Solved: [WLC] CAPWAP tunnel lifetime

thibaut.matzke · ‎11-30-2021

Hello,

We faced an issue where after a misconfiguration, APs couldn't connect back to our primary WLC, and went to our secondary WLC. This "migration" wasn't sudden for all of our APs, and I think it was due to CAPWAP tunnel still up and not trying to renegociate with the WLC.

After resolving the issue, I tried to find the global CAPWAP tunnel lifetime (standard CAPWAP tunnel renegociation), but I couldn't. Does anyone know where I can find this information ? We have a Cisco 8540.

Thank you in advance for your answers,

Regards

marce1000 · ‎12-01-2021

>this CAPWAP tunnel needs to be renegotiated at some point, right

- I don't think so , the ap-heartbeat is an indicator for the controller to keep the capwap-tunnel UP.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

patoberli · ‎12-02-2021

I think it stays up forever, unless you have a layer 3 border between the WLC and the APs. In that case there might be a firewall in between, which terminates all connections after xx hours, for example.

View solution in original post

balaji.bandi · ‎12-02-2021

why we asking Cluster, checking failover.

as per i know the Tunnel forever, until the AP reboot and reload new session start.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎11-30-2021

you can find some information here : when the AP try to contact again Primary AP, if not reachable it will go alternative WLC automatically and join, but when the Primary come back online, i do not believe they will automatically move to Primary, you need to manually move them Primary controller.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/ap_connectivity_to_cisco_wlc.html#capwap

or something i miss understood your situation?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thibaut.matzke · ‎11-30-2021

Hello Balaji, and thank you for your answer ! But this is not what I am looking for. My issue is resolved, but I will deeply explain it to understand why I am asking about CAPWAP tunnel lifetime :

This is the standard configuration : all APs are connected to the primary WLC and working well :

After a misconfiguration on the primary WLC making it impossible to establish a new CAPWAP tunnel to it, we started to see some APs from the primary WLC going to the secondary one,but not all of them at the same time :

I think the reason why not all of the primary WLC APs "migrated" to the secondary one is because their CAPWAP tunnel was still active and working (CAPWAP association with primary WLC was still OK). Since they didn't have to renegociate any new CAPWAP tunnel to the primary WLC, they stayed connected to it, and when they had to renegociate CAPWAP tunnel, since they couldn't do it with the primary WLC, they went on the second one.

I think this is the "Controller Associated Time" that you can see on the AP :

After correcting the misconfiguration on the primary WLC, every APs connected to the secondary one went back on the primary one automatically. For information, while troubleshooting (with this very useful link), I could see with the CAPWAP debug command on an AP that they were trying to reconnect to the first WLC continuously, so this was expected.

Now, from this usecase, what I want to know is the to understand "when they had to renegociate CAPWAP tunnel". Is this because the CAPWAP protocol has an lifetime ? And if so, what is it ? And if not, then when does an AP needs to renegociate its CAPWAP tunnel ? I couldn't find a precise answer on it, and this would really help me understand why not all APs migrated to the secondary WLC at the same time.

Thank you in advance for your answers,

Regards

balaji.bandi · ‎12-01-2021

is the WLC Cluster ?

As per i know the AP do the heartbeat with Controller every 30seconds see if the WLC up and running, then take action based on the availability Groups, below document explain better :

https://mrncciew.com/2013/04/07/ap-failover/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thibaut.matzke · ‎12-01-2021

Yes the WLC is a cluster, but this is not what I am asking.

Thank you for your documentation link, it was very interesting, but I still couldn't find the information I am looking for.

I understand that an AP sends heartbeat to its WLC every 30 seconds via its CAPWAP tunnel to be sure it is still working, but even when everything is working well, this CAPWAP tunnel needs to be renegociated at some point, right ? This CAPWAP interconnection with the WLC has a lifetime, no ?

Thank you in advance for your answers,

Regards

marce1000 · ‎12-01-2021

>this CAPWAP tunnel needs to be renegotiated at some point, right

- I don't think so , the ap-heartbeat is an indicator for the controller to keep the capwap-tunnel UP.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

patoberli · ‎12-02-2021

I think it stays up forever, unless you have a layer 3 border between the WLC and the APs. In that case there might be a firewall in between, which terminates all connections after xx hours, for example.

balaji.bandi · ‎12-02-2021

why we asking Cluster, checking failover.

as per i know the Tunnel forever, until the AP reboot and reload new session start.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thibaut.matzke · ‎12-05-2021

Hello,

Thank you very much for all of your answers, it was very helpful. I guess it was one of our firewall between the APs and WLC that must have terminated the interconnection between them.