Solved: How to configure a C9130-AXI to report locally administered MACs

david101011 · ‎08-25-2023

I have a lab set up with a C9130-AXI AP joined to a C9800 WLC. I am trying to use NETCONF or RESTCONF to fetch device probes of the wireless network. I can get them just fine using RESTCONF, as long as the device does not have a randomized MAC address. When I turn on "Randomized MAC" on my mobile device, I disappear.

I assume the locally administered MACs are being filtered out by either the C9800 WLC or the AP itself. Does anyone have a clue which one it might be? And where that setting might be changed?

david101011 · ‎08-28-2023

FOUND IT!

@Rich R 's solution wasn't exactly a fix, since I had no trouble _connecting_ using a randomized mac, I only had trouble seeing the probe requests. But this did point me in the right direction.

Turns out it IS a WLC setting:

WLC#config terminal
WLC(config)#wireless probe ?
filter                    Configure filtering of probe requests from AP.
limit                     Configure number of probe requests received per client per AP slot in a given interval.
locally-administered-mac  Enable the reporting of probes from clients having locally administered MAC address.

Turn on `locally-administered-mac` setting and viola! You are now seeing randomized MAC probe requests via the YANG model referenced above. Thank you very much!

View solution in original post

Leo Laohoo · ‎08-25-2023

Unless some genius configured EEM, I do not believe this is even possible.

I have several 9800-80 on 17.6.4 and 17.9.3 and I see wireless clients with Random MAC address enabled all the time.

david101011 · ‎08-25-2023

Wireless clients? Or probe requests? I'm interested in the latter.

Leo Laohoo · ‎08-25-2023

Hmmmm ... Probe requests or beacons?

If this is beacons, then it could be CSCwe91371.

(NOTE: We are not the ones who have stumbled upon CSCwe91371 but we have created a TAC case asking for more information about CSCwe91371. Unfortunately, TAC is not helpful and is unwilling to provide more information other than "subscribe to the Bug ID".)

Rich R · ‎08-26-2023

CSCwe91371 is a problem with the AP sending beacons.
@david101011 is referring to probes received from clients.

Make sure you don't have random MAC address clients disabled:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_knob_disable_random_mac_clients.html

Which variables are you using to look at those probes @david101011 ?
Looking at https://github.com/YangModels/yang/blob/main/vendor/cisco/xe/1791/Cisco-IOS-XE-wireless-client-oper.yang we have: is-locally-administered-mac "Is client's MAC address locally administered" implying it should recognise public or private MACs.
https://github.com/YangModels/yang/blob/main/vendor/cisco/xe/1791/Cisco-IOS-XE-wireless-location-oper.yang
grouping client-lrad-key {
description
"Indicates which AP has heard from a specific client";
leaf client-mac-addr {
type yang:mac-address;
description
"Wireless client MAC address";
Doesn't specify any restrictions on client MAC so shouldn't matter but it wouldn't surprise me if a developer decided that tracking of random MAC locations on probes was pointless because we know that many devices now use constantly changing random MACs for probing.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Leo Laohoo · ‎08-26-2023

Ok, maybe something like CSCwe15338?

david101011 · ‎08-28-2023

FOUND IT!

@Rich R 's solution wasn't exactly a fix, since I had no trouble _connecting_ using a randomized mac, I only had trouble seeing the probe requests. But this did point me in the right direction.

Turns out it IS a WLC setting:

WLC#config terminal
WLC(config)#wireless probe ?
filter                    Configure filtering of probe requests from AP.
limit                     Configure number of probe requests received per client per AP slot in a given interval.
locally-administered-mac  Enable the reporting of probes from clients having locally administered MAC address.

Turn on `locally-administered-mac` setting and viola! You are now seeing randomized MAC probe requests via the YANG model referenced above. Thank you very much!

Rich R · ‎08-28-2023

Thanks for the update.
Ironically that command is not documented at all in the 9800 WLC config guide but is in the EWC config guide!
https://www.cisco.com/c/en/us/td/docs/wireless/controller/ewc/17-9/config-guide/ewc_cg_17_9/network_mobility_services_protocol.html#id_86064
I'll submit some feedback for the WLC guide and maybe they'll eventually update it...

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Leo Laohoo · ‎08-28-2023

Thanks, I've never heard of this command before.

Rich R · ‎08-27-2023

Probably not because when the queue gets stuck that will drop all probes not just private MACs.
I think more likely something in the code is simply filtering out the private MAC probes from the data.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390