Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3322
Views
5
Helpful
8
Replies

C9800-CL CoA Assign VLAN Issue

Go to solution
snailmus0
Level 1
Level 1

‎01-11-2021 05:44 AM - edited ‎07-05-2021 12:59 PM

I have a C9800-CL in my testing env, and it integrated with ISE 2.4p8, I configure 802.1x auth and posture feature on ISE, and when ISE issue a CoA request to C9800-CL, it disconnects the wireless client and report errs in the log.

 

2021/01/11 10:54:03.666 {wncd_x_R0-0}{1}: [client-orch-sm] [22011]: (ERR): Vlan change after CO has reached IP Learn state is not allowed
2021/01/11 10:54:03.666 {wncd_x_R0-0}{1}: [sanet-shim-translate] [22011]: (ERR): 9cda.3e6c.8815 :Auth interface failed to process vlan change from 222 to 370

 

Does anyone know how to resolve this problem?

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
d.friday
Level 4
Level 4

‎01-11-2021 06:36 AM

What IOS version are you running,  I know CoA with a VLAN change was not supported until IOS 17.x version.

 

 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
d.friday
Level 4
Level 4

‎01-11-2021 06:36 AM

What IOS version are you running,  I know CoA with a VLAN change was not supported until IOS 17.x version.

 

 

0 Helpful

Go to solution
snailmus0
Level 1
Level 1
In response to d.friday

‎01-11-2021 06:41 AM

Oh no, i use 16.12.4a!

Let me upgrade my devices and test again!

0 Helpful

Go to solution
snailmus0
Level 1
Level 1
In response to d.friday

‎01-11-2021 06:43 AM

Do you have any documents describe this striction?

0 Helpful

Go to solution
Evan Wheatley
Level 1
Level 1
In response to snailmus0

‎01-12-2021 03:24 PM

Is there any release notes referencing this? TIA

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to Evan Wheatley

‎01-20-2021 05:14 AM

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214855-ios-xe-wireless-feature-list-per-release.html
shows ...
Amsterdam - 17.1.1s
- Vlan override support after guest authentication (LWA and CWA)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
snailmus0
Level 1
Level 1
In response to Rich R

‎01-20-2021 05:53 AM

Thank you!
0 Helpful

Go to solution
shaikh.zaid22
Level 1
Level 1
In response to snailmus0

‎06-01-2023 02:52 AM

hello guys,

i am experiencing the same issue. WLC 9800 version 17.3.5a. Did anyone resolved the issue if yes then please guide me.

thanks

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to shaikh.zaid22

‎06-01-2023 06:31 AM - edited ‎06-01-2023 06:33 AM

Yes the solution is highlighted above.
You're using a software version which should support the feature so you must have a different problem.

Suggest you open a new thread with a detailed description of exactly what your problem is, what model of WLC you're using, exact software version and SMUs installed and what troubleshooting and debugging you have done.

Meanwhile take a look at the best practices guide and TAC recommended versions of code below and make sure you have configured everything required as per the config guide.  In particular the "aaa server radius dynamic-author" config required for CoA to work.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card