Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
6
Replies

9800WLC vlan based central switching issue

00uocpdgddPszkvs85d6
Level 1
Level 1

‎02-27-2024 02:59 AM

We are facing an issue that vlan based central switching is not working on 9800 (Version: 17.9.3).

we have configured "flex vlan-central-switching" on the policy profile. Make sure the vlan ID is not in the flex profile vlan list. Radius has configured with the right vlan ID in the authorisation profile. 

What we observed is WLC receives DHCP discovery from the client in capwap packets sent by flexconnect AP. However, WLC fails to pass on the DHCP discovery to upstream Layer 3 device for the centrally switched vlan, where ip helper address is configured. The client stays in IP Learn state. 

{wncd_x_R0-0}{1}: [sisf-packet] [22116]: (info): RX: DHCPv4 from interface capwap_90000081 on vlan xxx Src MAC: xxxx.xxxx.xxxx Dst MAC: ffff.ffff.ffff src_ip: 0.0.0.0, dst_ip: 255.255.255.255, BOOTPREQUEST, SISF_DHCPDISCOVER, giaddr: 0.0.0.0, yiaddr: 0.0.0.0, CMAC: xxxx.xxxx.xxxx

In contrast, with centrally switching SSID configured with the same vlan. DHCP discovery packets are passed on by WLC to the upstream Layer 3 device on the right vlan and the subsequent DHCP offer, DHCP request and DHCP ACK flow as per normal and working fine. 

So, the vlan configuration on WLC and upstream layer 3 device seems fine.

Could anyone shed any light on what could cause the WLC not passing on DHCP discovery packets; or point to us what we might have missed in terms of configuration required for vlan based central switching to work?

Thanks,

 

Labels:
0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎02-27-2024 03:35 AM

 

                               >.... what we might have missed in terms of configuration required for vlan based central switching to work?
   - Start with a checkup of the 9800 WLC configuration using the CLI command show tech wireless and feed that output into :
                                                                                                                           Wireless Config Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

00uocpdgddPszkvs85d6
Level 1
Level 1
In response to marce1000

‎02-27-2024 10:45 PM

Thanks for the reply!
Have checked config with the analyzer tool, and nothing stands out as configuration errors specially related to the SSID and policy profile and flex profile. 

Thanks

0 Helpful

marce1000
VIP
VIP
In response to 00uocpdgddPszkvs85d6

‎02-28-2024 12:37 AM

 

 - Note however that any errors red flagged by WirelessAnalyzer should be corrected first ; further  fully debug the particular client(s) using : https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity
             Client debugs (so called RadioActive Traces) ; can be high level analyzed with : Wireless Debug Analyzer

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Rich R
VIP
VIP

‎02-28-2024 07:30 AM

Why are you using "flex vlan-central-switching"?  If you want the SSID centrally switched then why not make it centrally switched?

Have you checked the restrictions for use of the "VLAN-based Central Switching for FlexConnect" feature?
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_vewlc_flex_connect.html#vlan-central-switching

Update to TAC recommended software version as per the link below to eliminate known, fixed bugs.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

00uocpdgddPszkvs85d6
Level 1
Level 1
In response to Rich R

‎02-29-2024 08:55 PM

the restrictions are checked and they are not applied to us.

BTW, we have used the exact same feature on Aire8540 and working fine. 

0 Helpful

Rich R
VIP
VIP
In response to 00uocpdgddPszkvs85d6

‎03-01-2024 01:09 AM - edited ‎03-01-2024 01:13 AM

Never assume AireOS and IOS-XE will work the same way.
DHCP, in particular, is one of the features that has major changes.  AireOS used DHCP proxy while IOS-XE uses standards based DHCP relay and follows the WLC routing table to DHCP server.

You did not answer my questions so I'll ask again:
Why are you using "flex vlan-central-switching"? 
If you want the SSID centrally switched then why not make it centrally switched?

It's entirely possible that you've found a bug in that particular feature (which I've never heard of anyone using before - I had to read up what it does) which is why I asked the question about why you're using that feature.  If you're making the config more complicated than it needs to be by using a feature you don't need then the answer may be to simplify the config and don't use that feature.

Also see:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf13740
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh43715

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card