cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6652
Views
5
Helpful
16
Replies

WLC 5508 to C6509 etherchannel problem

choclateer
Level 1
Level 1

I have configured a 6509 with a port-channel over 2 interfaces as the ap-manager interface for a 5508 WLC, see below. I am not able to ping the WLC ap-manager interface from the 6509 console port. The WLC ap-manager interface is on the vlan101 subnet and uses vlan tags.

interface Port-channel9

description ether channel for WLC 1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 101

switchport trunk allowed vlan 101,113,127

switchport mode trunk

logging event link-status

logging event bundle-status

!

interface GigabitEthernet7/2

description ether channel for WLC 1

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 101

switchport trunk allowed vlan 101,113,127

switchport mode trunk

logging event link-status

logging event bundle-status

channel-group 9 mode on

!

interface GigabitEthernet8/2
description ether channel for WLC 1
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 101
switchport trunk allowed vlan 101,113,127
switchport mode trunk
logging event link-status
logging event bundle-status
channel-group 9 mode on
!

port-channel load-balance src-dst-ip

and the 5508 is using:
Version: 6.0.199.4

I found in the manual (Cisco Wireless LAN Controller Configuration Guide, Software Release 7.0 June 2010,) to try using :

port-channel load-balance src-dst-ip exclude vlan

but the 6509 won't take it. Any ideas?

1 Accepted Solution

Accepted Solutions

Can you provide the interface configs of the WLC?

You are saying you tag the AP-Managers as vlan 101?

But you have your switch set for Native vlan 101 (so it won't tag the traffic)......   end result of a Management Interface like this is typically "it doesn't work".

Is your Management interface an AP-MGR? or you have Management + 2 AP-MGRs?

View solution in original post

16 Replies 16

choclateer
Level 1
Level 1

I meant to add that the 6509 is using:

(s72033_rp-ADVIPSERVICESK9_WAN-VM), Version 12.2(33)SXI6, RELEASE SOFTWARE (fc4)

Can you provide the interface configs of the WLC?

You are saying you tag the AP-Managers as vlan 101?

But you have your switch set for Native vlan 101 (so it won't tag the traffic)......   end result of a Management Interface like this is typically "it doesn't work".

Is your Management interface an AP-MGR? or you have Management + 2 AP-MGRs?

I cannot get the interface configs for the WLC for a few days, I had to go out of town. I will try removing the Native Vlan statement from the port channel and 2 interfaces.

Yes, Management is the AP-MGR, not management plus 2 AP-MGRs

Mike Fleck

Datanamics, Inc

cell 702-985-5420

I remoted into the switch and removed the Native Vlan and now everything is fine, Thanks "weterry"

Fantastic. Very common problem (typically manifests as "I can't manage the WLC").  If you wanted to leave the switch as native vlan 101, then you'd want to set "0" as the vlan on the interface (so the wlc doesn't tag it, and switch knows to put it in 101).

The issue with this latter approach is that I don't think you can trust COS for untagged traffic, so QOS would be a problem to get working.

Hello. I think that is a well-known problem. You cannot set the native vlan on the wlc. It's alway vlan 1. After removing the setting "switchport trunk native vlan 101" the native vlan change to default which is vlan number 1.

I am using software version 6.0.199.4, too.

thats not true. You can tag all the interfaces on the WLC, so long as you remember it's a dot1q trunk. So you would want the native VLAN on the switch to be something other than what any interface on the WLC is. Otherwise the switch will drop the traffic that is tagged on the native VLAN.

So in the above scenario setting the switch poet native VLAN to 999 would work so long as VLAN 999 is not used on the WLC.

Make sense!

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Im going to offer my 2cents?

First. why are you using a native VLAN on the WLC for management ? It is in your best interest to TAG all your VLANs. The Cisco manuals have noted for years to native the management, but Cisco folks will tell you this is not ideal. In fact, you will lose all QoS trust if you use mls qos trust on the WLC / switch port. Since your management is native, your capwap tunnels qos will not be trusted.

I would tagg everything .. Dont use native

In 7.x config guide it finally was changed and it states to tag your management traffic.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

@George

I'm aware that in the switching world - native vlan is not recommended for the mgmt vlan (vlan double tagging/..)

Tagging of management traffic - losing QoS tag --> is it possible then to tag management traffic on the WLC (thus not by a switch)?

Hey Davy,

No, you need to tag both sides (WLC and Switch) or the WLC management interface will not connect. But does it make sense WHY you need to tag it ... Your AP manager is on the management vlan or if you use 5508 it is the management interface, (no ap manager).

If you trust CoS, which you should for trunks your native vlans arent tagged so it doesnt get trusted. Your CAPWAP will lose its tagging ..

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I was not clear in my previous post. I was wondering in my previous post if the wlc is capable of  'cos marking' mgmt traffic. I'm not aware of such mechanism? If the WLC is not able to cos mark mgmt interface traffic (CAPWAPP/interWLC traffic). The cos argue has no sense.

Although I understand it's better to 'vlan tag'  all interfaces. - Before I did mgmt interface the native vlan way

I appreciate when we dive deep on questions like this because it makes you think. Bill Cox said once, "Once I thought I knew QoS on a wireless lan controller I would get a question of the audience and it would make me think, do I really know QoS on the WLC"

For the record you can mark up or down WLAN traffic on a WLAN. This can be found under the QoS profile / 802.3p.

As for the CAPWAP. Lets walk this through ..

AP -- We trust DSCP becuase this is not a trunk link. The AP has 2 paths, control and data. The control path is always sent at 7, the AP does this and is a factory setting. The data path is marked by the supplicant and translated in the capwap packet.

Since both are marked (control and data), the frames will arrive at the switch the WLC is connected to. if you dont trust there the control frame loses its QoS setting. If that link becomes loaded your control frames are at risk.

Coming from the WLC, the WLC sends the control frames out at 7 as well (just like the AP) ... See the mobile design guide for a better description. But look at this, note the LWAPP control frames. These are marked by the AP and the WLC.

AVVID 802.1 UP-Based Traffic Type
AVVID IP DSCP
AVVID 802.1p UP
IEEE 802.11e UP

Network control

-

7

-

Inter-network control (LWAPP control, 802,11 management

48

6

7

Voice

46 (EF)

5

6

Video

34 (AF41)

4

5

Voice Control

26 (AF31)

3

4

Background (gold)

18 (AF21)

2

2

Background (gold)

20 (AF22)

2

2

Background (gold)

22 (AF23)

2

2

Background (silver)

10 (AF11)

1

1

Background (silver)

12 (AF12)

1

1

Background (silver)

14 (AF13)

1

1

Best Effort

0 (BE)

0

0, 3

Background

2

0

1

Background

4

0

1

Background

6

0

1

Does this help ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Really good explanation... i am just in a process of placing trust on the wireless lan controller ports and AP ports.

For queuing my thought is that since its a lwwap capwap tunnel, doing queuing on this interface can limit the bandwidth for class cs7 and cs6. should these interfaces be left without queuing, means everything goes into queue 1 which gets 100% of the buffer.  

EDIT:  George went and posted a book while I was typing this response so he likely clarifies this much better than myself [I have not read his response yet above, I just know it exists]

Hopefully this clarifies the concern.

Any inteface on a WLC can be configured with vlan 0.  Marking vlan 0 means "untagged", which is that traffic that would be in the "Switchport Native Vlan X" vlan on the trunk.  COS does not function with "untagged" traffic.

So the expectation, and proper design is that no interface on the WLC should be marked with vlan 0.  Which means you should TAG your Management Interface, which means your Management Interface must not be the Native Vlan on the trunk.

The only exception to this rule is that fancy switch IOS command that goes something like "tag-native-vlan" which means that Native Vlan on the Switch is actually setting a TAG, which means a "0" on the WLC wouldnt function at all.

Bottom line, setup your native vlan on the trunk to be some vlan that is not used by the WLC and then TAG all interfaces (including Management).....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: