WLC 9800-CL - help with correct interface/SVI configuration

fabioairoldi · ‎04-25-2024

Hello all,

we are currently transitioning to a virtual 9800-CL WLC, hosted on a VMWare node on premise. The WLC and the FlexConnect APs are working correctly but I am experiencing a weird behavior with the interfaces.

The APs are on VLAN 1 - 192.168.2.x/24

The WLC has only the eth #2 connected

right now it's a trunk with VLAN 1 (native) and 30

on the ESXI side, the WLC is connected to a vSwitch on a trunk port

and the physical adapter vmnic2 is connected to a cisco switch on a trunk (native 1) port.

Now, from my perspective, the VLAN 30 is completely superfluous. I reach the WLC with the 192.168.2.95 IP, the APs connect through 192.168.2.95, etc...

so I was going to delete VLAN 30 from the config. However, as soon as I disable the VLAN 30, I lose connectivity to the WLC, even from the 192.168.2.95 interface. I have to log in from the esxi console and re-enable it.

What am I missing here? Could it be something simple like VLAN 1 being tagged on some trunks and not some others (I think everything is right, but I could check further), or is there a deeper reason for a second IP?

thank in advance

F.

marce1000 · ‎04-26-2024

- Not sure if the overall networking topology is supported = have a checkup of the WLC 9800-CL configuration with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

fabioairoldi · ‎04-26-2024

Thank you, the Analyzer tool is helpful, however it's not that the current config has issues, it's that I am experiencing an unexplicable (for me) behaviour when changing it. I was hoping for some tips in analyzing the overall network topology I showed in the original post to see if there's issues.

marce1000 · ‎04-26-2024

- Make sure that WirelessAnalyzer does not report any red flags on the overall wlc-checkresults , because if there are , these for sure must be corrected

- I noticed The WLC has only the eth #2 connected
Normally this is not how it is done , even for the virtual controller , 3 effective interfaces are needed , SP , WMI and redundancy port being connected through the hypervisor VM settings ,

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

fabioairoldi · ‎04-26-2024

and the 3 effective interfaces should be 3 different ports, they can't be 3 VLANs on the same trunk port?

marce1000 · ‎04-26-2024

- Correct , because even the 9800-CL , expects these 3 to be available (unless for remote cloud deployments but then the overall starting deployment is different too)

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Rich R · ‎04-26-2024

Check that you followed every single step of the 9800-CL VMWare deployment guide very carefully - go through it again step by step.

Also refer to https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#C9800CLconsiderations without those settings it will not work.

Your screenshot doesn't show any of the WLC port VLAN config on the ESX - only the top level which is labelled VLAN ID: 4095!

It's a general rule in networking (with very few exceptions) that you should never use VLAN 1 - think about using a non-default VLAN for your setup.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

fabioairoldi · ‎05-03-2024

I am aware VLAN 1 shouldn't be used, but this is a situation where you inherit a massive infrastructure with legacy flaws and have to work around it. Changing the management VLAN for every networking device sounds like a nightmare I am not ready to face honestly.

What kind of further information is needed? I am sifting through the config guides and best practices but so far I can't see where I went wrong.

Rich R · ‎05-03-2024

I mentioned VLAN 1 as advice in the last paragraph - not a solution to the problem - although it sometimes can be related to the problem. Did you see what I said above that?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

fabioairoldi · ‎05-03-2024

Yeah, absolutely, I am currently reviewing the various setup steps in the guide and best practices - I also feel that some steps would be easier if I wasn't forced to use default VLAN 1, that's why I posted that.

I'll get back to the thread if there's something I can't wrap my head around in the config, thanks for now!

marce1000 · ‎05-03-2024

>...if I wasn't forced to use default VLAN 1, that's why I posted that.
- That shouldn't be needed at all , get the VLAN which you want and keep using WirelessAnalyzer with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

For all configurating attempts = just go for it = This is so good

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !