ā06-26-2023 02:45 AM
Hi Guys,
We have a branch office, there are several APs which are working in Flexconnect mode. Corporate SSID is bridged locally, others are tunneled to the WLC. APs reach WLC through a S2S VPN tunnel created between central and branch firewalls.
The problem is that if this tunnel goes down for any reason, and after it comes up again, the APs don't go back to the WLC until we get involved. The IT team usually reboots the APs and that solves the problem, they are back to the wlc after reboot.
Is it possible to force the CAPWAP tunnel to be automatically rebuilt without any intervention?
Thanks!
ā06-26-2023 03:00 AM
- Check controller logs when the APs become unavailable
- What is the WLC model and software version , in and or such situations always consider :
https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html
It can help .
Also note : https://bst.cisco.com/bugsearch/bug/CSCvn08995 , therefore pointing to the advisory releases depending on aireos or 9800 controller platform(s) being used ,
M.
ā06-26-2023 03:05 AM
Follow step and check where is issue
First' the ap know it wlc ip from dhcp' check this step
Second if there is nating device the you must sure you nating wlc ip correctly
If there is fw you must sure you permit traffic from wlc to ap and from ap to wlc
ā06-27-2023 04:01 AM
The AP know the WLC IP by: manually configured
There is no NATing device on the path between APs and WLC, there is L3 connection between them.
Traffic is allowed between APs and WLC. As I wrote, it works perfect, until the VPN tunnel between firewalls don't goes down and up for any reason.
WLCs: CT3504
APs: AIR-AP3802 types
Software: 8.10.171.0 (planning to upgrade to the TAC recommended release 8.10.185.0)
ā06-27-2023 04:09 AM
VPN tunnel between FW is IKEv2 ?
if Yes then check the VPN status, when AP can not build CAPWAP
ā06-27-2023 09:34 AM
@schulcz >...planning to upgrade to the TAC recommended release 8.10.185.0
Go ahead and see if that can bring improvement ,
M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide