10-02-2019 03:58 AM - edited 07-05-2021 11:04 AM
Hello,
I have simple network problem - I can't connect to the vWLC message interface... but solution seems to be not so easy.
Let's have a look closer to the issue. In my subnet are connected: virtual ISE, virtual WLC, Cisco AP and some clients (PC). (virtual devices are running on VMware workstation on my laptop). I can "ping" WLC from all devices but from WLC I can't "ping" no device (no FW on the devices). MAC addresses in the ALL network devices are correct.
The question is, why I can't connect to other devices FROM WLC. In the final, ISE and WLC can't communicate (RADIUS) and no http connection to WLC is possible.
IP adresses:
troubleshooting from gateway router (mikrotik):
ARP table: 192.168.10.11 F4:30:B9:CF:5C:56 VLAN10 192.168.10.232 00:0C:29:68:35:D7 VLAN10 192.168.10.233 00:0C:29:5B:49:17 VLAN10 192.168.10.231 00:0C:29:D2:41:73 VLAN10 PING to all devices is running.
from laptop (win):
ARP table: 192.168.10.1 cc-2d-e0-c5-38-a6 dynamic 192.168.10.231 00-0c-29-d2-41-73 dynamic 192.168.10.232 00-0c-29-68-35-d7 dynamic 192.168.10.233 00-0c-29-5b-49-17 dynamic PING to all devices is running.
from web server (linux):
$ arp -an ? (192.168.10.11) at f4:30:b9:cf:5c:56 [ether] on ens33 ? (192.168.10.12) at b0:e1:7e:45:51:2e [ether] on ens33 ? (192.168.10.244) at 6c:fa:a7:44:d8:b6 [ether] on ens33 ? (192.168.10.1) at cc:2d:e0:c5:38:a6 [ether] on ens33 ? (192.168.10.231) at 00:0c:29:d2:41:73 [ether] on ens33 ? (192.168.10.232) at 00:0c:29:68:35:d7 [ether] on ens33 ? (10.215.87.191) at b0:e1:7e:45:51:2e [ether] on ens33 PING is running correctly to ALL devices in this subnet.
and on the WLC:
PING is not answered, but ARP table looks correct: CC:2D:E0:C5:38:A6 192.168.10.1 1 0 Host F4:30:B9:CF:5C:56 192.168.10.11 1 0 Host 00:0C:29:68:35:D7 192.168.10.232 1 0 Host 00:0C:29:5B:49:17 192.168.10.233 1 0 Host
MAC records on all devices are correct.
debug from WLC point of view (arp record for .233 not exists):
(Cisco Controller) >ping 192.168.10.233 Send count=3, Receive count=0 from 192.168.10.233 *emWeb: Oct 02 12:05:21.370: dtlArpFindMobile: No ARP entry found 192.168.10.233 *emWeb: Oct 02 12:05:35.626: dtlArpFindMobile: No ARP entry found 192.168.10.233 Send count=3, Receive count=0 from 192.168.10.233
the same "debug arp all" when arp record exists:
!!! note: this is ping attempt from 192.168.10.233: (Cisco Controller) > *dtlArpTask: Oct 02 12:09:59.272: processEtherIcmp: Received ICMP request from wired client,
Interface no:1, mtu:1280, SRC MAC: 00:0C:29:5B:49:17 *dtlArpTask: Oct 02 12:09:59.272: processEtherIcmp: Sending ICMP reply Successful !! ,
SRC MAC: 00:0C:29:D2:41:73 *dtlArpTask: Oct 02 12:10:00.296: processEtherIcmp: Received ICMP request from wired client,
Interface no:1, mtu:1280, SRC MAC: 00:0C:29:5B:49:17 *dtlArpTask: Oct 02 12:10:00.296: processEtherIcmp: Sending ICMP reply Successful !! ,
SRC MAC: 00:0C:29:D2:41:73 *dtlArpTask: Oct 02 12:10:02.440: dtlARPProtoRecv: Arp request. from = 1, client: 00:0c:29:5b:49:17, src ip: 192.168.10.233, tgt ip: 192.168.10.231 mscb: not found *dtlArpTask: Oct 02 12:10:02.440: Received dtlArpRequest sha: 00:0c:29:5b:49:17 spa: 192.168.10.233 tha: 00:00:00:00:00:00 tpa: 192.168.10.231 intf: 1, vlan: 0, node type: 1, mscb: not found, isFromSta: 0
!!! learned ARP table: (Cisco Controller) >show arp switch MAC Address IP Address Port VLAN Type ------------------- ---------------- ------ ------ ------ 00:0C:29:5B:49:17 192.168.10.233 1 0 Host B0:8B:CF:A2:E0:38 192.168.10.251 1 0 Host
!!!note: and ping (Cisco Controller) >ping 192.168.10.233 Send count=3, Receive count=0 from 192.168.10.233
tcpdump on the 192.168.10.233 shows no icmp packets coming from WLC (192.168.10.231)
I tried several versions of WLC (8.3, 8.5, 8.8). I tried upgrade/reinstall wmvare workstation. But till now no solution.
The simple problem, but not so simple answer. What else can I try?
martin
03-12-2021 09:13 AM
03-13-2021 04:07 AM
Unfortunately, there is no such option as "promiscuos mode" in the VMware Workstation Pro v16. So I cannot test this now.
01-25-2022 06:49 PM - edited 01-27-2022 07:05 AM
tengo el mismo problema
03-13-2021 06:18 AM
OK I found out, that it doesn't work from the PC where you host the vWLC inside your VMware or KVM. If you go onto the Management IP from a different PC - it works. It is weird. I also tested a Linux hosted on the same machine and I was able to get onto it. Strange but true.
03-13-2021 10:20 AM
VMworkstation I'm pretty sure it will not work. This use to work in the past, but with newer versions, they stopped working. Like what was mentioned, you need to enable promiscuous mode, or else ap's will never join the controller. I ran into this issue when I brought up another ESXi host and moved an existing 9800-CL to that host. I was not able to ping from the controller, only was able to ping the gateway and nothing else. AP's were not joining and once I enabled promiscuous mode, everything started working.
You are better off getting a workstation and loading ESXi 7.x onto it and use that for all your virtual appliances. It will work way better for you and if you are learning and want a lab, that is the way to go.
If you really want to learn and have multiple controllers and or ISE as an example, you should build your own ESXi server. Have you looked into VMUG Advantage? This provides license for ESXi, VMworkstation and almost all their products for a yearly fee. Depending on how much you spend on your current license, this gives you flexibility to use many of their products. You can always get ESXi 7 license for free, you are just limited to 8 vcpu, which is okay. Or you can try to install the virtual on hyper-v.
VMUG Advantage Membership - vmug
05-24-2021 03:00 PM
Can you add another network card in ESXi like below? i had same issue as you when i only have the top network adapter1.
After adding Network adapter 2, i was able to connect to the management IP. Seems like the virtual nic dont match the nic in the WLC.
Give it a try
11-17-2021 12:22 PM - edited 11-17-2021 12:33 PM
Confirmed:
WMI outgoing traffic (ICMP requests, TCP responses) won't work on VMWare Workstation 16.2.x
Downgraded to 14.1.3 and it worked with exact same settings.
08-04-2022 02:22 AM
Confirmed.
I download & install VMWare workstation version 14.1.3, it's work.
I can ping, Web management Access vWLC from my Host desktop.
cannot work with VMWare workstation 16.x
thank you
08-04-2022 02:31 AM
05-17-2024 02:12 AM
Hello,
I have an alternative solution that doesn't require downgrading of VMware Workstation / Fusion.
When I deployed vWLC with AireOS 8.10.151.0 directly in VMware Fusion, I experienced the same behavior of vWLC Management interface - I could't even ping IP address of my MacBook and could only access vWLC via Service-Port.
Since vWLC is not supported on Type-2 hosted hypervisors, workaround is to deploy ESXi in VMware Fusion / Workstation and deploy vWLC within the ESXi hypervisor. Once I did that, Management interface is working as expected.
IP@ on my laptop is 10.10.4.10. I am now successfully pinging it from vWLC and vWLC is reachable via CLI/GUI on its Management int (none of this was working when vWLC was deployed directly in Fusion).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide