Re: CAPWAP state: DTLS Teardown - Page 3

a.saad@growup-ts.com · ‎08-22-2022

I have a problem with AP 1815i as it continuously disjoin the controller 9800 and restart and then loop in same action as shown in attached logs.

These are the port configuration

==============
Access switch
==============

interface gi1/0/21
description To-WLC
switchport mode trunk
switchport trunk allowed vlan 5,6,50
switchport trunk native vlan 50

interface gi1/0/15
description To-AP
switchport mode trunk
switchport trunk allowed vlan 5,6,50
switchport trunk native vlan 50

==================
Core Switch
==================
ip dhcp pool DATA-pool
network 192.168.6.0 255.255.255.0
default-router 192.168.6.254
dns-server 192.168.100.1 192.168.100.2 8.8.8.8
!
ip dhcp pool WLC-Mgm-pool
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
option 43 hex f205.c0a8.3264.01

dbandulas · ‎04-21-2023

Drop Cause Packets Octets
================================================================================ ====================
Wls Capwap unsupported link type Error 0 0
Wls Capwap invalid tunnel Error 0 0
Wls Capwap input config missing Error 0 0
Wls Capwap invalid TPID Error 0 0
Wls Capwap ingress parsing Error 0 0
Wls Capwap invalid FC subtype Error 0 0
Wls Capwap SNAP Invalid HLEN Error 0 0
Wls Capwap Invalid SNAP Error 0 0
Wls Capwap ipv4 tunnel not found Error 106409 43615807
Wls Capwap ipv6 tunnel not found Error 0 0
Wls Capwap tunnel header add Error 0 0
Wls Capwap mobility tunnel header add Error 0 0
Wls Capwap MOU tunnel header add Error 0 0
Wls Capwap mobility MOU tunnel header add Error 0 0
Wls Capwap tunnel ipv4 header add Error 0 0
Wls Capwap tunnel ipv6 header add Error 0 0
Wls Capwap multicast tunnel header add Error 0 0
Wls Capwap multicast tunnel ipv4 header add Error 0 0
Wls Capwap multicast tunnel ipv6 header add Error 0 0
Wls Capwap v4 encap type disabled Error 28 13220
Wls Capwap v6 encap type disabled Error 0 0
Wls Capwap v4 input UIDB invalid 0 0
Wls Capwap v6 input UIDB invalid 0 0
Wls Capwap ingress dot3 ingress processing Error 0 0
Wls Capwap tunnel ingress unsufficient packet data 0 0
Wls Capwap tunnel ingress invalid capwap version Error 0 0
Wls Capwap tunnel ingress capwap hlen Error 0 0
Wls Capwap ingress fragment capwap payload length Error 0 0

marce1000 · ‎04-21-2023

- Could you also check if the regulatory domain of the AP and controller (configured) match ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

carllapointemedia · ‎11-09-2023

Hello,

I'm seeing a very similar issue with the same controller 9800 but with AP CW9166i. I'm currently running version 17.9.4a.

In the radioactive trace of the AP I see error message related to site-tag. I'm also seeing the same error as above "Wls Capwap ipv4 tunnel not found Error", the counter is incrementing right now while one AP is actively having the problem.

(ERR): Failed to get the site-tag-name
(ERR): Failed, to get ap join profile from site tag in discovery

Any news on this ?

Rich R · ‎11-09-2023

It's a new AP model and a different version of software so you're probably better off opening a new thread with all the relevant details rather than reviving this old one.
That said, there do still seem to be quite a number of bugs affecting APs in 17.9. You're probably better off downgrading back to 17.9.4 so that you can install the SMUs and APSPs which fix a number of issues which are not fixed in 17.9.4a.

And then if you still see the problem - open a TAC case. Things to try which will probably clear the problem but not stop it from recurring at some point in the future:
1. Change the AP to a different site tag and profile (they can have the same settings, just different names). That should load-balance it onto a different WNCd process and then when it's stable change it back to the original site tag and profile. You should do a capwap restart "ap name <apname> reset capwap" to make sure the tag and profile changes take effect each time.
2. reboot the AP
If you decide to open a TAC case best to keep it in the broken state so they can get all the debugs, traces and packet captures they need.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390