Guest

Preview Tool

Cisco Bug: CSCvt89989 - Mesh AP: With ACL blocks ping to GW, AP can't join controller if it doesn't complete within 45sec

Last Modified

Aug 21, 2020

Products (1)

  • Cisco Aironet 1850 Series Access Points

Known Affected Releases

8.10(105.0)

Description (partial)

Symptom:
From Rel 8.10, COS Mesh APs speed up the mesh network recovery mechanism through fast detection of uplink gateway reachability failure.
Mesh AP’s uplink gateway reachability is checked using ICMP ping to the default gateway, either IPv4 or IPv6.
From the moment the uplink is selected to the moment that the AP joins the controller, AP will continuously check the GW reachability.  If AP could not join the controller and the reachability failure persists longer than 45sec, the uplink will be blacklisted and uplink selection process restarts.

In certain customer deployment, there is ACL that blocks the ICMP ping thru gateway. All other traffic thru GW is intact. This causes the AP to consider there is gateway reachabililty issue falsely.  In this case, if the AP can't join the controller within 45 second, the uplink will be blacklisted and AP will not be able to join the controller.

Conditions:
ICMP blocked at the AP subnet Gateway. For example using an ACL to block ICMP to the AP default GW.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.