Solved: Re: Cisco 9800-40 uplink to two (none stack/VSS) switches

dm2020 · ‎10-13-2022

Hi All,

I am currently planning the installation of a Cisco 9800-40 WLC that needs to be connected to two upstream switches for redundancy, however the two switches are not in a VSS or stack so the uplinks cannot be configured in a LAG. The two uplinks will need to pass the same VLANs.

I have searched and I cannot find if this is supported or not. I know that the 9800 WLC doesn't participate in spanning-tree, but its not clear if the two ports that are uplinked to the same L2 domain, passing the same VLANs, will cause a network loop or if the two ports will act as host ports and not flood traffic between them. Does anyone know if this will cause an issue?

Leo Laohoo · ‎10-13-2022

So each 9800-40 will have one link to core 1 and another to core 2. And both core 1 and core 2 are not VSS/Stacked.

If this is the case then it will not work.

It is better to just put all the 9800-80-2 to core 1 and 9800-40-2 to core 2.

View solution in original post

balaji.bandi · ‎10-13-2022

if the switches are not part of stack/svl or vss, how are they configured, Trunk ?

Redundancy interms of switch side, if one of the switch go down, WLC can use other switchport so traffic will not intrupted, that is the reason they looking to have stac/svl or vss. even i seen deployment both WLC connected to same switch (for test and lab environment) so RP ports back to back.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213915-configure-catalyst-9800-wireless-control.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dm2020 · ‎10-13-2022

So the two switches are independent and connected together using a trunk link tagging all VLANs. They run HSRP for routing resiliency etc.

So in my topology, the Cisco 9800-40 Te0/0/0 interface will be uplinked to switch 1 using a trunk port allowing VLANs 20-25, and port Ten0/0/1 will be uplinked to switch 2 also as a trunk port allowing VLANs 20-25.

The inter-switch link is a trunk that will also be allowing VLANs 20-25. If the 9800 was a switch that had spanning-tree disabled, then this will cause a loop, however I'm not sure if the 9800 acts in the same manner.

Arshad Safrulla · ‎10-13-2022

Hi,

As you correctly mentioned 9800 will not participate in STP. The standby is continuously monitoring the Active via keepalives over the RP link. If the Active becomes unavailable, the standby assumes the role of Active. It does that by sending a Gratuitous ARP message advertising to the network that it now owns that wireless management IP address. So there is no possibilty of loop at any point of time.

Please refer the below document for HA configuration as this has the most updated info.

High Availability SSO Deployment Guide for Cisco Catalyst 9800 Series Wireless Controllers, Cisco IOS XE Bengaluru 17.6

Also refer the below document for TAC recommended images

Recommended Cisco IOS XE Releases for Catalyst 9800 Wireless LAN Controllers - Cisco

Some other recommendations for HA -

Hardcode the prioirty for WLC's
Use the RMI+RP for SSO with gateway check enabled.
Use same type of ports across both WLC's
Configure spanning tree portfast trunk to WLC uplink from switch
Do not use any native vlan in the WLC connecting ports.
Connect the Service port of both WLC's and make sure it is accessible.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

David Ritter · ‎10-13-2022

I believe you have a single 9800-40 and not two in HA. Is that not correct. if so provided solutions will not work. I have my HA pair linked to a single 9500 as core router. if it goes so goes ALL access so the WLAN is of no concern. HA stack provides the convience of updates without taking the 'system' down.

dm2020 · ‎10-13-2022

Yes it is a single 9800-40 WLC that I planned to uplink to two core switches that are not in a VSS/stack. I was hoping that the WLC would use the uplink to core switch 1 as primary, and if the link fails, it will failover to the uplink to core switch 2 but it doesn't sound like this will work correctly.

I have checked through all of the guides and I cant find a supported use case that is similar to this. The only possible option is to use the 'backup interface' command which appears to be available on the device. This will place Ten0/0/1 in a standby state and will bring the interface up in the event that Ten0/0/0 fails. Is this a possible/supported option?

interface Ten0/0/0
description Core Switch 1
switchport trunk allowed vlans 20-25
switchport mode trunk
backup interface Ten0/0/1

interface Ten0/0/1
description Core Switch 2
switchport trunk allowed vlans 20-25
switchport mode trunk

Understood that this is a bit of a corner case, but the business only purchased a single WLC and would like the uplinks to the non VSS/stack core to be resilient. If this is not possible, then I will need to connect the 9800 WLC to core switch 1 only

Leo Laohoo · ‎10-13-2022

So each 9800-40 will have one link to core 1 and another to core 2. And both core 1 and core 2 are not VSS/Stacked.

If this is the case then it will not work.

It is better to just put all the 9800-80-2 to core 1 and 9800-40-2 to core 2.

atifali.zaidi1 · ‎01-11-2024

I connected two 9800 wlc to different core switches without a port channel. Wlc1 —- core 1 and wlc 1 —- core 2 and similarly the other wlc . I used ha port using layer 2 and was able to setup ha . The two core switches have a port channel between them and hsrp is there. The problem that is happening is the wireless client mac address flaps between the two core switches and i can see the logs on both the core switches , thats the issue so the best thing is to have lag configured always either u connect a single wlc or a dual wlc.

Leo Laohoo · ‎01-11-2024

What is the exact error for this "mac address flapping"? Is it:

%SWPORT-4-MAC_CONFLICT: Dynamic mac XXXX.XXXX.XXXX from Port-channelX conflict with WlClient, please check the network topology and make sure there is no loop.

atifali.zaidi1 · ‎01-11-2024

yes exact same message, to mitigate this u need to shut one of the ports for both the controllers and then do local switching . thats what i think if u have a local wlc and local ap's.

Leo Laohoo · ‎01-11-2024

Here is the Bug ID: CSCvt96686

Rich R · ‎10-14-2022

No @Leo Laohoo he only has 1 single 9800-40 - wants to connect 2 ports from that WLC to separate switches,

I doubt backup interface will be supported (but can't say I've checked). There's lots of standard IOS-XE router commands that they have not yet removed on 9800 but which are not supported or not implemented. If it isn't in the 9800 command reference then very likely not supported at all.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

dm2020 · ‎10-20-2022

Thanks all for the replies.

I have installed the WLC, and instead of connecting the two WLC uplinks to the two non-stacked/VSS core switches, I have connected the uplinks to only one core switch in a LAG. This is working without any issues. The business will look to purchase a second WLC that I can then connect to the second core switch and configured in HA/SSO.