9120 AP cannot join to 9800-CL

bsmagulov1 · ‎08-14-2020

Hello everyone. Any help would be appreciated.

It is a new deployment.

I can ping the AP from the WLC and vice versa, but there is no CAPWAP talk. The Discovery request reaches a switch port connected to the BLADE server(VMware host) but there is no discovery response from the WLC. On VM settings trunk port is mapped to gig2 of the WLC. But when we turn gig2 into L3 port and assign it an IP address, map access VLAN port group to gig2 port everything works fine, the AP joins the WLC. Apparently, UDP 5246,5247,528 traffic is blocked somehow. But I have no clue how exactly. The only thing I know traffic is blocked on the WLC VM.

We are using a distributed virtual switch, even though in the official cisco paper it is recommended to use the standard switch. Could it be the reason?

In port group security policy everything is accepted.

balaji.bandi · ‎08-14-2020

Just checking on VMWARE installation check Security settings Accept/Accept/Accept. (VSwitch Promiscuous Mode)

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller_virtual_dg.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

bsmagulov1 · ‎08-14-2020

In port group security policy everything is accepted.

Scott Fella · ‎08-14-2020

So I’m also using one interface and that has to have an ip address. Like the doc shows, you create you vlan, then you go to your interface and assign an option address, define the gateway and then define the vlan for wireless management.
Maybe show some screen shots or your interface configuration. I have built and rebuilt a few of these just to get use to it, but it seems like it’s correct when you assign an ip address to gig2. I have changed mine to use gig1 but that doesn’t matter.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎08-14-2020

So a few things here, are you trying to use gig1, gig2 and gig3? I find it easier to have the management and wireless management using the same interface, which is just like how AireOS is designed. I also have 9800 appliance using the same. So what I did, is followed this section, where I used the cli to setup the controller and was able to just setup one interface with an IP address which is used for managing the 9800-CL and also for wireless management. I did not use the UI for day 0 setup as that only allows you to have a separate management along with a separate wireless management.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller_virtual_dg.html?referring_site=RE&pos=3&page=https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install...

-Scott
*** Please rate helpful posts ***

bsmagulov1 · ‎08-14-2020

I am using g2 as a management interface, g3 as an HA interface and g1 is shutdown.

I skipped day0 as well.

The question is why the WLC VM allows ICMP echo and blocks CAPWAP discovery request.

Currently, I am trying to mirror the g2 interface using distributed switch port mirror feature.

following this guide: https://sauravissar.com/2016/02/02/port-mirroring-in-vsphere-distributed-switchvds/#:~:text=In%20VMware%20vSphere%2C%20a%20Distributed,copies%20packets%20to%20the%20destination.

bsmagulov1 · ‎08-14-2020

Thanks, everyone. The issue is resolved. I had to assign an ap management VLAN as a wireless management interface. Instead of the g2 interface.