Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
4
Helpful
19
Replies

Cisco 9800-L -Client static IP Assignment not routing

sejamc71
Beginner
Beginner

‎04-19-2023 07:32 AM

We just deployed an HA pair of 9800-L WLCs. Ran into a weird issue. DHCP seems to be working as well as Static IP assignment, from 1 VLan, but static IPs from the other VLans are not. See below for the Tshooting steps I've completed. Worked with Cisco TAC for 4 hours yesterday and they were at a Loss. Resuming today, but wanted to present this to you folks and see if you've seen this before. I have verified that the Wireless VLans 66, 68 and 70 are configured exactly the same as VLan 64 on both the switch and the WLC. Thoughts?

  1. seanmcentirelozierbiz_2-1681914523344.png

     


     


     

0 Helpful
19 Replies 19

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

‎04-19-2023 07:43 AM - edited ‎04-19-2023 07:45 AM

First off, did you test with a wired laptop on the same switch the controllers are connected to?  This will at least validate that everything is working on the wired side.  One the wireless, you just have to make sure that DHCP required is not enabled on the wlan, but I would think TAC would have reviewed that. 

Have you tried Mac reservations to see what the device obtains?  Verify that the gateway, subnet and dns servers are the same when you configure the static?

Validate step 4

Configuring the Internal DHCP Server Under a Wireless Policy Profile (GUI)

Procedure

Step 1

Choose Configuration > Tags & Profiles > Policy.

Step 2

Click a policy name.

Step 3

Click the Advanced tab.

Step 4

Under DHCP settings, check or uncheck the IPv4 DHCP Required check box and enter the DHCP Server IP Address.

Step 5

Click Update & Apply to Device.
-Scott
*** Please rate helpful posts ***
0 Helpful

sejamc71
Beginner
Beginner
In response to Scott Fella

‎04-19-2023 07:47 AM

I tested with a wired/wireless laptop and routing is functioning as expected. 1 IP, assigned to the Hardware NIC works and that same IP assigned to the Wireless NIC does not. I do have a MAC filter network, but am getting the same results. It connects, says "No Internet" and is not able to access resources. I am looking for the DHCP required setting now, but haven't found it as of yet. Still going through the WLC though.

0 Helpful

sejamc71
Beginner
Beginner
In response to sejamc71

‎04-19-2023 07:50 AM

I see the IPv4 DHCP Required option, but it doesn't appear to be selected.

sejamc71_0-1681915841691.png

 

0 Helpful

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to sejamc71

‎04-19-2023 07:54 AM

Well when you get "No Internet", that means you have a network connection, but either the gateway/subnet is wrong or DNS.  You validate your NAT settings for that subnet for internet?

-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to Scott Fella

‎04-19-2023 08:03 AM

How is everything setup?  Local switching, flex connect? 

-Scott
*** Please rate helpful posts ***
0 Helpful

sejamc71
Beginner
Beginner
In response to Scott Fella

‎04-19-2023 08:04 AM

We have a mix. The remote sites are setup in Flex mode and are functioning normally. The local APs are in Local mode and are working fine with DHCP IPs

0 Helpful

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to sejamc71

‎04-19-2023 08:40 AM

The only work-around you have right now is to reserve the Mac address and just do DHCP.  I just tested my setup on FlexConnect and assigned my iPhone a static with no issues at all.  You have a 9800 in a lab you can test with?

-Scott
*** Please rate helpful posts ***
0 Helpful

sejamc71
Beginner
Beginner
In response to Scott Fella

‎04-19-2023 08:03 AM

I've checked all of the VLans on the WLC and all of the gateways and subnet masks are correct. If the IP is dhcp assigned, it works fine, but if it is statically assigned it doesn't. From the WLC Trouble Shooting page, I can, from the WLC, ping the gateways of each of the VLans and Traceroute to the core switch. If I take that Wireless IP and assign a physical switch port to that vlan, I am able to get to the internet just fine. If the IP is doled out via dhcp on the WLC, I can get to the internet fine, indicating that the gateways and masks are correct. The problem only exists on a Static assignment.

0 Helpful

Rich R
VIP Advisor VIP Advisor
VIP Advisor
In response to sejamc71

‎04-20-2023 10:47 AM

You haven't fully described your setup - are you trying to use all those vlans in a group on a single WLAN?
If so then trying to force static IPs the way you are is not supported.

Also what version of software are you using?  Refer to TAC recommended versions below.

------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's   and   Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     after 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.185.3 and latest 9800 IOS-XE releases
     also fixed in 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that Mobility Express AP TFTP download is not affected so ME 8.5.182.0 still works but see FN-74035 below
Field Notice: FN-70479 Out-Of-The-Box AP Fails to Join WLC or Joins with Single Radio due to Country Mismatch - RMA required
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN-74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
     fixed in 8.10.185.3 and see the field notice for 8.5, Mobility Express and other fixed releases
Check your WLC config with Wireless Config Analyzer using "show tech wireless" output (9800) or "config paging disable" then "show run-config" output (AireOS) and use Wireless Debug Analyzer to analyze your WLC client debugs
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

sejamc71
Beginner
Beginner

‎04-20-2023 12:47 PM

 

We are running a pair of 9800-L in an Active/Standby config. Remote offices are all set to Flex and the local Office APs are in Local mode. We have 3 Wireless subnets locally. Employee wireless and a Mac Filtering WLan are pointed at a VLan group for dhcp traffic and that all seems to be working perfectly. There are some Oracle printers and stuff that HAVE to have a static IP. Static IPs are pulled from a DHCP exclusion list and assigned to the devices. DHCP and Static IPs from VLan 64 are working fine. DHCP from VLans 66 and 68 are working fine. Static IPs from VLan 66 and 68 are not working. All subnets exists on the same core switches, all SVIs on the WLC and VLans are built exactly the same but when you assign a static from 66 or 68 on the printer or even a test laptop, you can't ping the gateway of the subnet and you can't get on the network. Cisco TAC said they were stumped and I've been working with them for 2 days. I'm not sure they are looking at the right component.

 

0 Helpful

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to sejamc71

‎04-20-2023 03:24 PM

So... you mentioned vlan group... vlan group is not defined for vlan 66 or 68 correct, because vlan group does not support static address.

-Scott
*** Please rate helpful posts ***

sejamc71
Beginner
Beginner

‎04-20-2023 04:19 PM

VLans are created and we DO HAVE a Vlan Group defined which includes Vlan 64, 66, 68, and 70. On the 5508, you have the ability to specify an IP address when you add a device to MAC Filtering. We had a Cisco Consultant build the basic config for the new controller and on the new 9800s, there is an "Attribute" field which you can define that is supposed to direct the the group to a specific VLan per device.

0 Helpful

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru
In response to sejamc71

‎04-20-2023 05:09 PM

There are other post on the forum regarding vlan groups and static address not working.  Its also stated in the configuration guide.  It works on AireOS, but not on the 9800's.

-Scott
*** Please rate helpful posts ***

sejamc71
Beginner
Beginner
In response to Scott Fella

‎04-20-2023 05:29 PM

It was decided that a Cisco Consultant should build out the new controllers as part of the project. I'm guessing that was money well spent.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents