Cisco AP 3702 DTLS Handshake Error

A Giv · ‎09-06-2024

Hello. I'm having an issue with some of my 3702 model APs staying connected to my 9800 WLC. When I look at the "Type of error that occurred last" field, I get "DTLS-Handshake". When I try to remote into the AP (SSH or Telnet), I'm met with "Connection refused". I'm relatively new to wireless administration, so any suggestions are appreciated. I'm looking through 3702 documentation from Cisco but nothing really jumps out at me saying anything about DTLS. Also, customers report the APs that don't work keep flashing red-green-blue. Thanks!

marce1000 · ‎09-06-2024

- FYI ; from the AP viewpoint you can look into : https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/119286-lap-notjoin-wlc-tshoot.html#toc-hId--607814488 (correctedx2)
looking at it from the controller then checkout : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800APJoin

- You will only have SSH access if it (correction) can join the controller and if that then is allowed and configured on the controller
So then to get a basic idea you can look at the boot process of the AP (only)

- For the 9800 WLC , mandatory is having an overall checkup of the 9800 controller's configuration with the CLI command
show tech wireless and feed the output from that into Wireless Config Analyzer
use the full command as denoted in green , do not use a simple show tech as input for this procedure

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎09-06-2024

- I must also add : make sure the controller's software version is not too old and or consider using 17.12.3
because it is the latest advisory ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎09-06-2024

- Some additional troubleshooting commands ; if configuration changes are made then
following up on AP behavior with https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#anc4
can be useful!

Below are a number of additional commands related to DTLS debugging

show wireless dtls connections
show wireless stats ap join summary
show wireless dtls connections
show platform hardware chassis active qfp feature wireless capwap datapath statistics drop all
show platform hardware chassis active qfp feature wireless capwap datapath mac-address <APradio-mac> details
show platform hardware chassis active qfp feature wireless capwap datapath mac-address <APradio-mac> statistics
show platform hardware chassis active qfp feature wireless dtls datapath statistics all
show platform hardware chassis active qfp statistics drop all | inc Global | Wls

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '