Issue with redundancy

Liad Dayan · ‎01-15-2012

Hi guys,

I have 2 controllers.

1)5508 -LDPE

2)4404- normal(DATA+WPS)

---------

They both have the same 7.0.220.0 software version.

My Ap`s got Ip address of: 192.168.30.x/24

My Managment AP of 4404: 10.1.44.17

My Management of the 5508: 10.1.44.116

Now i got 87 AP connected to the 5508 controller. When i shutdown the 5508 my ap`s dont move to the 4402.

DTLS_CLIENT_ERROR: ../dtls/dtls_connection_db.c:2013 Max retransmission count reached!

%DTLS-3-HANDSHAKE_RETRANSMIT: Max retransmit count for 10.1.44.17 is reached.

Somone know what could be the reason?

Regards,

Scott Fella · ‎01-15-2012

It can be because of the lDPE code you have on your 5508 WLC. That encrypts DTLS payload differently and that is what you are seeing.

I'm also guessing that the wlc are in the same mobility group and that is us and working.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎01-15-2012

Hello,

I will venture to say its becuase of the LDPE code. The APs when connected to the 5508 are using the special "LDPE" code which the 4400 doesnt support.

I have no experince with the LDPE as I dont know anyone who uses it. Perhaps one of the other guys here can comment further.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎01-15-2012

Althougt, I would think when the 5508 fails the APs should move over to the 4400 but they would need to download the 4400 version of the 7.0.220.0 code. So it wouldnt be a clean cut over ..

@ Scott -- LOL "that its U.S".. The last few post about country codes have been pretty common the last week or so !

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Liad Dayan · ‎01-15-2012

Hello,

when i use another subnet 10.x.x.x and shutting down the 5508 the ap moves to the second controller.

when i use 192.168.41.40 and shutting down the 5508 the ap isn't moving to the other controller and give me that error.

the controller are on the same subnet.

Regards

Scott Fella · ‎01-15-2012

You have some sort of acl or a FW between the different networks? If you say that the AP's join the 4404 when the AP's are in a 10.x.x.x then it should fail over. I'm guessing the 192.x.x.x is your dmz?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-15-2012

@George... It was like one post after the other on country codes! I actually started reading up on the different part numbers:)

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Stephen Rodriguez · ‎01-15-2012

@george yeah not a lot of ldpe in the US. IIRC correctly that is a specific code for European countries. Supposed to be similar to the DTLS license in e US.

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Liad Dayan · ‎01-16-2012

We do have firewall between those subnets. - Checkpoint firewall.

yestarday we did permit to all traffic between those networks (permit any any).

and still he didnt move from one controller to onther.

You guys have any other suggestions?

Regards,

Scott Fella · ‎01-16-2012

It seems it is still something with the FW. When you have the AP in the inside, it works fine, so it point to something on the network and not the wireless. I would take a look at the logs at the FW to make sure nothing is getting dropped.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***