Solved: Re: 9800 WLC Fabric is not coming up

Sefik · ‎01-29-2021

Hello everyone,

I am in the middle of an SDA implementation for a customer. DNA center version is 1.3.3.9. We have 9500s and 9200s as border and edges with 16.12.x version software on them. For wireless we have 9800-L WLC with 9115AX access points. WLC software version is 17.3.1.

Configured wired and wireless fabric. Wired fabric is working without problem. But wireless fabric is not coming up. DNA center is pushing necessary config to control plane(9500s). I can see WLC is also getting fabric configuration but control plane connection on WLC is not coming up. There is a connectivity between WLC and control plane.

YakinDoguWLC_1#show wireless fabric summary

Fabric Status : Enabled

Control-plane:
Name IP-address Key Status
--------------------------------------------------------------------------------------------
default-control-plane 10.128.18.1 0fc565 Down
default-control-plane 10.128.18.2 0fc565 Down

Fabric VNID Mapping:
Name L2-VNID L3-VNID IP Address Subnet Control plane name
----------------------------------------------------------------------------------------------------------------------
10_128_128_0-INFRA_VN 8190 4097 10.128.128.0 255.255.252.0 default-control-plane
192_168_128_0-TECH_VN 8189 0 0.0.0.0 default-control-plane
192_168_72_0-BANKA_VN 8188 0 0.0.0.0 default-control-plane

There is a fw between control plane and WLC but we permit all traffic.

Border_9500_1#show run | s WLC
locator-set WLC
172.26.2.223
exit-locator-set
map-server session passive-open WLC

Border_9500_2#show run | s WLC
locator-set WLC
172.26.2.223
exit-locator-set
map-server session passive-open WLC

Any ideas? I already opened TAC case but I also want to try my chance here.

Thanks in advance.

Joshua Marks · ‎02-01-2021

Hello,

I had a very similar issue a few weeks ago with a new deployment.

Please confirm the following:

There is a specific route to the WLC in the underlay (not using the default route for reachability).
The firewall is not blocking any LISP traffic between the control node and WLC.
All of your software is compatible for SD-Access.

If you have confirmed all of these are set correctly, you may consider removing the WLC from the fabric and re-adding it.

In my case, the only thing that it seemed to be is that the authentication string between the control node and WLC was somehow incorrect. I remember seeing in the LISP debugs on the control node or WLC something about connection incorrect/failing. This led me to think it could be an authentication issue. It is possible that the LISP configuration can be corrupted during fabric provisioning as per the SD-Access Wireless Troubleshooting Guide

This is the line in the config on the WLC:

wireless fabric control-plane default-control-plane
ip address 10.128.18.1 key 0 xxxxx

Re-adding the WLC to the fabric caused the LISP connection to be successfully created (that is the only thing I did to resolve it).

Hope this helps.

Josh

View solution in original post

balaji.bandi · ‎01-29-2021

As per technical WLC sit out of Fabirc, you need to have IP address for Fabric to configure.

some guide lines :

https://www.theasciiconstruct.com/post/sda-and-wireless-part-i-integrating-a-9800-cl-into-sda

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sefik · ‎01-29-2021

Thank you for your reply.

Can you be more specific about "you need to have IP address for Fabric to configure"? Are you talking about assigning address pools inside fabric? I already did it.

Actually this is my second SDA installation. I also configured this in lab environment a lot of times but I used 3504 WLC before. There were no problems with 3504. I also have specific routes in control plane nodes for reaching WLC. I suspect maybe it is a version related problem.

balaji.bandi · ‎01-29-2021

Sure if you have done before, then the steps you followed already as replication of old LAB and Live.

The only question you have with 3504, then i look matrix and version of code running on WLC 3504 is supported

Follow some troubleshoot tips :

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/214977-troubleshoot-and-verify-sd-access-wirele.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sefik · ‎01-29-2021

Thank you for the link. I checked it but no chance. I guess I need to wait for TAC response for this. I will update this post later.

Joshua Marks · ‎02-01-2021

Hello,

I had a very similar issue a few weeks ago with a new deployment.

Please confirm the following:

There is a specific route to the WLC in the underlay (not using the default route for reachability).
The firewall is not blocking any LISP traffic between the control node and WLC.
All of your software is compatible for SD-Access.

If you have confirmed all of these are set correctly, you may consider removing the WLC from the fabric and re-adding it.

In my case, the only thing that it seemed to be is that the authentication string between the control node and WLC was somehow incorrect. I remember seeing in the LISP debugs on the control node or WLC something about connection incorrect/failing. This led me to think it could be an authentication issue. It is possible that the LISP configuration can be corrupted during fabric provisioning as per the SD-Access Wireless Troubleshooting Guide

This is the line in the config on the WLC:

wireless fabric control-plane default-control-plane
ip address 10.128.18.1 key 0 xxxxx

Re-adding the WLC to the fabric caused the LISP connection to be successfully created (that is the only thing I did to resolve it).

Hope this helps.

Josh

Sefik · ‎02-02-2021

Hi again,

Update!

Problem solved. I did 2 things;

1-Upgraded 9500s to 17.03.02a

2-Directly connected WLC to Borders.

I am sure upgrade was also helpful. Because like Joshua mentioned above, control nodes start to get correct configuration after upgrade.

WLC version is 17.3.1

Border/Control Node version is 17.3.2a.

Thanks.