Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1436
Views
1
Helpful
2
Replies

DHCP Fail Cisco 9800

JOAND351
Level 1
Level 1

‎07-15-2023 01:17 PM

Hello Cisco Community,

Just to validate, and see if there is any other suggestion.
I'm in a migration project from WLC 5508 to 9800. In this first moment, the networks will coexist.
I made an RMI configuration, Integration with ISE, Profile, Polices, tags and etc... in the 9800, the AP's are being provisioned in "local mode", they are updated, however, the clients do not get IP.
I did the debug, and I saw that there really is a problem in the DHCP:

1 - Client state transition: S_CO_IP_LEARN_IN_PROGRESS -> S_CO_L2_AUTH_IN_PROGRESS
2 - ADD MOBILE sent. Client state flags: 0x71 BSSID: MAC: xxxx capwap IFID: 0x9000000b, Add mobiles sent: 1
3 - L2 Authentication initiated. method DOT1X, Policy VLAN 0, AAA override = 1 , NAC = 1
4 - L2 Authentication Key Exchange Start. Resolved VLAN: 10, Audit Session id: 3204460A00000
5 - EAP Key management successful. AKM:DOT1X Cipher:CCMP WPA Version: WPA2
6 - Mobility discovery triggered. Client mode: Local
7 - Client state transition: S_CO_L2_AUTH_IN_PROGRESS -> S_CO_MOBILITY_DISCOVERY_IN_PROGRESS
8 - Mobility Successful. Roam Type None, Sub Roam Type MM_SUB_ROAM_TYPE_INTRA_INSTANCE,
9 - ADD MOBILE sent. Client state flags: 0x72 BSSID: MAC: xxx capwap IFID: 0x9000000b,
10 - Client state transition: S_CO_MOBILITY_DISCOVERY_IN_PROGRESS -> S_CO_DPATH_PLUMB_IN_PROGRESS
11 - client state transition: S_CO_DPATH_PLUMB_IN_PROGRESS -> S_CO_IP_LEARN_IN_PROGRESS
12 - Co client reap timer callback. Co client reap timer triggering E_CO_CLIENT_CONNECT_TIMEOUT event, client state: S_CO_IP_LEARN_IN_PROGRESSDelete ACK pending flag :
13 - Triggering notification for IP learn timeout

According to Topology, as it is local mode, SVI's 10, 20 and 30 are configured in WLC 9800 in Barueri-SP, however, the Gateway is in Osasco-SP. The big question is that there is a port channel l3 with OSPF (point to point), but the configuration of this po3 is like "no switchport". So, I can't even drip from wlc from Barueri, to switch l3 from Osasco.

Question:
If there is no way to pass a trunk between Osasco x Barueri, is there any other way to pass vlans 10, 20 and 30?
Because I need to replicate the Osasco environment in Barueri (same vlans for customers), until the migration is completed.

Labels:
Preview file
28 KB
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎07-16-2023 09:23 AM

 Olá @JOAND351 

 I have a few qestion.   What prevents you from make 192.168.100.12 as gateway for Barueri and use "ip helper-address" on the port-channel  pointing to the DHCP server?

 If you have a layer3 betweek Barueri and Osasco, the Vlan id does not matter you can pick anyone you want.

Rich R
VIP
VIP

‎07-29-2023 04:49 AM

1. Note 9800 does not require SVI for each VLAN.  In fact it is not recommended for a number of reasons.  Refer to the best practice guide below.

2. Like Flavio says you can use DHCP relay and then the local VLAN IDs don't matter.  But that will come with problems if you spilt the subnet across 2 locations when clients on one side expect to be on the same subnet as clients/servers on the other side.  They will ARP for their "neighbours" but never get a reply because they're actually on disparate networks.  Note that using DHCP relay will require the use of SVI's on the 9800.

3. The alternative is to join the VLANs at layer 2 between the sites.  There are many ways to do that but none of that is a wireless question - that's all LAN/WAN networking across the existing network.

4. Have you considered using new subnets on the 9800's which will avoid all those problems?  Then the traffic is simply routed between the sites.

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card