cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5232
Views
4
Helpful
8
Replies

9800 Anchor Mobility will 5508 but Control Path Down

Tom Cheung
Level 1
Level 1

Dear All,


I would like to test a anchor mobility with 5508 and 9800.

Both controller can ping and reach other.

But status keep show "Control Path Down".

For 9800 is using 17.3.2a version and 5508 is 8.5.164.216.

I tried to reboot those controller but still same issue.


Did I need to upgrade/downgrade 9800 controller firmware or related to other issue?

Please help.

 

8 Replies 8

Sandeep Choudhary
VIP Alumni
VIP Alumni

did you try eping and mping ?

 

https://rscciew.wordpress.com/tag/mobility/

 

try to use this image: https://software.cisco.com/download/home/282600534/type/280926587/release/8.5IRCM

 

 

 

Regards

Dont forget to rate helpful posts

Dear Sandeep Choudhary,

5508 is using this version.
And 5508 controller IP is 10.32.192.1 and 9800 is 192.168.56.53.

I found that 5508 can ping 9800 but mping and eping are fail.
I want to try at 9800 ping to 5508. But 9800 not support this ping command.
Did 9800 support mping and eping?

 

 

Reagsrd,
Tom

Hi,

 

As per my knowledge ....mobility will works as long as the code is supported and that the ports are open (udp 16667 and udp 16667).

 

 

Also make sure that you add the proper MAC address and verify if DTLS is defined on AireOS or not because that makes a difference on the 9800 peer configuration.

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213913-building-mobility-tunnels-on-catalyst-98.html#anc12

 

Regards

Dont forget to arte helpful posts

jegan_rajappa
Level 1
Level 1

Did you enabled secure mobility while adding mobility peer in 5508? This is required for IOSXE and AireOS interoperability solution 

mchirico01
Level 1
Level 1

I had the same problem tonight, I upgraded from 17.1 to 17.03.02a this evening and the existing, configured mobility tunnel would not come. The only way I got the tunnel to come up was to enable data-encryption. I couldn't find this documented anywhere at Cisco, so may be a new unpublished requirement.

 

As other users have stated, you also have to have Secure Mobility enabled, but since yours was also an existing deployment, I assume you already had that configured.

 

Enjoy!

         Marty

In case others see this post - the IRCM deployment guide helps with understanding the different architectures you can use for interoperability between AireOS and 9800s including the Secure Mobility options and configs:

 

Cisco Catalyst 9800 Wireless Controller-Aireos IRCM
Deployment Guide

 

Cheers

Ric

-----------------------------
Please rate helpful / correct posts

https://community.cisco.com/t5/wireless/inter-release-controller-mobility-ircm-with-5508-fail-control/td-p/4273720

That might be solution.

9800-1#conf t
9800-1(config)#crypto pki certificate map map1 1
9800-1(ca-certificate-map)#issuer-name co Cisco Manufacturing CA
9800-1(ca-certificate-map)#exit
9800-1(config)#crypto pki trustpool policy
9800-1(ca-trustpool)#match certificate map1 allow expired-certificate
9800-1(ca-trustpool)#end

 

 

Works for me, thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: