350-401 · Question #1132
A Cisco administrstor deploys a new wireless network but CAPWAP APs cannot communicate with the wireless controller. IP connectivity in the network functions properly. Which action resolves the issue?
The correct answer is B. Open CAPWAP UDP ports 5246 and 5247 in the network firewall.. To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.
Question
Options
- AOpen CAPWAP UDP port 12222 in the network firewall.
- BOpen CAPWAP UDP ports 5246 and 5247 in the network firewall.
- CEnable the UDP Lite feature on the WLC.
- DEnsure that the controller is connected to a AAA server.
How the community answered
(21 responses)- A10% (2)
- B81% (17)
- C5% (1)
- D5% (1)
Why each option
To enable CAPWAP APs to communicate with a wireless controller through a firewall, the standard CAPWAP UDP ports 5246 (control) and 5247 (data) must be opened.
UDP port 12222 is not the standard CAPWAP port; it is used by LWAPP, the predecessor to CAPWAP.
CAPWAP (Control and Provisioning of Wireless Access Points) uses UDP port 5246 for control messages between the AP and WLC and UDP port 5247 for data plane traffic. If a firewall is blocking these ports, APs cannot establish tunnels or communicate with the controller, even if basic IP connectivity exists.
UDP Lite is a feature that provides partial checksums for UDP, but it does not resolve issues related to blocked CAPWAP ports by a firewall.
A AAA server is used for authenticating users and managing access, not for the underlying CAPWAP communication between APs and the WLC itself.
Concept tested: CAPWAP port requirements for WLC communication
Source: https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/configuring_ap_join.html
Topics
Community Discussion
No community discussion yet for this question.