I think I have seen this

nk650h001 · ‎04-27-2016

Hi,

Could you please help me with below issue, when we are trying to register few LWAPs to controller getting below error on LWAP. few LWAP got registered on same switch.

We are able to ping the controller from LWAP.

log :

*Apr 27 21:51:48.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 9.16.72.37:5246
Not in Bound state.
*Apr 27 21:51:54.499: %CAPWAP-3-DHCP_RENEW: Could not discover WLC. Either IP address is not assigned or assigned IP is wrong. Renewing DHCP IP.
*Apr 27 21:51:58.339: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 9.31.116.40, mask 255.255.252.0, hostname AP00fe.c830.8fec

*Apr 27 21:52:15.499: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.

*Apr 27 21:52:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 9.16.72.37 peer_port: 5246
*Apr 27 21:52:45.075: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x5DD3E20!

*Apr 27 21:53:14.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 9.16.72.37:5246
*Apr 27 21:53:24.999: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.

*Apr 27 21:53:25.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 9.16.72.37 peer_port: 5246
*Apr 27 21:53:55.075: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0x5DD3E20!

*Apr 27 21:54:24.999: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 9.16.72.37:5246
*Apr 27 21:54:34.999: AP has SHA2 MIC certificate - Using SHA1 MIC certificate for DTLS.

Philip D'Ath · ‎04-27-2016

I think I have seen this before. I think it happens when the AP base software is too new for the WLC.

You could try using an AP recovery image and putting on an earlier image. Try it on one AP first to verify this is the issue.

Or upgrade your WLC. Which WLC do you have, and what version are you running? Also what is the oldest model of AP that you have?

nk650h001 · ‎04-27-2016

Hi Philip,

On same switch we have 17 LWAPs 3702, in that 15 registered and working fine and able to see clients. when we are trying to connect remaining these two LWAPs getting above error on it.

code : 7.6.130.33 and device is 7500 flex

Philip D'Ath · ‎04-27-2016

Are the 3700 identical versions? For example, are they all -Z models or all -UX models. -UX models have been shipping more recently.

Can you tell me what your WLC model is and the software version you are running.

nk650h001 · ‎04-27-2016

yes are LWAPs are cisco AIR-CAP3702I-A-K9.

code : 7.6.130.33 and device is 7500 flex

Philip D'Ath · ‎04-27-2016

The entire 7.6 code train has been deferred due to serious defects. You should get off this code train as soon as you can.

Considering your AP's, I would recommend you go to 8.1.131.0.

nk650h001 · ‎04-27-2016

Sure but why it was taken for few LWAPs and working fine.

Philip D'Ath · ‎04-27-2016

I don't know the answer - but I wouldn't wait with a serious defect notice against the software you are currently using.

nk650h001 · ‎04-27-2016

Thanks for your time. will try to update suggested code.

Frazer_Stockton · ‎06-02-2022

6 years later - this post is still relevant. I was trying to join a 2702 to a 9800 CL for 'ISE 3.1 Sandbox v1.1' on dcloud and received the below:

*Jun 2 10:00:39.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 198.19.11.10 peer_port: 5246
*Jun 2 10:01:08.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xD29E6C8!

Turns out the firmware version of the cloud controller will not support my AP - oddly, the firmware version in 'Cisco ISE 3.0 Sandbox v2' will ...

1 hour of assumptions later - this post was the trail of breadcrumbs that helped me figure it out.

So thanks!

Frazer