04-25-2024 11:38 PM
Hello all,
we are currently transitioning to a virtual 9800-CL WLC, hosted on a VMWare node on premise. The WLC and the FlexConnect APs are working correctly but I am experiencing a weird behavior with the interfaces.
The APs are on VLAN 1 - 192.168.2.x/24
The WLC has only the eth #2 connected
right now it's a trunk with VLAN 1 (native) and 30
on the ESXI side, the WLC is connected to a vSwitch on a trunk port
and the physical adapter vmnic2 is connected to a cisco switch on a trunk (native 1) port.
Now, from my perspective, the VLAN 30 is completely superfluous. I reach the WLC with the 192.168.2.95 IP, the APs connect through 192.168.2.95, etc...
so I was going to delete VLAN 30 from the config. However, as soon as I disable the VLAN 30, I lose connectivity to the WLC, even from the 192.168.2.95 interface. I have to log in from the esxi console and re-enable it.
What am I missing here? Could it be something simple like VLAN 1 being tagged on some trunks and not some others (I think everything is right, but I could check further), or is there a deeper reason for a second IP?
thank in advance
F.
04-26-2024 01:34 AM
- Not sure if the overall networking topology is supported = have a checkup of the WLC 9800-CL configuration with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
M.
04-26-2024 02:32 AM
Thank you, the Analyzer tool is helpful, however it's not that the current config has issues, it's that I am experiencing an unexplicable (for me) behaviour when changing it. I was hoping for some tips in analyzing the overall network topology I showed in the original post to see if there's issues.
04-26-2024 02:47 AM
- Make sure that WirelessAnalyzer does not report any red flags on the overall wlc-checkresults , because if there are , these for sure must be corrected
- I noticed The WLC has only the eth #2 connected
Normally this is not how it is done , even for the virtual controller , 3 effective interfaces are needed , SP , WMI and redundancy port being connected through the hypervisor VM settings ,
M.
04-26-2024 03:09 AM
and the 3 effective interfaces should be 3 different ports, they can't be 3 VLANs on the same trunk port?
04-26-2024 03:20 AM
- Correct , because even the 9800-CL , expects these 3 to be available (unless for remote cloud deployments but then the overall starting deployment is different too)
M.
04-26-2024 07:14 AM
Check that you followed every single step of the 9800-CL VMWare deployment guide very carefully - go through it again step by step.
Also refer to https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#C9800CLconsiderations without those settings it will not work.
Your screenshot doesn't show any of the WLC port VLAN config on the ESX - only the top level which is labelled VLAN ID: 4095!
It's a general rule in networking (with very few exceptions) that you should never use VLAN 1 - think about using a non-default VLAN for your setup.
05-03-2024 12:43 AM
I am aware VLAN 1 shouldn't be used, but this is a situation where you inherit a massive infrastructure with legacy flaws and have to work around it. Changing the management VLAN for every networking device sounds like a nightmare I am not ready to face honestly.
What kind of further information is needed? I am sifting through the config guides and best practices but so far I can't see where I went wrong.
05-03-2024 01:24 AM
I mentioned VLAN 1 as advice in the last paragraph - not a solution to the problem - although it sometimes can be related to the problem. Did you see what I said above that?
05-03-2024 02:23 AM
Yeah, absolutely, I am currently reviewing the various setup steps in the guide and best practices - I also feel that some steps would be easier if I wasn't forced to use default VLAN 1, that's why I posted that.
I'll get back to the thread if there's something I can't wrap my head around in the config, thanks for now!
05-03-2024 02:29 AM
>...if I wasn't forced to use default VLAN 1, that's why I posted that.
- That shouldn't be needed at all , get the VLAN which you want and keep using WirelessAnalyzer with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
For all configurating attempts = just go for it = This is so good
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide