Solved: Re: 5520 Keeps shutting it's Management port down

James_1 · ‎08-29-2017

Just curious if anyone know or can point me in the right direction to the reasons why the controller would admin down it's management port.

I added a second Controller to my enviroment and created a mobilty group for the two and for some reason the new controller keeps admin downing it's management port. I see the snmp traps, stating that it's down, but i can't find any indication as to why it shut the port down.

Any help would be appriciated.

Thanks

James_1 · ‎09-13-2017

I figured out the problem and wanted to post it here, hopefully it'll help out the next person.

The problem was that our NAC didn't have the system object ID of the new 5520 in it's database (if you want to call it that) and since it' didn't reconize that ID it would fail some sorta authorization process (Still working on figuring out the process) and when it failed, the NAC would send a SNMP trap to disable the interface in which the failed authorization came from, That being the Management Port.

It was able to "Admin-Disable" the port on the controller because the NAC and the WLC were configured for SNMPv3 with read/write rights.

Hope this helps

Edit, I forgot to mention that i had updated the WLC to the current cisco recommended version, before i figured this out.

View solution in original post

Leo Laohoo · ‎08-29-2017

What firmware is the controller running on?

James_1 · ‎08-29-2017

Aw shoot, i forgot to list that. im running current Cisco recomended version 8.2.151

Leo Laohoo · ‎08-29-2017

Hold on ... The Management port gets disabled? Can you post the complete output to the following commands:
1. sh sysinfo;
2. sh inventory;
3. sh lag summary; and
4. sh port summary

James_1 · ‎08-29-2017

Yup, the management port gets disabled and i can't figured out whats causing it.

Here are the show commands as requested.

Thanks for your help!

Leo Laohoo · ‎08-29-2017

Are the distribution ports in a LAG or not?

James_1 · ‎08-29-2017

No they are not.

Leo Laohoo · ‎08-29-2017

The reason why I'm "interested" because I have a pair of 8540 in HA SSO. Over the weekend, the secondary went into Maintenance Mode. With the help of TAC, we were able to determine that the secondary would go into Maintenance Mode only when HA SSO is enabled. When the 8540 reboots after HA SSO gets enabled, the appliance would immediate take out the LAG, goes into maintenance mode and disable all the distribution ports.
There are many differences between your issue and mine but the underlying behaviour of disabling the distribution ports is intriguing.
Currently, I'm waiting for RMA.

James_1 · ‎09-13-2017

I figured out the problem and wanted to post it here, hopefully it'll help out the next person.

The problem was that our NAC didn't have the system object ID of the new 5520 in it's database (if you want to call it that) and since it' didn't reconize that ID it would fail some sorta authorization process (Still working on figuring out the process) and when it failed, the NAC would send a SNMP trap to disable the interface in which the failed authorization came from, That being the Management Port.

It was able to "Admin-Disable" the port on the controller because the NAC and the WLC were configured for SNMPv3 with read/write rights.

Hope this helps

Edit, I forgot to mention that i had updated the WLC to the current cisco recommended version, before i figured this out.