Level 1

‎10-02-2020 01:16 AM - edited ‎07-05-2021 12:35 PM

Hi all,

I'm facing strange problem with one of our sites, AP's are constantly disconnecting from WLC. They are associated for some time, than for some reason they disconnect and enter dtls loop process, they are stuck in loop for some random time (sometimes 2-5-10 hours, there is no rule) then they join WLC and after some time (again, no rules) disconnect. All other sites works like a charm.

WLC is running 8.5.140.0 image and all APs are 1852. Logs from WLC and AP are attached, I did a debug on AP as well. Reboot and factory reset didn't help.

I think that problem is with WAN link, there is some delay that is causing this issue. Is there some kind of timers that can be modified so that capwap discovery process last longer?

4 people had this problem
Labels:
Preview file
1 KB
Preview file
23 KB
0 Helpful
8 Replies 8

marce1000
VIP
VIP

‎10-02-2020 03:20 AM

 

 - In the context of using WAN connections note that for CAPWAP connection link latency may not access 300ms. When flexconnect is used however you can play with latency settings :

   https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/managing_aps.html?bookSearch=true#ID4174

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

patoberli
VIP Alumni
VIP Alumni

‎10-02-2020 03:53 AM

Spoiler
Oct  2 07:28:26 kernel: [*10/02/2020 07:28:26.0000] DTLS connection created sucessfully local_ip: 10.130.X.X local_port: 5264 peer_ip: X.X.X.X peer_port: 5246
Oct  2 07:28:51 kernel: [*10/02/2020 07:28:51.0022] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Setup(3).
Oct  2 07:28:51 kernel: [*10/02/2020 07:28:51.0022] Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: DTLS Setup(3).
Oct  2 07:29:23 kernel: [*10/02/2020 07:29:23.0522] Wait DTLS timer has expired
Oct  2 07:29:23 kernel: [*10/02/2020 07:29:23.0522] Dtls session establishment failed
Oct  2 07:29:23 kernel: [*10/02/2020 07:29:23.0522] dtls_disconnect: ERROR shutting down dtls connection ...

This sounds like the connection was overloaded or latency to high, as @marce1000 mentioned. 

Also make sure NTP is correctly setup on the remote site and WLC, the times in the two logs don't fully match.

0 Helpful

Jeza-925
Level 1
Level 1

‎10-02-2020 04:28 AM - edited ‎10-02-2020 04:28 AM

Hi @marce1000 , @patoberli 

Thank you for prompt reply. All AP's are in flexconnect mode and I enabled link latency option for 3 AP that are currently connected (3 stuck in loop), these are the output for them:

 

AP Link Latency.................................. Enabled
Current Delay................................... 4 ms
Maximum Delay................................... 11 ms
Minimum Delay................................... 10 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 46 m 56 s

AP Link Latency.................................. Enabled
Current Delay................................... 4 ms
Maximum Delay................................... 11 ms
Minimum Delay................................... 10 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 46 m 55 s

AP Link Latency.................................. Enabled
Current Delay................................... 0 ms
Maximum Delay................................... 13 ms
Minimum Delay................................... 0 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 48 m 06 s

 

Results are nothing near 300ms. Here is the ping from AP that is joined:

Sending 5, 100-byte ICMP Echos to X.X.X.X, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8.591/9.253/9.841 ms

 

And from AP that is trying to join:

Sending 5, 100-byte ICMP Echos to X.X.X.X, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9.153/9.465/9.934 ms

Do you have any idea if the latency is not the problem, how to solve this? All AP's are connected on the same switch.

Kind regards,

Jeza

 

0 Helpful

Jeza-925
Level 1
Level 1

‎10-02-2020 06:07 AM

Hi @marce1000 , @patoberli 

Thank you for prompt reply. All AP's are in flexconnect mode and I enabled link latency option for 3 AP that are currently connected (3 stuck in loop), these are the output for them:

AP Link Latency.................................. Enabled
Current Delay................................... 4 ms
Maximum Delay................................... 11 ms
Minimum Delay................................... 10 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 46 m 56 s

AP Link Latency.................................. Enabled
Current Delay................................... 4 ms
Maximum Delay................................... 11 ms
Minimum Delay................................... 10 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 46 m 55 s

AP Link Latency.................................. Enabled
Current Delay................................... 0 ms
Maximum Delay................................... 13 ms
Minimum Delay................................... 0 ms
Last updated (based on AP Up Time).............. 15 days, 14 h 48 m 06 s

Results are nothing near 300ms. Here is the ping from AP that is joined:

Sending 5, 100-byte ICMP Echos to X.X.X.X, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8.591/9.253/9.841 ms

And from AP that is trying to join:

Sending 5, 100-byte ICMP Echos to X.X.X.X, timeout is 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9.153/9.465/9.934 ms

Do you have any idea if the latency is not the problem, how to solve this? All AP's are connected on the same switch.

Kind regards,

Jeza

0 Helpful

marce1000
VIP
VIP
In response to Jeza-925

‎10-02-2020 07:54 AM

 

 - Reconnect one of the problematic ap's with cold-start, check if anything abnormal can be seen in the switch logs after it comes up.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Jeza-925
Level 1
Level 1

‎10-06-2020 01:46 AM

Hi @marce1000 ,

Thank you again for your reply. On this site we have some HP switch, I turned debug on, but couldn't see anything except that port went offline/online and dhcp address was assigned, also there aren't any errors on packet drops on interface. At this moment only one AP is still trying to connect. This is info for one of the AP's, 8 hours to join...

AP Up Time....................................... 19 days, 12 h 23 m 05 s
AP LWAPP Up Time................................. 0 days, 04 h 39 m 53 s
Join Date and Time............................... Tue Oct 6 06:02:07 2020
Join Taken Time.................................. 0 days, 08 h 33 m 28 s

I opened ticket with SP to check if everything is ok with link.

0 Helpful

Chris McCann
Level 1
Level 1
In response to Jeza-925

‎03-08-2023 03:21 AM

Hi Jeza,

Did you ever get to sort out this problem, I know it's an old post but I am having the same problem.

Chris.

0 Helpful

Jeza-925
Level 1
Level 1
In response to Chris McCann

‎03-10-2023 11:08 AM

Hi Chris,

This is a remote location, and the problem was with internet link that was terrible at the moment. I had to contact ISP to fix the issue.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card