Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1670
Views
5
Helpful
15
Replies

Flexconnect on Slow Links

Mohammed al Baqari
Level 11
Level 11

‎05-09-2023 06:17 AM

Hi,

We had a deployment of centralised WLC (earlier 3504) with flexconnect configured for remote sites (centralized auth, local switching, ISE CWA. ISE, WAPs and clients are on same LAN). These sites are connected to the controller using satellite links (latency 700-800 msec). That was working without issues.

We migrated the WLC to 9800-CL on Azure (same latency) and started facing issues with CAPWAP throttling by the controller.  

My questions:

- Are these messages triggered by the latency between WAPs and WLC.?

- Are there any tweaks for timers to overcome these errors? Please suggest.

- In 9800 can we have local auth or it has to be center (this was a must in 3504)?

 

Here are sample messages:

 

May  8 09:58:41.373: %CAPWAPAC_SMGR_TRACE_MESSAGE-4-AP_MSG_THRESHOLD: Chassis 1 R0/0: wncd: Warning : Mac: 1cfc.17c6.5440 Session-IP:x.x.x.x[5273] x.x.x.x[5246] Capwap messages are queued for longer than 21 seconds, turning on client throttling. Queued messages : 36

May  8 09:58:58.661: %CAPWAPAC_SMGR_TRACE_MESSAGE-4-AP_MSG_THRESHOLD: Chassis 1 R0/0: wncd: Warning : Mac: 10a8.2980.1da0 Session-IP: x.x.x.x[5275] x.x.x.x[5246] Capwap messages are queued for longer than 20 seconds, turning on client throttling. Queued messages : 26

May  8 09:59:04.104: %CAPWAPAC_SMGR_TRACE_MESSAGE-4-AP_MSG_THRESHOLD: Chassis 1 R0/0: wncd: Warning : Mac: 70b3.1780.37e0 Session-IP:x.x.x.x[5264] x.x.x.x[5246] Capwap messages are queued for longer than 20 seconds, turning on client throttling. Queued messages : 23

 

 

 

1 person had this problem
0 Helpful
15 Replies 15

Rich R
VIP
VIP
In response to gnburgos

‎05-28-2024 01:04 AM

So I think that confirms my suspicion - your problem is high CPU not those messages.
We have 9800-80 and even there WNCd can go high (see separate discussions about 9800 architecture and capacity potentially not being up to datasheet specs)
There are literally dozens of things which can cause high CPU - anything which requires CPU processing...
What features are you using (anything not default you have turned on)?
Are you using web auth?

ucode_pkt_PPE0 - that's the QFP emulation which 9800-L runs on CPU and it is normal for that to be >100% but it could theoretically consume excessive CPU if your traffic levels got very high, but more likely need to focus on CPU based processes rather than that one which is packet switching.  Check:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-cl-wireless-controller-cloud/221058-understand-high-cpu-usage-reported-for-t.html

If it's data traffic (packet switching) causing it then you need to work out what's causing that.  Otherwise it's a case of tuning control plane features to minimise impact on CPU.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card