08-05-2021 12:20 PM - edited 08-06-2021 10:08 AM
Hi,
I have a vWLC in a remote lab where im using the interface G1 for WLC admin and also as wireless management interface.
Then, at my home I have an AP 3702 in a network that can reach the WLC via VPN. The AP can ping the WLC and the WLC can ping the AP. In the AP I use the command "capwap ap controller ip address" and then the IP that is configured on the interface G1 on my vWLC.
But when in the GUI I go to Wiress -> AP Statistics -> Join Statistics, I see a type of error that occurred last: DTLS-Handshake and the AP appears at not joined.
***UPDATE***
As I'm using version 17.3.3 on WLC, I manually updated the AP to version 15.3(3)JPJ6, after this Im getting the next logs on the AP side:
*Aug 6 17:05:57.011: Delete of backup image not donewith status 1
*Aug 6 17:05:57.011: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.3.247:5246
*Aug 6 17:06:15.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.3.247 peer_port: 5246!
*Aug 6 17:06:44.999: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2214 Max retransmission count reached for Connection 0xD13786C!
In the Radioactive trace tool on WLC I got the following logs:
2021/08/06 12:02:37.264086 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 Public IP learnt is FALSE, public IP discovery is FALSE, private IP discovery is TRUE.
2021/08/06 12:02:37.264256 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 IP:192.168.129.210[58052], Discovery Response sent
2021/08/06 12:02:47.240462 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:47.240545 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:02:49.243227 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:49.243258 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:02:53.238407 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:02:53.238697 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:01.238694 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:01.238949 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:47.252034 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:47.252090 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:49.250946 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:49.250999 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:03:53.247810 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:03:53.247863 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:04:01.250326 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): DTLS session init failure for remote-IP: 192.168.129.210, local-port: 5246
2021/08/06 12:04:01.250381 {wncd_x_R0-0}{1}: [capwapac-smgr-srvr] [22019]: (ERR): IPv4: 192.168.129.210 Failed to Process DTLS Hello message from loadbalancer server
2021/08/06 12:04:47.265751 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 Public IP learnt is FALSE, public IP discovery is FALSE, private IP discovery is TRUE.
2021/08/06 12:04:47.265825 {wncmgrd_R0-0}{1}: [capwapac-discovery] [21691]: (note): MAC: 88f0.3134.aa40 IP:192.168.129.210[58052], Discovery Response sent
Solved! Go to Solution.
08-06-2021 02:43 PM
Ok, did you generate the self signed certificate for ap to wlc communication?
wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}
Also you can set the wireless management interface manually by
wireless management interface {interface name}
08-05-2021 11:50 PM
- Check Wireless compatibility matrix , make sure this ap-model and the controller are compatible
M.
08-06-2021 08:30 AM
Hi,
I've checked that, im running version 17.3.3 and in the compatibility matrix appears the lightweight APs 3700 as supported.
Best regards!
08-06-2021 12:57 PM
When you configured "capwap ap controller ip address" did you configure it with the Wireless management interface IP?
Remember 9800 can have only one wireless management interface.
08-06-2021 02:09 PM
Yes, I used the wireless management interface IP, but this is the same interface that I use for access the vWLC via GUI.
It's the only interface "up" at the moment. Do you think this could be a problem? Now I'm trying to join a 1850 and I'm getting these logs:
Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000] CAPWAP State: DTLS Setup
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122] dtls_disconnect: ERROR shutting down dtls connection ...
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122]
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122]
Aug 6 21:06:56 kernel: [*08/06/2021 21:06:56.0122] CAPWAP State: DTLS Teardown
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] No more AP manager addresses remain..
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] No valid AP manager found for controller 'WLC-9800-AA' (ip: 10.100.3.247)
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] Failed to join controller WLC-9800-AA.
Aug 6 21:05:59 kernel: [*08/06/2021 21:07:00.7707] Failed to join controller.
Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000]
Aug 6 21:05:59 kernel: [*08/06/2021 21:05:59.0000] CAPWAP State: DTLS Setup
08-06-2021 02:43 PM
Ok, did you generate the self signed certificate for ap to wlc communication?
wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}
Also you can set the wireless management interface manually by
wireless management interface {interface name}
08-06-2021 04:21 PM
Hi, at the begining of my tshoot I had used the "wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 {password}" command with a "weak" password, after your suggestion I re-entered the command (this time using a more complex password) and it seemed to work, I got the next log:
Aug 6 22:50:30.503: %CAPWAP-6-AP_IMG_DWNLD: Required image not found on AP. Downloading image from Controller.
What was strange for me was that the AP already had the correct image (Version 15.3(3)JPJ6), So I don't know why the log said that the required image was not found. Anyways, after the download process the AP got registered in the WLC.
Another important thing is that after I read that the management interface and the AP interface should be different in the vWLC, I added a new interface G2 and used this new interface as "wireless management interface"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide