Guest Anchor Setup: Foreign is 3650 SW-WLC and Anchor is 2504 WLC Appliance

LJ Gabrillo · ‎07-16-2015

Hi Guys,

To keep it short,
Clients network uses Guest anchor setup, 3650 as the Foreign(inside) awhile the 2504 is the Anchor(on the DMZ)

NOTES:
1. Firewall policies allow all services, hence no ports blocked to and fro 3650 and 2504
2. This setup has been working fine and no major connectivity issues encountered by clients, have been running for almost 1.5 years

LOGS FOUND:
1. Recently we found that the 3650 is logging the ff. repeatedly:
%MM-3-INVALID_PKT_RECVD: 1 wcm: Received an invalid packet from X.X.X.250. Source member: X.X.X.250. source member unknown.

2. Upon checking with error/bug reports on Cisco, they say that there might be something wrong with the Mobility configuration w/c of course if weird since all my mobility settings are up and running e.g., Control and data is UP on both devices and everything is working smoothly

Any ideas why this is logging? but setup is working?
My device configs below(Mobility config related only)

3650 mgmt IP: Y.Y.Y.100
2504 mgmt IP: X.X.X.250

3650(Foreign)
wireless mobility group member ip X.X.X.250 public-ip X.X.X.250 group Management
wireless mobility group name Management

2504(Anchor)

config mobility group domain Management
config mobility group member add Y.Y.Y.100 group-name Management public-ip-address Y.Y.Y.100 mac-address 58:f3:9c:5d:43:51

PS: The MAC Address used in the 2504 configuration is the MAC address I got from "#show interfaces vlan100" -vlan100 is the mgmt interface of 3650

Any help would be great

Rasika Nayanajith · ‎07-18-2015

post output of "show mobility summary" from your 2504.

Rasika

LJ Gabrillo · ‎07-21-2015

Hi Rasika,

Thanks for the reply and sorry for the delay
Im currently coordinating with the network team for the logs since I currently dont have access to it.

LJ Gabrillo · ‎07-21-2015

Here it is

New Mobility (Converged Access).................. Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... Management
Multicast Mode .................................. Disabled
DTLS Mode ....................................... Enabled
Mobility Domain ID for 802.11r................... 0xfeec
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0
Mobility Oracle.................................. Not Supported
Mobility MC public IP ........................... X.X.X.253
Mobility Oracle IP address ...................... 0.0.0.0

Controllers configured in the Mobility Group
IP Address Public IP Address Group Name Multicast IP MAC Address Status
Y.Y.Y.150 Y.Y.Y.150 Management 0.0.0.0 58:f3:9c:5d:43:51 Up
X.X.X.253 X.X.X.253 Management 0.0.0.0 6c:fa:89:db:7a:a0 Up

JJay · ‎07-07-2016

Did you ever get this resolved?

LJ Gabrillo · ‎07-07-2016

Yeap, after a lot of tweaking on my side, i decided to upgrade the Anchor firmware
After that, everything went a-okay :D

JJay · ‎07-08-2016

Good to hear! I plan on upgrading mine next week.

LJ Gabrillo · ‎07-10-2016

It would also be good to consider upgrading your foreign controller as well
Just in case, Cisco should mark stable releases with stars, use that :D