11-11-2022 07:30 PM
9800-40s running in any configuration (HA, Standalone) experience communication issues with directly connected 4507 VSS cores. I have TAC currently engaged but looking for inputs.
The 9800-40 fails to ping the directly connected SVI on the core and vice versa with multi-chassis LAG setup on the core.
If I remove all ports except one from the port channel on the core, then it works, and, if I add back second or more ports, it fails.
I had originally deployed the VSS with split links model using RMI+RP and found failover malfunctioned because the standby always went into recovery because it could not ping the RMI gateway. So then I started to pare it down and identified a repeatable behavior. I ended up with a stand-alone 9800 that could not ping its default gateway and vice versa.
I have had several engineers validate the port channels configs on both ends. The behavior is occurring over a fiber connected 9800 and does not occur over a copper connected 9800. All SFPs are straight off the approved list for both the 9800s and the 4507s.
Plan is to change ports and fibers next week but interfaces are running clean, so how to tell if this is fiber or SFP problem?
Solved! Go to Solution.
11-13-2022 08:43 AM
The 9800 side was just two ports in a single port channel with one each going to a different 4507 in VSS. It was the 4507 side that needed changing. Instead of one port channel on the VSS side (as with the Nexus switches), I had to split it up into two port channels. The model is called VSS with split links. I had assumed all links could reside in the same port channel but that was the configuration that was unstable. So port channel x has two ports, one on each 4507, coming from the primary 9800 and port channel y has two ports, one on each 4507, coming from the secondary 9800 in a RMI+RP setup.
11-11-2022 08:41 PM
@lcaruso wrote:
Plan is to change ports and fibers next week but interfaces are running clean, so how to tell if this is fiber or SFP problem?
Check for line errors at both ends.
11-12-2022 04:26 AM
Are you sing DOM capable SFPs? If yes, you may check the readings directly from the transceiver from the device. It is always recommended that you do a fluke test for the cables. You may also check the show interface from both WLC and the switch side.
From the switch side make sure that you don't use any native VLAN under the ports connecting to the WLC and make sure that all the VLANs allowed in the ports connecting to WLC and from WLC to Switch.
Refer the below link, as it has well summarized guide on how to build HA SSO.
Cisco 9800 RMI+RP High Availability Best Practice Configuration – How I WI-FI (howiwifi.com)
11-12-2022 03:22 PM
Great tip on those DOM stats, thank you kindly!
Easy to prove fiber was in spec and all parms were within normal ranges.
11-12-2022 07:29 AM
- Speaking about validating configs this is always useful : Review the 9800-40 configuration with the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/
M.
11-12-2022 07:36 AM
- Check this bug report too : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve05543
M.
11-12-2022 03:27 PM
Thanks to all the nice ideas shared. I found the issue and corrected it, but not sure if this represents an unsupported configuration or a code issue. The workaround was to not have all four ports from the 9800s in the same port channel in multi-chassis LAG on the VSS core. When I changed the setup to two port channels on the core, it became immediately reliable. Fiber checked out.
11-13-2022 01:21 AM
that interest, can you share final config of Port-channel in C9800?
11-13-2022 08:43 AM
The 9800 side was just two ports in a single port channel with one each going to a different 4507 in VSS. It was the 4507 side that needed changing. Instead of one port channel on the VSS side (as with the Nexus switches), I had to split it up into two port channels. The model is called VSS with split links. I had assumed all links could reside in the same port channel but that was the configuration that was unstable. So port channel x has two ports, one on each 4507, coming from the primary 9800 and port channel y has two ports, one on each 4507, coming from the secondary 9800 in a RMI+RP setup.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: