Solved: Cisco 9800-L -Client static IP Assignment not routing

sejamc71 · ‎04-19-2023

We just deployed an HA pair of 9800-L WLCs. Ran into a weird issue. DHCP seems to be working as well as Static IP assignment, from 1 VLan, but static IPs from the other VLans are not. See below for the Tshooting steps I've completed. Worked with Cisco TAC for 4 hours yesterday and they were at a Loss. Resuming today, but wanted to present this to you folks and see if you've seen this before. I have verified that the Wireless VLans 66, 68 and 70 are configured exactly the same as VLan 64 on both the switch and the WLC. Thoughts?

sejamc71 · ‎10-04-2023

In our old 5508, I could do an interface group, consisting of multiple VLans. I can do the same in the 9800, and dhcp will round robin, but it doesn't and, per TAC, won't work for Static IPs. I had to setup a policy per building so that each building had its own specific VLan. Even then, I was not able to assign a static from the controller, but after I did that, I was able to enter a static on the client itself.

View solution in original post

Scott Fella · ‎04-19-2023

First off, did you test with a wired laptop on the same switch the controllers are connected to? This will at least validate that everything is working on the wired side. One the wireless, you just have to make sure that DHCP required is not enabled on the wlan, but I would think TAC would have reviewed that.

Have you tried Mac reservations to see what the device obtains? Verify that the gateway, subnet and dns servers are the same when you configure the static?

Validate step 4

Configuring the Internal DHCP Server Under a Wireless Policy Profile (GUI)

Procedure

Step 1	Choose Configuration > Tags & Profiles > Policy.
Step 2	Click a policy name.
Step 3	Click the Advanced tab.
Step 4	Under DHCP settings, check or uncheck the IPv4 DHCP Required check box and enter the DHCP Server IP Address.
Step 5	Click Update & Apply to Device.

-Scott
*** Please rate helpful posts ***

sejamc71 · ‎04-19-2023

I tested with a wired/wireless laptop and routing is functioning as expected. 1 IP, assigned to the Hardware NIC works and that same IP assigned to the Wireless NIC does not. I do have a MAC filter network, but am getting the same results. It connects, says "No Internet" and is not able to access resources. I am looking for the DHCP required setting now, but haven't found it as of yet. Still going through the WLC though.

sejamc71 · ‎04-19-2023

I see the IPv4 DHCP Required option, but it doesn't appear to be selected.

Scott Fella · ‎04-19-2023

Well when you get "No Internet", that means you have a network connection, but either the gateway/subnet is wrong or DNS. You validate your NAT settings for that subnet for internet?

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎04-19-2023

How is everything setup? Local switching, flex connect?

-Scott
*** Please rate helpful posts ***

sejamc71 · ‎04-19-2023

We have a mix. The remote sites are setup in Flex mode and are functioning normally. The local APs are in Local mode and are working fine with DHCP IPs

Scott Fella · ‎04-19-2023

The only work-around you have right now is to reserve the Mac address and just do DHCP. I just tested my setup on FlexConnect and assigned my iPhone a static with no issues at all. You have a 9800 in a lab you can test with?

-Scott
*** Please rate helpful posts ***

sejamc71 · ‎04-19-2023

I've checked all of the VLans on the WLC and all of the gateways and subnet masks are correct. If the IP is dhcp assigned, it works fine, but if it is statically assigned it doesn't. From the WLC Trouble Shooting page, I can, from the WLC, ping the gateways of each of the VLans and Traceroute to the core switch. If I take that Wireless IP and assign a physical switch port to that vlan, I am able to get to the internet just fine. If the IP is doled out via dhcp on the WLC, I can get to the internet fine, indicating that the gateways and masks are correct. The problem only exists on a Static assignment.

Rich R · ‎04-20-2023

You haven't fully described your setup - are you trying to use all those vlans in a group on a single WLAN?
If so then trying to force static IPs the way you are is not supported.

Also what version of software are you using? Refer to TAC recommended versions below.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

sejamc71 · ‎04-20-2023

We are running a pair of 9800-L in an Active/Standby config. Remote offices are all set to Flex and the local Office APs are in Local mode. We have 3 Wireless subnets locally. Employee wireless and a Mac Filtering WLan are pointed at a VLan group for dhcp traffic and that all seems to be working perfectly. There are some Oracle printers and stuff that HAVE to have a static IP. Static IPs are pulled from a DHCP exclusion list and assigned to the devices. DHCP and Static IPs from VLan 64 are working fine. DHCP from VLans 66 and 68 are working fine. Static IPs from VLan 66 and 68 are not working. All subnets exists on the same core switches, all SVIs on the WLC and VLans are built exactly the same but when you assign a static from 66 or 68 on the printer or even a test laptop, you can't ping the gateway of the subnet and you can't get on the network. Cisco TAC said they were stumped and I've been working with them for 2 days. I'm not sure they are looking at the right component.

Scott Fella · ‎04-20-2023

So... you mentioned vlan group... vlan group is not defined for vlan 66 or 68 correct, because vlan group does not support static address.

-Scott
*** Please rate helpful posts ***

sejamc71 · ‎04-20-2023

VLans are created and we DO HAVE a Vlan Group defined which includes Vlan 64, 66, 68, and 70. On the 5508, you have the ability to specify an IP address when you add a device to MAC Filtering. We had a Cisco Consultant build the basic config for the new controller and on the new 9800s, there is an "Attribute" field which you can define that is supposed to direct the the group to a specific VLan per device.

Scott Fella · ‎04-20-2023

There are other post on the forum regarding vlan groups and static address not working. Its also stated in the configuration guide. It works on AireOS, but not on the 9800's.

-Scott
*** Please rate helpful posts ***

sejamc71 · ‎04-20-2023

It was decided that a Cisco Consultant should build out the new controllers as part of the project. I'm guessing that was money well spent.