cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1852
Views
6
Helpful
12
Replies

WLC 9800 Auto Containment For APs using Our SSID

b.angel
Level 1
Level 1

I enabled Auto Containment on one of our 9800 WLC for APs using our SSIDs. All our 9800s are part of the same mobility group. What I began to noticed was the 9800 was containing APs on its mobility members APs. I'm currently running version 17.6.4. Has anyone came across this issue?

12 Replies 12

marce1000
VIP
VIP

 

  - Strange indeed , for starters have a checkup review of the 9800  configuration with (CLI) : show tech wireless  ,
                have the output analyzed with :  https://cway.cisco.com/wireless-config-analyzer/

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hello

 Something that could be happening is some failure on the movility group configuration and the AP from the other WLC show up as rogue.

 Take a look at the document.  At the end of it, there are several interesting trobleshooting commands that might be helpful. If something is not right, you might see on the logs.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213913-building-mobility-tunnels-on-catalyst-98.html#anc17 

If all is fine with mobility group, I would suspect you hit a bug.

 If all 

Scott Fella
Hall of Fame
Hall of Fame

You go some very good feedback from @Flavio Miranda and @marce1000. My question I have is that it seems you have a multiple 9800's, but do you have ap's at a site joined to multiple controllers?  Do you see this issue on sites in which all access points at that site is joined to a single controller?  I would try to avoid having ap's on multiple controllers at a location just in general for roaming purposes.  Open a TAC case and see if the issue is a bug or not.

-Scott
*** Please rate helpful posts ***

Yes the AP's are joined to one controller or another at different sites. I also have a TAC Case open and they have not made any progress on this issue.

JPavonM
VIP
VIP

There are lot of code defects around Rogue detection in all C9800 codes, with APs self-recognizing as rogues, or detecting APs from the same Mobility Group as rogues, or detecting radios in 2.4 GHz band as rogues, ....

I have suffered lot of them in previous codes, and that I'm also running 17.6.4 I still see some of these happening, specially with AP4800 (CSCvy59897 which must be fixed on theis release but still detecting their own radios as 'AP Impersonation'), so testing 17.9.3 to look how it works.

JPavonM, thanks for replying. Going to version 17.9.3 maybe our next step because we still have many 2700 APs associated to 5508 and I'm hearing if I upgrade the 9800 WLCs to 17.9.3 we can move over the 2700s.


 

  - Note that because of many people still using the 2700 series  , the support for this model was (also) made available again in 17.9.3 https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/release-notes/rn-17-9-9800.html#whats-new-1793

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

jarnold
Level 4
Level 4

Following up on this one... was this issue ever resolved?  Any additional updates?

b.angel
Level 1
Level 1
I'm running 17.9.3 and the issue has not been resolved.



Paul Dyer
Principal Network Engineer

Foxwoods Resort Casino

T: 860.396.3456

F: 860.XXX.XXXX

350 Trolley Line Boulevard, P.O. Box 3777, Mashantucket, CT 06338-3777

pdyer@foxwoods.com * foxwoods.com<>

[fb-icon]<> [twt-icon] <> [ig-icon] <> [lin-icon] <>

[Foxwoods USA Today Sig]<>


JPavonM
VIP
VIP

You maybe hitting this defect CSCwd71613 that makes Cisco APs to mark as rogues their own BSSIDs in 2.4 GHz band mainly, and this is still open with no fix.

By the way, the workaround has no effect, and I'm working with TAC on this.

But they've raised that as "Severity 6 Enhancement" so it may never even get looked it!  Can you ask them to tag it correctly as a bug please?  This seems to be the tactic for avoiding fixing bugs in the last year or two - just tag them as enhancements and then no need to fix (enhancements only get allocated when there's an approved customer or TAC business case)!  And it's been open for a year with 13 cases attached to it already!

Thanks JPavon, it good to know that it's not just me. Can you keep me informed.
Thanks
Review Cisco Networking for a $25 gift card