Solved: 9800 WLC APs connected but cannot pass client traffic

carouse2 · ‎08-30-2021

I have a 9800 controller in a datacenter, with 2 vlans existing on that network (vlan 940 and 1620), both of which I am able to connect an AP and see reach that client network through the controller. I have another network that is separated by 2 routers. Neither the client vlan (930) or the infrastructure vlan (AP...vlan 1610) exist in the datacenter. I am able to join the AP on the remote network successfully. I see the client (statically assigned IP) on the controller in my wlan but it doesn't appear to route the client traffic through capwap.

Does the 930 vlan or interface vlan need to exist on my controller even though it doesn't exist in the datacenter?

I have my root AP set as flex connect.

Debug thoughts to consider?

marce1000 · ‎08-30-2021

- Review and or compare your current settings for flexconnect according to this document :

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎08-30-2021

- Review and or compare your current settings for flexconnect according to this document :

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

carouse2 · ‎08-31-2021

Thanks Marce1000. I can see the client on the controller through the AP as a client (its statically assigned) but not getting out from the controller.

Scott Fella · ‎08-31-2021

Yeah you would see that, but what you want is FlexConnect like Marce stated. This way you drop traffic local to the switch the ap is connected to and not tumbled back to the controller.

-Scott
*** Please rate helpful posts ***

carouse2 · ‎09-01-2021

Thanks Scott. I have flexconnect setup as shown. I see the vlan name On the AP, I am running: show capwap reap association and I see the mac address, IP address (statically assigned on the device) but no gateway or netmask.

show capwap reap association

Address: xxxx.xxxx.xxxx Name: NONE

IP Address: 10.10.10.88 IPv6 Address:

Gateway Address: 0.0.0.0

Netmask Address: 0.0.0.0

When I connect this device to our ap and 5508 with no changes made to the client, it routes properly.

Should the ap be set as capwap ap mode bridge or capwap ap mode local?

Scott Fella · ‎09-02-2021

Sorry for the late response... When you use FlexConnect, you need to make sure you have the SSID/WLAN configured for local switching, or else the traffic will flow back to the controller. You can always create a duplicate WLAN, but make sure the profile name is different. This will allow you to keep the existing and use the new WLAN to test with local switching enabled. The ap also has to be in FlexConnect mode.

Make sure you review the FlexConnect guides out there to have a better understanding of the step by step configuration as that will help you get started.

-Scott
*** Please rate helpful posts ***