Is the AP behind the NAT environment before reaching the Controller?
If not, is there a Firewall between the AP and the controller?
Port 18301 is used between the AP and the controller, make sure to allow it (Both TCP and UDP).
The rule should be as below:
Traffic from Controller to AP, source port ANY, destination port 18301
Traffic from AP to Controller, source port 18301, destination ANY