cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
796
Views
3
Helpful
10
Replies

eWC active isnt Switching user traffic

ali007
Level 1
Level 1

Hi,

 

We have an issue with our WLAN: This issue is that eWC active AP isn't switching user traffic whilst all other APs are fine and the issue moves if another AP becomes eWC active.

symptoms are, the users gets into RUN state and gets an IP but cannot access anything not even DNS and can;t even ping default gateway.

wondering if this is some sort of settings that we have enabled by mistake. btw its a new deployment so the issue has been always there.


will appreciate your help.

 

 

Regards,

1 Accepted Solution

Accepted Solutions

sure. the issue was due to the default route next hop set to gi0 - since it doesn't do next hop IP arp resolution the client couldn't get to anywhere.

when  changed the default route on eWC to the gateway IP - everything started working.

so basically, the active eWC AP, doesn't use the gateway it recieves via DHCP but relies on the default route configured in eWC.

 

I hope this makes sense.

View solution in original post

10 Replies 10

Mark Elsen
Hall of Fame
Hall of Fame

 

  - @ali007    Checkout & validate the configuration of the misbehaving EWC AP using the CLI command : show tech wireless
                     and feed the output from that into Wireless Config Analyzer

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Hi @Mark Elsen 

I have checked that already and there's nothing there that would cause this issue. Also, if a AP is not ewc Active, it works fine but as soon as it becomes Ewc active. it will not switch users traffic.

 

  - @ali007   Verify complete connectivity for a problematic user by debugging the wireless client according to :
                     https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity    these debugs
                     so called Radio Active Traces can be analyzed with Wireless Debug Analyzer

                     Outputs from https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#toc-hId-866973845  can also be useful

                     What software version is the EWC AP using ?

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Rich R
VIP
VIP

@ali007 
What model of AP?
What version of software?
Do you have any security features on the switch port/VLAN restricting the number of MAC or IP addresses? (keeping in mind that the active AP is effectively running 2 separate virtual machines each with their own MAC and IP)
And if you have enabled any security features which implement a "split horizon" on the switch port like "switchport protected" that will stop the AP from talking to EWC (and vice versa) on the same port because the port cannot send to any protected port (including itself)

HI @Rich R  thanks for getting back. I have managed to fix this issue now.

 

 

regards,

And do you want share what the problem and the fix were for the benefit of everyone here @ali007 ?
If other people have the same issue it is beneficial to know how you solved it.

sure. the issue was due to the default route next hop set to gi0 - since it doesn't do next hop IP arp resolution the client couldn't get to anywhere.

when  changed the default route on eWC to the gateway IP - everything started working.

so basically, the active eWC AP, doesn't use the gateway it recieves via DHCP but relies on the default route configured in eWC.

 

I hope this makes sense.

Aha I've highlighted that numerous times on other threads here <smile> although strange that it affected the local AP but not others, but yet another quirky symptom of the EWC.

Unfortunately that default route is put in as default config on initial configuration (in spite of being against Cisco IOS best practice) but doesn't come with any warning!  I guess the EWC software developers didn't understand much about routing!

haha yes. the funny thing is we have raised a TAC case for this issue over a week ago and Cisco support hasn't got back to us yet even though they have collected all the logs and have already spent a few hours with us on a call.

Yes - first line TAC is very hit and miss these days.
It's always a pleasant surprise when you actually get an engineer who knows what they're doing though <smile>

Review Cisco Networking for a $25 gift card