WLC 5508 to C6509 etherchannel problem

Answered Question
Dec 3rd, 2011

I have configured a 6509 with a port-channel over 2 interfaces as the ap-manager interface for a 5508 WLC, see below. I am not able to ping the WLC ap-manager interface from the 6509 console port. The WLC ap-manager interface is on the vlan101 subnet and uses vlan tags.

interface Port-channel9

description ether channel for WLC 1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 101

switchport trunk allowed vlan 101,113,127

switchport mode trunk

logging event link-status

logging event bundle-status

!

interface GigabitEthernet7/2

description ether channel for WLC 1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 101

switchport trunk allowed vlan 101,113,127

switchport mode trunk

logging event link-status

logging event bundle-status

channel-group 9 mode on

!

interface GigabitEthernet8/2
description ether channel for WLC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 101
switchport trunk allowed vlan 101,113,127
switchport mode trunk
logging event link-status
logging event bundle-status
channel-group 9 mode on
!

port-channel load-balance src-dst-ip

and the 5508 is using:
Version: 6.0.199.4



I found in the manual (Cisco Wireless LAN Controller Configuration Guide, Software Release 7.0 June 2010,) to try using :

port-channel load-balance src-dst-ip exclude vlan

but the 6509 won't take it. Any ideas?

I have this problem too.
0 votes
Correct Answer by weterry about 2 years 4 months ago

Can you provide the interface configs of the WLC?

You are saying you tag the AP-Managers as vlan 101?

But you have your switch set for Native vlan 101 (so it won't tag the traffic)......   end result of a Management Interface like this is typically "it doesn't work".

Is your Management interface an AP-MGR? or you have Management + 2 AP-MGRs?

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
choclateer Sat, 12/03/2011 - 22:11

I meant to add that the 6509 is using:

(s72033_rp-ADVIPSERVICESK9_WAN-VM), Version 12.2(33)SXI6, RELEASE SOFTWARE (fc4)

Correct Answer
weterry Sat, 12/03/2011 - 22:23

Can you provide the interface configs of the WLC?

You are saying you tag the AP-Managers as vlan 101?

But you have your switch set for Native vlan 101 (so it won't tag the traffic)......   end result of a Management Interface like this is typically "it doesn't work".

Is your Management interface an AP-MGR? or you have Management + 2 AP-MGRs?

choclateer Sat, 12/03/2011 - 23:05

I cannot get the interface configs for the WLC for a few days, I had to go out of town. I will try removing the Native Vlan statement from the port channel and 2 interfaces.

Yes, Management is the AP-MGR, not management plus 2 AP-MGRs

Mike Fleck

Datanamics, Inc

cell 702-985-5420

choclateer Sat, 12/03/2011 - 23:13

I remoted into the switch and removed the Native Vlan and now everything is fine, Thanks "weterry"

weterry Sat, 12/03/2011 - 23:18

Fantastic. Very common problem (typically manifests as "I can't manage the WLC").  If you wanted to leave the switch as native vlan 101, then you'd want to set "0" as the vlan on the interface (so the wlc doesn't tag it, and switch knows to put it in 101).

The issue with this latter approach is that I don't think you can trust COS for untagged traffic, so QOS would be a problem to get working.

sg2810cisco Wed, 02/29/2012 - 23:39

Hello. I think that is a well-known problem. You cannot set the native vlan on the wlc. It's alway vlan 1. After removing the setting "switchport trunk native vlan 101" the native vlan change to default which is vlan number 1.

I am using software version 6.0.199.4, too.

Stephen Rodriguez Thu, 03/01/2012 - 05:24

thats not true. You can tag all the interfaces on the WLC, so long as you remember it's a dot1q trunk. So you would want the native VLAN on the switch to be something other than what any interface on the WLC is. Otherwise the switch will drop the traffic that is tagged on the native VLAN.

So in the above scenario setting the switch poet native VLAN to 999 would work so long as VLAN 999 is not used on the WLC.

Make sense!

Steve

Sent from Cisco Technical Support iPhone App

George Stefanick Thu, 03/01/2012 - 07:44

Im going to offer my 2cents?

First. why are you using a native VLAN on the WLC for management ? It is in your best interest to TAG all your VLANs. The Cisco manuals have noted for years to native the management, but Cisco folks will tell you this is not ideal. In fact, you will lose all QoS trust if you use mls qos trust on the WLC / switch port. Since your management is native, your capwap tunnels qos will not be trusted.

I would tagg everything .. Dont use native

In 7.x config guide it finally was changed and it states to tag your management traffic.

davy.timmermans Thu, 03/01/2012 - 08:43

@George

I'm aware that in the switching world - native vlan is not recommended for the mgmt vlan (vlan double tagging/..)

Tagging of management traffic - losing QoS tag --> is it possible then to tag management traffic on the WLC (thus not by a switch)?

George Stefanick Thu, 03/01/2012 - 09:12

Hey Davy,

No, you need to tag both sides (WLC and Switch) or the WLC management interface will not connect. But does it make sense WHY you need to tag it ... Your AP manager is on the management vlan or if you use 5508 it is the management interface, (no ap manager).

If you trust CoS, which you should for trunks your native vlans arent tagged so it doesnt get trusted. Your CAPWAP will lose its tagging ..

Make sense?

davy.timmermans Thu, 03/01/2012 - 13:18

I was not clear in my previous post. I was wondering in my previous post if the wlc is capable of  'cos marking' mgmt traffic. I'm not aware of such mechanism? If the WLC is not able to cos mark mgmt interface traffic (CAPWAPP/interWLC traffic). The cos argue has no sense.

Although I understand it's better to 'vlan tag'  all interfaces. - Before I did mgmt interface the native vlan way

George Stefanick Thu, 03/01/2012 - 13:45

I appreciate when we dive deep on questions like this because it makes you think. Bill Cox said once, "Once I thought I knew QoS on a wireless lan controller I would get a question of the audience and it would make me think, do I really know QoS on the WLC"

For the record you can mark up or down WLAN traffic on a WLAN. This can be found under the QoS profile / 802.3p.

As for the CAPWAP. Lets walk this through ..

AP -- We trust DSCP becuase this is not a trunk link. The AP has 2 paths, control and data. The control path is always sent at 7, the AP does this and is a factory setting. The data path is marked by the supplicant and translated in the capwap packet.

Since both are marked (control and data), the frames will arrive at the switch the WLC is connected to. if you dont trust there the control frame loses its QoS setting. If that link becomes loaded your control frames are at risk.

Coming from the WLC, the WLC sends the control frames out at 7 as well (just like the AP) ... See the mobile design guide for a better description. But look at this, note the LWAPP control frames. These are marked by the AP and the WLC.

AVVID 802.1 UP-Based Traffic Type
AVVID IP DSCP
AVVID 802.1p UP
IEEE 802.11e UP

Network control

-

7

-

Inter-network control (LWAPP control, 802,11 management

48

6

7

Voice

46 (EF)

5

6

Video

34 (AF41)

4

5

Voice Control

26 (AF31)

3

4

Background (gold)

18 (AF21)

2

2

Background (gold)

20 (AF22)

2

2

Background (gold)

22 (AF23)

2

2

Background (silver)

10 (AF11)

1

1

Background (silver)

12 (AF12)

1

1

Background (silver)

14 (AF13)

1

1

Best Effort

0 (BE)

0

0, 3

Background

2

0

1

Background

4

0

1

Background

6

0

1

Does this help ?

weterry Thu, 03/01/2012 - 13:47

EDIT:  George went and posted a book while I was typing this response so he likely clarifies this much better than myself [I have not read his response yet above, I just know it exists]

Hopefully this clarifies the concern.

Any inteface on a WLC can be configured with vlan 0.  Marking vlan 0 means "untagged", which is that traffic that would be in the "Switchport Native Vlan X" vlan on the trunk.  COS does not function with "untagged" traffic.

So the expectation, and proper design is that no interface on the WLC should be marked with vlan 0.  Which means you should TAG your Management Interface, which means your Management Interface must not be the Native Vlan on the trunk.

The only exception to this rule is that fancy switch IOS command that goes something like "tag-native-vlan" which means that Native Vlan on the Switch is actually setting a TAG, which means a "0" on the WLC wouldnt function at all.

Bottom line, setup your native vlan on the trunk to be some vlan that is not used by the WLC and then TAG all interfaces (including Management).....

davy.timmermans Fri, 03/02/2012 - 01:24

I'm aware CoS is carried only in dot1q packets /native vlan/ 0 - that was not my concern.

@George

Thus recommended is to configure a switchport connected to  AP with trust DSCP and a switchport connected to a WLC with trust cos.

It would be better if the WLC marks at L3

George Stefanick Fri, 03/02/2012 - 08:10

@ Wesley ! Book, where is the LOVE?

@ Davy ... Correct AP = DSCP and WLC = CoS ? Does this make sense ?

Actions

Login or Register to take actions

This Discussion

Posted December 3, 2011 at 10:10 PM
Stats:
Replies:15 Avg. Rating:5
Views:3621 Votes:0
Shares:0
Tags: 5500_wlc
+

Related Content

Discussions Leaderboard