12-26-2023 06:19 AM
Hello everyone,
i have installed Cisco 9800-CL virtual WLC on vmWare ESXi.
current setup lools like :
problem description:
we see unusuall traffic load on trunk interface (GIG2)(RX) , it is two times higher compared to MGMT interface (TX).
i assume that tunnell established between AP and MGMT port is tranfering control and data traffic and at least same amound of data should be on trunk side. i have doubt that something is duplicating packets but dont understand how to troubleshoot the problem.
01-04-2024 10:37 AM
You might also want to look at https://community.cisco.com/t5/wireless/9800-cl-swport-4-mac-conflict-issues/td-p/4283443
01-11-2024 01:34 AM
I have another TAC case open about this errors, as in my case the ESX fix has not stopped the C9800-CL errors.
01-16-2024 12:19 AM
Hello Everyone,
we fount the issue. here is the description :
in our initial configuration we have used GIG1 for wireless management and GIG2 for data plane trunk. controll plane traffic must to GIG1 and data plane to GIG2. but in reality we were seeng controll plane traffic load on GIG2 also. exaclty the same traffic was going to GIG2, this was cousing unusuall TX RX values.
after little bit research , we found that GIG1 must be used only for out of band MGMT (OOB) and Switch Virtual Interface (SVI) must be created for wireless management and attached to GIG2 interface. after replicating that configuration everything was ok, TX and RX values become normal.
so my advice is to not use GIG1 for wireless management.
additionally even in our original configuration data flow must be normal, but becouse of that OOB function, GIG1 interface has different traffic flow. Cisco says that it is placed in dedicated VRF, but it is not. maybe something else is happening there, but at this point i dont care. just dont use GIG1
01-30-2024 04:38 PM
This is actually covered in the Best Practice guide: https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#C9800CLconsiderations
Basically you should never allow the same VLAN on Gig1 and Gig2. Gig1 - only for out of band management. Gig2 - all AP management and client VLANs. The VRF is immaterial to this problem - it's about VLAN config.
Using a separate VRF for your out of band management (whether on port or vlan) is still good from a security point of view but take note of the different VRF limitations in different versions.
01-31-2024 12:50 AM
Hello @Rich R ,
we did not have same VLAN on both interfaces, GIG1 had MGMT VLAN and GIG2 all SSID VLANs(exept that MGMT). and this type of config has produced strange traffic loads on bith interfaces.
now it is ok, we just have all nessesary VLANs passed via GIG2 and not using GIG1 at all
01-31-2024 01:16 AM
But did you restrict/separate those VLANs on the hypervisor switch(es) (as per the guide) @Temur Kalandia or did you just use vlan allowed on the WLC ports? vlan allowed means it will ignore the non-allowed VLANs but doesn't stop it receiving all the traffic if all VLANs are allowed on the hypervisor switch.
01-31-2024 11:19 PM
hi @Rich R ,
you are right from hypervisor it is not possible to restrict VLANs on trunk port, unless it is vmware distributed switch. i had standard switch and configured as you described. at this moment everything is ok.
02-01-2024 12:28 AM
Cool - that explains why you saw all the traffic on both ports.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide