Preview Tool

Cisco Bug: CSCui94634 - Flex AP disjoins after ACL push, CAPWAP processing hangs DTLS timeout

Last Modified

Feb 18, 2018

Products (1)

  • Cisco Aironet 3700 Series Access Points

Known Affected Releases


Description (partial)

AP's in Flexconnect local switching mode with VLAN mappings disjoin from WLC when an ACL is applied to one of the VLANs.

Once ACL is pushed, CAPWAP UDP prcessing become sluggish and re-transmissions of packets from WLC are erroring with duplicate sequence number errors.  Eventually, this state will cause a DTLS timeout and re-join process on the AP which will fail over and over with same issue.

Appears the issue is related to corruption of the CAPWAP private config as the actual content of the ACL does not matter (apply a permit any any for example).  The issue will occur immediately at the point the ACL is pushed.

Flexconnect mode AP's with VLAN mappings and Flex ACL
AP on low free flash space condition

Related Community Discussions

7.4MR4 Beta Availability
7.4.131.x Available - 7.4MR4 Beta   April 29 Final build available (,  this is candidate content before release. New open beta for future (7.4MR4) release To request access, please write to, include your CCO username on the email. Download at 74MR4Beta forum in upload server   Support For any new issue during this test, please write to, pre-existing problems would be directed through normal TAC support channels, the ...
Latest activity: Apr 07, 2015
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.