Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8829
Views
15
Helpful
23
Replies

unable to connect vWLC

Martin Kyrc
Level 3
Level 3

‎10-02-2019 03:58 AM - edited ‎07-05-2021 11:04 AM

Hello,

I have simple network problem - I can't connect to the vWLC message interface... but solution seems to be not so easy.

Let's have a look closer to the issue. In my subnet are connected: virtual ISE, virtual WLC, Cisco AP and some clients (PC). (virtual devices are running on VMware workstation on my laptop). I can "ping" WLC from all devices but from WLC I can't "ping" no device (no FW on the devices). MAC addresses in the ALL network devices are correct.

The question is, why I can't connect to other devices FROM WLC. In the final, ISE and WLC can't communicate (RADIUS) and no http connection to WLC is possible.

IP adresses:

  • gateway: 192.168.10.1
  • laptop: 192.168.10.11
  • WLC: 192.168.10.231
  • ISE: 192.168.10.232
  • web server: 192.168.10.233

troubleshooting from gateway router (mikrotik):

ARP table:
192.168.10.11 F4:30:B9:CF:5C:56 VLAN10 
192.168.10.232 00:0C:29:68:35:D7 VLAN10 
192.168.10.233 00:0C:29:5B:49:17 VLAN10 
192.168.10.231 00:0C:29:D2:41:73 VLAN10

PING to all devices is running.

from laptop (win):

ARP table:
  192.168.10.1          cc-2d-e0-c5-38-a6     dynamic
  192.168.10.231        00-0c-29-d2-41-73     dynamic
  192.168.10.232        00-0c-29-68-35-d7     dynamic
  192.168.10.233        00-0c-29-5b-49-17     dynamic

PING to all devices is running.

from web server (linux):

$ arp -an
? (192.168.10.11) at f4:30:b9:cf:5c:56 [ether] on ens33
? (192.168.10.12) at b0:e1:7e:45:51:2e [ether] on ens33
? (192.168.10.244) at 6c:fa:a7:44:d8:b6 [ether] on ens33
? (192.168.10.1) at cc:2d:e0:c5:38:a6 [ether] on ens33
? (192.168.10.231) at 00:0c:29:d2:41:73 [ether] on ens33
? (192.168.10.232) at 00:0c:29:68:35:d7 [ether] on ens33
? (10.215.87.191) at b0:e1:7e:45:51:2e [ether] on ens33

PING is running correctly to ALL devices in this subnet.

and on the WLC:

PING is not answered, but ARP table looks correct:
CC:2D:E0:C5:38:A6   192.168.10.1     1      0      Host
F4:30:B9:CF:5C:56   192.168.10.11    1      0      Host
00:0C:29:68:35:D7   192.168.10.232   1      0      Host
00:0C:29:5B:49:17   192.168.10.233   1      0      Host

MAC records on all devices are correct.

debug from WLC point of view (arp record for .233 not exists):

(Cisco Controller) >ping 192.168.10.233
Send count=3, Receive count=0 from 192.168.10.233

*emWeb: Oct 02 12:05:21.370: dtlArpFindMobile: No ARP entry found 192.168.10.233
*emWeb: Oct 02 12:05:35.626: dtlArpFindMobile: No ARP entry found 192.168.10.233

Send count=3, Receive count=0 from 192.168.10.233

the same "debug arp all" when arp record exists:

!!! note: this is ping attempt from 192.168.10.233:

(Cisco Controller) >
*dtlArpTask: Oct 02 12:09:59.272: processEtherIcmp: Received ICMP request from wired client,
  Interface no:1, mtu:1280, SRC MAC: 00:0C:29:5B:49:17 
*dtlArpTask: Oct 02 12:09:59.272: processEtherIcmp: Sending ICMP reply Successful !! , 
  SRC MAC: 00:0C:29:D2:41:73 
*dtlArpTask: Oct 02 12:10:00.296: processEtherIcmp: Received ICMP request from wired client,
  Interface no:1, mtu:1280, SRC MAC: 00:0C:29:5B:49:17 
*dtlArpTask: Oct 02 12:10:00.296: processEtherIcmp: Sending ICMP reply Successful !! , 
  SRC MAC: 00:0C:29:D2:41:73 

*dtlArpTask: Oct 02 12:10:02.440: dtlARPProtoRecv: Arp request.
  from = 1, client: 00:0c:29:5b:49:17, 
  src ip: 192.168.10.233, tgt ip: 192.168.10.231  mscb: not found

*dtlArpTask: Oct 02 12:10:02.440: Received dtlArpRequest
  sha: 00:0c:29:5b:49:17 spa: 192.168.10.233
  tha: 00:00:00:00:00:00 tpa: 192.168.10.231
  intf: 1, vlan: 0, node type: 1, mscb: not found, isFromSta: 0

 

!!! learned ARP table:
(Cisco Controller) >show arp switch 
MAC Address         IP Address       Port   VLAN   Type
------------------- ---------------- ------ ------ ------
00:0C:29:5B:49:17   192.168.10.233   1      0      Host
B0:8B:CF:A2:E0:38   192.168.10.251   1      0      Host
!!!note: and ping
(Cisco Controller) >ping 192.168.10.233
Send count=3, Receive count=0 from 192.168.10.233

tcpdump on the 192.168.10.233 shows no icmp packets coming from WLC (192.168.10.231)

I tried several versions of WLC (8.3, 8.5, 8.8). I tried upgrade/reinstall wmvare workstation. But till now no solution.

The simple problem, but not so simple answer. What else can I try?

martin

Labels:
0 Helpful
23 Replies 23

patoberli
VIP Alumni
VIP Alumni
In response to Worko

‎03-12-2021 09:13 AM

I'm not sure if this is still required, but in the past you had to configure the Data Port (Port 1) on the ESX to Promiscuous mode.

Source: https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Virtual_Wireless_LAN_Controller_Deployment_Guide_8-2.html


0 Helpful

Worko
Level 1
Level 1
In response to patoberli

‎03-13-2021 04:07 AM

Unfortunately, there is no such option as "promiscuos mode" in the VMware Workstation Pro v16. So I cannot test this now.

0 Helpful

Leo TI
Level 1
Level 1
In response to Worko

‎01-25-2022 06:49 PM - edited ‎01-27-2022 07:05 AM

tengo el mismo problema

0 Helpful

Worko
Level 1
Level 1

‎03-13-2021 06:18 AM

OK I found out, that it doesn't work from the PC where you host the vWLC inside your VMware or KVM. If you go onto the Management IP from a different PC - it works. It is weird. I also tested a Linux hosted on the same machine and I was able to get onto it. Strange but true.

Scott Fella
Hall of Fame
Hall of Fame

‎03-13-2021 10:20 AM

VMworkstation I'm pretty sure it will not work.  This use to work in the past, but with newer versions, they stopped working.  Like what was mentioned, you need to enable promiscuous mode, or else ap's will never join the controller.  I ran into this issue when I brought up another ESXi host and moved an existing 9800-CL to that host.  I was not able to ping from the controller, only was able to ping the gateway and nothing else.  AP's were not joining and once I enabled promiscuous mode, everything started working. 

You are better off getting a workstation and loading ESXi 7.x onto it and use that for all your virtual appliances.  It will work way better for you and if you are learning and want a lab, that is the way to go.  

If you really want to learn and have multiple controllers and or ISE as an example, you should build your own ESXi server.  Have you looked into VMUG Advantage?  This provides license for ESXi, VMworkstation and almost all their products for a yearly fee.  Depending on how much you spend on your current license, this gives you flexibility to use many of their products. You can always get ESXi 7 license for free, you are just limited to 8 vcpu, which is okay.  Or you can try to install the virtual on hyper-v.

VMUG Advantage Membership - vmug

-Scott
*** Please rate helpful posts ***
0 Helpful

AlbanoSousa3558
Level 1
Level 1

‎05-24-2021 03:00 PM

Can you add another network card in ESXi like below? i had same issue as you  when i only have the top network adapter1.

After adding Network adapter 2, i was able to connect to the management IP. Seems like the virtual nic dont match the nic in the WLC.

Give it a try

Screenshot 2021-05-24 at 22.53.32.png

Screenshot 2021-05-24 at 22.57.24.png

Screenshot 2021-05-24 at 22.59.43.png

 

 

0 Helpful

edmonroy
Cisco Employee
Cisco Employee

‎11-17-2021 12:22 PM - edited ‎11-17-2021 12:33 PM

Confirmed:

WMI outgoing traffic (ICMP requests, TCP responses) won't work on VMWare Workstation 16.2.x

Downgraded to 14.1.3 and it worked with exact same settings.

 

1hari.dharmawan
Level 1
Level 1
In response to edmonroy

‎08-04-2022 02:22 AM

Confirmed.

 

I download & install VMWare workstation version 14.1.3, it's work.

I can ping,  Web management Access vWLC from my Host desktop.

cannot work with VMWare workstation 16.x

thank you

0 Helpful

marce1000
VIP
VIP
In response to 1hari.dharmawan

‎08-04-2022 02:31 AM

Vmware workstation is not supported for vWLC.

M.


-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card