Solved: Re: AIR-AP1542i ME dual bridge(Mesh) links fail

tom sealby · ‎08-16-2022

We have installed 4 x 1542i Cisco AP's, set to use Mobility Express (v 8-10-130-0 ) in mode Bridge. They are two separate links operating independently to different buildings in the area.

My issue is if both links are switched on the first link is dropped and you cannot connect to the UI of the controller, the last link up works and you can connect. If you switch the working link off the non-working link immediately connects and you can login to it. Clearly the 'preferred controllers' are broadcasting and talking to each other and knocking each other out. I have logged this with my distributor and Cisco and getting no help.

I have tried using different IP ranges on the controllers, also tried bridge groups to separate the devices logically but they are running on the same Ethernet. I did expect a response along the lines of, 'its a known issue on 8-10-130-0 use e.g. 8-10-151-0' but nothing.

Can anyone offer some guidance here as I beginning to think this kit is not up to the job. Much appreciated.

tom sealby · ‎10-06-2022

Hi, thanks for the info on the Firmware. I suspected layer 2 and the 2 x ME boxes talking to each other, after 2 months I have been advised not to run 2 x Controllers. I am looking to convert one back to CAPWAP and set as the RAP on the 2nd bridge and manage through 1 controller. If thats not possible change both controllers to CAPWAP and install a 9115 as a full blown controller to manage 2 x MESH (PtP) links. If anyone has done that before it would be useful to know.

View solution in original post

balaji.bandi · ‎08-16-2022

Looks for me the network Loop as you described in the post

Do you have any network diagram, how they are terminiated on both the side switch ports ? what switch model is that ?

what is the config on the switch port, check any STP blocking of that port ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tom sealby · ‎08-16-2022

The switches installed are HP JH328a and are unmanaged with PoE+ so no STP on these. There were no other active links to the remote buildings at either end. The links are on either end of the building, across the road at either end to a different building, there were old point to point links in place, these were switched off for the install.

Arshad Safrulla · ‎08-16-2022

I haven't worked with Bridges connected to unmanaged switches. You can follow the below document, it is very informative.
https://www.cisco.com/c/en/us/support/docs/wireless/mobility-express-aironet-access-points/215077-configuring-point-to-point-mesh-link-wit.html

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

tom sealby · ‎08-16-2022

yes i have used this many times over the years setting up the same 1542i models without issue, its with two links i have the issue, i am going to look over other switches on site regarding STP. I suspect its Cisco firmware but open to all options at the minute.

balaji.bandi · ‎08-16-2022

Can you draw small diagram, i still suspect due to bridge, the switch seeing loop i guess.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tom sealby · ‎08-17-2022

See Plan of layout, distance between buildings approx 40 metres, both masters AP's at larger site with static IP set (different IP!) and remote ends are CAPWAP (DHCP).

balaji.bandi · ‎08-17-2022

as per the diagram it should work as expected.

i would advise to check the HP switch logs

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Arshad Safrulla · ‎08-16-2022

Did you check the spanning tree behavior on the switch when this issue happened?

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

tom sealby · ‎08-16-2022

No, i have asked site if they have STP on their other switches.

tom sealby · ‎08-18-2022

STP is on the backbone switches, site are going to switch the other link on and record the STP logs.

tom sealby · ‎09-06-2022

Site have enabled both links, only one works, nothing trapped with STP on the switches so this is not a loop. I have always suspected Cisco firmware to be the issue but this is not being honoured under warranty even though we have put our case through distribution and Cisco before the 60 day software terms. We are just pushed to buy extended contracts or we get no help.

Any other ideas? I have looked through the latest firmware and there is nothing in there that appears to resolve an issue with more than one link in place.

Rich R · ‎10-05-2022

I doubt that new software will help but 8.10.130.0 is seriously out of date and there have been a lot of fixes, not all of which are documented in the release notes. So for a start please update them to 8.10.181.0 to eliminate the possibility that it's something which has been fixed, and also addresses a number of security PSIRTs:
https://software.cisco.com/download/home/286312622/type/286289839/release/8.10.181.0

But if that doesn't help I think the problem is that you're effectively trying to use ME in an unsupported way. Changing IPs won't help - it's the layer 2 broadcast domain that allows them to see each other so you need to make sure they're on different vlans then they should both work independently. You can route between those vlans.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

tom sealby · ‎10-06-2022

Hi, thanks for the info on the Firmware. I suspected layer 2 and the 2 x ME boxes talking to each other, after 2 months I have been advised not to run 2 x Controllers. I am looking to convert one back to CAPWAP and set as the RAP on the 2nd bridge and manage through 1 controller. If thats not possible change both controllers to CAPWAP and install a 9115 as a full blown controller to manage 2 x MESH (PtP) links. If anyone has done that before it would be useful to know.

tom sealby · ‎11-04-2022

Just to confirm for anyone following this. I did wipe the second ME unit and set back to CAPWAP, whitelisted it on the remaining ME controller and everything worked so will close this case.

I still believe there is an issue on the ME code, why offer "Primary controller", "Primary controller and preferred master" and "Preferred master" options if they will no coexist...