Showing results for 
Search instead for 
Did you mean: 

Ask the Expert: Understanding, Configuring, and Troubleshooting a Converged Network Using the Cisco Catalyst 3850 Series Switch

Community Manager
Community Manager

With Luke Primm, Colby Beam and Nicholas Tate 


Read the bioRead the bioRead the bio

Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about converged networks using the Cisco Catalyst 3850 Series Switch with experts Luke Primm, Colby Beam and Nicholas Tate. Our experts will answer all your questions about understanding, configuring, and troubleshooting a converged network using the Cisco Catalyst 3850.

The Cisco Catalyst 3850 is part of a unified access solution based on Cisco’s one policy, one management, one network. One network is the convergence of wired and wireless networks into one physical infrastructure with greater intelligence, performance, features, and operational consistency for simplicity and ease of use.


The Cisco Catalyst 3850 is a converged access switch for both wired and wireless Ethernet. It brings the best of wired and wireless together by supporting wireless tunnel termination and full wireless LAN controller functionality. This technical forum is intended to help answer and aid in the deployment of the Cisco Catalyst 3850 in your network. 


Luke Primm is a member of the TAC LAN switching team at Cisco responsible for the support of all Cisco IOS Software switching platforms. He has more than nine years of experience supporting small to enterprise-sized networks. Luke's technical career started as a high school computer technology teacher responsible for teaching the Cisco Networking Academy curriculum. Upon leaving the classroom, he spent the next eight years in education technology helping design and support K-12 network solutions. Luke graduated from Eastern Washington University with a BS degree in computer technology and recently achieved an MS degree in network architecture from Capella University.


Colby Beam has been a technical leader on the LAN switching team for the past year. Additionally, he spent two years working on the Cisco Nexus 5000 and 2000 platforms. He has more than eight years of experience with networking. Colby also has extensive experience with a wide variety of networks and data centers. He holds a bachelor of science degree in computer science from the University of North Carolina at Asheville. 


Nicholas Tate is a senior customer support engineer in the global technical assistance center supporting wireless technologies, where he works on complex wireless enterprise issues. He has published numerous wireless documents to and the Cisco Support Community. Tate has been with working at Cisco since 2011 and holds a degree in information computer technologies from East Carolina University. 


Remember to use the rating system to let Luke, Colby, and Nicholas know if you have received an adequate response.


They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infrastructure community and sub-community, LAN, Switching and Routing discussion forum shortly after the event.


This event lasts through December 13, 2013.. Visit this forum often to view responses to your questions and the questions of other community members.

38 Replies 38

No Problem,

As of release 3.3, we now support nine switches in a stack.  Previous to the 3.3 release, we only support a stack of four at a time.

reference: 3850 Stacking

This is one of my previous posts that expanded on the 3.3 release features




Luke, Colby, Nick -

I have an SSID configured for Web Authentication however, my clients are unable to receive the splash page. How do I resolve this issue? 

Thanks for the help.


Hello Evan,

This is a good question.  Web authentication rediect failures can fail for a number of reasons.  These are the common issues seen here:

Client missing an IP or unable to ARP for it'd default gateway.

DNS resolution is failing

Mis-config on the web authentication

Captive portal disabled (relevant only for Apple devices)

I would first suggest disabling web authentication and ensure your client can reach the internet and resolve DNS as this will confirm the first 2 items.  Next, take a look at the config and compare it to this section of the deployment guide.  Depending on your config you will need an AAA list, a global and seperte web auth paramater map configured, and your WLAN configure for web auth referencing these 2 things.  Lastly, enable captive portale if you are using Apple devices.  You may also want to consider being on 3.2.3 or 3.3 code for complete captive portal support.

Web Auth Deployment Guide

If the above do not work to resolve the issue feel free to open a TAC case and we'll be able to look into this one further.


Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

Hi Guys,

When we managing 3850 (configured as MC) via Prime, should we add it as a switch or as a WLC ? Once it adds as a switch, does Prime represent it correctly as a WLC if we have that configuration ?

In my case I have switch management & WLC management on the same vlan & there are no two different IP address for SW & WLC itself ?




This is fine.  There isn't a seperate switch and WLC with this as it is all intergrated.  This is a good guide on how to add your device to Prime.


Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

Hi Nick,

I got a 3700 AP under EFT & was able to get it working with 7.6.x without any issue.  I got software code 03.09.06.MZP for 3850/5760 but could not get it working with 3850. AP get registered, but Radio interface get disabled once AP registered to 3850.

What are the possible cause for this ? Is there any troubleshooting commands I can use to find the cause?

Hope you can point me to a right place. Even under EFT documentation there is nothing much to assist in this situation


Hi Nick,

Give to little bit more information on this, AP (AIR-CAP3702I-Z-K9) is in "Z" regulatory domain which is latest addition to AU/NZ. I suspect 3850 code given to us may not work with this based on the below error msg I am getting when try to configure the 802.11a/n/ac radio. Can you confirm this please ?

Here is the 3850 information.

3850-1#sh wireless country configured

Configured Country.............................: AU  - Australia

Configured Country Codes

        AU  - Australia : 802.11a Indoor,Outdoor/ 802.11b / 802.11g

3850-1#sh ver

Switch Ports Model              SW Version        SW Image              Mode  

------ ----- -----              ----------        ----------            ----  

*    1 56    WS-C3850-48P       03.09.06.MZP      cat3k_caa-universalk9 INSTALL


The code you are running ins't a normal build of code.  You are correct that your country code is probably causing the issue here.  I'll need to direct you to open a TAC case for assitance with enabling support for the -Z country domain.


Hi Nick,

Thanks for the reply.

Since I am doing EFT would TAC support me on this ? They may say they are not aware of such code.

I already forward the request to Cisco AM to get me a CA resourece who can help me on this.. but no luck so far




Hi Nick

I was wondering what will be the best wireless router to provide wireless internet to a 10 unit 3 stories apartment building? I'm currently using a motorola SB6141 cable modem with a linksys EA6500 wireless router. Timewarner is the broadband provider. Everybody in the building gets good connection its just I have to reset the wireless router about once every two weeks. Please help. thanks.

Hello Adel,

I'm not too sure why the router is acting up.  If you want to root cause that I would suggest reaching out to Linksys support.  They will be able to provide more direction on that issue.


Kevin Smith

Hello…..I’m installing new 3850 switches and noticed when I went to configure for SSH I got this when installing my TACACS server info “Warning: The cli will be deprecated soon”…..can you explain this?


Could paste what configure you were attempting and what version you're running on the 3850?



Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.02.SE RELEASE SOFTWARE (fc2)


the error got rolled over from buffer....but below is what i was putting in, and right after the "Warning: The cli will be deprecated soon"  error pop up.....but it still took it however....I just thought it was strange.

config i was putting in


tacacs-server host X.X.X.X


All this means is that we changed the syntax some. It will still work, but eventually will be removed in later versions. I just tested this in the lab and got the same thing. It will also tell you the new syntax.

Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.00SE RELEASE SOFTWARE (fc1)

3850(config)#tacacs-server host

Warning: The cli will be deprecated soon

'tacacs-server host'

Please move to 'tacacs server ' CLI

Therefore in the future we will be using tacacs sever intead of of tacacs-server host. This  is usually to fall into line with other platforms to make it easier to configure when moving between platforms for platform independent features, such as tacacs.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: