06-22-2022 04:17 AM
how to enable DLS mode in cisco 5520
(FR-21636wl-04) >show mobility summary
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... FR-21636wl
Multicast Mode .................................. Disabled
DTLS Mode ....................................... Disabled
Mobility Domain ID for 802.11r................... 0x9718
Mobility Keepalive Interval...................... 10
06-22-2022 04:22 AM
Hi
During the Mobility group configuration or you can edit existing group.
Step 1 |
Choose Controller > Mobility Management > Mobility Groups to open the Static Mobility Group Members page.
|
||||
Step 2 |
Click New to open the Mobility Group Member > New page. |
||||
Step 3 |
Add a controller to the mobility group as follows:
|
06-22-2022 04:31 AM
Hi,
i think these options are for enabling DTLS for peer. I have done that all steps but still DTLS mode is showing as disabled.
DTLS Mode ....................................... Disabled
06-22-2022 05:52 AM
"You must enable High Cipher only if you require DTLS v1.2 encryption. The default value is Disabled. In disabled state, DTLS v1.0 encryption is enabled."
The disable is the default value for DTLS v1.0. But, you can choose higher value.
06-22-2022 01:29 PM - edited 06-22-2022 01:31 PM
In AireOS you have to enable per peer. In that way, you won't see DTLS mode enabled in the global "show mobility summary" output. If you have enabled DTLS mode for a peer, you can use "show mobility dtls connection" to verify.
Below is my 3504 establish DTLS mobility with 9800
(H3504) >show mobility dtls connections
DTLS connections:
Role Local Link Peer Link Connection Status Index
---------- ------------------------- ------------------------- ------------------------------
Client 192.168.225.100:16666 192.168.100.20:16666 TLS_RSA_WITH_AES_256_GCM_SHA384 512
Here is the "show mobility summary"
(H3504) >show mobility summary
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... MRNH
Multicast Mode .................................. Disabled
DTLS Mode ....................................... Disabled
Mobility Domain ID for 802.11r................... 0xafc
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0
Mobility Use Profile Name........................ Disabled
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
00:1e:7a:10:69:ff 192.168.100.20 MRNL 0.0.0.0 Up
70:0b:4f:ca:e8:00 192.168.225.100 MRNH 0.0.0.0 Up
9800 will always use secure mobility (DTLS) by default. You can enable high-chippers additionally using "wireless mobility high-cipher" CLI command.
9800-2#show wireless mobility summary
Mobility Summary
Wireless Management VLAN: 100
Wireless Management IP Address: 192.168.100.20
Wireless Management IPv6 Address:
Mobility Control Message DSCP Value: 48
Mobility High Cipher : True
Mobility DTLS Supported Ciphers: TLS_ECDHE_RSA_AES128_GCM_SHA256, TLS_RSA_AES256_GCM_SHA384
Mobility Keepalive Interval/Count: 10/3
Mobility Group Name: MRNL
Mobility Multicast Ipv4 address: 0.0.0.0
Mobility Multicast Ipv6 address: ::
Mobility MAC Address: 001e.7a10.69ff
Mobility Domain Identifier: 0x1024
HTH
Rasika
*** Pls rate all useful responses ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide