Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
2
Helpful
5
Replies

9800 EWC Set QOS error invalid in upstream direction

Go to solution
owen2
Level 1
Level 1

‎01-31-2024 06:46 PM

Hi All,
having issue implementing Qos for our Guest Wifi, with a thoughput of 20mbps.

Version 17.9.4a

Error: QOS_ERROR_MESSAGE-3-QOS_SSID_INVALID_POLICY: Chassis 1 R0/0: wncd: ERROR: Policy wish-guest-Qos-20mbps is invalid in Upstream direction for vapid:1. Once the policy is modified, the bssid needs to be reset before the new policy-map definition can take effect
*Jul 11 12:30:31.209: %QOS_ERROR_MESSAGE-3-QOS_SSID_INVALID_POLICY: Chassis 1 R0/0: wncd: ERROR: Policy wish-guest-Qos-20mbps is invalid in Upstream direction for vapid:1. Once the policy is modified, the bssid needs to be reset before the new policy-map definition can take effect
*Jul 11 12:31:05.896: %SYS-5-CONFIG_P: Configured programmatically by process SEP_webui_wsma_http from console as owen on vty0
*Jul 11 12:31:26.438: %QOS_ERROR_MESSAGE-3-QOS_INVALID_POLICY: Chassis 1 R0/0: wncd: ERROR: Policy wish-guest-Qos-20mbps is invalid in Upstream direction for vapid:1
*Jul 11 12:31:26.439: %CLIENT_EXCLUSION_SERVER-5-ADD_TO_EXCLUSIONLIST_REASON_DYNAMIC: Chassis 1 R0/0: wncd: Client MAC: 9a06.041a.614e was added to exclusion list associated with AP Name:AP10A8.299B.2644, BSSID:MAC: 10a8.2996.ddaf, reason:Client QoS policy failure
*Jul 11 12:31:26.439: %QOS_ERROR_MESSAGE-3-QOS_MSG_BLKLIST_CLIENT: Chassis 1 R0/0: wncd: Blacklisting client 9a06.041a.614e. Error installing client QOS policy: wish-guest-Qos-20mbps in Upstream direction.

config as below:

ip access-list extended wish-guest
permit ip any any
exit
class-map match-all wish-guest-Qos-20mbps
match access-group name wish-guest
policy-map wish-guest-Qos-20mbps
class wish-guest-Qos-20mbps
police cir 20000000
conform-action transmit
exceed-action drop

wireless profile policy wish-guest
no central dhcp
no central switching
http-tlv-caching
ipv4 flow monitor default-flow-monitor input
ipv4 flow monitor default-flow-monitor output
service-policy client input wish-guest-Qos-20mbps
service-policy client output wish-guest-Qos-20mbps
service-policy input wish-guest-Qos-20mbps
service-policy output wish-guest-Qos-20mbps
session-timeout 86400

wlan wish-guest 1 wish-guest
security wpa psk set-key ascii 8 111111
no security wpa akm dot1x
security wpa akm psk
no shutdown

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich R
VIP
VIP

‎02-01-2024 09:09 AM - edited ‎02-01-2024 09:10 AM

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_wireless_qos_cg_vewlc1_from_17_3_1_onwards.html#reference_snj_h2p_wcb

Restrictions for QoS on Wireless Targets

  • One policy per target per direction is supported.

  • Access group matching is not supported.

  • Access group (ACL) matching is not supported by access points in flex mode for local switching traffic.
    Are you maybe breaching some of those restrictions?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

0 Helpful
5 Replies 5

Go to solution
marce1000
VIP
VIP

‎01-31-2024 11:15 PM

 

       - FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc42784

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
owen2
Level 1
Level 1
In response to marce1000

‎01-31-2024 11:31 PM

@marce1000 im using firmware 17.9.4a, so it should not be a issue.

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to owen2

‎01-31-2024 11:46 PM

 

 - Bug  seems very related (still) ;  you may want to engage TAC , or  have some testing with the provided workarounds (if desired) , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Rich R
VIP
VIP

‎02-01-2024 09:09 AM - edited ‎02-01-2024 09:10 AM

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_wireless_qos_cg_vewlc1_from_17_3_1_onwards.html#reference_snj_h2p_wcb

Restrictions for QoS on Wireless Targets

  • One policy per target per direction is supported.

  • Access group matching is not supported.

  • Access group (ACL) matching is not supported by access points in flex mode for local switching traffic.
    Are you maybe breaching some of those restrictions?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
owen2
Level 1
Level 1
In response to Rich R

‎02-01-2024 07:30 PM

@Rich R the Ap is in Flex Mode and using ACL...
looks like there are no solutions....

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card