Solved: Re: Restarting CAPWAP after 1 minute

MJU-NETDESIGN · ‎06-09-2018

Hi there

I have a Office connected to a Main office via a site2site running a Asa in both ends.

There are a Access point 2802, that are losing the connection to the WLC every 1 minute.

[*06/06/2018 02:36:44.1579] Warning, unencrypted data keepalive failed
[*06/06/2018 02:36:44.1579] Failed to receive data keepalive
[*06/06/2018 02:36:44.1580]
[*06/06/2018 02:36:44.1580] Lost connection to the controller, going to restart CAPWAP...
[*06/06/2018 02:36:44.1580]
[*06/06/2018 02:36:44.1580] Restarting CAPWAP State Machine.

Can it be a bug or a config issue ?

Mvh Mickey

MJU-NETDESIGN · ‎09-03-2018

The solution was:

No _ in the AP group name.

View solution in original post

Leo Laohoo · ‎06-09-2018

What firmware is the WLC running on?

MJU-NETDESIGN · ‎06-10-2018

Its a WLC 3504 running version 8.5.120.0 and the accesspoint is a 2802.

Mvh Mickey

Leo Laohoo · ‎06-10-2018

Console into the AP and leave it alone for about 15 minutes. Make sure the output from the console is logged.
Attach the logs into the thread.

MJU-NETDESIGN · ‎09-03-2018

The solution was:

No _ in the AP group name.

moises.tavares1 · ‎04-30-2020

I have the same problem, did you use the command "no ap group name"?

What was the solution?

ajc · ‎08-19-2020

Did you mean that we should not use "_" in the AP Group Name?

Scott Fella · ‎08-19-2020

From this old thread, yes it states the fix was not to use an underscore “_”.

-Scott
*** Please rate helpful posts ***

ajc · ‎08-19-2020

Hi Scott,

thanks for answering, we are currently migrating our WIFI network to SD-WAN (which basically means IPSEC Tunneling), I have some AP's continuously sending me this:

*Aug 19 16:27:36.000: %CAPWAP-3-DATA_KEEPALIVE_ERR: Failed to receive data keep-alive *Aug 19 16:27:36.000: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.0.0.1:5246

I check this post but the AP Group name configuration is not the case so I read the following article about CAPWAP Path MTU Discovery, so I am wondering if the additional encapsulation caused by SD-WAN devices in addition to CAPWAP could be the cause because from the AP showing those disconnections negotiated a MTU of 576 with the WLC instead of the maximum required one.

(Cisco Controller) >show ap config general APTESTING

Cisco AP Identifier.............................. 520
Cisco AP Name.................................... APTESTING
CAPWAP Path MTU.................................. 576
Cisco AP Group Name.............................. TESTINGACCESSPOINT
Primary Cisco Switch Name........................ WLC

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/211405-Configure-CAPWAP-Path-MTU-Discovery.html

Scott Fella · ‎08-19-2020

Oh... you should start your own thread then since your issue is totally different.

-Scott
*** Please rate helpful posts ***

patoberli · ‎06-12-2018

Could be a UDP timeout, have you opened the required CAPWAP control/data ports?
https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344-cuwn-ppm.html#anc8
Otherwise do what Leo suggested.

k.ameen@kaa.org.uk · ‎04-20-2021

Hi,

This happens in my environment as well but I don't have a solution yet. It only happens on a group of WAPs and not all of them. The AP group name i have is "default-group" any suggestions?

Thanks

MJohar2 · ‎03-22-2023

Hi,

I had the same problem too but weirdly enough, the issue somehow resolved after I changed the cable from the AP to the switch. Hopefully this will help.

Thanks.