Guest

Preview Tool

Cisco Bug: CSCut21564 - 5760 delays AP certificate processing resulting in DTLS failure

Last Modified

May 15, 2018

Products (1)

  • Cisco IOS

Known Affected Releases

10.2(120.0)

Description (partial)

Symptom:
APs that could previously join the WLC (but have lost their connection) are unable to establish a DTLS connection with the 5760 at 3.6.1 software. Both the AP and WLC successfully validate the other's certificate. After the AP sends its cert to the WLC, it expects to receive the Change Cipher Spec message from the WLC. Instead, the WLC resends its Server Hello + Certificate followed by the Change Cipher Spec. The AP registers this error:

*Mar  2 14:54:58.327: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_record.c:394 BD is not of DTLS Change Cipher Spec type

WLC appears to pause for at least one second before retransmitting its certificate to the AP. This may be related to high CPU on the WLC (verify with 'show process cpu').

Conditions:
5760 WLC at 3.6.1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.