Hello Cisco WLAN experts,
I tryin to understand packet flow between our 9800-80-WLC and a 9800-L-C-Guest WLC and started a simple paket capture like the following one on one of the interfaces of a Port channel on the 9800-L-C Version 17.3.6
To my surprise, the resulting Wireshark paket capture shows duplicate data packets:
When I see ARP-PAckets, the seocnd packets diifers slightly in size and is filled up with some Bytes of "00".
When it comes to real data traffic packets, Whireshark is wrongly interpreting these duplicates as Retransmits.
Who has a good idea or explantion for this duplication ?
Is it due to a wrong network design ?
Both WLCs are connected via Trunk lines to a central router and the captured interface is from a Trunk interface towards Internet.
Thank You for any explanation.
Kind regards
Wini
Accepted Solutions
Hello MHM,
the difference in VLAN is visible on the newer 9800-80 version 17.9.5. Obviously the filter has been improved here:
Here I can choose a uniqe MAC-Address of WLAN-Client instead of a whole IP-subnet.
The inner filter MAC is not visible in 17.3.6:
So it looks like a bug to me.
Kind regards
Wini
Hello Rich,
thank You very much for this important information. It is working like this on the newer 17.9.5-Code.
In the elder 17.6.3-version I see only 2 packets in a 10 Seconds interval, when i uncheck Monitor Control Plane
on our Guest-WLC covering several thousands of users:
In contrast to that, when I activate Monitor Control Plane, I see apparently the whole traffic but with duplicates for ARP and DHCP:
It looks like a bug in this SW-version.
I have planned a SW-Upgrade for this box and hope to solve this cosmetic problem also.
Therefore I accept Your reply as a solution and say
Thank You very much for Your professional help.
Greetings from Frankonia.
Wini
