Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4180
Views
6
Helpful
21
Replies

Cisco 9800-L -Client static IP Assignment not routing

Go to solution
sejamc71
Level 1
Level 1

‎04-19-2023 07:32 AM

We just deployed an HA pair of 9800-L WLCs. Ran into a weird issue. DHCP seems to be working as well as Static IP assignment, from 1 VLan, but static IPs from the other VLans are not. See below for the Tshooting steps I've completed. Worked with Cisco TAC for 4 hours yesterday and they were at a Loss. Resuming today, but wanted to present this to you folks and see if you've seen this before. I have verified that the Wireless VLans 66, 68 and 70 are configured exactly the same as VLan 64 on both the switch and the WLC. Thoughts?

  1. seanmcentirelozierbiz_2-1681914523344.png

     


     


     

0 Helpful
21 Replies 21

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to sejamc71

‎04-20-2023 09:18 PM

Well it really also comes down to what were the requirements and if the consultant knew that there were going to be static address involved. I’m not going to assume anything, but when I was a consultant, I gathered the requirements, called out the risk, and built a test plan that the customer agreed on.  See what was discussed as part of the requirements. 

-Scott
*** Please rate helpful posts ***

Go to solution
Rich R
VIP
VIP
In response to Scott Fella

‎04-21-2023 12:38 AM

Yes TAC should have told you that.  But lately we've found we know way more about Cisco products and configuration than many of first line TAC staff (especially those with emails ending in -X), having to explain and teach them real basic stuff about Cisco products before they can even start working on our cases.

So even in the latest config guide - Restrictions:
 https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-1/config-guide/b_wl_17_11_cg/vlan-groups.html
"For the VLAN Groups feature to work as expected, the VLANs mapped in a group must be present in the controller. The static IP client behavior is not supported.)"

But from 17.9: 
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/release-notes/rn-17-9-9800.html#Cisco_Concept.dita_97e48d4d-09ea-4a81-ace5-f6e5a68bd4d8

VLAN Group to Support DHCP and Static IP Clients

The VLAN Group to Support DHCP and Static IP Clients feature aims to handle the network access of clients whose static IP address is not a part of the VLAN's IP list.

For more information, see the chapter VLAN Groups.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_conf_vlan_grp_vewlc.html#Cisco_Concept.dita_d6d44755-4647-4861-9f8e-beee1d58b6d1
" This feature only supports IPv4 clients and is enabled by default. However, ensure that the ipv4 dhcp required command is not configured on the wireless policy profile, because this disables the feature, causing the client to be stuck in the IP learn state."  Also see the other prerequisites and restrictions for the feature.

So back to my earlier question, which you did not answer: What version of software are you running (you should ALWAYS provide this info because it matters)?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
Rich R
VIP
VIP
In response to Rich R

‎04-21-2023 12:42 AM

Realistically speaking you should have a separate SSID with a single VLAN purely for your printers or just don't use VLAN groups.  That will save you a whole lot of trouble.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

Go to solution
sejamc71
Level 1
Level 1
In response to Rich R

‎04-21-2023 05:48 AM

Agreed. 1 Vlan per bldg. I inherited most of this. We have 3 buildings side by side. The RF Guns and even printers will be moved by the employees to different buildings depending on work loads. This means the 4 vlans all have to work at all 3 of the bldgs. On the  5508 controllers, this worked flawlessly and apparently I am too naive to believe that Cisco would take away working functions. I may try to upgrade to 17.9 and see how that works out

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to sejamc71

‎04-21-2023 06:28 AM

Everyone inherits things, but that makes the challenge better.  You see what doesn't work or possible needs to change and you start planning.  Fixing what is broke and making the user experience better is the key to being a good engineer.  Inheriting "something" and leaving it like it is, is not going to make thinks better.  When I was a consultant, I use to reach out to my customers to check in.  Sometimes best practices change over time or you discover a feature that you enabled that can cause issues.  This allowed me to make changes, provide recommendations and to help make things better.   Vlan Groups was a thing in the past because folks has small subnets and the increase of wireless devices and IoT devices have outgrown the old design.  These day's I would never use Vlan Groups or even secondary interfaces, because that tells you that you need to fix something and that is just a work around.  Hopefully things work out with your upgrade. 

-Scott
*** Please rate helpful posts ***

Go to solution
LoicDerudet87161
Level 1
Level 1

‎10-03-2023 11:27 PM

Hello

we are facing the same issue (9800, IOS 17.9.3) , if the client static IP is not in the same vlan as the one that the WLC selected for the client, then the client will not have any connectivity (even if the GUI is showing the IP and RUN state, you can't ping the client)
did you find any work around to address this issue?
Thanks

0 Helpful

Go to solution
sejamc71
Level 1
Level 1

‎10-04-2023 05:11 AM

In our old 5508, I could do an interface group, consisting of multiple VLans. I can do the same in the 9800, and dhcp will round robin, but it doesn't and, per TAC, won't work for Static IPs. I had to setup a policy per building so that each building had its own specific VLan. Even then, I was not able to assign a static from the controller, but after I did that, I was able to enter a static on the client itself.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card