11-16-2011 12:50 AM - edited 07-03-2021 09:04 PM
Dears,
I install three WLC4402 at three office.
Now I want to config SSID-1 traffic anchor to WLC-1.
WLC-2 anchor to WLC-1, All User is OK.
But WLC-3 Client access the SSID-1, then they can not anchor success.
Checking the WLC-3, the client already Policy Manager State = RUN / Auth = YES(SSID-1 use MAC-Filter).
But In WLC-1(Anchor Controller), the client's Policy Manager State = DHCP_REQD!!!
Try to mping / eping, It is OK, But WLC-3 to WLC-1 always can not anchor success....
Having other idea for it ?
Thanks.
------------
WLC-3:
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c Received Anchor Export Ack for client from Switch IP: 10.240.64.1
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c Anchor Mac: 00:1b:d4:6b:6a:60, Old Foreign Mac: 00:1b:d4:6b:27:a0 New Foreign Mac: 00:1b:d4:6b:27:a0
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Export Foreign
Peer = 10.240.64.1, Old Anchor = 10.240.64.1, New Anchor = 10.240.64.1
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c 0.0.0.0 RUN (20) Plumbing duplex mobility tunnel to 10.240.64.1
as Export Foreign (VLAN 141)
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c Mobility Response: IP 0.0.0.0 code 4, reason 4, PEM State RUN, Role Export Foreign(5)
-----------
WLC-1:
Wed Nov 16 15:45:07 2011: Mobility packet received from:
Wed Nov 16 15:45:07 2011: 10.240.141.1, port 16666
Wed Nov 16 15:45:07 2011: type: 3(MobileAnnounce) subtype: 0 version: 1 xid: 696069 seq: 46784 len 116 flags 0
Wed Nov 16 15:45:07 2011: group id: 7a5f146e e7e0466f f96196a5 7076080a
Wed Nov 16 15:45:07 2011: mobile MAC: 00:26:c7:24:69:6c, IP: 0.0.0.0, instance: 0
Wed Nov 16 15:45:07 2011: VLAN IP: 10.240.141.1, netmask: 255.255.255.0
Wed Nov 16 15:45:07 2011: Switch IP: 10.240.141.1
Wed Nov 16 15:45:07 2011: 00:26:c7:24:69:6c Ignoring Announce, client record for not found
Wed Nov 16 15:45:08 2011: Mobility packet received from:
Wed Nov 16 15:45:08 2011: 10.240.141.1, port 16666
Wed Nov 16 15:45:08 2011: type: 16(MobileAnchorExport) subtype: 0 version: 1 xid: 696070 seq: 46785 len 241 flags 0
Wed Nov 16 15:45:08 2011: group id: 7a5f146e e7e0466f f96196a5 7076080a
Wed Nov 16 15:45:08 2011: mobile MAC: 00:26:c7:24:69:6c, IP: 0.0.0.0, instance: 0
Wed Nov 16 15:45:08 2011: VLAN IP: 10.240.141.1, netmask: 255.255.255.0
Wed Nov 16 15:45:08 2011: Switch IP: 10.240.141.1
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c Received Anchor Export request: from Switch IP: 10.240.141.1
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c mmAnchorExportRcv:, Mobility role is Unassoc
.
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c mmAnchorExportRcv Ssid=himax-pad Security Policy=0x2000
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c 0.0.0.0 START (0) mobility role update request from Unassociated to Export Anchor
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.240.64.1
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c Received Anchor Export policy update, valid mask 0x0:
Qos Level: 0, DSCP: 0, dot1p: 0 Interface Name: , ACL Name:
Wed Nov 16 15:45:08 2011: Anchor Mac : 00.1b.d4.6b.6a.60
Wed Nov 16 15:45:08 2011: Mobility packet sent to:
Wed Nov 16 15:45:08 2011: 10.240.141.1, port 16666
Wed Nov 16 15:45:08 2011: type: 17(MobileAnchorExportAck) subtype: 0 version: 1 xid: 696070 seq: 13077 len 275 flags 0
Wed Nov 16 15:45:08 2011: group id: 7a5f146e e7e0466f f96196a5 7076080a
Wed Nov 16 15:45:08 2011: mobile MAC: 00:26:c7:24:69:6c, IP: 0.0.0.0, instance: 1
Wed Nov 16 15:45:08 2011: VLAN IP: 192.168.65.1, netmask: 255.255.255.0
Wed Nov 16 15:45:08 2011: 00:26:c7:24:69:6c 0.0.0.0 DHCP_REQD (7) Plumbing duplex mobility tunnel to 10.240.141.1
as Export Anchor (VLAN 365)
------------
THANKS.
11-16-2011 12:56 AM
When anchoring always make sure your SSID's match exactly except for the interface. The foreign wlc interface is the management and the anchor is the interface you want to put users on. That being said, make sure your WLAN SSID mobility anchoring is setup right. The foreign wlc should anchor to wlc-1 and wlc-1 anchors to itself.
If that doesn't fix your issue and you said mobility is up, delete the SSID and recreate it on the wlc that isn't working.
Sent from my iPhone
11-16-2011 06:49 PM
Dear Sir,
I try to recreate SSID-1. It still not working~
Only WLC-3 anchor to WLC-1 not working, WLC-2 anchor to WLC-1 always OK!
11-16-2011 06:56 PM
Can you post your show mobility summary from wlc3 and the show wlan
Sent from Cisco Technical Support iPhone App
11-16-2011 09:49 PM
WLC-3
----------
(Cisco Controller) >show mobility summary
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... Himax
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xd806
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 3
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Sta tus
00:1b:d4:6b:27:a0 10.240.141.1 Himax 0.0.0.0 Up
00:1b:d4:6b:51:e0 10.240.64.2 Himax 0.0.0.0 Up
00:1b:d4:6b:6a:60 10.240.64.1 Himax 0.0.0.0 Up
-----------------------------------------------------------------------------------------------------------------------------------
WLC-1
------------
(Cisco Controller) >show mobility summary
Symmetric Mobility Tunneling (current) .......... Disabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Mobility Security Mode........................... Disabled
Default Mobility Domain.......................... Himax
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xd806
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 4
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
00:18:ba:49:70:60 10.240.133.1 Himax 0.0.0.0 Up
00:1b:d4:6b:27:a0 10.240.141.1 Himax 0.0.0.0 Up
00:1b:d4:6b:51:e0 10.240.64.2 Himax 0.0.0.0 Up
00:1b:d4:6b:6a:60 10.240.64.1 Himax 0.0.0.0 Up
11-16-2011 09:59 PM
Your mobility configuration appears to be OK.
Now we need to verify that your WLAN settings are identical for both WLC 1 and 3:
Can you capture:
show wlan x
From both WLC 1 and WLC 3?
(where x is the wlan ID for the SSID in question)
-Pat
11-16-2011 10:44 PM
WLC-1
----------
(Cisco Controller) >show wlan 2
WLAN Identifier.................................. 2
Profile Name..................................... himax-pad
Network Name (SSID).............................. himax-pad
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Webauth DHCP exclusion........................... Disabled
Interface........................................ himax-pad
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.240.230.162
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
--More-- or (q)uit
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Accounting.................................... Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
--More-- or (q)uit
Auto Anchor................................... Enabled
Cranite Passthru.............................. Disabled
Fortress Passthru............................. Disabled
H-REAP Local Switching........................ Disabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
2 10.240.64.1 Up
!
!
!
WLC-3
-------------
(Cisco Controller) >show wlan 1
WLAN Identifier.................................. 1
Profile Name..................................... himax-pad
Network Name (SSID).............................. himax-pad
Status........................................... Enabled
MAC Filtering.................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Webauth DHCP exclusion........................... Disabled
Interface........................................ management
WLAN ACL......................................... unconfigured
DHCP Server...................................... 10.240.230.162
DHCP Address Assignment Required................. Disabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
--More-- or (q)uit
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Accounting.................................... Disabled
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
--More-- or (q)uit
Auto Anchor................................... Enabled
Cranite Passthru.............................. Disabled
Fortress Passthru............................. Disabled
H-REAP Local Switching........................ Disabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional but inactive (WPA2 not configured)
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
------- --------------- ------
1 10.240.64.1 Up
11-16-2011 11:05 PM
Alright, your WLAN and mobility configuration appear to be ok. Your original debugs show that the anchor export is actually working...
It's time to capture client debugs from both controllers when you try to connect:
debug client xx:xx:xx:xx:xx:xx
That should give us more insight as to why the process is failing.
-Pat
11-16-2011 11:23 PM
OK, I will do it tomorrow.
thanks for you help~
11-20-2011 07:05 PM
What version are you running? What model of APs are involved?
What is the client roaming pattern? Are you sure its from WLC-1 to WLC-3, or do they touch WLC-2 on the way?
Can you move APs on WLC-3 to WLC-2 to see if the problem goes away?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide