Preview Tool

Cisco Bug: CSCun52345 - AP sends TLS Alert with very high sequence number ff ff ff ff 00 00

Last Modified

Jun 26, 2014

Products (1)

  • Cisco Aironet 3700 Series Access Points

Known Affected Releases


Description (partial)

AP sends Capwap_Data link Keep-Alive at every 30seconds when Capwap_Data encryption was enabled.
(config ap link-encryption enable all).
AP should tear down the Capwap_Data link DTLS tunnel by sending TLS Alert packet whenever it does not received Keep-Alive response from its associated WLC after retransmission.
The problem is the TLS Alert packet has very high sequence number (seq_num) in the TLS payload hence WLC does not honor the Alert message. As a result, AP cannot tear down the tunnel and keep sending Alert.

config ap link-encryption enable {all|APNAME}
No response from WLC for Capwap_Data link Keep-Alive.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.