WLC 7.3.101.0 Mobility group peer cannot up.

Hi Guys,
It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
Peer 1: version: 7.3.101
Peer 2: version 7.0.98
Peer3: version 7.2.103
Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.

Chris is right here. One thing I tell my clients is to allow everything between the foreign and the anchor WLC's just to verify that the mobility can come up, then lock it down. Here is some links that explain what test is for what port.
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809a30cc.shtml#qa8
Anchor Controller Positioning
Because the anchor controller is responsible for termination of guest WLAN traffic and subsequent access to the Internet, it is typically positioned in the enterprise Internet DMZ. In doing so, rules can be established within the firewall to precisely manage communications between authorized controllers throughout the enterprise and the anchor controller. Such rules might including filtering on source or destination controller addresses, UDP port 16666 for inter-WLC communication, and IP protocol ID 97 Ethernet in IP for client traffic. Other rules that might be needed include the following:
•TCP 161 and 162 for SNMP
•UDP 69 for TFTP
•TCP 80 or 443 for HTTP, or HTTPS for GUI access
•TCP 23 or 22 for Telnet, or SSH for CLI access
Depending on the topology, the firewall can be used to protect the anchor controller from outside threats.
For the best possible performance and because of its suggested positioning in the network, it is strongly recommended that the guest anchor controller be dedicated to supporting guest access functions only. In other words, the anchor controller should not be used to support guest access in addition to controlling and managing other LWAPP APs (LAPs) in the enterprise.
Sent from Cisco Technical Support iPhone App

Similar Messages

  • Wireless 5508 WLC's in a Mobility Group

    All,
    Scenario: Would like redundancy on 2 x 5508's but unable to utilise HA (SSO) due to internal WLC DHCP requirements.
    Mobility groups - Can 2 controllers in the same mobility group share a DHCP scope? I.E overlapping addresses or would the scope need to be split across controllers?
    If scopes are slit hat happens to DHCP requests once the primary DHCP server has allocated all leases? Also what happens if a clients joined controller A receives valid IP address then controller A goes off line? AP's re-establish with controller B but client has invalid scope IP?
    Cheers,
    Jay   

    Hi,
    Actually in the Mobility Group you enable the user to move form one WLC APs coverage to other WLC APs coverage with same client IP configuration.. so if we  make groups then obviously we should make different DHCP scope to avoid network address range exhausted.
    As far as controller A is up, IP configuration on wireless client would be remain same, but if your controller A goes off then the client will acquire the new IP from different DHCP scope which is assigned to controller B.

  • WLC 5508 and mobility groups

    Hi,
    We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
    other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
    Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
    (i get a duplicate mac address message).
    What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
    Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
    Any clearification would be greatly appreciated
    BR
    //Mikael

    I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
    On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
    WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
    If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
    With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
    on the two UK WLCs
    xx:xx:xx:xx:xx:xx  192.168.1.1  uk
    yy:yy:yy:yy:yy:yy 192.168.1.2 uk
    on the two Swedish WLCs
    zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
    aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
    hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

  • Mobility Group Requirements for Guest Anchor WLC

    Hello -
    I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
    I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
    To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
    Thanks
    Chuck

    Not only is it possible, I would recommend it. However, you may be confusing some concepts.
    The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
    The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
    If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
    Does that make sense?

  • Wlc mobility group

    HI,
    How many WLCs 5508 can you add to the mobility group?

    WLC code 5.1 and above we can add 24 WLC in a single mobility Group..
    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html#wp1093878
    Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
    Regards
    Surendra

  • WLC4402 mobility group for failover

    Anyone know what the return time is for an AP to jump back to the primary controller from the secondary controller once it comes back online? I have a backup controller over a WAN connection that I'm using to backup four different locations. WLC is runnign 3.2.78 code. APs are 1000 series.

    We're trying to figure this out as well; we have a WiSM, and try to get the APs to fail over from one side to the other. They do, but it takes them a good 30 seconds and obviously no traffic is passed during this time. Both controllers share a mobility group, and each mobility group peer can ping the other.
    The APs are converted 1131AGs an 12xx series. We've used http://www.cisco.com/warp/public/102/wlc_failover.pdf to set this up, but there reregistration is hardly immediate, and the APs don't seem to ever switch back to the primary controller once it comes back up. Any suggestions?

