Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
0
Replies

EWC Custom Site Tag with local-site Breaks Client Connectivity

stoteda
Level 1
Level 1

‎12-07-2025 01:43 PM - edited ‎12-07-2025 01:49 PM

Environment

  • Platform: Cisco Embedded Wireless Controller (EWC)
  • Primary Controller: C9105AXI-B running as EWC
  • Software Version: IOS-XE 17.12.6a
  • Access Points:
    • 2x Cisco Catalyst 9105AXI-B (WiFi 6)
    • 4x AIR-AP1815I-B-K9 (WiFi 5)
  • HA Configuration: SSO enabled between two C9105AXI APs
  • Network: Home network, all APs on same subnet

Network Configuration

WLANs (3 SSIDs):

  • Primary-SSID (WLAN 1) - Main network, WPA2-PSK, VLAN 1
  • Secondary-SSID (WLAN 2) - MAC filtering, Open auth, VLAN 10
  • Guest-SSID (WLAN 3) - Guest network, WPA2-PSK, VLAN 50

Policy Profiles:

  • Primary-Policy (autoqos enterprise-avc, VLAN 1)
  • Secondary-Policy (autoqos fastlane, VLAN 10)
  • Guest-Policy (autoqos guest, VLAN 50)

Tags:

  • default-policy-tag (maps WLANs to policy profiles)
  • default-rf-tag
  • default-site-tag (working)
  • Custom-Site (custom - problematic)

Working Configuration (default-site-tag)

wireless tag site default-site-tag
 ap-profile default-ap-profile
 description "default site tag"
 flex-profile default-flex-profile
 no local-site

With this configuration, all 6 APs register and clients connect successfully.

Problem Configuration (Custom-Site)

Goal: Create a custom site tag with local-site enabled to support PMK distribution for faster roaming.

wireless tag site Custom-Site
 ap-profile Custom-AP-Profile
 description "Custom site tag"
 local-site

Note: The GUI does not show a Flex Profile option for site tags on EWC. When attempting to add flex-profile default-flex-profile via CLI with local-site already enabled, the command appears to succeed but does not appear in show running-config.

When attempting to add a custom flex profile:

# flex-profile Custom-Flex-Profile
% node-2:dbm:wireless:Named/custom flex profile and local-site cannot be configured together under site tag

Symptoms When Using Custom-Site with local-site

  1. APs change mode from FlexConnect to Local
  2. Clients cannot connect to any SSID
  3. C9105AXI APs register, but 1815i APs are slow to rejoin or fail to register
  4. Eventually all wireless connectivity is lost

Error Messages from Logs

When APs are assigned to Custom-Site with local-site enabled:

%APMGR_TRACE_MESSAGE-4-WLC_CONFIG_CHECKER_WARNING: config check: The mode of AP [MAC] is changed from Flexconnect to Local.

%APMGR_TRACE_MESSAGE-4-WLC_APMGR_WARNING_MSG: Warning, AP: [AP-Name] will go for a reboot due to Mode change from Flexconnect to Local

%APMGR_TRACE_MESSAGE-3-WLC_GEN_ERR: Error in Local mode [AP-Name] slot:0 wlan 1 configuration not sent to ap for policy profile [Policy-Name]. Enable Central Switching.

Attempted Fix: Enable Central Switching

Based on the error message, we enabled central switching on all policy profiles:

configure terminal
wireless profile policy Primary-Policy
 central switching
 exit
wireless profile policy Secondary-Policy
 central switching
 exit
wireless profile policy Guest-Policy
 central switching
 exit
end
write memory

Result: After enabling central switching and reassigning APs to Custom-Site:

  • Initially appeared to work (client stayed connected briefly)
  • C9105AXI APs registered
  • 1815i APs failed to rejoin
  • Lost all wireless connectivity again
  • Had to revert to default-site-tag to restore network

Policy Profile Configuration After Change

wireless profile policy Primary-Policy
 autoqos mode enterprise-avc
 no central association
 no central dhcp
 central switching          ! Added during troubleshooting
 description "Primary Network"
 service-policy input AutoQos-4.0-wlan-ET-SSID-Input-AVC-Policy
 service-policy output AutoQos-4.0-wlan-ET-SSID-Output-Policy
 no shutdown

wireless profile policy Secondary-Policy
 aaa-override
 autoqos mode fastlane
 no central association
 no central dhcp
 central switching          ! Added during troubleshooting
 vlan 10
 no shutdown

wireless profile policy Guest-Policy
 autoqos mode guest
 no central association
 no central dhcp
 central switching          ! Added during troubleshooting
 vlan 50
 service-policy input AutoQos-4.0-wlan-GT-SSID-Input-Policy
 service-policy output AutoQos-4.0-wlan-GT-SSID-Output-Policy
 no shutdown

Questions

  1. Why does enabling local-site on a custom site tag break client connectivity on EWC, even after enabling central switching on all policy profiles?

  2. The error message says "Enable Central Switching" but enabling it doesn't resolve the issue. What other configuration is required for local-site mode on EWC?

  3. Why can't a custom/named flex profile be used with local-site? The error states "Named/custom flex profile and local-site cannot be configured together" - is this an EWC-specific limitation?

  4. Is local-site mode even supported on EWC (C9105AXI as controller)? Or is this feature only available on appliance-based 9800 controllers?

  5. What is the correct configuration to enable PMK distribution for fast roaming on EWC? If local-site is not the answer, what is the recommended approach?

  6. Why do the C9105AXI APs handle the mode change better than the 1815i APs? The 9105s registered while the 1815s failed to rejoin.

  7. Should central association and central dhcp also be enabled along with central switching? What is the correct combination for local-site mode?

  8. Is there a way to get fast roaming (802.11r/OKC/PMK caching) working on EWC without using local-site?

Additional Context

  • FlexConnect mode appears to be the default/working mode for EWC
  • The Best Practices Checker flagged "default-site-tag blocks fast roaming" which led us down this path
  • We are not trying to solve a performance problem — roaming works adequately — but wanted to implement best practices

Any guidance on the correct configuration for custom site tags on EWC, or confirmation that local-site is not recommended/supported on this platform, would be greatly appreciated.

Platform: C9105AXI-B EWC
Software: IOS-XE 17.12.6a
APs: 2x C9105AXI + 4x AIR-AP1815I

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card