08-14-2020 02:46 AM - edited 07-05-2021 12:23 PM
Hello everyone. Any help would be appreciated.
It is a new deployment.
I can ping the AP from the WLC and vice versa, but there is no CAPWAP talk. The Discovery request reaches a switch port connected to the BLADE server(VMware host) but there is no discovery response from the WLC. On VM settings trunk port is mapped to gig2 of the WLC. But when we turn gig2 into L3 port and assign it an IP address, map access VLAN port group to gig2 port everything works fine, the AP joins the WLC. Apparently, UDP 5246,5247,528 traffic is blocked somehow. But I have no clue how exactly. The only thing I know traffic is blocked on the WLC VM.
We are using a distributed virtual switch, even though in the official cisco paper it is recommended to use the standard switch. Could it be the reason?
In port group security policy everything is accepted.
08-14-2020 04:03 AM
Just checking on VMWARE installation check Security settings Accept/Accept/Accept. (VSwitch Promiscuous Mode)
08-14-2020 04:21 AM
In port group security policy everything is accepted.
08-14-2020 04:42 AM
08-14-2020 04:06 AM
08-14-2020 04:15 AM
I am using g2 as a management interface, g3 as an HA interface and g1 is shutdown.
I skipped day0 as well.
The question is why the WLC VM allows ICMP echo and blocks CAPWAP discovery request.
Currently, I am trying to mirror the g2 interface using distributed switch port mirror feature.
following this guide: https://sauravissar.com/2016/02/02/port-mirroring-in-vsphere-distributed-switchvds/#:~:text=In%20VMware%20vSphere%2C%20a%20Distributed,copies%20packets%20to%20the%20destination.
08-14-2020 05:13 AM
Thanks, everyone. The issue is resolved. I had to assign an ap management VLAN as a wireless management interface. Instead of the g2 interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide