If Layer 3 (L3) mobility is enabled on the Cisco Access Point (AP) and the mobility trust command is enabled on the Supervisor 720 (SUP720) tunnel interface, AP, and Wireless LAN Service Module (WLSM), the IP addresses of wireless clients are not learned.
This problem is tracked in Cisco bug ID CSCei18019. This problem exists in versions 12.3(2)JA2 and 12.3(4)JA. The bug applies to Cisco AP350, AP1100, AP1130, and AP1200.
These are the results of such a situation:
The showwlccp ap mobility forwarding command on the AP does not have an entry for the wireless clients.
The show dot11 association command shows that the wireless clients are associated.
The show mobility mn command on the SUP720 shows that the wireless clients have an IP address of 0.0.0.0 (for example, under the Mobile Node (MN) IP Address).
The show wlccp wds mobility network-id command on the WLSM shows a "-" value for the IP address of the wireless clients.
The client does not actually receive an IP address and associates with a Windows default 169 address (APIPA).
Note: For the SUP720, the mobility trust command is necessary if some devices in the network employ static IP addresses. The command is unnecessary if they do not.
These are the workarounds for this issue:
If static IP addresses are assigned to wireless clients, reboot the AP. This resolves the problem temporarily, but the problem returns later.
If all wireless clients receive IP addresses from DHCP servers, disable the mobility trust command on the tunnel interface.
Add a DHCP Scope for Tunnel Interface of Sup720.
Add ip mtu 1476 , mobility tcp adjust-mss coomands on Tunnel interface of Sup 720.
Configure the ip dhcp snooping and ip dhcp snooping packet under the tunnel interface .
If only DHCP clients are used try removing Mobilty-Network ID from the SSID on the access point.
This issue is fixed in version 12.3(7)JA, 12.3(8)JA and later versions.
For more related configuration commands, refer to the follwoing Documents
We have a 3355 MSE appliance, and we do not have the admin password for the web. I have tried just about anything (even re-running the startup wizard and redoing the password for Admin, which for some reason wouldn't take. We are at our wits e...
Hey there beloved Cisco Community, here is my Problem: I am currently trying to add an AP3802I to our 5520 WLC. I already managed to add two of these APs without any problems. For a short Time I can also see this AP in the WLC. But this one has ...
Is there a way to see what SSID or even better, what AP a client authentication is failing on? We use a 5508 WLC with an ACS 5.8 for radius authentication and ACS reports only show the mac address for which the failed authentication on a particular user i...
Hi my wireless community! I have 2 setups. One 3504 with LAG connected to a switch and one without LAG (single cable). On both I'm able to ping the WLC from the switch as well as management PC (statically assigned IP in the same subnet) but unable t...