Flexconnect Local switching + WGB with Passive Clients
Dear All Support
Lately I have been dealing with infrastructure that use WLC 7.6.xxx 5508 and Unified AP 1131G on Flexconnect Local switching mode on branches . To those AP's, WGB AP 1121G are connected, and to those Passive Client (printers) are connected.
On L3Router Passive Client Mac address were add as static arp entry
on WLC side Passive Client options on WLAN was not set as from documentation here and there, FlexConnect Local does not support Multicast<->Multicast traffic
Issues is that we were losing connections to Wired Passive Clients (quick fix was/is to restart WGB or remove arp entry from L3Router and add it again) at the same time we did not loss WGB AP, but interesting point is that WGB1121 is still seeing Passive Client, as connected and communication between them is working, even if we cannot ping it from L3Router not to mention Central Office devices.
So by those symptoms I imagine that there is problem on passing ARP to WLC and to L3 devices, so we did create mac filtering on WLC and assign it to WLAN after couple of days Wired_Passive_Cleint do not disappeared and are still visible.
To be fair this is a lot of entries to pass on to WLC and L3 routers not to mention that on this same WLAN we are connecting Tablets. So Mac address to filter of Printers and Tablets need to be put on this WLAN when using MAC filtering. I could not find any way to Provide Mac Filtering on WLAN and still be able to connect devices that were not put on Filtering List. (apart from creating another WLAN)
The other documentation for passive client mention that Multicasting is required, ok as I have wrote above this wont work to FlexConnect Local switching but I found this entry on documentation:
"For FlexConnect APs with locally switched WLANs, passive client feature enables the broadcast of ARP requests and the APs respond on behalf of the client."
Will this work with AP Multicas: Unicast Mode and than tweak Passive Client on WLAN for ARPs to be broadcasted ? Does this mean that I have to Enable Multicast Globally? Those enabling AP Multicasting -> Unicast on WLC will required enabling Multicasting on L3Router on branch side and respectively L3RouterISR and L3_6500_core on Central Office? Or is it enough to enable Broadcast Forwarding.
Also maybe we could avoid macfiltering on WLAN if we add static mac address of wired_passive_clients on L3_6500_core device?
I still did not end up with ideas to try but some help will be appreciated.
1.Wireless LAN controller WLC5508 (software 7.6.130) and APs LAP 1331G work in FlexConnect Local Switching.
2.To LAPs in Branches over one WLAN (SSID: EMIPK Tablet) are connecting Tablets (apple) and AP WGB with connected passive clients - printers for cashregister. Printers are mobile so cable connections is out of option.
3.All different timers (agging time, iwapp timers etc.)recommend when setting AP WGB with passive clients, were set as per Cisco documentation.
4.WGB AP are always accessible but passive devices which are connected to this AP WGB disappear and its not possible to access it from Central or Branches location.
On other hand its possible to access passive device from WGB AP.
5.Workaround for clients is to restart WGB AP, or delete arps of passive clients on branch routers and add them again.
By debug analysis seams like XID: send via Flex AP to WLC do not pass information on passive clients from WGB AP.
In other words it seams we have hit the bug CSCun45503
Passive client option on WLAN in WLC is out of options when AP groups are present (in this case they are). Also FlexConnect only allows Multicasting in Unicast mode, which in over 300 AP on WLC5508 could end up high CPU load.
Other workaround was to add MAC filtering on SSID: EMPIK Table and add IP and MAC of passive clients on MAC Filtering list, but as I mentioned it also connects tablets (impossible to get static MAC as devices change a lot) which are working with the cashregister printers.
So we are trying to go with 8.0.100 software on WLC but then those open caveats give us increasing heart beating:
CSCuq55372-8.0 – WLC crash with Flex AP and Local Switching Enabled
CSCup43052-WLC crashes after starting client roaming
We have asked TAC for 8.0.MR1 (22.214.171.124) mailing to firstname.lastname@example.org
thanks for update. I have tried your workaround with MAC filtering on SSID + adding IP and MAC of passive client on MAC Filtering list. I was able to see Client with correct IP (not 0.0.0.0) and MAC among other WGB clients. Problem is that connection to that IP is not working from WLC or L3 device. (it is working from WGB AP). MAC address was "incomplete" in "sh arp" on L3 device. Is there something which i can use to force flexconnect AP to announce this MAC?
command "sh capwap reap association" performed on flexconnect AP showed that client still had IP 0.0.0.0, even on WLC i saw that client with correct IP. ( when i have used Mac filtering or create static ARP entry on WGB). I have added static ARP entry on switch BEHIND WGB and it is working now (without Mac filtering).
ON WGB itself i have configured : bridge 1 address aaaa.bbbb.cccc forward FastEthernet0.xxx (aaaa.bbbb.cccc - is MAC address of passive device)
My WLAN is switched locally so creating static ARP on L3 switch connecting to WLC i think will not help. (Flexconnect AP should maintaind ARP entries when you have local switching)