WLC 5508 to WLC 5508 for Mobility Group

Similar Messages

• WLC 4400 - Different minor versions same mobility group?

  Hi all,
  i have 2 WLC 4400 integraded in 3750G.
  One has 6.0.202 and the other 6.0.188.
  They are in different places but now i want to put them in the same mobility group.
  Will this difference be a problem?
  BR
  Anthony

  Yes it will be an issue. You have to remember that the AP gets it firmware from the WLC image. So if an AP has to mi e from one to the other, it will either upgrade or downgrade each time. Best practice is to keep the firmware the same.
  Sent from Cisco Technical Support iPhone App

• WLC 5508 and mobility groups

  Hi,
  We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
  other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
  Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
  (i get a duplicate mac address message).
  What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
  Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
  Any clearification would be greatly appreciated
  BR
  //Mikael

  I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
  On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
  WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
  If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
  With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
  on the two UK WLCs
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  on the two Swedish WLCs
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

• Mobility Group Requirements for Guest Anchor WLC

  Hello -
  I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
  I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
  To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
  Thanks
  Chuck

  Not only is it possible, I would recommend it. However, you may be confusing some concepts.
  The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
  The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
  If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
  Does that make sense?

• Mobility group same ssid multiple WLC

  I have a 4400 and a 5508 WLC in the same location
  We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
  Do I only need to create a mobility group and add both WLC
  then create only one WLAN on one of the controllers and it will be shared across bot WLC.
  Or something else?

  Resolution :
  Yes you are correct. Please follow this link for Mobility groups and Roaming :
  http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

• Create 2nd mobility group on 5508

  Hi all,
  We are running all our APs in H-REAP mode connecting to WLC 5508 (7.2.xxx)
  Each H-REAP AP has local switched SSID, as  well as a guest SSID (centrally switched), which is 'tunneled' to the WLC, with Internet only access through the DC.
  All the AP's connecting to the WLC using the managment interface, which is also the local mobilty group.
  To route traffic different for the guest WLAN, I'd like to create a new Interface on WLC and use this as local mobility group for the guest WLAN.
  Is this possible, or is the managment interface always the local monility group?
  Appreciate your feedback.
  Thanks,
  Stefan      

  Hi Rasika,
  Each of our branch sites have 2 WAN connections. 1 MPLS (critical traffic), 1 IPsec (non critical).
  While the managment interface of WLC is reachbale  through MPLS, I'd like to route traffic for Guest WLAN over IPsec.
  Therefore I would need create a 2nd Interface on WLC (different IP range) and terminate centrally switched traffic on that interface.
  As you've mentioned the local mobility group is always the controller MAC (management int), so not sure if there's another way to solve this?
  H-REAP AP,s register to managmnet int      --> routed through MPLS
  centrally switched traffic to different int          --> routed through IPsec
  Thanks,
  Stfean

• Mobility group membership

  I have 4 WLC's deployed :
  1. AnchorWLC - WLC4402 anchor in a DMZ for guest access
  2. WLCA1 - WLC4402 on SiteA
  3. WLCB1 - WLC2006 on SiteB
  4. WLCB2 - WLC2006 on SiteB
  SiteA & SiteB are geographically separated.
  On all WLC's there is the same mobility group 'group1' with the following group members:
  1.on AnchorWLC: group1 members:WLCA1,WLCB1,WLCB2
  2.on WLCA1: group1 members: anchorWLC
  3.on WLCB1: group1 members: WLCB2,anchorWLC
  4.on WLCB2: group1 members:WLCB1,anchorWLC
  As SiteA and SiteB are geographically separated I have not included internal(non-anchor) WLC's that are on siteA in the mobility group created on WLC's on SiteB and vice versa . The only WLC that has all controllers added to his mobility group is the AnchorWLC as guest access is needed from both siteA and siteB.
  Is this a valid config(anayway it is working...) or is it recommended to have 2 different mobility groups, one for each site(A & B) and create 2 seperate mobility groups on the anchorWLC ?

  I would recommend going for two separate mobility groups. Even though it is working since it is geographically separated, its always better to have different mobility groups.

• Best Practice Regarding Large Mobility Groups

  I was reading the WLC Best Practices and was wondering if anyone could put a number to this statement regarding the largest number of APs, end users, and controllers which can contained in a Mobility Group.
  We would be deploying WiSMs in two geographically dispersed data centers. No voice is being used or is planned.
  "Do not create unnecessarily large mobility groups. A mobility group should only have all controllers that have access points in the area where a client can physically roam, for example all controllers with access points in a building. If you have a scenario where several buildings are separated, they should be broken into several mobility groups. This saves memory and CPU, as controllers do not need to keep large lists of valid clients, rogues and access points inside the group, which would not interact anyway.
  Keep in mind that WLC redundancy is achieved through the mobility groups. So it might be necessary in some situations to increase the mobility group size, including additional controllers for
  redundancy (N+1 topology for example)."
  I would be interested in hearing about scenarios where a Catalyst 6509 with 5 WiSM blades is deployed in data centers which back each other up for cases of disaster recovery.
  Can I have one large Mobility group? This would be easier to manage.
  or
  Would it be better to back up each blade with a blade in the second data center? This would call for smaller Mobility Groups.
  Be glad to elaborate further if anyone has a similar experience and needs more information.
  All responses will be rated.
  Thanks in advance.
  Paul

  Well, that is a large group indeed, and I would say most organizations use nested groups instead of adding these behemoths to the directory as they are quite difficult to work with.  If it's a one-time thing, you could create it manually in bite-sized
  chunks with LDIF or the like, so that FIM only has to do small delta changes afterwards.
  The 5,000 member limit mostly applies to groups prior to the change to linked value storage.  What is your forest functional level, and have you verified that this group is using linked values?
  Steve Kradel, Zetetic LLC

• HA N+1 and Mobility Groups

  Hi all,
  One question, can I have 2 WLC's on different Mobility Groups pointing to the same HA N+1 WLC which is located in one of those Mobility Groups?. I have not seen any note about this on the Cisco documentation I have checked.
  thanks

  From 7.4 onwards AP can fail over to a WLC even they are in different mobility group. So I think this set up should work without any problem.
  http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_01110011.html
  http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html
  HTH
  Rasika
  *** Pls rate all useful responses ****

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala

• WLC mobility group between 4404 and 5508 controllers

  Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
  Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
  We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
  All controllers have:
  The same virtual address
  Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
  The default mobility domain name is the same
  4404 output when issung the command 'show mobility summary'
  Symmetric Mobility Tunneling (current) .......... Enabled
  Symmetric Mobility Tunneling (after reboot) ..... Enabled
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  5508 ouput when issueing the command 'show mobility summary'
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  I've spent quite some time double checking all the configurations to no avail.
  Has anybody seen this problem before?
  Kind regards
  Dave Bell

  Thanks Sandeep.
  I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
  All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
  In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
  Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
  For example:
  {Screen shot WLC1.jpg}
  5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
  however!
  From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
  {Screen shot wlc2.jpg}
  Hence the WLC reports as: bc:16:65:f9:37:60
  and
  The network reports as: f872.eaee.becf for the same IP address.
  I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
  bc:16:65:f9:37:60
  to
  f8:72:ea:ee:be:cf
  I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
  Kind regards
  Dave Bell

• Wireless 5508 WLC's in a Mobility Group

  All,
  Scenario: Would like redundancy on 2 x 5508's but unable to utilise HA (SSO) due to internal WLC DHCP requirements.
  Mobility groups - Can 2 controllers in the same mobility group share a DHCP scope? I.E overlapping addresses or would the scope need to be split across controllers?
  If scopes are slit hat happens to DHCP requests once the primary DHCP server has allocated all leases? Also what happens if a clients joined controller A receives valid IP address then controller A goes off line? AP's re-establish with controller B but client has invalid scope IP?
  Cheers,
  Jay   

  Hi,
  Actually in the Mobility Group you enable the user to move form one WLC APs coverage to other WLC APs coverage with same client IP configuration.. so if we  make groups then obviously we should make different DHCP scope to avoid network address range exhausted.
  As far as controller A is up, IP configuration on wireless client would be remain same, but if your controller A goes off then the client will acquire the new IP from different DHCP scope which is assigned to controller B.

• Migrating 2 standalone 5508 to one mobility-group

  hey everyone,
  for some reason our wlan-controllers were build up to be standalone instead of beeing one mobility-group.
  I would like to change this in order to use all features of HA.
  let me describe our scenario:
  two WLCs 5508 running SW ver. 6
  - same subnet
  - both are running in master controller mode
  - different hostnames, ip-addresses, etc
  - all settings for WLANs and AP-groups (exept the APs themselves in these groups) are the same
  - in total at this moment we are running around 100 LAPs configured one half on WLC#1, the other half on WLC#2
  I don't know exactly why, but when that setting was installed, someone already configuredHA for each accesspoint...
  e.g.:
  - AP#1 primary WLC#1, secondary WLC#2
  - AP#2 primary WLC#2, secondary WLC#1
  but without WLC#2 knowing the configuration for AP#1 it makes no sense, correct?
  so my question is: how should I do the migration in the best way?
  is it easy as:
  - disabling master controller mode on WLC#2
  - configuring both WLCs into one mobility group
  --> WLCs are negotiating their configurations for the APs
  and everything is fine after this?
  comments appriciated. ;-)
  rgeards, Manuel

  Master Controller Mode is only listened to if the AP does not have a primary controller set.
  So all you should need to do is change the mobility group name on the Controller tab to match between the two, then go into the mobility group and edit the mac/ip address of the WLC to be in both WLC.  Make sure you use the mac address from the mobility configuration, and you should be good.
  Steve

• Replace WLC Mobility Group Anchor

  We have 2 5508 and 1 4402 WLCs and all belong to the same mobility group. The 4402 does not have any access points and does nothing more than serve as a mobility anchor for our public wireless SSID. We are planning to replace the 4402 with a new 2504 unit which will have the same configuration including IP as the 4402. Is there anything I need to do with the mobility groups when we remove the 4402?
  Thanks for any help.
  Jeff

  you'll need to add the MAC of the 2504 to the mobility group, and remove the entry for the 4402.
  Out of Curiosity...how many concurrent guest users to you have usually?
  Steve

• Upgrading two 5508's in mobility group

  I can't for the life of me find an answer but I thought there was some extra "notes" for upgrading two 5508 controllers in a mobility group.  I have about 150 AP's (1140 series) and would really like to minimize the downtime as much as possible.  My current plan is as follows:
  Upgrade WLC-2 (the secondary)
  Reboot WLC-2
  Upgrade WLC-1 (Primary w/all the AP's attached)
  Push the AP image {predownload primary all}
  Wait for the push to finish
  Reboot WLC-1
  Any tech notes / real life lessons learned you can share would be great.  It's a Hospital so I need to keep the downtime to an absolute minimum.
  Going from 7.0.116 to 7.4.110
  Thanks,
  Todd

  As long as you will not be going to implement HA SSO, 7.4.110.0 seems to be a good version.  Although I haven't used this, some people have had good results with this version.
  Your upgrade process is OK.