Solved: How Data traffic will be done between AP and Controller ?

palani2010 · ‎12-14-2024

How Data traffic will be done between AP and Controller ?

Is it go through CAPWAP, I believe CAPWAP used to both control plane and data plane ?

MHM Cisco World · ‎12-14-2024

Yes correct
only the UDP ports is different between control and data

View solution in original post

Flavio Miranda · ‎12-14-2024

@palani2010

Not exactly.

If the WLAN is in flexconnect mode, only control plane is sent between WLC and AP. Data Plane will be betwen AP and switch.

If the WLAN is in local mode, both control plane and data plane will be sent between WLC and AP.

View solution in original post

MHM Cisco World · ‎12-14-2024

Configuring Data DTLS (GUI)

Follow the procedure to enable DTLS data encryption for the access points on the controller :

Procedure

Step 1	Click Configuration > Tags and Profile > AP Join.
Step 2	Click Add to create a new AP Join Profile or click an existing profile to edit it.
Step 3	Click CAPWAP > Advanced.
Step 4	Check Enable Data Encryption check box to enable Datagram Transport Layer Security (DTLS) data encryption.
Step 5	Click Update & Apply to Device.

View solution in original post

MHM Cisco World · ‎12-14-2024

Yes correct
only the UDP ports is different between control and data

palani2010 · ‎12-14-2024

Thanks.

DTLS will be enable for control plane but not for data plane by default.

How to check DTLS enabled for data plane from wlc 9800.

MHM Cisco World · ‎12-14-2024

Configuring Data DTLS (GUI)

Follow the procedure to enable DTLS data encryption for the access points on the controller :

Procedure

Step 1	Click Configuration > Tags and Profile > AP Join.
Step 2	Click Add to create a new AP Join Profile or click an existing profile to edit it.
Step 3	Click CAPWAP > Advanced.
Step 4	Check Enable Data Encryption check box to enable Datagram Transport Layer Security (DTLS) data encryption.
Step 5	Click Update & Apply to Device.

palani2010 · ‎12-14-2024

If DTLS is not enabled means frames not will be encapsulated in capwap data plane traffic.

Correct me if i am wrong

MHM Cisco World · ‎12-14-2024

no it will send via capwap with udp port 5247 but it not encap inside dtls.

MHM

marce1000 · ‎12-14-2024

- The topic is discussed in this document amongst other stuff : https://www.thenetworkdna.com/2023/02/basics-of-capwap-tunneling.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda · ‎12-14-2024

@palani2010

Not exactly.

If the WLAN is in flexconnect mode, only control plane is sent between WLC and AP. Data Plane will be betwen AP and switch.

If the WLAN is in local mode, both control plane and data plane will be sent between WLC and AP.

palani2010 · ‎12-14-2024

Flex connect doubts

1. Need to configure flexconnect on wlan

2. AP should be configured from local mode to flex mode

Rich R · ‎12-25-2024

Flexconnect is the AP (not WLAN) mode required if you want to do WLAN local switching.

Once the AP is in Flexconnect mode the WLAN can be configured for central or local switching. Centrally switched WLAN client data will still be tunnelled to WLC over CAPWAP while locally switched will breakout on local VLAN on AP switch port. Flexconnect AP can have centrally and locally switched WLANs.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390