Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1698
Views
0
Helpful
15
Replies

cisco 3502E LAP is showing DTLS tunneling issue with 5508 Controller

Go to solution
jbnair
Level 1
Level 1

‎12-11-2013 02:20 AM - edited ‎07-04-2021 01:24 AM

Hello All,

I am trying to connect 3502-E-K9 Access points to 5508 controller.

The dhcp pool is from the same range from management ip address.

The AP is getting the IP address.

The AP can see the Controller ip addresses. (there are two 5508 controllers) Option 60 and 43 is already setup on the pool.

The controllers are upgraded to 7.5.102.0 IOS

The FUS FPGA version is 1.7

I have a ASA service module in 6500 and the management vlan gateway is configured with the firewall. But i temporarily removed the gateway address from FW  and applied it to the 6500 switch vlan, but still the problem is going on and it shows this is not a problem from the FW.

The logs from the AP is shown below:

*Nov 10 18:03:58.481: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21

*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.

*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.

*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21

Full log:

*Mar  1 00:13:30.348: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar  1 00:13:30.439: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar  1 00:13:31.439: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
Translating "CISCO-CAPWAP-CONTROLLER.sht-2.com"...domain server (10.210.99.1)
*Mar  1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.21 obtained through DHCP
*Mar  1 00:13:40.461: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.210.99.22 obtained through DHCP
*Mar  1 00:13:40.461: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.

*Mar  1 00:13:43.462: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.sht-2.com
*Mar  1 00:13:53.466: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Nov 10 18:03:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.210.99.21 peer_port: 5246
*Nov 10 18:03:58.481: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.210.99.21 peer_port: 5246
*Nov 10 18:03:58.481: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Nov 10 18:03:58.484: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.210.99.21
*Nov 10 18:04:03.483: %CAPWAP-5-SENDJOIN: sending Join Request to 10.210.99.21

                

Any comments?

Thanks & Regards

Jay

Labels:
0 Helpful
15 Replies 15

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to jbnair

‎12-11-2013 07:52 AM

Hi Jay,

Glad that your problem is solved.

Thanks for rating

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card