issues with WLC 9800-CL smart license

nporcelli · ‎05-01-2022

Hello community,

I am having lots of trouble with the licenses on a new 9800-CL version 17.6.3, this is the first time I am dealing with this device.

First the license page on the weui is not loading, snapshot attached.

Second I have the customer licenses loaded to the portal and associated to their on-prem SSM. I tried to configure the WLC to register to the on-prem but it seems not to be working, I followed the info from the following document

"Configure & Troubleshoot Catalyst 9800 WLC Licensing with Smart Licensing Using Policy (SLUP)"

I also attached the output from the following command to show the main config and the License status/logs.

I tested communication on port 443 to the on-prem and it looks ok (in the txt file).

I tried both smart transport method :

license smart transport smart

license smart transport cslu

on the on-prem I cannot see any registration attempts

anyone having similar problems?

thanks

Nicola

marce1000 · ‎05-01-2022

- Could you run (CLI/SSH) show tech wireless and have the output analyzed by : https://cway.cisco.com/tools/WirelessAnalyzer/ , check if anything comes up related to network configuration and or your licensing issues.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nporcelli · ‎05-01-2022

thanks for the info, did not know that tool. I tried but the tool is not giving me any report at all as if it was ignoring the input

attached the file I used

Nicola

marce1000 · ‎05-01-2022

- Remember that for https://cway.cisco.com/tools/WirelessAnalyzer/ , it needs the output from show tech wireless not simply show tech neither show license tech

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nporcelli · ‎05-01-2022

silly me, thanks Marce1000, this time I got many messages, I will go through them and see if there is anything useful for this issue.

nporcelli · ‎05-02-2022

hello, I run the tool and from the results it does not seem to be any network or license configuration issue. can anyone confirm the configuration I am using is correct?

thanks

Nicola

Flavio Miranda · ‎05-02-2022

Can you check something?

Your call home is configured with "destination transport-method http" but you tested on port 443.

Can you test on port 80 or change the "destination transport-method http" "to destination transport-method https" ?

SWRN22WLC01#show run | section call-home
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
SWRN22WLC01#
SWRN22WLC01#
SWRN22WLC01#
SWRN22WLC01#telnet 11.11.11.13 443
Trying 11.11.11.13, 443 ... Open

[Connection to 11.11.11.13 closed by foreign host]
SWRN22WLC01#

nporcelli · ‎05-02-2022

Thanks for your input Flavio,

but I have one question, there are several license smart transport types:

SWRN22WLC01(config)#license smart transport ?
automatic Use default transport type.
callhome Use the Callhome as transport.
cslu All future communication will use cslu url.
off Disable all communication from Smart Agent.
smart Use the Smart Transport.

the document I am following says to set type clsu, which I have tried, I also tried Smart as transport method.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217348-configure-troubleshoot-catalyst-9800-w.html

But my understanding is that the 9800 should not use the call-home method if the transport call-home is not configured. am I wrong? also I have used the call-home method with other devices and in that case I have had to configure a profile different from the default to use the on-prem server, because the default profile would try to connect to CSSM through the Internet and this device does not have access to the internet, so it cannot communicate directly with CSSM.

am I getting this wrong?

Nicola

Flavio Miranda · ‎05-02-2022

Seems right to me as well. If the device is not connected to the internet then you need to use the option with on-prim. The method you should use is callhome.

I had some problems with callhome and on-prime server with switches and this WLC is basially a switch. But most of problem I had was on the server side cause the device site there´s not much we can setup.

marce1000 · ‎05-02-2022

- Possible bug : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv40929 , you may want to contact TAC to further work on this.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

nporcelli · ‎05-02-2022

thanks, guys, I think I will contact TAC and see what they say, will post their solution once I have one.

Nicola

Rich R · ‎05-07-2022

I'll be interested to hear what TAC say.

We abandoned on-prem server because it was taking more than a year to support features already released in IOS (they only seem to think about on-prem after releasing each new version of IOS instead of developing them in tandem for simultaneous release). We wasted a lot of time getting on-prem set up (to meet security requirements) and then were forced to switch to direct CSSM access to be able to actually use the products (which security acknowledged was unavoidable)!

Presume you've configured trustpoint and revocation-check none as per the doc you linked above?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

tfrechette · ‎07-07-2022

I'm having the same issue on 17.6.3 with the licensing page not loading on the WUI. Did you ever get a resolution for this?

The CLI info for licensing seems fine. Thanks.

nporcelli · ‎07-07-2022

No.

I also raised a ticket with TAC but the engineer told me he could not recreate the issue in lab.

Eventually I had to downgrade to version 17.3.5a, because I had other issues with WebAuth and this was not working with version 17.6.3. so I did not go any further with it. license works fine on 17.3.5a

pielunswe · ‎08-31-2022

Same issue, 9800-80

Licensing and webauth working in 17.3.5a after downgrade from 17.6.3