01-11-2019 11:35 PM - edited 07-05-2021 09:41 AM
I'm using vWLC 8.5.140.0 in a Hyper-V VM. The simplified network setup is:
I've configured DNS and DHCP discovery for AP. I can ping both 192.168.3.2 and 192.168.4.2 from 192.168.100.2. The vWLC can ping other hosts in the 192.168.200.x range. All firewall rules are disabled. However:
1. AP discovery packets can reach WLC (will show on WLC as status REG for a while then disappear after a timeout), but WLC reply seems to be lost on the way.
2. When I'm trying to open http://192.168.4.2, the website is loading but TCP connection is randomly stalled. http://192.168.3.2 do not have this problem. Also I found that the vWLC's service port have no outbound packets, which probably infers it is sending all packets from the management port.
Is this a bug or I've configured something wrong?
related system log:
0 Sat Jan 12 07:22:32 2019 AP Disassociated. Base Radio MAC:c8:f9:f9:xx:xx:xx ApName - ap-rack-top
1 Sat Jan 12 07:22:32 2019 AP's Interface:1(802.11a) Operation State Down: Base Radio MAC:c8:f9:f9:xx:xx:xx Cause=AP_IF_TRAP_ECHO_TIMEOUT: Radio reset due to (112) Heartbeat Timeout Status:NA
2 Sat Jan 12 07:22:32 2019 AP's Interface:0(802.11b) Operation State Down: Base Radio MAC:c8:f9:f9:xx:xx:xx Cause=AP_IF_TRAP_ECHO_TIMEOUT: Radio reset due to (112) Heartbeat Timeout Status:NA
Solved! Go to Solution.
01-12-2019 09:52 PM
I got this working- it seems the AP has joined a different WLC and hasn't been cleared, so the discovery process works but DTLS connection fails due to some authentication issues.
01-12-2019 01:46 AM
As per decription for now i can think of routing and ACL, make sure both reachable from each network and required port open in the ACL if any.
01-12-2019 05:42 AM
01-12-2019 11:23 AM - edited 01-12-2019 11:24 AM
I may be over looked, if the ping working, ACL not applied or disabled.
Then you need to wireshark and capture the packets and see where the packet lost in the path.
apart from above test, is there any AP joined thios vWLC ? ( vWLC generally installed over VMWARE what kind of Esxi environment, what switch you have under esxi vSwitch dSwitch ?)
01-12-2019 09:52 PM
I got this working- it seems the AP has joined a different WLC and hasn't been cleared, so the discovery process works but DTLS connection fails due to some authentication issues.
01-16-2019 12:45 AM
good job, you got this working.
but...
Cisco documentation on the service port (physical device) says:
The service port can obtain an IPv4 address using DHCP, or it can be assigned a static IPv4 address,
but a default gateway cannot be assigned to the service-port interface
and also:
You must not use the service-port for continuous SNMP polling and management functions except when the management interface of the controller is unreachable
=> traffic to the service port ip address will most likely be routed via the management port address
+ you better place the service port interface in a vlan that is not accessible from other vlans
and use the management interface for day-to-day management
only if the management port is not reachable you connect a device in the service-port vlan to access the service-port ip-address
01-16-2019 01:04 AM
01-16-2019 01:52 AM - edited 01-16-2019 01:54 AM
in your virtual environment did you create two different virtual switches ?
as per Virtual Wireless LAN Controller Deployment Guide
never mind the version (8.2 here), switch setup will be the same for all vWLC versions.
01-16-2019 01:57 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide