Showing results for 
Search instead for 
Did you mean: 

WLAN clients can't communicate since update from 17.3.3 to 17.3.4c

Bernd Nies



We have Catalyst 9800-40 WLAN controllers and 90 Catalyst 9120AXI access points. Three weeks ago we upgraded from 17.3.3 to 17.3.4c. But instead of fixing a bug, it got exchanged with a new one: Since then all the WLAN clients can't communicate with each other. The WLAN is configured for central switching. Now it behaves like peer-blocking is enabled, but we had it disabled on purpose. It's an office wlan with 802.1x authentication and not a public wlan. Connectivity between wireless and wired LAN works fine.


Traffic analysis shows that the access point does not reveal the MAC addresses of other WLAN clients when one wants to reach them. Even two clients connected to the same access point can't communicate to each other.


Anyone else having this issue or are we the first one to upgrade to 17.3.4c?




35 Replies 35

Understood re:2700.  Note 2800 are still fine on 17.6 which we have found to be very stable so far.   17.6 is the next extended support release too so only a matter of time before it gets the star.

And as we've seen with 17.3 the star releases can actually end up having serious problems although they are a good overall guideline.


in the Wlc cisco go to Configuration Tag and profiles --->Wlan 

check the option P2P Blocking Action


That's not it. P2P blocking was disabled in IOS XE 17.3.3 and worked then. It stopped working with update to IOS XE 17.3.4c because he WLC does not answer the ARP requests from the clients or APs when a WLAN client wants to connect another WLAN client.

Bernd Nies

Summary: This was finally the fix that brought intra WLAN client comminication back to life after the update:

C9800-40, IOS XE 17.3.3  (working)     | C9800-40, IOS XE 17.3.5a (working)
C9800-40, IOS XE 17.3.4c (not working) | =======================================|===================================== | vlan configuration 115,118-119,900 | arp broadcast ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ interface Vlan119 | interface Vlan119 description mDNS snooping | description mDNS snooping | no ip proxy-arp ... | ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ wireless profile policy WLAN_Office | wireless profile policy WLAN_Office vlan office | vlan 119 ... | ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

VIP Advocate VIP Advocate
VIP Advocate

Interesting - thanks @Bernd Nies 

Is this something they're saying is "by design" or they intend to fix?

They didn't tell so far.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers