Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
2
Helpful
5
Replies

CAPWAP tunnel automatic rebuild?

schulcz
Level 1
Level 1

‎06-26-2023 02:45 AM

Hi Guys,

We have a branch office, there are several APs which are working in Flexconnect mode. Corporate SSID is bridged locally, others are tunneled to the WLC. APs reach WLC through a S2S VPN tunnel created between central and branch firewalls.

The problem is that if this tunnel goes down for any reason, and after it comes up again, the APs don't go back to the WLC until we get involved. The IT team usually reboots the APs and that solves the problem, they are back to the wlc after reboot.

Is it possible to force the CAPWAP tunnel to be automatically rebuilt without any intervention?

Thanks!

5 Replies 5

marce1000
VIP
VIP

‎06-26-2023 03:00 AM

 

                                - Check controller logs when the APs become unavailable 

 - What is the WLC model and software version , in and or such situations always consider : 
                    https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
                    https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html
                                                                                 It can help . 

  Also note : https://bst.cisco.com/bugsearch/bug/CSCvn08995 , therefore pointing to the advisory releases depending on aireos or 9800 controller platform(s) being used , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MHM Cisco World
VIP
VIP

‎06-26-2023 03:05 AM

Follow step and check where is issue

First' the ap know it wlc ip from dhcp' check this step

Second if there is nating device the  you must sure you nating wlc ip correctly 

If there is fw you must sure you permit traffic from wlc to ap and from ap to wlc 

0 Helpful

schulcz
Level 1
Level 1
In response to MHM Cisco World

‎06-27-2023 04:01 AM

The AP know the WLC IP by: manually configured

There is no NATing device on the path between APs and WLC, there is L3 connection between them.

Traffic is allowed between APs and WLC. As I wrote, it works perfect, until the VPN tunnel between firewalls don't goes down and up for any reason.

WLCs: CT3504

APs: AIR-AP3802 types

Software: 8.10.171.0 (planning to upgrade to the TAC recommended release 8.10.185.0)

MHM Cisco World
VIP
VIP
In response to schulcz

‎06-27-2023 04:09 AM

VPN tunnel between FW is IKEv2 ?
if Yes then check the  VPN status, when AP can not build CAPWAP

0 Helpful

marce1000
VIP
VIP
In response to schulcz

‎06-27-2023 09:34 AM

 

     @schulcz     >...planning to upgrade to the TAC recommended release 8.10.185.0
                                    Go ahead and see if that can bring improvement , 

 M



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card