11-19-2020 08:05 PM - edited 07-05-2021 12:48 PM
Hi Everybody,
We haved changed of Service Provider in a branch. This little branch has a Cisco AP 2800 in Flexconnect mode, after migration, the AP doesn't connect anymore. The AP is reacheble from ping, trace, SSH, however, DTLS tunnel go to TEARDOWN. As I said, the device is reacheble and it can join to controller for a couple minutes. The flow connection is following:
Cisco AP<->SWITCH L2<->ROUTER(L3 & CPE)<->*MPLS Service Provider*<->FIREWALL PALO ALTO<-> SDWAN DC CENTER<->SDWAN ANOTHER BRANCH<->SWITCH CORE<->WLC
the same behavior occur last week in another branch, after rollback, the Cisco APs could connect inmediately. At this moment there are 40 access point joined successfully int he WLC
We had replaced the AP, opened a Cisco SR, run a lot of debugs, the result is the same. Service Provider just ran a couple of pings on different packeck size to test MTU, they argue that the issue isn´t their responsability.
I am going to attach some debugs and images. I hope someone has a better idea.
the mac of AP at debug moment was dc:8c:37:8b:be:c0
Awaiting your kind support.
11-20-2020 01:51 AM
There's a bug in 8.10.130.0 in regards to MTU and data encryption (if using FlexConnect). Either upgrade to 8.10.142.0 or disable data encryption.
This only matters if you use this specific software release though.
12-02-2020 09:38 AM - edited 12-02-2020 09:38 AM
The current version is 8.5.161, the encryption is disabled. We opened a Cisco SR, looks like a fragmentation and excesive retransmition issue through new carrier.
The carrier doesnt accept the responsability, however, we are awaiting for his analysis
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide