CCKM vs Mobility Groups - Roaming for Voice Clients

Similar Messages

• Mobility Group Requirements for Guest Anchor WLC

  Hello -
  I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
  I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
  To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
  Thanks
  Chuck

  Not only is it possible, I would recommend it. However, you may be confusing some concepts.
  The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
  The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
  If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
  Does that make sense?

• Layer 3 Roaming for Voice

  What are people using on wireless networks that have VLAN's for voice and data to provide Layer 3 roaming funcionality. Need wireless voice users to be able to roam across subnets seemlessly. Layer 2 works great but scalling to 2000 users. Need a Layer 3 solution. Does anyone have this working ? With a non-cisco wireless voice device?

  IP mobility is the feature you are looking for, I guess Cisco will be coming with voice handsets with this feature soon.

• Slow roaming for WGB-client (mobile) on AP/WLC!

  A customer of mine have previously had 2 AP1242 set up as root-AP and then an additional AP1252 set up as WGB onboard a (very slow) moving vehicle. This has worked very good.
  On the vehicle there is 1 "real" PC and 3-4 additional PLCs or such "dumb" equipments with an static IP-address each. All equipment on the vehicle is connected to an unmanaged Layer2-switch.
  Now they have extended the WLAN-installation, and replacing the 2 old and added 5 new APs (all lightweight) and a WLC. The vehicle-WGB is also replaced. All new APs and the new WGB is AP2602 and the WLC is a 2504.
  After installing the new CAP2602, the WLC2504 ande the new WGB AP2602 on the vehicle they report that the roaming is too slow for the application that controls the vehicle.....  TYhis results in a "Full Stop". Which is rather undesirable!!
  I have looked at the configuration of the WGB-AP which is (in principle) unchanged from the AP1252 and also the WLC, But do not see any peculiarities. We also tried to set the channel on all tyhe APs to the same (Meru-style...) but that did not help. The environment of the APs and the vehicle is absolutely guaranteed free from any other interfering WLANs/networks.
  Any iseas? I attach the config of the WLC and the WGB.
  Best Regards
  Göran Blomqvist
  Sweden

  Hi
  I can see your WLAN configured for both WPA/TKIP & WPA2/AES as authentication suites. I would stick only one (WPA2/AES).
  Also to test, I would first check it in open authentication & see if that make any difference.
  I think in your WGB configuration you have most recommended settings. Here are some useful notes on WGB configuration
  http://mrncciew.com/2013/07/24/wgb-roaming-part-1/
  http://mrncciew.com/2013/06/16/unified-ap-wgb-with-multiple-vlan/
  HTH
  Rasika
  *** Pls rate all useful responses ****

• Windows Server 2008 - Group policy for domain client to start/stop services installed on it

  Hello Experts
  I am a newbie to windows server administration , though did a Google  , but ended up with these question with my requirements
  I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
  domain ADMIN account .
  && now i am want to start/stop/restart services enabled for domain users  !! How do i achieve this !!
  basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
  what is the easiest way to achieve the same , (if not using GPO)???
  similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
  it ask for ADMIN credentials) 
  Thanks
  Mike~Ed

  Controlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
  The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
  or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
  If my answer helped you, check out my blog:
  Deploy Happiness

• Mobility Group Table *MUST* be populated in each WLC in same mobility group

  For what it's worth,
  I recently discovered that when you have multiple controllers and want to implement Mobility Groups, more is needed than simply entering the same Default Mobility Group Name for each controller within the mobility group. The following is required:
  a) The IP address of the "Virtual" interface on each controller must be identical on each controller within the mobility group.
  b) The Default Mobility Group Name must be identical on each controller within the mobility group (case sensitive).
  c) The mobility table must be populated with an entry for each controller within the mobility group.
  Otherwise, you will see some inexplicable behavior such as:
  * LWAP access points refusing to change to a different controller, even if their primary controller is explicitly set and the LWAP is rebooted.
  * LWAP access points unable to find any other wireless controller other than the one pointed to by the "CISCO-LWAPP-CONTROLLER" DNS entry (presumably, this would also be the case if DHCP Option 43 is used to point the LWAP to a controller). Once the first controller reaches its max. capacity of LWAPs, no more LWAPs can join.
  * Even MASTER CONTROLLER MODE has no effect.
  Cisco TAC was able to explain the great mystery of the Mobilty Group Table to me. However, unless you know your problem is related to mobility groups issues, you might not know to start there (I know I didn't).
  The least difficult method I have found for populating the mobility group table is as follows:
  Build a text file with one entry for each controller in the mobility group as follows:
  Log into the GUI for each controller and selecting: Controller -> Mobility Management -> Mobility Groups, click the "EDIT ALL" button and copy the MAC and IP address from the text box into a text file using NOTEPAD. Repeat this for each controller, creating a new line for each:
  The format for the entries is as follows:
  00:1a:6c:91:22:A0 192.168.20.44
  00:1a:6c:91:22:B4 192.168.20.45
  Once the text file is completed (one entry for each controller in the mobilit group), click the EDITALL button and copy the entire contents of the text file and paste it into the text box on the controller GUI, click the APPLY button and click Save Changes. Repeat for each controller.
  Again, make sure that the following settings are IDENTICAL in each of the controllers in the Mobility Group:
  * The IP address of the "virtual" interface ( Controller -> interfaces ) must be the same on all controllers.
  * The "Default Mobility Domain Name" ( Controller -> General ) must be identical on each controller in the mobility group (note: the Mobility Domain Name is case sensitive).
  After making changes directly to the controllers, a "refresh from controller" in the WCS might be needed to get the WCS to attempt to synchronize itself with the controllers.
  Here is a link to the 4.2 Wireless Controller Configuration Guide which discusses this in greater detail.
  http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a00808e638b.html
  It is unfortunate that there are currently no mechanisms in the WCS 4.2 to make these changes in bulk (i.e.: The WCS has no Controller Template to do this).
  Also, if you ever need to replace a controller, you will need to update the Mobility Group Table in each controller in the Mobility Group (since the tables will have the MAC address of the old controller which will now be different in the new replacement controller).
  Despite having used the "unified" product for some time now, there are still surprises from time to time. I just thought that I would share my experience for those who may want avoid it and/or who may be encountering any of odd the behavior described above.
  - John

  Hi John,
  Nice work with this very relevant info! Please post a short reply here so that we can give this the nice rating it deserves :)
  Thanks again!
  Rob

• Mobility group membership

  I have 4 WLC's deployed :
  1. AnchorWLC - WLC4402 anchor in a DMZ for guest access
  2. WLCA1 - WLC4402 on SiteA
  3. WLCB1 - WLC2006 on SiteB
  4. WLCB2 - WLC2006 on SiteB
  SiteA & SiteB are geographically separated.
  On all WLC's there is the same mobility group 'group1' with the following group members:
  1.on AnchorWLC: group1 members:WLCA1,WLCB1,WLCB2
  2.on WLCA1: group1 members: anchorWLC
  3.on WLCB1: group1 members: WLCB2,anchorWLC
  4.on WLCB2: group1 members:WLCB1,anchorWLC
  As SiteA and SiteB are geographically separated I have not included internal(non-anchor) WLC's that are on siteA in the mobility group created on WLC's on SiteB and vice versa . The only WLC that has all controllers added to his mobility group is the AnchorWLC as guest access is needed from both siteA and siteB.
  Is this a valid config(anayway it is working...) or is it recommended to have 2 different mobility groups, one for each site(A & B) and create 2 seperate mobility groups on the anchorWLC ?

  I would recommend going for two separate mobility groups. Even though it is working since it is geographically separated, its always better to have different mobility groups.

• Can we create Mobility group between WISM2 and WLC 5500

  Dears,
  I need your feedback urgent please,
  Can we create Mobility Group between WISM2 and WLC 5500
  Firmware for WISM2 > 7.4.121.0
  Firmware for WLC5500 > 6.0.196.0
  I created Mobility Group with (IP address , MAC Address and Mobility group name) for Foreign Controller. if any configuration required from my side.
  Wait your feedback urgent please
  Regards,

  Hi,
  Controllers do not have to be of the same model to be a member of a mobility group. Mobility groups can be comprised of any combination of controller platforms.
  Thats enough :)
  Regards
  Dont forget to rate helpful posts

• Can we overcome the limited # of users in mobile groups?

  Why is 10 contacts the limit in a given mobile group?
  For crying out loud, I have more than 10 friends and family members!
  Databases have LONG had the ability to have nearly an endless number of recors, so why is this so chintzy?

  When editing my contacts online at Verizon I am able to add people to mobile groups.
  However I am not able to add more than 10 contacts to a group.  I receive an error that tells me I must delete someone from the group in order to add a new person. 
  There are only 10 persons in the group Family.
  And then again I have been able to add more than 10 persons to a single group when there were no persons in any other group. 
  I have not been able to find the details relevant to editing contacts in backup assistant plus. 
  Later this evening I'm going to try and editing the contacts on the phone to see if the updates from the phone to the website will add all the persons I want to the groups I want.
  I'll post the results later and let you know.

• Add a FastEthernet interface to mobility group

  I admit I don't completely understand mobility groups. I need to add a server on one of the wireless networks. I can't seem to figure out if there is a way to configure a port on a 6509 to be in the same wireless mobility group.
  Thanks.
  Edited: No need to respond. Just talked to TAC and found out this is not possible at this time.

  i am quite new too. but i don't think you can. mobility group is for wireless part of the network, assigned to tunnel and ssid in the aps only.

• Mobility group -without layer 3 roaming

  Hi all,
  With a N+1 WLC deployment, is it possible to disable layer 3 roaming while enabling Mobility group feature on the backup controller ?
  based on the network setup layer 3 mobility is not required.However,  we need to both controllers to exchange all security related  parameters so that excluded clients info etc  will be in sync during a failover scenario.
  I do not  intend to use ACLs as such.
  Any thoughts much appreciated.
  cheers,
  Janesh

  Hi Nicolas,
  Many thanks for the  reply.
  Let me throw some light on the matter
  -Why exactly do you want to block layer 3 roaming ?
  Buildings are miles apart so roaming  will only happen within a building and it will be  intra controller.
  Also  I have seen on cisco doco that Layer 3 roaming is not preferred.
  How does it impact you as anyway it's transparent for the network ?
  As I mentioned layer 3 roaming is not required so I don't see a point enabling it.Why tax the controller unnecessarily?
  One controller serves all the APs at one data centre and the other is the backup.No salt and pepper  scenario.
  -Does that mean that you're ok with layer 2 roaming ? If yes, just configure all WLCs to serve the same subnets for the clients
  Layer2 roaming will happen  within the controller as  primary and backup controllers are Layer -3 separated.
  There is no layer 2 adjacency between the controllers.
  over to you
  cheers,
  Janesh

• Multicast between wirless clients on same AP and Mobility Group

  We have a autonomous wireless setup with a WLSM and WLSE. I have an issue with where I have 2 wirless clients that need to communicate using a multicast address for an application to work.
  The clients can ping each other but the multicast stream is not working between the clients. The SSID is part of a mobility group that sits on a Cat 6509 sup720.
  A debug on the sup720 shows the upstream multicast from one of the clients but you see no activity downstream to the other client.
  Tunnel multicast stats: -
  Tunnel176 is up, line protocol is up
  Internet address is 53.32.176.33/27
  Multicast routing: enabled
  Multicast switching: fast
  Multicast packets in/out: 2619/0
  Multicast boundary: not set
  Multicast TTL threshold: 0
  Multicast Tagswitching: disabled
  Sup 720 Debug: -
  May 9 15:15:31: IGMP(0): Send v2 Report for 224.0.1.40 on Tunnel176
  May 9 15:15:31: IGMP(0): Received v2 Report on Tunnel176 from 53.32.176.33 for 224.0.1.40
  May 9 15:15:31: IGMP(0): Received Group record for group 224.0.1.40, mode 2 from 53.32.176.33 for 0 sources
  May 9 15:15:31: IGMP(0): Updating EXCLUDE group timer for 224.0.1.40
  May 9 15:15:31: IGMP(0): MRT Add/Update Tunnel176 for (*,224.0.1.40) by 0
  May 9 15:16:15: IP(0): s=53.32.176.40 (Tunnel176) d=225.0.0.38 id=11765, prot=17, len=68(54), mroute olist null
  May 9 15:16:15: IP(0): s=53.32.176.40 (Tunnel176) d=225.0.0.37 id=11766, prot=17, len=68(54), mroute olist null
  May 9 15:16:25: IGMP(0): Send v2 general Query on Tunnel176
  May 9 15:16:25: IGMP(0): Set report delay time to 0.9 seconds for 224.0.1.40 on Tunnel176
  Please help as I need to get the 2 clients communicating using the multicast stream.
  Thanks
  Martin

  Have you enabled multicast mode on the controller ?
  If so, in what mode ? Unicast or multicast ?
  If you selected multicast mode, do you see the controller joining the original stream and sending it to the LWAPP distribution group to the other APs ?

• WLC4402 mobility group for failover

  Anyone know what the return time is for an AP to jump back to the primary controller from the secondary controller once it comes back online? I have a backup controller over a WAN connection that I'm using to backup four different locations. WLC is runnign 3.2.78 code. APs are 1000 series.

  We're trying to figure this out as well; we have a WiSM, and try to get the APs to fail over from one side to the other. They do, but it takes them a good 30 seconds and obviously no traffic is passed during this time. Both controllers share a mobility group, and each mobility group peer can ping the other.
  The APs are converted 1131AGs an 12xx series. We've used http://www.cisco.com/warp/public/102/wlc_failover.pdf to set this up, but there reregistration is hardly immediate, and the APs don't seem to ever switch back to the primary controller once it comes back up. Any suggestions?

• Group policy template for Novell Client for Windows 7

  Does anyone know if there is a group policy template for the Novell Client for Windows 7? I find it really hard to believe that Novell has not yet released one, but I cannot find one anywhere. We use ZCM 11.2, and I really need to be able to send out settings for the client via a group policy.
  By the way, I am also posting this on the Novell Client forum, but since this is also a ZCM thing, I am hoping I might get some feedback here.
  Rick P

  Two recent/new resources are available for the Novell Client 2 SP3 for Windows:
  Cool Solutions AppNote: Novell Client 2 SP3 for Windows: Registry Settings
  Novell Client 2 SP3 for Windows: Registry Settings | Novell User Communities
  Cool Solutions Tool: Group Policy Administrative Template for Novell Client 2 SP3 for Windows
  Group Policy Administrative Template for Novell Client 2 SP3 for Windows | Novell User Communities

• Best Practice Regarding Large Mobility Groups

  I was reading the WLC Best Practices and was wondering if anyone could put a number to this statement regarding the largest number of APs, end users, and controllers which can contained in a Mobility Group.
  We would be deploying WiSMs in two geographically dispersed data centers. No voice is being used or is planned.
  "Do not create unnecessarily large mobility groups. A mobility group should only have all controllers that have access points in the area where a client can physically roam, for example all controllers with access points in a building. If you have a scenario where several buildings are separated, they should be broken into several mobility groups. This saves memory and CPU, as controllers do not need to keep large lists of valid clients, rogues and access points inside the group, which would not interact anyway.
  Keep in mind that WLC redundancy is achieved through the mobility groups. So it might be necessary in some situations to increase the mobility group size, including additional controllers for
  redundancy (N+1 topology for example)."
  I would be interested in hearing about scenarios where a Catalyst 6509 with 5 WiSM blades is deployed in data centers which back each other up for cases of disaster recovery.
  Can I have one large Mobility group? This would be easier to manage.
  or
  Would it be better to back up each blade with a blade in the second data center? This would call for smaller Mobility Groups.
  Be glad to elaborate further if anyone has a similar experience and needs more information.
  All responses will be rated.
  Thanks in advance.
  Paul

  Well, that is a large group indeed, and I would say most organizations use nested groups instead of adding these behemoths to the directory as they are quite difficult to work with.  If it's a one-time thing, you could create it manually in bite-sized
  chunks with LDIF or the like, so that FIM only has to do small delta changes afterwards.
  The 5,000 member limit mostly applies to groups prior to the change to linked value storage.  What is your forest functional level, and have you verified that this group is using linked values?
  Steve Kradel, Zetetic LLC