  • N+1 redundancy and different mobility groups

    Is it possible to backup 2 controllers with 2 different mobility groups (for example GROUP1 and GROUP2) to the same backup controller (running HA SKU N+1 (7.4)) ?
    Since a controller can only be configured in 1 mobility group, this doesn't seem to be possible. Can someone confirm ?
    regards,
    Geert

    Hello,
    As per your query i can suggest you the following solution-
    In all Wireless LAN Controller (WLC) versions earlier than 4.2.61.0, when a WLC goes "down," the LAP registered to this WLC can failover only to another WLC of the same Mobility Group, if the LAP is configured for failover. From Cisco WLC version 4.2.61.0 and later, a new feature called Backup Controller Support is introduced for access points to failover to controllers even outside the Mobility Group. Refer to Wireless LAN Controller and Light Weight Access Points Failover Outside the Mobility Group Configuration Example for more information.
    Hope this will help you.

  • HA N+1 and Mobility Groups

    Hi all,
    One question, can I have 2 WLC's on different Mobility Groups pointing to the same HA N+1 WLC which is located in one of those Mobility Groups?. I have not seen any note about this on the Cisco documentation I have checked.
    thanks

    From 7.4 onwards AP can fail over to a WLC even they are in different mobility group. So I think this set up should work without any problem.
    http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/consolidated/b_cg74_CONSOLIDATED_chapter_01110011.html
    http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_HA_Overview.html
    HTH
    Rasika
    *** Pls rate all useful responses ****

  • WLC 5508 * 2 & Mobility Group

    What I am trying to configure is Mobility Groups.
    My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
    It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
    Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
    Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
    My current config is as follows:-
    WLC 5508 * 2
    WLC 1 - Primary
    WLC 2 - HA SKU (Secondary )
    Redundancy = SSO (Both AP and Client SSO)
    =============
    (Cisco Controller) >show sysinfo
    Manufacturer's Name.............................. Cisco Systems Inc.
    Product Name..................................... Cisco Controller
    Product Version.................................. 7.6.130.0
    Bootloader Version............................... 1.0.20
    Field Recovery Image Version..................... 7.6.101.1
    Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
    Build Type....................................... DATA + WPS
    System Name...................................... WLC5508
    System Location..................................
    System Contact...................................
    System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
    Redundancy Mode.................................. SSO (Both AP and Client SSO)
    IP Address....................................... 10.31.66.21
    Last Reset....................................... Software reset
    System Up Time................................... 0 days 22 hrs 39 mins 57 secs
    System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
    System Stats Realtime Interval................... 5
    System Stats Normal Interval..................... 180
    Configured Country............................... GB  - United Kingdom
    Operating Environment............................ Commercial (0 to 40 C)
    --More-- or (q)uit
    Internal Temp Alarm Limits....................... 0 to 65 C
    Internal Temperature............................. +38 C
    External Temperature............................. +21 C
    Fan Status....................................... OK
    State of 802.11b Network......................... Enabled
    State of 802.11a Network......................... Enabled
    Number of WLANs.................................. 1
    Number of Active Clients......................... 0
    Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
    Power Supply 1................................... Present, OK
    Power Supply 2................................... Absent
    Maximum number of APs supported.................. 500
    ============================================
    TA

    TA,
    Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
    Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
    Configuring HA on the AP:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
    Using CPI to push AP configuration templates:
    http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
    Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
    BR, Ala

  • Unable to add new WLC to the Mobility Group

    Hi,
    Any help will be very welcome.
    I recently add a second CT5508 to the network, but when I tried to add the first 5508 to the mobilty group I received a message like this:
    "error in creating member"
    I've tried different mobility names, via GUI, via CLI and always the same error.
    I've verified twice or more than twice connectivity issues or any error on the entering the MAC and IP of the controllers, everything is fine.
    Any idea?
    I'm using version 7.0.116.0
    Thanks

    Hello Moises,
    Did you load a configuration backup from your first WLC to the new second WLC? If so, it's possible we have a stale duplicate entry from loading a configuration.
    On the WLC where you cannot add the member, let's try clearing out the stale entry from the CLI:
    config mobility group member delete 00:00:00:00:00:00
    Then, try to add the member and see if it works.
    -Pat

  • Does a 2504 WLC support mobility group with WiSM1 on 6500 Series

    if a 2504 WLC support mobility group with WiSM1 on 6500 Series.
    Model: WLC 2504
    Software version: 7.3.101.0
    Model: WiSM1
    Software verion: 7.x.x.x

    Yes and no. 
    Yes, mobility is supported.  
    No because I personally won't recommend inter-controller roaming.  This is more true when you're dealing with 4400/WiSM-1.  This is even more true when you've got WLC running two (or more) different codes.  

  • WLC 7.4.100.0 Mobility group control and data path down

    Hi All,
    Today i am facing issue with mobility group. i checked and found  control and data path is down on foreign controller.I am able to ping anchor controller. Required ports are open on firewall but mping and eping fails. Any idea whats wrong. On Anchor controller, i have 7 foreign controller configured and among these 3 are working fine. Having problem with 4 foreign controller. Previously all are working fine and there is no changes made on network or firewall.            

    Post output of "show mobility summary" of your Anchor WLC & a non-working WLC. Also "show sysinfo" of those two controllers.
    Regards
    Rasika

  • Mobility group same ssid multiple WLC

    I have a 4400 and a 5508 WLC in the same location
    We want to be able to roam between ap joined to both the 4400 and the 5508 using only one ssid
    Do I only need to create a mobility group and add both WLC
    then create only one WLAN on one of the controllers and it will be shared across bot WLC.
    Or something else?

    Resolution :
    Yes you are correct. Please follow this link for Mobility groups and Roaming :
    http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_mobility.html

  • WLC 5500 mobility group failover

    Hey
    I have a Question i am testing  mobility group with
    Failover for redundend connection between 2
    Cisco 5500 Wlc.
    On both the controllers i got the mobility working
    And both the controllers have the same version
    And configuration.
    But when i unplug the main controller the access-
    Points don't convers to the second one
    The just keep on creaming can't find the main controller
    Also with this thus the second wlc need to have the same
    Interface ip address like managment..??
    Thanks

    What do you mean by "convers". An AP will only join one wlc and when that primary wlc is no longer available, should failover to the other/secondary wlc. Mobility is required for an AP to know about all the other APs in that mobility group. And if not configured correct, your AP will only be able to join that wlc.
    Thanks,
    Scott Fella
    Sent from my iPhone

  • WLC Mobility Group Confusion

    Can some please clarify how Mobility groups work and when to use them. I have 2 data centers, each with a WLC, for centralized control. I just want to provide simple redundancy.
    When should I use an Anchor group.
    Thanks for your help.

    To make it simple, any wlc's that will be a primary, secondary or tertiary WLC for lap's will need to be placed in the same mobility group. Now if you have a guest anchor controller for guest, then that will need to be added in the same mobility group. Bottom line, when users roam from AP to AP from WLC to another even getting tunneled (anchor) the WLC's need to be aware of the roaming and that is what mobility group does.
    Anchor is if you want to tunnel users to a specific controller like in a guest wireless situation when the WLC is located in the DMZ. There are other reasons, but this is most likely why.

Maybe you are looking for

  • KIO (Dolphin) is failing to detect file changes automatically.

    I am facing something very similar to the following bug. https://bugs.kde.org/show_bug.cgi?id=207361 Dolphin opened to a directory. Konqueror opened to the same directory. If I delete a file from that folder via console Dolphin doesn't update the fil

  • Subpixel hinting: all four filters are wrong.

    Hi all, I've been troubling with webpages that has dark background and white or gray fonts, they always seem a little blur and uneven because the lcd screen had something to do with decreased font width. However when I tried to setup a subpixel rende

  • Difference between sale order Costing & Standard Product Costing

    Hi experts I wanted to know Importance of Sales Order Costing & standard Product Costing.what are the benefits of these. Regards Sandeep patil

  • Screen blanks automatically [solved]

    On both my desktop and laptop my monitor will go blank after some period of inactivity, which is irritating. I don't have xscreensaver installed, and I've turned off -- to my knowledge -- the default Xorg screen blanking: $ xset s 0 $ xset s off But

  • JApplet question

    Can someone please tell me why the background color doesn't appear when I run this code? package javaapplication2; import java.awt.*; import javax.swing.JApplet; public class may19f extends JApplet {     public void paint (Graphics page)         setB