01-10-2024 04:39 AM
Hello All,
We have 2 WLC's.
5508- Anchor WLC (8.5.161.7)
3504- Foreign WLC (8.10.185.0)
I have created a mobility group and added the WLC's MAC respectively.
The FW ports 16666, 16667, 97 are all open.
The control path is UP but the Data path is DOWN. I tried removing the IP from group and adding again. Also tried rebooting the WLC's but it is still showing Down. Could someone please let me know how to fix this.
Solved! Go to Solution.
01-12-2024 12:12 AM
Hello All,
It seems the EtherIP traffic was getting denied in another firewall, we allowed it and then both the tunnels came up.
01-10-2024 05:22 AM
- Have a look at https://community.cisco.com/t5/wireless/static-mobility-group-status-control-and-data-path-down/m-p/4713192#M247666
M.
01-10-2024 05:25 AM
Thank you @marce1000 , I don't see any block or drop on our FW. Is there anything else that can be checked?
01-10-2024 05:38 AM
- Well, to verify correct firewall behavior , examine (full) logs and confirm allowed traffic for the involved ports ; (check that you can see the needed pass trough traffic). The response I pointed to in my initial reply also mentions :
https://mrncciew.com/2013/03/24/mobility-ping-tests/
Have a go with that too , if that does not work for instance, again iterate on the firewall and check what it does with the intended traffic.
M.
01-10-2024 06:03 AM
what is the FW you have?
MHM
01-10-2024 06:28 AM
It’s Paloalto
01-10-2024 06:36 AM
I was hope it Cisco but anyway
try open port UDP
5246/5247
MHM
01-12-2024 12:12 AM
Hello All,
It seems the EtherIP traffic was getting denied in another firewall, we allowed it and then both the tunnels came up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide