cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1999
Views
0
Helpful
6
Replies

H-REAP OfficeExtend issue with 1142 on 5508

blarkins1
Beginner
Beginner

I am trying to setup an 1142 as an office extend AP with a 5508 controller, but have not yet been successful...

The AP joins the controller across the internet and through the firewall fine, and I see clients probing the AP, but none will associate. 

If I look at the log on the AP, I see it joining the controller and the DTLS tunnel coming up:

*Dec 23 14:15:49.592: %CAPWAP-5-CHANGED: CAPWAP changed state to UP

*Dec 23 14:15:49.772: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller SVB_WLC04

*Dec 23 14:15:49.825: %CAPWAP-5-DATA_DTLS_START: Starting Data DTLS handshake. Wireless client traffic will be blocked until DTLS tunnel is established.

*Dec 23 14:15:49.826: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[0]

*Dec 23 14:15:49.988: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[0]DTLS keys are plumbed successfully.

*Dec 23 14:15:50.041: %CAPWAP-5-DATA_DTLS_ESTABLISHED: Data DTLS tunnel established.

*Dec 23 14:15:50.042: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[1]

*Dec 23 14:15:50.083: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[1]

*Dec 23 14:15:51.337: %WIDS-5-ENABLED: IDS Signature is loaded and enabled

but then a few minutes later I get this error repeatedly:

*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230

*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230

*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230

*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230

*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller

*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230

OfficeExtend#

The 5508 is running 7.0.220.0 code.

I am NATing the internal controller's management interface to 65.121.114.230 on my firewall.  The AP has a Public IP statically assigned to it and the rules set in the firewall allow all ports between this AP and Controller (at least for now until the testing is complete).

I have H-REAP enabled for the AP mode, and Enable Office Extend AP is checked under the H-REAP tab.

I have tried this with H-REAP Local Switching both enabled and disabled...no change in the log.

I have tried this with Data Encryption enabled and disabled...no change in the log.

I even disabled the radios on the AP temporarily and still see the message in the log...

Anyone have an idea of what this error means, or what I am missing to get this to work?

Thanks in advance...

6 Replies 6

Stephen Rodriguez
Cisco Employee
Cisco Employee

What happens if you put the AP behind a local internet router, and let it get a RFC 1918 address?

It could be that the provider starts to block the CAPWAP traffic to a public IP address.

HTH,

Steve

----------------------------------------------------------------------------------------------------------

Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered