350-401 Question #1132: Real Exam Question with Answer & Explanation

The correct answer is B: Open CAPWAP UDP ports 5246 and 5247 in the network firewall.. To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.

Submitted by helene.fr· Mar 6, 2026[DOMAIN_LIST_MISSING_IN_PROMPT]

Question

A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue?

Options

AOpen CAPWAP UDP port 12222 in the network firewall.
BOpen CAPWAP UDP ports 5246 and 5247 in the network firewall.
CEnable the UDP Lite feature on the WLC.
DEnsure that the controller is connected to a AAA server.

Explanation

To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.

Common mistakes.

A. UDP port 12222 is not the standard CAPWAP port; it is used by LWAPP, the predecessor to CAPWAP.
C. UDP Lite is a feature that provides partial checksums for UDP, but it does not resolve issues related to blocked CAPWAP ports by a firewall.
D. A AAA server is used for authenticating users and managing access, not for the underlying CAPWAP communication between APs and the WLC itself.

Concept tested. CAPWAP port requirements for WLC communication

Reference. https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_ap_join.html

Topics

#CAPWAP#WLC connectivity#Firewall rules#UDP ports

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice Browse All 350-401 Questions