Connection lost between AP and HiveManager, after upgrade to 6.1r1

  • 1
  • Question
  • Updated 5 years ago
  • Answered
An AP121, have lot of lost connections during the day. In the Events is show "dtls handshake fail", "The current capwap delay time higher than threshold value", "Default DTLS passphrase is in use. Push a complete config to update the passphrase automatically, or set it manually and push a complete or delta config" so "The CAPWAP connection with HiveManager was lost"
I test the physical cable, and nothing happen. How can I do find some try of attack in this AP? Is Possible?
Photo of Fernando Camargo

Fernando Camargo

  • 5 Posts
  • 3 Reply Likes

Posted 5 years ago

  • 1
Photo of Chris B

Chris B, Official Rep

  • 93 Posts
  • 10 Reply Likes
Hi Fernando

This indicates there is a disconnect between your AP's and Hive Manager, or latency in your network that is above the set threshold..... are they in the same physical location? Or is it an HiveManager Online? Have you had any network isues that would stop communication between the AP and HM??

What are the AP uptimes? (check to see if they are disconnecting or rebooting).

Chris
Photo of Fernando Camargo

Fernando Camargo

  • 5 Posts
  • 3 Reply Likes
Hi Chris,

this trouble happen only in one floor. When i take this AP and install in another floor work very well, without drop for 2 weeks. My intention is discovery if have some tool to find some attack over AP.
Photo of Denis Paiva

Denis Paiva

  • 2 Posts
  • 0 Reply Likes
Same problem to me
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Is NTP enabled and working? Make a console connection to the access point and run the show ntp command. If an NTP source is active its IP address will have "(active)" after it. If you have NTP issues then the DTLS encryption utilised by the CAPWAP tunnel can fail and reoccuring Private PSKs will be invalidated.

The other thing to check with APs that will not initialise after a reboot is DNS. Again console into the access point and run the show dns command. This will show you the defined DNS servers and then attempt to PING a local hostname or Internet website.