03-11-2024 02:39 AM
Hello,
I have configured a new secure mobility tunnel between an 8540 foreign WLC (img: 8.10.190.0) and a 9800 anchor WLC (img: 17.9.4a) which has come up (both data/control paths). I have assigned the anchor mobility to a test SSID (MACB enabled) on the foreign WLC & selected 'Export Anchor' under the WLAN policy on the anchor WLC. However, testing with a client to use this new tunnel fails with log entries in the foreign controller showing:
*apfReceiveTask: Mar 08 11:57:40.699: %APF-1-MM_ANCHOR_DENIED: [PA]apf_mm.c:1861 Anchor denied for mobile: <mac-address>.
*apfReceiveTask: Mar 08 11:57:37.430: %APF-1-MM_ANCHOR_DENIED: [PA]apf_mm.c:1861 Anchor denied for mobile: <mac-address>.
The monitor>client detail on the foreign WLC shows the client 'Mobility Peer IP Address' as 'unassociated'.
I've been using the below links to tshoot so far, but not joy:
Any guidance on best way to troubleshoot further is greatly appreciated.
Thanks - Phil
03-11-2024 03:19 AM
- Have a checkup of the 9800 WLC configuration using the CLI command show tech wireless and feed the output into : Wireless Config Analyzer
M.
03-11-2024 03:51 AM
Thanks - tried the config analyzer, however nothing reported suggesting any tunnel/mobility issues
03-11-2024 05:01 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide