WLC Mobility Group problem

Similar Messages

• WLC mobility group between 4404 and 5508 controllers

  Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
  Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
  We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
  All controllers have:
  The same virtual address
  Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
  The default mobility domain name is the same
  4404 output when issung the command 'show mobility summary'
  Symmetric Mobility Tunneling (current) .......... Enabled
  Symmetric Mobility Tunneling (after reboot) ..... Enabled
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  5508 ouput when issueing the command 'show mobility summary'
  Mobility Architecture ........................... Flat
  Mobility Protocol Port........................... 16666
  Default Mobility Domain.......................... SGH-Mobility
  Multicast Mode .................................. Disabled
  Mobility Domain ID for 802.11r................... 0xe209
  Mobility Keepalive Interval...................... 10
  Mobility Keepalive Count......................... 3
  Mobility Group Members Configured................ 6
  Mobility Control Message DSCP Value.............. 0
  I've spent quite some time double checking all the configurations to no avail.
  Has anybody seen this problem before?
  Kind regards
  Dave Bell

  Thanks Sandeep.
  I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
  All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
  In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
  Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
  For example:
  {Screen shot WLC1.jpg}
  5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
  however!
  From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
  {Screen shot wlc2.jpg}
  Hence the WLC reports as: bc:16:65:f9:37:60
  and
  The network reports as: f872.eaee.becf for the same IP address.
  I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
  bc:16:65:f9:37:60
  to
  f8:72:ea:ee:be:cf
  I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
  Kind regards
  Dave Bell

• WLC Mobility Group Confusion

  Can some please clarify how Mobility groups work and when to use them. I have 2 data centers, each with a WLC, for centralized control. I just want to provide simple redundancy.
  When should I use an Anchor group.
  Thanks for your help.

  To make it simple, any wlc's that will be a primary, secondary or tertiary WLC for lap's will need to be placed in the same mobility group. Now if you have a guest anchor controller for guest, then that will need to be added in the same mobility group. Bottom line, when users roam from AP to AP from WLC to another even getting tunneled (anchor) the WLC's need to be aware of the roaming and that is what mobility group does.
  Anchor is if you want to tunnel users to a specific controller like in a guest wireless situation when the WLC is located in the DMZ. There are other reasons, but this is most likely why.

• WLC MOBILITY GROUP SINGLE WEB AUTHENTICATION

  Hi.
  I have installed two AIR-WLC2112 with mobility group configured and authentication web.
  I want to know if you can create user / password web authentication only in one  WLC.
  Now, when I create a new user / password , I have to create in two WLC.
  Thanks

  Inorder to validate a site issuing a certificate , client should be loaded with a certificate from same Certificate Authority. Else ignore the warning and continue to the site. If you want to know if the site is valid , click on View certificate on the warning page and see if it belongs to the website.

• Wlc mobility group

  HI,
  How many WLCs 5508 can you add to the mobility group?

  WLC code 5.1 and above we can add 24 WLC in a single mobility Group..
  http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html#wp1093878
  Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Replace WLC Mobility Group Anchor

  We have 2 5508 and 1 4402 WLCs and all belong to the same mobility group. The 4402 does not have any access points and does nothing more than serve as a mobility anchor for our public wireless SSID. We are planning to replace the 4402 with a new 2504 unit which will have the same configuration including IP as the 4402. Is there anything I need to do with the mobility groups when we remove the 4402?
  Thanks for any help.
  Jeff

  you'll need to add the MAC of the 2504 to the mobility group, and remove the entry for the 4402.
  Out of Curiosity...how many concurrent guest users to you have usually?
  Steve

• Mobility group problem in wireless Lan Controller

  Dear All,
  I have 2 WLC associated with Prime Infrastructure 2.0 i faced a problem when Edit the interface or add new interface in the Ap group in WLC and loggin to prime infrastructur  i found the AP group without any Editing and with the oldest interfaces please advice if this normal behaviour or how i can solve this problem?

  I made this solution andthe problem still exist. and restart the VMware and also the problem still exist
  Go to Configure> Controllers
  and then which controller have config mismatch...on right side click on mismatch in Audit status tab.
  After that it will ask for audit now, click on that. After auditing it will show you the two option:
  1. Restore PI values to Controller
  2. Refresh config from controler
  Clcik on 2nd #Refresh config from controler#
  Then select 2nd option again(Use the configuration on the controller currently) and click on GO.
  Please feed me back.

• WLC 5508 and mobility groups

  Hi,
  We are using 2 WLC 5508 running 7.0.98.0 sw (AP's are 1142) at our primary site. They are hosting 3 different WLAN/SSID's, one for guest and the
  other 2 are for corporate access. We have put the WLC's in a mobility group, say "AAAA".
  Now we have the need for our UK peer site to publish a corp WLAN that exists in UK - at our site, and when trying to configure for that (following the c70cg.pdf) - I put the WLC's for UK in a new mobility group, say "BBBB". But i can't add our WLC's into that mobilty group
  (i get a duplicate mac address message).
  What's the correct way of configuring this, does all WLCs need to be in the same mobility group?
  Is there some reason why we can't have 2 mobility groups? Is there any upside/downside to configuring 2 mob. groups?
  Any clearification would be greatly appreciated
  BR
  //Mikael

  I think you are misunderstanding , so far what you did on your local swedish site is correct. Your two swedish WLCs have to be in their own same mobility group so you can give seamless roaming to your wireless users across your swedish area without interruption.
  On a WLC mobility group config page, you can have only one entry  per WLC, this is why you are getting the duplicate error message.
  WEBGUI - CONTROLLER - MOBILITY MANAGEMENT - MOBILITY GROUPS
  If you want to put your 4 WLCs so they exchange mobility messages, the following has to happen on all 4 WLCs.
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  Note when you add WLC on the mobility section, the WLC start sending messages to each like, hey i have this client and you have that client and so on. But this has nothing to do with what you are trying to achieve.
  With regards to the execs that are coming, yes, replicate the SSID and point it to the Radius Server they have in UK, add your swedish WLC(s) as a NAS on the Radius Server and it should work as if they were in UK. that should be enough and i advise you to do the following for mobility groups config.
  on the two UK WLCs
  xx:xx:xx:xx:xx:xx  192.168.1.1  uk
  yy:yy:yy:yy:yy:yy 192.168.1.2 uk
  on the two Swedish WLCs
  zz:zz:zz:zz:zz:zz  172.17.1.1  sweden
  aa:aa:aa:aa:aa:aa  172.17.1.2  sweden
  hope i cleared it out for you. greeting from cold Belgium tonight :-) and hope the execs will enjoy Sweden!

• WLC 7.4.100.0 Mobility group control and data path down

  Hi All,
  Today i am facing issue with mobility group. i checked and found  control and data path is down on foreign controller.I am able to ping anchor controller. Required ports are open on firewall but mping and eping fails. Any idea whats wrong. On Anchor controller, i have 7 foreign controller configured and among these 3 are working fine. Having problem with 4 foreign controller. Previously all are working fine and there is no changes made on network or firewall.            

  Post output of "show mobility summary" of your Anchor WLC & a non-working WLC. Also "show sysinfo" of those two controllers.
  Regards
  Rasika

• RF Grouping problem WLC 5508

  Hi,
  We have a problem regarding RF Grouping between two WLC 5508.
  The two controllers have the same RF Group name,RF Grouping is enabled,they belong to the same mobility group,their management IP
  address is on the same subnet, they ping each other but they don't elect a Group Leader. Each one
  elects itself as the Group Leader.
  We have tried to place 2 APs,each belonging to different controller, close one to the other but nothing changed.
  Any help would be much appreciated.

  Hi Nicolas,
  Because we have an almost live network, we wouldn't like to go public with our configurations. Is there any other way we can send them to you?
  Thanks in advance,
  Theofilos

• WLC 4400 - Different minor versions same mobility group?

  Hi all,
  i have 2 WLC 4400 integraded in 3750G.
  One has 6.0.202 and the other 6.0.188.
  They are in different places but now i want to put them in the same mobility group.
  Will this difference be a problem?
  BR
  Anthony

  Yes it will be an issue. You have to remember that the AP gets it firmware from the WLC image. So if an AP has to mi e from one to the other, it will either upgrade or downgrade each time. Best practice is to keep the firmware the same.
  Sent from Cisco Technical Support iPhone App

• Mobility Group Table *MUST* be populated in each WLC in same mobility group

  For what it's worth,
  I recently discovered that when you have multiple controllers and want to implement Mobility Groups, more is needed than simply entering the same Default Mobility Group Name for each controller within the mobility group. The following is required:
  a) The IP address of the "Virtual" interface on each controller must be identical on each controller within the mobility group.
  b) The Default Mobility Group Name must be identical on each controller within the mobility group (case sensitive).
  c) The mobility table must be populated with an entry for each controller within the mobility group.
  Otherwise, you will see some inexplicable behavior such as:
  * LWAP access points refusing to change to a different controller, even if their primary controller is explicitly set and the LWAP is rebooted.
  * LWAP access points unable to find any other wireless controller other than the one pointed to by the "CISCO-LWAPP-CONTROLLER" DNS entry (presumably, this would also be the case if DHCP Option 43 is used to point the LWAP to a controller). Once the first controller reaches its max. capacity of LWAPs, no more LWAPs can join.
  * Even MASTER CONTROLLER MODE has no effect.
  Cisco TAC was able to explain the great mystery of the Mobilty Group Table to me. However, unless you know your problem is related to mobility groups issues, you might not know to start there (I know I didn't).
  The least difficult method I have found for populating the mobility group table is as follows:
  Build a text file with one entry for each controller in the mobility group as follows:
  Log into the GUI for each controller and selecting: Controller -> Mobility Management -> Mobility Groups, click the "EDIT ALL" button and copy the MAC and IP address from the text box into a text file using NOTEPAD. Repeat this for each controller, creating a new line for each:
  The format for the entries is as follows:
  00:1a:6c:91:22:A0 192.168.20.44
  00:1a:6c:91:22:B4 192.168.20.45
  Once the text file is completed (one entry for each controller in the mobilit group), click the EDITALL button and copy the entire contents of the text file and paste it into the text box on the controller GUI, click the APPLY button and click Save Changes. Repeat for each controller.
  Again, make sure that the following settings are IDENTICAL in each of the controllers in the Mobility Group:
  * The IP address of the "virtual" interface ( Controller -> interfaces ) must be the same on all controllers.
  * The "Default Mobility Domain Name" ( Controller -> General ) must be identical on each controller in the mobility group (note: the Mobility Domain Name is case sensitive).
  After making changes directly to the controllers, a "refresh from controller" in the WCS might be needed to get the WCS to attempt to synchronize itself with the controllers.
  Here is a link to the 4.2 Wireless Controller Configuration Guide which discusses this in greater detail.
  http://www.cisco.com/en/US/products/ps6366/products_configuration_guide_chapter09186a00808e638b.html
  It is unfortunate that there are currently no mechanisms in the WCS 4.2 to make these changes in bulk (i.e.: The WCS has no Controller Template to do this).
  Also, if you ever need to replace a controller, you will need to update the Mobility Group Table in each controller in the Mobility Group (since the tables will have the MAC address of the old controller which will now be different in the new replacement controller).
  Despite having used the "unified" product for some time now, there are still surprises from time to time. I just thought that I would share my experience for those who may want avoid it and/or who may be encountering any of odd the behavior described above.
  - John

  Hi John,
  Nice work with this very relevant info! Please post a short reply here so that we can give this the nice rating it deserves :)
  Thanks again!
  Rob

• WLC 5508 * 2 & Mobility Group

  What I am trying to configure is Mobility Groups.
  My understanding is that this will allow AP to successfully register and fail over over seamlessly if any of the WLC had to fail ?
  It could be I am confusing two things into one :( & I am totally confused and not understanding the benefits of mobility group mentioned above.
  Also when a AP starts up and registers with the WLC ......I click on a registered AP > High Availability ( Primary / Sec / Tertiary ) all fields are blank...
  Initially I also thought that once my SSO is all setup and working than those options "AP > High Availability" will get populated automatically but clearly not unless something is not working.
  My current config is as follows:-
  WLC 5508 * 2
  WLC 1 - Primary
  WLC 2 - HA SKU (Secondary )
  Redundancy = SSO (Both AP and Client SSO)
  =============
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.6.130.0
  Bootloader Version............................... 1.0.20
  Field Recovery Image Version..................... 7.6.101.1
  Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
  Build Type....................................... DATA + WPS
  System Name...................................... WLC5508
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  Redundancy Mode.................................. SSO (Both AP and Client SSO)
  IP Address....................................... 10.31.66.21
  Last Reset....................................... Software reset
  System Up Time................................... 0 days 22 hrs 39 mins 57 secs
  System Timezone Location......................... (GMT) London, Lisbon, Dublin, Edinburgh
  System Stats Realtime Interval................... 5
  System Stats Normal Interval..................... 180
  Configured Country............................... GB  - United Kingdom
  Operating Environment............................ Commercial (0 to 40 C)
  --More-- or (q)uit
  Internal Temp Alarm Limits....................... 0 to 65 C
  Internal Temperature............................. +38 C
  External Temperature............................. +21 C
  Fan Status....................................... OK
  State of 802.11b Network......................... Enabled
  State of 802.11a Network......................... Enabled
  Number of WLANs.................................. 1
  Number of Active Clients......................... 0
  Burned-in MAC Address............................ F8:72:EA:EE:5B:B2
  Power Supply 1................................... Present, OK
  Power Supply 2................................... Absent
  Maximum number of APs supported.................. 500
  ============================================
  TA

  TA,
  Mobility and mobility groups are used for the wireless users roaming. What we know that a wireless users can roam between different APs within the same WLC, but when the SSID is used within multiple WLCs, and the client wanted to roam to an AP joined to another WLC, you would need to configure WLC mobility to maintain seamless roaming. For more info:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_010001101.html
  Now, I understand that your purpose is to have high availability for your APs. No this is done traditionally from the AP page, under HA tab, where you configure the WLCs names and IPs there. This can be done manually on each AP (you can use CLI to make it easier) or you can push a configuration template using a management server (WCS/NCS/CPI).
  Configuring HA on the AP:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110000.html
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-0/configuration-guide/b_cg80/b_cg80_chapter_01110001.html
  Using CPI to push AP configuration templates:
  http://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-0/configuration/guide/pi_20_cg/temp.html
  Now mobility may play a role in this, as if you have already configured mobility for your WLCs, then you won't need to configure a "name" for the WLCs when you add them under the HA tab in AP configuration page. That's it.
  BR, Ala

• WLC 7.3.101.0 Mobility group peer cannot up.

  Hi Guys,
  It seems the 7.3.101 version Mobility group peer cannot up,: refer to the attach,
  Peer 1: version: 7.3.101
  Peer 2: version 7.0.98
  Peer3: version 7.2.103
  Today we got new two WLC for Anchor use, and config the mobility group, but it's failed and cannot up, the ping is ok.

  Chris is right here. One thing I tell my clients is to allow everything between the foreign and the anchor WLC's just to verify that the mobility can come up, then lock it down. Here is some links that explain what test is for what port.
  http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809a30cc.shtml#qa8
  Anchor Controller Positioning
  Because the anchor controller is responsible for termination of guest WLAN traffic and subsequent access to the Internet, it is typically positioned in the enterprise Internet DMZ. In doing so, rules can be established within the firewall to precisely manage communications between authorized controllers throughout the enterprise and the anchor controller. Such rules might including filtering on source or destination controller addresses, UDP port 16666 for inter-WLC communication, and IP protocol ID 97 Ethernet in IP for client traffic. Other rules that might be needed include the following:
  •TCP 161 and 162 for SNMP
  •UDP 69 for TFTP
  •TCP 80 or 443 for HTTP, or HTTPS for GUI access
  •TCP 23 or 22 for Telnet, or SSH for CLI access
  Depending on the topology, the firewall can be used to protect the anchor controller from outside threats.
  For the best possible performance and because of its suggested positioning in the network, it is strongly recommended that the guest anchor controller be dedicated to supporting guest access functions only. In other words, the anchor controller should not be used to support guest access in addition to controlling and managing other LWAPP APs (LAPs) in the enterprise.
  Sent from Cisco Technical Support iPhone App

• Mobility Group Requirements for Guest Anchor WLC

  Hello -
  I've alway assumed you can't create a guest tunnel between a local WLC and an anchor WLC that are in different mobility groups.   However, I was told recently (without much detail) that this is possible.  So I have set out to test this.  
  I am trying to point one of my local WLCs guest SSIDs to a guest anchor WLC in a different mobility group.   I have a maintenance window coming up and I am looking to anchor the clients on one campus to the anchor WLC on the other campus so guest service does not go down.   Each campus is it's own mobility group.   In trying to set this up I went to the "mobility anchors" screen for the guest SSID on one of the local WLCs and I am unable to add the anchor WLC from the other campus because it's non in the drop-down menu.  This is because it's not in the same mobility group.   So my question is how do I anchor clients coming through a local WLC in one mobility group to an anchor WLC in another mobility group?
  To me it doesn't seem possible without significant configuration changes.   I don't want to reconfigure/recreate mobility groups. 
  Thanks
  Chuck

  Not only is it possible, I would recommend it. However, you may be confusing some concepts.
  The Mobility Group is different than the Mobility Domain.  I generally refer to the Mobility Group as those WLCs with the same Default Mobility Group Name, and the Mobility Domain as the entire Mobility List (where you can define up to 72 controllers from various mobility groups).
  The point is that if WLCs 1-10 are GroupA, and WLCs 11-20 are GroupB, for anchoring to work you at least need to add the anchor to the mobility list of the foreign wlc, and vice versa.
  If you notice, when you add a mobility entry to the list, it should ask you for mobility group. If you leave it blank, it should default to that of that WLC,  but on GroupA controllers, you could define GroupB controllers (and specific GroupB) and then you should now have mobility established between your controllers and the Anchor configuration will have your anchors in the drop-down....
  Does that make sense?