9800-cl with layer 3 svi

k. cheng · ‎08-02-2023

The 2nd paragraph in the “Recommendations for Wireless Management Interface” section of https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-6/config-guide/b_wl_17_6_cg/m_config-wmi.html says to make the Wireless Management Interface on a 9800-CL WLC an SVI. How important is this recommendation? Will it affect HA? Because my 9800-CL1 (10.43.8.20) has this config and I can only reach it from the ESXi console. 9800-CL1 can ping itself at 10.43.8.20 but not its gateway (10.43.8.1). I can ping, ssh, https to my other 9800-CL2 (10.43.8.21) from my pc (10.59.9.15) fine because its g1 interface is layer 3. both of my 9800-CL VMs run iosxe17.6.4.

===9800-CL1 config===

interface GigabitEthernet1
switchport trunk allowed vlan 3
switchport mode trunk
negotiation auto
no mop enabled
no mop sysid

interface GigabitEthernet2
negotiation auto
no mop enabled
no mop sysid

interface GigabitEthernet3
negotiation auto
no mop enabled
no mop sysid

interface Vlan1
no ip address
shutdown
no mop enabled
no mop sysid

interface Vlan53
description wmi
ip address 10.43.8.20 255.255.254.0
no mop enabled
no mop sysid

ip route 0.0.0.0 0.0.0.0 10.43.8.1

===9800-CL2 config===
interface GigabitEthernet1
description wmi, rmi
no switchport
ip address 10.43.8.20 255.255.254.0
negotiation auto
no mop enabled
no mop sysid

interface GigabitEthernet2
negotiation auto
no mop enabled
no mop sysid

interface Vlan1
no ip address
shutdown
no mop enabled
no mop sysid

ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.243.8.1
!i tried this default route on 9800-CL1 and got this error: %Must specify a L3 port as the next hop interface

Flavio Miranda · ‎08-02-2023

Hi @k. cheng

The default route seems not right.

ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.243.8.1

It should be

ip route 0.0.0.0 0.0.0.0 10.243.8.1

k. cheng · ‎08-02-2023

sorry, that was a typo. to clarify, the default route on the reachable wlc is ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 10.43.8.1 and the default route on the not-reachable wlc is

ip route 0.0.0.0 0.0.0.0 10.43.8.1. for the reachable wlc, the iosxe added GigabitEthernet1. i tried adding GigabitEthernet1 to the default route of the not-reachable wlc and got an '%Must specify a L3 port as the next hop interface' error.

JPavonM · ‎08-02-2023

Regarding the importance of configuring WMI as SVI, one of the answers would be that using SVI is the only way you can use an AP in sniffer mode to capture OTAs. Maybe other things are also supported using SVI that are not using physical port in L3 mode that I can't remember now.

Regarding your WMI connectivity issue, this use to happen if the port group configuration in the Hypervisor side has not the proper config.

Check this https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-cl-wireless-controller-cloud/nb-06-cat9800-cl-wirel-cloud-dep-guide-cte-en.html#vCenter

marce1000 · ‎08-03-2023

- You may want to review the 9899-cl controller configuration too with the CLI command show tech wireless ; feed the output into : https://cway.cisco.com/wireless-config-analyzer/
Consider this a 'must do'....

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '