Guest

Preview Tool

Cisco Bug: CSCum00101 - AP 2600/3600 data tunnel stuck w/ dtls encryption enable

Last Modified

Sep 02, 2016

Products (1)

  • Cisco Aironet 3700 Series Access Points

Known Affected Releases

7.5(102.11)

Description (partial)

Symptom:
The CAPWAP data tunnel on AP 2600/3600 in 7.5 gets stuck.

Data encryption is enabled to leverage data keep-alive and re-establish the CAPWAP tunnel in case the NAT/PAT translation expires, but in some cases the keep-alives are lost and the tunnel stays down (no self-recovery); at the same time the CAPWAP control tunnel is up and the AP shows as UP; from the FlexConnect standpoint the AP also shows as connected.

When clients try to connect they are deauthenticated once the (re)association timeout happens (the AP doesn't get the (re)association response from the WLC as the data tunnel is down).

When this happens the AP logs show the following message every minute:
%CAPWAP-3-ERRORLOG: Warning, data keep-alive failed, ignore data keep-alive timeout

Conditions:
- AP 2600/3600
- 7.5.102.11 code
- APs in FlexConnect mode w/ data encrytpion enable
- NAT/PAT between AP and WLC
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.