12-23-2011 08:23 AM - edited 07-03-2021 09:17 PM
I am trying to setup an 1142 as an office extend AP with a 5508 controller, but have not yet been successful...
The AP joins the controller across the internet and through the firewall fine, and I see clients probing the AP, but none will associate.
If I look at the log on the AP, I see it joining the controller and the DTLS tunnel coming up:
*Dec 23 14:15:49.592: %CAPWAP-5-CHANGED: CAPWAP changed state to UP
*Dec 23 14:15:49.772: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller SVB_WLC04
*Dec 23 14:15:49.825: %CAPWAP-5-DATA_DTLS_START: Starting Data DTLS handshake. Wireless client traffic will be blocked until DTLS tunnel is established.
*Dec 23 14:15:49.826: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[0]
*Dec 23 14:15:49.988: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[0]DTLS keys are plumbed successfully.
*Dec 23 14:15:50.041: %CAPWAP-5-DATA_DTLS_ESTABLISHED: Data DTLS tunnel established.
*Dec 23 14:15:50.042: %LWAPP-3-CLIENTEVENTLOG: SSID SVBDATA01 added to the slot[1]
*Dec 23 14:15:50.083: %LWAPP-3-CLIENTEVENTLOG: SSID SVB Public added to the slot[1]
*Dec 23 14:15:51.337: %WIDS-5-ENABLED: IDS Signature is loaded and enabled
but then a few minutes later I get this error repeatedly:
*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:15:59.917: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:18:58.998: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:28:00.001: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:28:00.090: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Dec 23 15:36:59.918: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 65.121.114.230
OfficeExtend#
The 5508 is running 7.0.220.0 code.
I am NATing the internal controller's management interface to 65.121.114.230 on my firewall. The AP has a Public IP statically assigned to it and the rules set in the firewall allow all ports between this AP and Controller (at least for now until the testing is complete).
I have H-REAP enabled for the AP mode, and Enable Office Extend AP is checked under the H-REAP tab.
I have tried this with H-REAP Local Switching both enabled and disabled...no change in the log.
I have tried this with Data Encryption enabled and disabled...no change in the log.
I even disabled the radios on the AP temporarily and still see the message in the log...
Anyone have an idea of what this error means, or what I am missing to get this to work?
Thanks in advance...
12-23-2011 08:33 AM
What happens if you put the AP behind a local internet router, and let it get a RFC 1918 address?
It could be that the provider starts to block the CAPWAP traffic to a public IP address.
HTH,
Steve
----------------------------------------------------------------------------------------------------------
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.