AireOS Migration to IOS-XE - Mobility Group and Roaming

awatson20 · ‎08-04-2023

We are replacing several AireOS controllers with the 9800 platform operating in IOS-XE. At the same time, we are replacing legacy AP models(2600/2700) with the 9120 model AP. As part of this transition, the AireOS and IOS-XE controllers will have to coexist. My understanding is this is achieved through establishing a mobility group between controllers. Once the legacy AP's have been replaced, the environment will be only IOS-XE controllers and 9120 access points. I wanted to get feedback and input from anyone that has went through this similar process and specifically how the roaming behavior between controllers occurred and if this was stable. Are there any other caveats to be aware of? The AireOS controllers are on 8.5 code and cannot be upgraded due to the legacy AP models. Thanks.

David Ritter · ‎08-04-2023

Sorry, but I never mix WLC's in a building. .

Rasika Nayanajith · ‎08-04-2023

The general recommendation is not to enable mobility between AireOS & IOS-XE (technically it works with specific codes, however since AireOS is the end of support, Cisco will not spend time & effort to test & fix all inter-roaming related issues between these wlcs). In that scenario even if you find some roaming issues between those WLCs, chances are low that you will able to get a fix from Cisco.

My suggestion is to go with IOS-XE 17.9.4 which still supports wave 1 APs (1700/2700/3700 series AP) and parallelly deploy WLC (without using the same mgt IP of existing WLC). Then test all your SSID with the new controller in a specific area (migrating a few APs to new WLC). If everything is good, then do a given floor/building cutover during a maintenance window.

HTH
Rasika
*** Pls rate all useful responses ***

Leo Laohoo · ‎08-04-2023

Upgrade the controller to 17.9.3 and move the 91XX and 2700/3700 into the 9800.

The controller will never allow the 2600/3600 to join even though the 2600/3600 can support the code.

APx600 with CAPWAP 17.12.1

Scott Fella · ‎08-04-2023

Please really take in what others have said in their replies. The main thing is that you have successfully tested with the new platform, code and access points. How you test is up to you but when you decide to either migrate to the 9800 or feel like you want to keep both, you need to test. The testing will allow you to make the smart decision. You don’t want to even bring up the 9800 with the 9120’s if you haven’t tested because you will occur an outage if things do not function correctly. Even with co-existing both old and new, if roaming is an issue when testing, you should be aware of that during testing and figure out a plan to deploy.
Test everything 100% and document what is working and what is not as that will be your risk assessment.

-Scott
*** Please rate helpful posts ***

Rich R · ‎08-05-2023

If you decide to use IRCM mobility between AireOS and IOS-XE (despite the advice above) then make sure you deploy AireOS 8.5.182.108 (below) on the 5508 and follow the guides carefully.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

mandip kaloti · ‎01-22-2024

I can see Cisco 8821 disconnects from wifi when roam from 8540s to 9800 zone and got stuck in ip learn state(may be bcz of mobility failure message) as per above debug while roaming from 9800s to 8540s seems seamless..will appreciate your inputs(WLCs are on 17.9.4a and 8.10.183.0 code).

Leo Laohoo · ‎01-22-2024

Highlighted says "CLIENT_CREDENTIALS_FAIL" (and NOT "IP Learning").

mandip kaloti · ‎01-22-2024

Yes but thats the generic message ..did not touched device config while roaming across wlc.and its EAP-FAST(dot.1x)

Leo Laohoo · ‎01-22-2024

Is this the only device that is not able to join the new WLC?

Can this device still join the old controller?

mandip kaloti · ‎01-22-2024

I have reverted the WAPs from 9800 to 8540 and kept few waps on 9800 for testing purpose..I have many cisco 8821s which are having issues, this is the latest and look in FT roaming , client got stuck in IP learn state while ISE show authentication passed

Leo Laohoo · ‎01-22-2024

On the 9800, post the complete output to the command "sh wireless mobility summary".

What firmware version is the 8540 on?

Rich R · ‎01-23-2024

> What firmware version is the 8540 on?
@mandip kaloti said "WLCs are on 17.9.4a and 8.10.183.0 code"

So I guess step number 1 is upgrade 8540 to 8.10.190.0 as per TAC recommended link below.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390