Cisco Bug: CSCum00101 - AP 2600/3600 data tunnel stuck w/ dtls encryption enable

Last Modified

Sep 02, 2016

Products (1)

Cisco Aironet 3700 Series Access Points

Known Affected Releases

7.5(102.11)

Description (partial)

Symptom:
The CAPWAP data tunnel on AP 2600/3600 in 7.5 gets stuck.

Data encryption is enabled to leverage data keep-alive and re-establish the CAPWAP tunnel in case the NAT/PAT translation expires, but in some cases the keep-alives are lost and the tunnel stays down (no self-recovery); at the same time the CAPWAP control tunnel is up and the AP shows as UP; from the FlexConnect standpoint the AP also shows as connected.

When clients try to connect they are deauthenticated once the (re)association timeout happens (the AP doesn't get the (re)association response from the WLC as the data tunnel is down).

When this happens the AP logs show the following message every minute:
%CAPWAP-3-ERRORLOG: Warning, data keep-alive failed, ignore data keep-alive timeout

Conditions:
- AP 2600/3600
- 7.5.102.11 code
- APs in FlexConnect mode w/ data encrytpion enable
- NAT/PAT between AP and WLC

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts