Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6222
Views
4
Helpful
8
Replies

9800 Anchor Mobility will 5508 but Control Path Down

Tom Cheung
Level 1
Level 1

‎01-27-2021 11:53 PM - edited ‎07-05-2021 01:06 PM

Dear All,


I would like to test a anchor mobility with 5508 and 9800.

Both controller can ping and reach other.

But status keep show "Control Path Down".

For 9800 is using 17.3.2a version and 5508 is 8.5.164.216.

I tried to reboot those controller but still same issue.


Did I need to upgrade/downgrade 9800 controller firmware or related to other issue?

Please help.

 

Labels:
0 Helpful
8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎01-28-2021 12:07 AM

did you try eping and mping ?

 

https://rscciew.wordpress.com/tag/mobility/

 

try to use this image: https://software.cisco.com/download/home/282600534/type/280926587/release/8.5IRCM

 

 

 

Regards

Dont forget to rate helpful posts

0 Helpful

Tom Cheung
Level 1
Level 1
In response to Sandeep Choudhary

‎01-28-2021 12:56 AM

Dear Sandeep Choudhary,

5508 is using this version.
And 5508 controller IP is 10.32.192.1 and 9800 is 192.168.56.53.

I found that 5508 can ping 9800 but mping and eping are fail.
I want to try at 9800 ping to 5508. But 9800 not support this ping command.
Did 9800 support mping and eping?

 

 

Reagsrd,
Tom

0 Helpful

Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Tom Cheung

‎01-28-2021 01:04 AM

Hi,

 

As per my knowledge ....mobility will works as long as the code is supported and that the ports are open (udp 16667 and udp 16667).

 

 

Also make sure that you add the proper MAC address and verify if DTLS is defined on AireOS or not because that makes a difference on the 9800 peer configuration.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213913-building-mobility-tunnels-on-catalyst-98.html#anc12

 

Regards

Dont forget to arte helpful posts

0 Helpful

jegan_rajappa
Level 1
Level 1

‎01-29-2021 03:03 PM

Did you enabled secure mobility while adding mobility peer in 5508? This is required for IOSXE and AireOS interoperability solution 

0 Helpful

mchirico01
Level 1
Level 1

‎02-05-2021 07:28 PM

I had the same problem tonight, I upgraded from 17.1 to 17.03.02a this evening and the existing, configured mobility tunnel would not come. The only way I got the tunnel to come up was to enable data-encryption. I couldn't find this documented anywhere at Cisco, so may be a new unpublished requirement.

 

As other users have stated, you also have to have Secure Mobility enabled, but since yours was also an existing deployment, I assume you already had that configured.

 

Enjoy!

         Marty

0 Helpful

Ric Beeching
Level 7
Level 7
In response to mchirico01

‎02-06-2021 06:24 PM

In case others see this post - the IRCM deployment guide helps with understanding the different architectures you can use for interoperability between AireOS and 9800s including the Secure Mobility options and configs:

 

Cisco Catalyst 9800 Wireless Controller-Aireos IRCM
Deployment Guide

 

Cheers

Ric

-----------------------------
Please rate helpful / correct posts
0 Helpful

Netzwerkbetrieb DFG
Level 1
Level 1

‎08-05-2022 01:42 AM

https://community.cisco.com/t5/wireless/inter-release-controller-mobility-ircm-with-5508-fail-control/td-p/4273720

That might be solution.

9800-1#conf t
9800-1(config)#crypto pki certificate map map1 1
9800-1(ca-certificate-map)#issuer-name co Cisco Manufacturing CA
9800-1(ca-certificate-map)#exit
9800-1(config)#crypto pki trustpool policy
9800-1(ca-trustpool)#match certificate map1 allow expired-certificate
9800-1(ca-trustpool)#end

 

 

hans-rodriguez
Level 1
Level 1
In response to Netzwerkbetrieb DFG

‎03-13-2024 01:12 PM

Works for me, thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card