cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5950
Views
5
Helpful
10
Replies

Can't join 2702i to C9800-CL WLC

Hello all,

I have setup a C9800-CL controller for a lab environment but am having problems joining a 2702i access point to it.  This AP was previously joined to a 5508 WLC running an 8.5 image.  I have researched this issue and came across numerous posts from various sites but nothing seems to be working.  Here is what I've attempted so far:

1. Added/removed NTP from 9800 via cli

2. Tried the following from this site: https://networkphil.com/2019/08/06/troubleshooting-dtls-handshake-error-joining-cisco-2702i-access-point-to-9800-wireless-controller/

3. Ran 'debugging capwap console cli' and then ran command: 'erase /all nvram:' and reloaded the AP without saving

None of these have worked and I'm not quite sure what else to try.  Does anyone have any solution or answer as to what to try next?

 

Thanks!

Terence

2 Accepted Solutions

Accepted Solutions

So the only way I was able to get the AP to join the 9800 controller was change Gi2 from a layer 2 interface to a layer 3 interface, delete the SVI used for wireless management, and remove the VLAN.  Then, I configured the IP used on the SVI on the Gi2 layer 3 interface and I was able to ping and the AP joined immediately.  Apparently, the OVF template used during the deployment phase sets some options based on some assumption.  I don't know why it works this way but is a bit concerning.

View solution in original post

You don't mention what hypervisor or version you're using but assuming vmware esx by your mention of OVF template.

Have you checked it's a supported version you're using?

Have you followed the installation guide meticulously through *every* step? https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide/installing_the_controller.html

For example the following, without which, tagged (ie vlan) traffic will not work:

In the Promiscuous Mode, perform the following tasks:The Promiscuous Mode is set to Reject by default.
Note: Promiscuous mode is a security policy which can be defined at the virtual switch or port-group level in vSphere ESXi. Tagged traffic will not flow properly without this mode.

Check the check box.

From the drop-down list, select Accept to view the traffic sent and received through this switch

 

This is also mentioned in the troubleshooting section along with some other tips on Network Connectivity Issues.

View solution in original post

10 Replies 10

marce1000
VIP
VIP

 

 - Check the controller-logs for more info, also make sure all involved parts are compatible :

            https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

I'm running Gibraltar 16.12.4a and according to the matrix, the 2700 series is supported.  I'm not seeing anything else that would prevent the AP from joining the controller.  Any other ideas?

Also, the controllers' wireless management interface is in the same VLAN as the AP but the controller cannot ping the AP.  Is this expected behavior because I wouldn't think it is?  However, I can ping the AP from a PC in another VLAN that has to traverse a firewall to reach it.  I also checked the port our VM cluster connects to and confirmed that it's trunked and the VLAN in question is allowed across.  All networking pieces are in order so I think it's strange that the controller in the same VLAN as the AP can't ping it but a PC in a different VLAN can.

 

 - Strange but as stated can any activity from the AP be seen in the controller logs when it  joins ?

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

No I don't see any logs from the controller that indicates any communication between it and the AP.

 

              - So for some reason the AP can not communicate with the controller.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

That is correct.  Since this is a new setup in a lab environment, I have decided to reset the controller to day 0 and start fresh again.  I am going to see if that works.

So the only way I was able to get the AP to join the 9800 controller was change Gi2 from a layer 2 interface to a layer 3 interface, delete the SVI used for wireless management, and remove the VLAN.  Then, I configured the IP used on the SVI on the Gi2 layer 3 interface and I was able to ping and the AP joined immediately.  Apparently, the OVF template used during the deployment phase sets some options based on some assumption.  I don't know why it works this way but is a bit concerning.

You don't mention what hypervisor or version you're using but assuming vmware esx by your mention of OVF template.

Have you checked it's a supported version you're using?

Have you followed the installation guide meticulously through *every* step? https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide/installing_the_controller.html

For example the following, without which, tagged (ie vlan) traffic will not work:

In the Promiscuous Mode, perform the following tasks:The Promiscuous Mode is set to Reject by default.
Note: Promiscuous mode is a security policy which can be defined at the virtual switch or port-group level in vSphere ESXi. Tagged traffic will not flow properly without this mode.

Check the check box.

From the drop-down list, select Accept to view the traffic sent and received through this switch

 

This is also mentioned in the troubleshooting section along with some other tips on Network Connectivity Issues.

I did overlook this step so I decided to factory reset the appliance, configure a trunked port on VMware following the steps you referenced, and also with the help of this page (https://www.wifireference.com/2019/08/24/cisco-catalyst-9800-cl-deployment-guide/), I was able to confirm that my AP can also join the controller.

 

Thanks for your help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: