Loading...
Loading...
High CPU in WNCD due to looped ARP packets coming from AireOS WLC. Client roaming activity between the 9800-80 and AireOS WLCs drive up WNCD utilization, leading to AP drops and network wide impact.
9800 WLC doing IRCM with AireOS WLC. 9800 and AireOS WLC have common VLANs Client locally connected to AireOS WLC sends ARP request to client anchored in 9800 from the AireOS WLC. Issue is seen exclusively when the AireOS WLC receives the ARP request with the mobility header. Instead of forwarding the packet to the client AP, it forwards it through the management interface causing the loop.
The best solution is to make sure that different client VLANs are used on the AireOS controller(s) than on the 9800 controller(s). This will avoid the problem entirely. If you cannot reconfigure the VLANs, then the following configurations will mitigate the impact on the 9800 controller: 1. Enable Proxy ARP on the policy profiles that have clients doing IRCM roaming: conf t wireless profile policy ipv4 arp-proxy end 2. Limit the amount of SISF packets that hit the CPU: term len 0 show platform software punt-policer show platform software punt-policer | i SISF conf t platform punt-policer wls_sisf_pkt 5000 high end If running IOS-XE 17.3.6, 17.6.4, 17.9.1 above, use this configuration instead: platform punt-policer wls_sisf_arp_v6nd_pkt 5000 high
As AireOS is past its End of Software Maintenance, this bug will not be fixed. Therefore, any AireOS-9800 IRCM deployment, that involves clients roaming between the two controller types, should use a different set of client VLANs for the AireOS controller(s) than for the 9800 controller(s).
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.