cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
25
Helpful
3
Replies

WLC 9800 CL Client Exclusion Issue

buhawi
Beginner
Beginner

We have spoke sites on Flex mode, each site are all treated separately, has its own DHCP server to serve wireless clients. The DHCP scope is the same for all sites. Now with WPS IP Theft or IP Reuse enabled it seems that when Site A client is served with an IP address and Site B is served with the same IP address, it seems that Site B client gets excluded, am I missing something? The sites were migrated from AireOS, same topology and same WPS feature IP Theft or IP Reuse enabled and clients are able use same IP in different sites.  

1 Accepted Solution

Accepted Solutions

Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

I hope you have enabled "overlapping client IP Address" feature enabled. It came up with 17.4.x release.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-4/config-guide/b_wl_17_4_cg/m_vewlc_flex_connect.html 

"In flex deployments, you can use cookie cutter configuration across sites and branches which also includes local DHCP servers configured with the same subnet. In this toplogy, controllers detect multiple client sessions with the same IP as IP THEFT and clients are blacklisted.

The Overlapping Client IP Address in Flex Deployment feature offers overlapping IP address across various flex sites and provides all the functionalities that are supported in flex deployments."

Step 1

Choose Configuration > Tags & Profiles > Flex and click Add.

Step 2

On the Add Flex Profile window and General tab.

Step 3

Check the IP Overlap check box to enable overlapping client IP Address in Flex deployment.

Step 4

Click Apply to Device.

HTH
Rasika
*** Pls rate all useful responses ***

View solution in original post

3 Replies 3

Rasika Nayanajith
VIP Mentor VIP Mentor
VIP Mentor

I hope you have enabled "overlapping client IP Address" feature enabled. It came up with 17.4.x release.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-4/config-guide/b_wl_17_4_cg/m_vewlc_flex_connect.html 

"In flex deployments, you can use cookie cutter configuration across sites and branches which also includes local DHCP servers configured with the same subnet. In this toplogy, controllers detect multiple client sessions with the same IP as IP THEFT and clients are blacklisted.

The Overlapping Client IP Address in Flex Deployment feature offers overlapping IP address across various flex sites and provides all the functionalities that are supported in flex deployments."

Step 1

Choose Configuration > Tags & Profiles > Flex and click Add.

Step 2

On the Add Flex Profile window and General tab.

Step 3

Check the IP Overlap check box to enable overlapping client IP Address in Flex deployment.

Step 4

Click Apply to Device.

HTH
Rasika
*** Pls rate all useful responses ***

@Rasika Nayanajith Thank you for the response, I'm running on cisco recommended version 17.3.5b and I see this option in flex configuration, let me turn this on and see how it goes.

Rich R
VIP Advisor VIP Advisor
VIP Advisor

You should also go through Catalyst 9800 Series Configuration Best Practices https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html for other tips.

And check your config with https://cway.cisco.com/wireless-config-analyzer/ using the output of "show tech wireless"

Also see https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/214749-tac-recommended-ios-xe-builds-for-wirele.html for TAC recommended software versions to use.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
                      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
                     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
                     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
                     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
___________________________________________
Richard R
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers