Showing results for 
Search instead for 
Did you mean: 

Cisco 9800 WLC Mobility compatability



We have several  Cisco 7500 flex WLC, 5508 WLC, 3504 WLCs forming EOIP tunnel with the anchor WLCs in our network..  The anchor WLCs are of models 5508 running on version and 3504 WLC with version


We are planning for  a design of deploying Cisco 9800 WLC models at few of the local sites.  For the 9800 WLC be compatible with the anchor WLC, Do i upload the Release 8.5IRCM on the anchor WLCs?  if i upload this release, Will this affect the APs that has joined the WLCs that has formed eoip tunnel already with the anchor WLCs?


VIP Expert

8.5.X is the requirement, you need to look compatable matrix of AP also along with models - so suggest to look for the matrix before you upgrade.


*** Rate All Helpful Responses ***

VIP Advisor



                     Subsequently look at Table 1 -> 4th column.


VIP Advisor


All your anchor controller model supports AireOS and IOSXE interoperability solution, so you can install IRCM image in it and allows you to enable secure mobility to form tunnel with 9800, please keep in mind that you cannot run EOIP and secure mobility tunnels together

Rasika Nayanajith
VIP Mentor

The below diagram (taken from the BRKEWN-2670 2020-CLEUR session) summarizes what you need to know

1. Supports Anchor WLCs run 8.5.x IRCM code if it is 5508 or 8510 (no 2504,7510 or WiSM2 support it for anchor and able to setup tunnel with 9800 WLC)
2. Supports Anchor WLCs run 8.8MR2 or beyond (eg 3504/5520/8540)

3. Geust Anchor will establish new mobilty tunnel with 9800 & traditional EoIP based tunnel with legacy AireOS controllers.





*** Pls rate all useful responses ***

Thanks Rasika, so IRCM image is not available for 7510 and cannot create mobility with 9800, understood.


I have one question


When installing IRCM image in 5508 or 8.8MR2 and above in 3504/5520, we get option called secure mobility which allows us to create mobility tunnel with 9800, as per my understanding this is CAPWAP based tunnel.


If I am not wrong, New mobility is also CAPWAP based tunnel, please correct me, what is the difference between New Mobility and secure mobility as they both are CAPWAP? I know new mobility was brought back in days to interoperate with 3850, but they both looks like CAPWAP to me and I am trying to understand the difference.


Here is the summary of different WLC and mobility options


  • Cisco 2504/7510/WiSM2 supports Traditional EoIP and New Mobility (No IRCM Image)
  • Cisco 5508/3504/5520 with 8.5 IRCM supports Traditional EoIP, New Mobility & Secure Mobility
  • Cisco 3504/5520 8.8MR2 and above supports Traditional EoIP & Secure Mobility 

That new mobility concept came at the time of "Converged Access" and once you enable it, you cannot run any EoIP based tunneling at all. 

Yes, both are CAPWAP based (UDP port 16666 & 16667). Once you enable "secure mobility" it does not mean you stuck with that method. Still, you can run EoIP tunneling on that controller to peer with legacy WLC.


In summary, simply focus on "Secure mobilty" when you mix 9800 & AireOS WLC and forget about the "New Mobility" concept, even if it appears in config GUI




Jegan Rajappa

All right, thank you Rasikha!

Content for Community-Ad