Mobility Express Flex+Bridge MAP ethernet port reverts to access

joey.debra · ‎08-29-2020

Hi,

It's the second time I have deployed a wireless bridge using Cisco Aironet AP's but the first time using a Mobility Express version to cheap out not having to buy any licenses and WLC.

But since it is a perfectly supported feature in 8.10 it should work...

The situation is as follows:

The customer has a Cisco Meraki switched network in a main building but has another switch in an adjacent building.

There was no cheap way to cable that building to the main building so we chose to go wireless bridge.

Since Meraki AP's in mesh mode do not support bridging multiple VLANs, we chose a pair of 1542D outdoor AP's for a bridge.

The RAP is the Mobility Express WLC and the MAP is in CAPWAP mode so you can never have the WLC on the other side.

The issue:

The ethernet 0 interface (only ethernet port on the AP) of the MAP is configured as a Trunk with native VLAN 223 (which is the management VLAN where both AP's are in together with the Mobility Express WLC). And there are a 5 VLANs defined to be allowed across the bridge.

Suddenly after a month of operation the switch and AP's behind the bridge no longer have connectivity.

Troubleshooting showed that the bridge never went down, and the quality of the signal is still good (SNR 52). There were no wireless events (no DFS). So I could perfectly reach all the actors (WLC, RAP, MAP) however after logging in to the MAP AP and issuing following commands I could see what happened:

show mesh ethernet vlan config static
Ethernet Interface: 0
Interface Mode: TRUNK
Native Vlan: 223
Allowed Vlan: 96, 124, 100, 104, 106,

show mesh ethernet vlan config running

Ethernet Interface: 0
Interface Mode: ACCESS
Native Vlan: 0
Allowed Vlan:

I had seen this issue before when I first was testing the solution in a lab after I powered down the AP's and powered them back up. That issue was resolved by adding the VLANs in the default-flexgroup and enabling VLAN support there.

However this time it just happened out of the blue whilst no config changes were done to the switches.

Simply rebooting the MAP was not enough, even replugging the one cable was not enough.

Only after the third reboot, the MAP had it's running config back at TRUNK.

Since Mobility Express GUI has a huge number of issues still I had to config most stuff through CLI but I'm not sure how you can force an AP to retake the static config into it's running config or if I'm running into yet another bug.

TAC has not been too helpful at this time, so I'm curious if there are some experts here who can guide me.

AP Running Image : 8.10.121.0
Primary Boot Image : 8.10.121.0
Backup Boot Image : 8.5.151.0
Primary Boot Image Hash:
Backup Boot Image Hash:
AP Image type : MOBILITY EXPRESS IMAGE
AP Configuration : NOT ME OR EWC-AP CAPABLE

(Cisco Controller) >show mesh ap tree

========================================================================
AP Name [Hop Ctr,Link SNR,BG Name,Channel,Pref Parent,Chan Util,Clients]
========================================================================

[Sector 1]
----------
WBR-SPL-RAP[0,0,FLSPL,100,None,2%,0]
|-WBR-SPL-MAP[1,51,FLSPL,100,3c:41:0e:xx:xx:xx,2%,0]

----------------------------------------------------
Number of Mesh APs............................... 2
Number of RAPs................................... 1
Number of MAPs................................... 1
----------------------------------------------------

(Cisco Controller) >show mesh running-config WBR-SPL-MAP

MAC.............................................. 3C:41:0E:E4:5F:A0
Mode............................................. AP in MAP mode
Vlan Trunking.................................... Enabled
Native Vlan...................................... 223

WLAN-VLAN ID MAPPING
---------------------
WLAN VLAN
----- -----

Cisco Controller) >show ap config ethernet summary

Vlan Tagging Information For AP WBR-SPL-RAP
Ethernet 0
Mode: ACCESS
Access Vlan 0
Vlan Tagging Information For AP WBR-SPL-MAP
Ethernet 0
Mode: TRUNK
Native Vlan 223
Allowed Vlans: 96 124 100 104 106

WBR-SPL-MAP#show mesh status
Mesh Status: Enabled
Running as: Flex Mesh AP
AP is in: Connected Mode
Gateway is: REACHABLE
GW Wait Done: No GW Wait Count: 0
Uplink information:
Radio Backhaul: 1 [3C:41:0E:xx:xx:xx]
Hops to Root: 1
idx State Role RadioState Cost Uplink Downlink Access ShutDown ChildrenAllowed BlockChildState InterfaceType
2 MAINT UPLINK UP 217 TRUE TRUE FALSE FALSE TRUE ALLOWED RADIO
Mesh AWPP Radio adjacency info
Flags: Parent(P), Child(C), Neighbor(N), Reachable(R), CapwapUp(W),
BlackListed(B), Authenticated(A), HTCapable(H), VHTCapable(V)
OldParent(O)
Address Cost RawCost LinkCost ReportedCost Snr BCount Ch Width Bgn Flags: P O C N R W B A H V Reject reason
3C:41:0E:E4:FD:B1 217 272 256 16 52 0 100 20 MHz FLSPL (T/F): T F F T T T F T T T -

Distance Vector Info:
Hops to root: 1
Ease to root: 13048576
Hop Mac addresses:
3C:41:0E:E2:BF:68

Mesh Capwap Status:
Link State :Joined
State :CAPWAP_RUN
Standalone :False
Joined Once :True
Skip Cleanup :False
Last Channel :100
Last Backhaul:2

Path Control Registration status
Role Reg-State Clock-Ticks
Child REGISTERED 395432

WBR-SPL-MAP#more flash config.mesh
mesh_preferred_parent_addr 3C:41:0E:E2:BF:68
mesh_strict_matching_bgn true
mesh_ethernet_bridging true
mesh_last_bh_id 2
mesh_last_channel 100
mesh_bridge_group_name FLSPL
mesh_ap_trunk_native_vlan_id 223
mesh_ap_trunk_native_vlan_id_child 223
mesh_gig_port_mode \x02\x00\x00\x00
mesh_gig_native_vlan \x00df\x0000\x0000\x0000
mesh_gig_allowed_vlan \x0060\x0000\x007c\x0064\x0068\x006a\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000\x0000

config mesh ccn enable
config mesh ethernet-bridging vlan-transparent disable
config mesh ethernet-bridging allow-bdpu enable
config mesh convergence very-fast all
config mesh background-scanning enable

config flexconnect group default-flexgroup add
config flexconnect group default-flexgroup predownload mac-master 3c:41:0e:xx:xx:xx
config flexconnect group default-flexgroup ap add 3c:41:0e:xx:xx:xx
config flexconnect group default-flexgroup ap add 3c:41:0e:xx:xx:xx
config flexconnect group default-flexgroup vlan native 223
config flexconnect group default-flexgroup vlan add 96 acl none none
config flexconnect group default-flexgroup vlan add 124 acl none none
config flexconnect group default-flexgroup vlan add 223 acl none none
config flexconnect group default-flexgroup vlan add 100 acl none none
config flexconnect group default-flexgroup vlan add 104 acl none none
config flexconnect group default-flexgroup vlan add 106 acl none none
config flexconnect group default-flexgroup vlan override-ap enable

Scott Fella · ‎08-29-2020

It almost seems like there might just be an issue with the one that losses it’s setting. Might be a bug but when you say that after a few rev it’s it comes back, then that is why I’m saying it’s probably a bug not a configuration issue.
I have 9100 access points connecting to a Meraki switch and they will drop off, but very seldom. A few reboots and they join, but AP’s connected to my 3850 have no issues. I see this also when the switch or ap is powered down manually or not. This is in my home lab, so knowing this, I probably would never deploy this to a customer. Now in my past when I have setup point to point bridges to connect buildings, I have always used them as a link connected to a layer 3 port, so each side would router traffic over the link that needed to be routed. Maybe that’s something you should look at in case you setup more of these in the future.

-Scott
*** Please rate helpful posts ***

joey.debra · ‎08-29-2020

Are you saying you suspect L2 protocols running on the switches causing stability issues on the AP's?
The Meraki side has one issue with that you cannot disable UDLD completely and the bridge does not forward UDLD echo's at least in one direction causing a constant warning state on the switch behind the MAP.

Or are you saying to just avoid VLANs altogether. But then I would have to put the RAP/MAP/WLC IP also in the transit network.

I have seen more stable setups with point to point links that are VLAN unaware but you can just send tagged packets over point 2 point links without issue. It's a shame that I'm in bugville again.

Btw just another question:
How would you create redundancy in this case because I have not tested the flow of STP BPDU's.
Would you have a second MAP, or a second RAP or both or have a seperate MAP/RAP pair on it's own VLAN?

Scott Fella · ‎08-30-2020

I don’t think it’s the switch but the ap is loosing its definition. Your work around seems to be to reboot it, so that is why I think it’s a bug with the ap or code. Knowing that it will happen again in the future, it seems like you need to figure out a better way of creating the link, or just dealing with the link going down and having to reboot the ap until maybe an upgrade will fix it. If it happens to only one of the aps, then maybe ask for an RMA and see if the issue goes away or not.

-Scott
*** Please rate helpful posts ***