nerdexam
Cisco

350-401 · Question #1132

A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue?

The correct answer is B. Open CAPWAP UDP ports 5246 and 5247 in the network firewall.. To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.

Submitted by helene.fr· Mar 6, 2026Infrastructure

Question

A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue?

Options

  • AOpen CAPWAP UDP port 12222 in the network firewall.
  • BOpen CAPWAP UDP ports 5246 and 5247 in the network firewall.
  • CEnable the UDP Lite feature on the WLC.
  • DEnsure that the controller is connected to a AAA server.

How the community answered

(21 responses)
  • A
    10% (2)
  • B
    81% (17)
  • C
    5% (1)
  • D
    5% (1)

Why each option

To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.

AOpen CAPWAP UDP port 12222 in the network firewall.

UDP port 12222 is not the standard CAPWAP port; it is used by LWAPP, the predecessor to CAPWAP.

BOpen CAPWAP UDP ports 5246 and 5247 in the network firewall.Correct

CAPWAP (Control and Provisioning of Wireless Access Points) uses UDP port 5246 for control messages between the AP and WLC and UDP port 5247 for data plane traffic. If a firewall is blocking these ports, APs cannot establish tunnels or communicate with the controller, even if basic IP connectivity exists.

CEnable the UDP Lite feature on the WLC.

UDP Lite is a feature that provides partial checksums for UDP, but it does not resolve issues related to blocked CAPWAP ports by a firewall.

DEnsure that the controller is connected to a AAA server.

A AAA server is used for authenticating users and managing access, not for the underlying CAPWAP communication between APs and the WLC itself.

Concept tested: CAPWAP port requirements for WLC communication

Source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_ap_join.html

Topics

#CAPWAP#WLC#UDP ports 5246 5247#wireless controller

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice