Create 2nd mobility group on 5508

Hi all,
We are running all our APs in H-REAP mode connecting to WLC 5508 (7.2.xxx)
Each H-REAP AP has local switched SSID, as  well as a guest SSID (centrally switched), which is 'tunneled' to the WLC, with Internet only access through the DC.
All the AP's connecting to the WLC using the managment interface, which is also the local mobilty group.
To route traffic different for the guest WLAN, I'd like to create a new Interface on WLC and use this as local mobility group for the guest WLAN.
Is this possible, or is the managment interface always the local monility group?
Appreciate your feedback.
Thanks,
Stefan      

Hi Rasika,
Each of our branch sites have 2 WAN connections. 1 MPLS (critical traffic), 1 IPsec (non critical).
While the managment interface of WLC is reachbale  through MPLS, I'd like to route traffic for Guest WLAN over IPsec.
Therefore I would need create a 2nd Interface on WLC (different IP range) and terminate centrally switched traffic on that interface.
As you've mentioned the local mobility group is always the controller MAC (management int), so not sure if there's another way to solve this?
H-REAP AP,s register to managmnet int      --> routed through MPLS
centrally switched traffic to different int          --> routed through IPsec
Thanks,
Stfean

Similar Messages

  • Mobility group same ssid multiple WLC

    I have a 4400 and a 5508 WLC in the same location
    We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
    Do I only need to create a mobility group and add both WLC
    then create only one WLAN on one of the controllers and it will be shared across bot WLC.
    Or something else?

    Resolution :
    Yes you are correct. Please follow this link for Mobility groups and Roaming :
    http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

  • WLC 5508 * 2 & Mobility Group

    What I am trying to configure is Mobility Groups.
    My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
    It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
    Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
    Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
    My current config is as follows:-
    WLC 5508 * 2
    WLC 1 - Primary
    WLC 2 - HA SKU (Secondary )
    Redundancy = SSO (Both AP and Client SSO)
    =============
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.101.1
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System Name...................................... WLC5508
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    Redundancy Mode.................................. SSO (Both AP and Client SSO)
    IP Address....................................... 10.31.66.21
    Last Reset....................................... Software reset
    System Up Time................................... 0 days 22 hrs 39 mins 57 secs
    System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... GB  - United Kingdom
    Operating Environment............................ Commercial (0 to 40 C)
    --More-- or (q)uit
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +38 C
    External Temperature............................. +21 C
    Fan Status....................................... OK
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 1
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Absent
    Maximum number of APs supported.................. 500
    ============================================
    TA

    TA,
    Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
    Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
    Configuring HA on the AP:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
    Using CPI to push AP configuration templates:
    http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
    Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
    BR, Ala

  • WLC mobility group between 4404 and 5508 controllers

    Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
    Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
    We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
    All controllers have:
    The same virtual address
    Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
    The default mobility domain name is the same
    4404 output when issung the command 'show mobility summary'
    Symmetric Mobility Tunneling (current) .......... Enabled
    Symmetric Mobility Tunneling (after reboot) ..... Enabled
    Mobility Protocol Port........................... 16666
    Default Mobility Domain.......................... SGH-Mobility
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0xe209
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 6
    Mobility Control Message DSCP Value.............. 0
    5508 ouput when issueing the command 'show mobility summary'
    Mobility Architecture ........................... Flat
    Mobility Protocol Port........................... 16666
    Default Mobility Domain.......................... SGH-Mobility
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0xe209
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 6
    Mobility Control Message DSCP Value.............. 0
    I've spent quite some time double checking all the configurations to no avail.
    Has anybody seen this problem before?
    Kind regards
    Dave Bell

    Thanks Sandeep.
    I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
    All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
    In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
    Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
    For example:
    {Screen shot WLC1.jpg}
    5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
    however!
    From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
    {Screen shot wlc2.jpg}
    Hence the WLC reports as: bc:16:65:f9:37:60
    and
    The network reports as: f872.eaee.becf for the same IP address.
    I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
    bc:16:65:f9:37:60
    to
    f8:72:ea:ee:be:cf
    I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
    Kind regards
    Dave Bell

  • WLC 5508 and mobility groups

    Hi,
    We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
    other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
    Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
    (i get a duplicate mac address message).
    What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
    Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
    Any clearification would be greatly appreciated
    BR
    //Mikael

    I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
    On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
    WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
    If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
    With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
    on the two UK WLCs
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    on the two Swedish WLCs
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

  • Can we create Mobility group between WISM2 and WLC 5500

    Dears,
    I need your feedback urgent please,
    Can we create Mobility Group between WISM2 and WLC 5500
    Firmware for WISM2 > 7.4.121.0
    Firmware for WLC5500 > 6.0.196.0
    I created Mobility Group with (IP address , MAC Address and Mobility group name) for Foreign Controller. if any configuration required from my side.
    Wait your feedback urgent please
    Regards,

    Hi,
    Controllers do not have to be of the same model to be a member of a mobility group. Mobility groups can be comprised of any combination of controller platforms.
    Thats enough :)
    Regards
    Dont forget to rate helpful posts

  • 5508 Mobility Groups

    Hello.
    2 questions
    1) Is it possible for 2 WLCs installed in seperate data centres with L3 seperation to be joined in a mobility group? We will have aps in the branch offices split between controllers so we want to make sure roaming work ok. Also all guest access should be anchored to data centre 2.
    2) in flexconnect local switching mode, do I need to create flexconnect groups if I'm only using radius servers in the data centre with no requirement to use local radius as a backup?

    Mobility groups can work when the WLC's are in different subnet asl long as UDP 16666 and IP 97 allowed between the two WLC's.
    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html#wp1102312
    You will not be able to configure for guest, what wlc is primary or secondary.  The foreign WLC will decide which guest anchor controller (if there is two) it will use.
    You don't need to use flexconnect groups if you don't want to.  If your devices are not cckm compliant, then I wouldn't worry about it personally.  Here are the numbers, but some has changed with the 7.3.
    The number of FlexConnect groups and access point support depends on the platform that you are using. You can configure the following:
    •Up to 100 FlexConnect groups for a Cisco 5500 Series Controller
    •Up to 1000 FlexConnect groups for a Cisco Flex 7500 Series Controller. The Cisco Flex 7500 Series Controller can accommodate up to 50 access points per FlexConnect group.
    •Up to 20 FlexConnect groups with up to 25 access points per group for the remaining platforms.
    https://supportforums.cisco.com/docs/DOC-26778#Increased_scale_for_Cisco_Flex_7500_Series_Controllers_668166
    Thanks,
    Scott
    Help out other by using the rating system and marking answered questions as "Answered"

  • Migrating 2 standalone 5508 to one mobility-group

    hey everyone,
    for some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group.
    I would like to change this in order to use all features of HA.
    let me describe our scenario:
    two WLCs 5508 running SW ver. 6
    - same subnet
    - both are running in master controller mode
    - different hostnames, ip-addresses, etc
    - all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same
    - in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
    I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint...
    e.g.:
    - AP#1 primary WLC#1, secondary WLC#2
    - AP#2 primary WLC#2, secondary WLC#1
    but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
    so my question is: how should I do the migration in the best way?
    is it easy as:
    - disabling master controller mode on WLC#2
    - configuring both WLCs into one mobility group
    --> WLCs are negotiating their configurations for the APs
    and everything is fine after this?
    comments appriciated. ;-)
    rgeards, Manuel

    Master Controller Mode is only listened to if the AP does not have a primary controller set.
    So all you should need to do is change the mobility group name on the Controller tab to match between the two, then go into the mobility group and edit the mac/ip address of the WLC to be in both WLC.  Make sure you use the mac address from the mobility configuration, and you should be good.
    Steve

  • Wireless 5508 WLC's in a Mobility Group

    All,
    Scenario: Would like redundancy on 2 x 5508's but unable to utilise HA (SSO) due to internal WLC DHCP requirements.
    Mobility groups - Can 2 controllers in the same mobility group share a DHCP scope? I.E overlapping addresses or would the scope need to be split across controllers?
    If scopes are slit hat happens to DHCP requests once the primary DHCP server has allocated all leases? Also what happens if a clients joined controller A receives valid IP address then controller A goes off line? AP's re-establish with controller B but client has invalid scope IP?
    Cheers,
    Jay   

    Hi,
    Actually in the Mobility Group you enable the user to move form one WLC APs coverage to other WLC APs coverage with same client IP configuration.. so if we  make groups then obviously we should make different DHCP scope to avoid network address range exhausted.
    As far as controller A is up, IP configuration on wireless client would be remain same, but if your controller A goes off then the client will acquire the new IP from different DHCP scope which is assigned to controller B.

  • Upgrading two 5508's in mobility group

    I can't for the life of me find an answer but I thought there was some extra "notes" for upgrading two 5508 controllers in a mobility group.  I have about 150 AP's (1140 series) and would really like to minimize the downtime as much as possible.  My current plan is as follows:
    Upgrade WLC-2 (the secondary)
    Reboot WLC-2
    Upgrade WLC-1 (Primary w/all the AP's attached)
    Push the AP image {predownload primary all}
    Wait for the push to finish
    Reboot WLC-1
    Any tech notes / real life lessons learned you can share would be great.  It's a Hospital so I need to keep the downtime to an absolute minimum.
    Going from 7.0.116 to 7.4.110
    Thanks,
    Todd

    As long as you will not be going to implement HA SSO, 7.4.110.0 seems to be a good version.  Although I haven't used this, some people have had good results with this version.
    Your upgrade process is OK. 

  • Creating new Bridge Group names in Cisco 5508 WLC??

    How do we Create new Bridge Group names on Cisco 5508 WLC, with 1552E Access Point??

    You create it on the 1552 once the AP joins.  One it joins, you will have to choose that AP and then set the AP mode to Bridge and then apply.  This will reboot the AP.  Once the AP comes back, you will have a MESH tab on that specific AP or any AP that you have set to Bridge mode.  You then set the AP role and the bridge group name there.  Here is an older MESH deployment guide to follow.
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70mesh.html
    Scott

  • Create a dynamic group by email address (not includes 2nd email address)

    I've created a dynamic group from powershell as below,  but it also shows the user who's the 2nd email address is @abc.com.
    So how can exclude the user has 2nd email address from the group?
    New-DynamicDistributionGroup -Name "ACB All Users Dynamic Group" -OrganizationalUnit xyz.lftltd.net/HKG/Groups -RecipientContainer lftltd.net -PrimarySmtpAddress
    [email protected] -RecipientFilter {(EmailAddresses -like
    '*@abc.com') -and (RecipientType -eq 'UserMailbox') -and (CustomAttribute9 -ne 'Resigned') -and (Title -ne 'System Mailbox')}
    Many thanks.

    Hi Timothy,
    Besed on my test, to filter the recipients based on the second emailaddresses  seems difficult, because there is a limit to the syntax of RecipientFilter, it's hard for me to divide the results of the property emailadresses and filter
    the recipient based on the first one.
    In addition, to get all the recipients from the dynamic group, please refer to the script below:
    $ddg = Get-DynamicDistributionGroup ITUsers
    Get-Recipient –RecipientPreviewFilter $ddg.RecipientFilter
    And we can usually filter the emailaddress from get-emailbox like this:
    If there is anything else regarding this issue, please feel free to post back.
    Best Regards,
    Anna Wang

  • 5508 Mobility Group

    Clients are not able to roam between WCS controllers. Our mobility groups are working but we are not able to pass DHCP addresses between controllers

    When you say mobility is working, what do you mean?  Are you trying to use WLCB to assign a client on WLCA an address?

  • Unable to add new WLC to the Mobility Group

    Hi,
    Any help will be very welcome.
    I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
    "error in creating member"
    I've tried different mobility names, via GUI, via CLI and always the same error.
    I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
    Any idea?
    I'm using version 7.0.116.0
    Thanks

    Hello Moises,
    Did you load a configuration backup from your first WLC to the new second WLC? If so, it's possible we have a stale duplicate entry from loading a configuration.
    On the WLC where you cannot add the member, let's try clearing out the stale entry from the CLI:
    config mobility group member delete 00:00:00:00:00:00
    Then, try to add the member and see if it works.
    -Pat

  • Firefox 4 RC - 2nd Tab Group is deleted when closing and restarting

    This seemed to work at first when I first upgraded to Firefox 4 RC. Then later in the day when working with Panorama Groups, I found that the 2nd tab groups disappeared that I created once I quit my browser and reloaded it. This happen each time I do this again.

    Thanks, cor-el for replying, I am afraid it did not help, you see my problem doesn't lay in the closing part. I can make a more detailed explanation on my "problem". You see when I have many tabs open under a period of using Firefox 4 RC, while using some I close normally the ones I don't use just pressing the x button on the tab, it closes but here comes the spooky thing. When going to tab groups, it says the tab is still alive and I can't close it there... So restarting firefox will by instant get me all of those tabs I don't want to have opened and those that I want opened. Now the problem doesn't appear, if I do like this...
    Open tabs I want, open tabs I will only look for a sec, go into tab groups "close" them there. Restart Firefox, they will not come. SO I am wondering is there any bug with closing normally the tabs I could send pictures of what happens....

Maybe you are looking for

  • Is it possible to make an iWeb site accessible to mobile phones? (in Japan)

    Is it possible to make an iWeb site accessible to mobile phones? (I'm in Japan) I've tried making a tiny site but my own phone (au A5516T by Toshiba) can't display it. The URL is accepted but displays just a white blank screen. I can't see anything a

  • Grouping Key Figures via Web item?

    Hi, in our webtemplates we would like to split the key figures (part of a structure) into two web items. Is it possible to split key figures, all part of one key figure structure, over two web items. Which webitem can handle this? Or does it require

  • COS Template/Gateway URL Accesslist settings merging

    Hi, if i understand correctly the setting of the URL access list is stored in LDAP. It can either be specified on the organization, role or user level. If specified at the organization level a COS template is created in LDAP. This is used for the set

  • No sound from speaker

    I bought my mobile a month ago. Since yesterday No sound can be heard frim tis device. No ringtones, no touch tones. Everything works with earphones but without it one would feel as if he is deaf. Tried even safe mode bt same problem exist. Whatto do

  • Complex question about masks - help needed please

    Hello folks, new to this forum and new to After Effects.  I hope you can help me achieve a particular animation. The result I want is to move a pair of glasses across the frame and through the left lens of the glasses, the background image is made cl