10-13-2022 07:40 AM
Hi All,
I am currently planning the installation of a Cisco 9800-40 WLC that needs to be connected to two upstream switches for redundancy, however the two switches are not in a VSS or stack so the uplinks cannot be configured in a LAG. The two uplinks will need to pass the same VLANs.
I have searched and I cannot find if this is supported or not. I know that the 9800 WLC doesn't participate in spanning-tree, but its not clear if the two ports that are uplinked to the same L2 domain, passing the same VLANs, will cause a network loop or if the two ports will act as host ports and not flood traffic between them. Does anyone know if this will cause an issue?
Solved! Go to Solution.
10-13-2022 02:51 PM - edited 10-13-2022 02:52 PM
So each 9800-40 will have one link to core 1 and another to core 2. And both core 1 and core 2 are not VSS/Stacked.
If this is the case then it will not work.
It is better to just put all the 9800-80-2 to core 1 and 9800-40-2 to core 2.
10-13-2022 08:13 AM
if the switches are not part of stack/svl or vss, how are they configured, Trunk ?
Redundancy interms of switch side, if one of the switch go down, WLC can use other switchport so traffic will not intrupted, that is the reason they looking to have stac/svl or vss. even i seen deployment both WLC connected to same switch (for test and lab environment) so RP ports back to back.
10-13-2022 08:21 AM - edited 10-13-2022 08:22 AM
So the two switches are independent and connected together using a trunk link tagging all VLANs. They run HSRP for routing resiliency etc.
So in my topology, the Cisco 9800-40 Te0/0/0 interface will be uplinked to switch 1 using a trunk port allowing VLANs 20-25, and port Ten0/0/1 will be uplinked to switch 2 also as a trunk port allowing VLANs 20-25.
The inter-switch link is a trunk that will also be allowing VLANs 20-25. If the 9800 was a switch that had spanning-tree disabled, then this will cause a loop, however I'm not sure if the 9800 acts in the same manner.
10-13-2022 01:03 PM - edited 10-13-2022 01:04 PM
Hi,
As you correctly mentioned 9800 will not participate in STP. The standby is continuously monitoring the Active via keepalives over the RP link. If the Active becomes unavailable, the standby assumes the role of Active. It does that by sending a Gratuitous ARP message advertising to the network that it now owns that wireless management IP address. So there is no possibilty of loop at any point of time.
Please refer the below document for HA configuration as this has the most updated info.
Also refer the below document for TAC recommended images
Recommended Cisco IOS XE Releases for Catalyst 9800 Wireless LAN Controllers - Cisco
Some other recommendations for HA -
10-13-2022 01:16 PM
I believe you have a single 9800-40 and not two in HA. Is that not correct. if so provided solutions will not work. I have my HA pair linked to a single 9500 as core router. if it goes so goes ALL access so the WLAN is of no concern. HA stack provides the convience of updates without taking the 'system' down.
10-13-2022 04:04 PM
Yes it is a single 9800-40 WLC that I planned to uplink to two core switches that are not in a VSS/stack. I was hoping that the WLC would use the uplink to core switch 1 as primary, and if the link fails, it will failover to the uplink to core switch 2 but it doesn't sound like this will work correctly.
I have checked through all of the guides and I cant find a supported use case that is similar to this. The only possible option is to use the 'backup interface' command which appears to be available on the device. This will place Ten0/0/1 in a standby state and will bring the interface up in the event that Ten0/0/0 fails. Is this a possible/supported option?
interface Ten0/0/0
description Core Switch 1
switchport trunk allowed vlans 20-25
switchport mode trunk
backup interface Ten0/0/1
interface Ten0/0/1
description Core Switch 2
switchport trunk allowed vlans 20-25
switchport mode trunk
Understood that this is a bit of a corner case, but the business only purchased a single WLC and would like the uplinks to the non VSS/stack core to be resilient. If this is not possible, then I will need to connect the 9800 WLC to core switch 1 only
10-13-2022 02:51 PM - edited 10-13-2022 02:52 PM
So each 9800-40 will have one link to core 1 and another to core 2. And both core 1 and core 2 are not VSS/Stacked.
If this is the case then it will not work.
It is better to just put all the 9800-80-2 to core 1 and 9800-40-2 to core 2.
01-11-2024 09:24 AM
I connected two 9800 wlc to different core switches without a port channel. Wlc1 —- core 1 and wlc 1 —- core 2 and similarly the other wlc . I used ha port using layer 2 and was able to setup ha . The two core switches have a port channel between them and hsrp is there. The problem that is happening is the wireless client mac address flaps between the two core switches and i can see the logs on both the core switches , thats the issue so the best thing is to have lag configured always either u connect a single wlc or a dual wlc.
01-11-2024 01:49 PM
What is the exact error for this "mac address flapping"? Is it:
%SWPORT-4-MAC_CONFLICT: Dynamic mac XXXX.XXXX.XXXX from Port-channelX conflict with WlClient, please check the network topology and make sure there is no loop.
01-11-2024 09:38 PM
yes exact same message, to mitigate this u need to shut one of the ports for both the controllers and then do local switching . thats what i think if u have a local wlc and local ap's.
01-11-2024 10:25 PM
Here is the Bug ID: CSCvt96686
10-14-2022 08:59 AM
No @Leo Laohoo he only has 1 single 9800-40 - wants to connect 2 ports from that WLC to separate switches,
I doubt backup interface will be supported (but can't say I've checked). There's lots of standard IOS-XE router commands that they have not yet removed on 9800 but which are not supported or not implemented. If it isn't in the 9800 command reference then very likely not supported at all.
10-20-2022 04:11 PM
Thanks all for the replies.
I have installed the WLC, and instead of connecting the two WLC uplinks to the two non-stacked/VSS core switches, I have connected the uplinks to only one core switch in a LAG. This is working without any issues. The business will look to purchase a second WLC that I can then connect to the second core switch and configured in HA/SSO.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide