Showing results for 
Search instead for 
Did you mean: 

AP not joining WLC



I have some APs which are not connecting to 9800 controllers. 

Reason for last AP connection failure is showing as "DTLS close alert from peer" or "DTLS handshake expired." Can anybody please explain how to resolve this issue?

Thanks in advance.

12 Replies 12

Hall of Fame
Hall of Fame

What IOS XE code running on Cat 9800 (worth upgrading 17.9.4a) most problem Fixed

what AP Model ? Hope you have Licenses.

is the AP and WLC in same VLAN - is there any Firewall between then you need to Open some ports for the AP to register with WLC.

APWAP uses the UDP Ports 5246 (for CAPWAP Control) and 5247 (for CAPWAP Data).

connect console to AP and post complete boot log until failed to register to WLC.

check the AP joining process :

also try clearing the config on AP :

# clear lwapp private-config


***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The WLC is 9800-40 series and code is 17.9.4. Most of the AP models are 2802I-B-K9 and 2802E-B-K9

How many APs are currently connected to the controller?

Around 215 APs are currently connected to WLC.

None of them joining to WLC or only few, can you connect the console to AP post complete boot logs



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Only few APs are not joining, like 5 to 10 APs.

Do you have the latest SMUs and APSP installed?
17.9.5 is released now and contains all those same fixes plus some extra ones so might also want to consider that.

Yes, we have installed latest SMUs. Regarding APSP I'm not sure. I am not able see any file added in APSP tab under Software Management tab in the controller.

"show install summ"
APSP8 is CSCwi44524

"sh ap image file summ" will show AP image version for APSP8.

If you don't have the APSP installed then you're missing numerous AP fixes.


You can also check the following AP join process troubleshooting guide to verify the issue

4.- In case the errors are seen in the DTLS phase we can check which type of certificate and ciphers are used for AP DTLS handshake.

show wireless certification config !! Check DTLS version and cipher suite
show wireless management trustpoint !! Type of certificate used
show wireless dtls connections !! Show if DTLS is established for capwap control/data ports used

Jagan Chowdam

/**Please rate helpful responses**/

Leo Laohoo
Hall of Fame
Hall of Fame

What are the model of APs involved?

How many APs does the controller currently have? 

What firmware is the controller on? 

What is the uptime of the controller?



  - Have a checkup of the 9800 controller(s) configuration(s) with the CLI command show tech wireless and feed the output into
                                                                                                                                Wireless Config Analyzer

  - Use  commands from :
     for  further troubleshooting

 - Checkout AP stats using :


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: