Re: WLC unreachable via ping but WEB GUI and cli is accessible

absuizo14 · ‎01-07-2021

We have 2 WLCs that randomly becomes unreachable via ping resulting to the APs associating back and forth between the primary and secondary controllers(HA SKU) but somehow you can access their WEB GUI and cli and can even ping the core switch and there are no logs on both WLC that they went down. Tried transferring the connection and switching out the patch cords and even upgrading to TAC recommended firmware version but the issue still persists. TAC only changed Retransmit config parameters but it still didn't solve the issue. we also checked the switch they are connected to and there are no logs indicating that the port went down.

Here are the details of the device:

Wireless LAN Controller

Model No. .................................AIR-CT2504-K9
Product Version.................................. 8.5.161.11
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1
Firmware Version................................. PIC 20.0

Core Switch(Stacked)

Model Number : WS-C3850-24P

SW Version :16.6.6

*****EDITED*****

Here are some observations since i posted this topic

The Primary WLC can reach its Gateway, Laptop and Secondary WLC but not the Access Points
The Laptop is able to ping the Gateway of the Primary and but not the Primary WLC
The Core Switch is able to reach the Primary WLC, Secondary WLC and Access Points
The Access Point is able to reach the Gateway of the Primary, Secondary WLC but not the Primary WLC

Based on the behavior there is a possibility that the core switch is causing the issue or another device is blocking the traffic but there are no logs on the core switch or forescout of traffic being blocked and the core switch has no access list applied on the vlans of the AP and WLC.

Leo Laohoo · ‎01-07-2021

@absuizo14 wrote:

Product Version.................................. 8.5.161.11

You need to contact TAC because the controllers are running a special engineering firmware that no one outside of Cisco have any knowledge and experience troubleshooting.

absuizo14 · ‎01-07-2021

I did. they provided the image but it didnt solve the issue.. hoping to find someone with similar problem and found the solution

patoberli · ‎01-08-2021

What is the output of 'show redundancy detailed' and how often is this happening?

Leo Laohoo · ‎01-08-2021

@patoberli wrote:

What is the output of 'show redundancy detailed' and how often is this happening?

Patrick,

The WLC is a 2504 so HA-SSO is not supported.

patoberli · ‎01-11-2021

Sorry, had forgotten that little detail about the 2504.

MHM Cisco World · ‎01-09-2021

check FW if the UDP port

5246
&
5247

are open if one is close then this issue arise.

absuizo14 · ‎01-10-2021

There is no firewall in between the APs and the WLCs. we have forescout but there are no logs indicating traffic being blocked.

Scott Fella · ‎01-11-2021

What you posted in regards to your ping, basically shows that you have a connectivity issue. I really doubt that any change to the controller will fix that. To be clear, all the devices are located in the same site? Do you have more than one port on the 2504 connected, if so, it must be in LAG and also you must follow the requirements for LAG. I'm just taking a guess because you didn't mention how everything was designed and connected.

-Scott
*** Please rate helpful posts ***