10-10-2013 02:30 PM - edited 07-04-2021 01:03 AM
WiSM 2 controllers running 7.3.101.0
All controllers have the same subnets/dynamic interfaces/WLAN
All controllers in same mobility group.
Controller1
AP1 has APGROUP1 applied
APGROUP1 has SSID1 mapped to DynintVLAN1
Controller2
AP2 has APGROUP2 applied
APGROUP2 has SSID1 mapped to DynIntVLAN2
Client associates to AP1 and gets IP from DynintVLAN1
Client roams to AP2. Keeps IP address but connectivity stops.
Client shows in Controller 1 to be Anchored to Controller 1
Client shows in Controller 2 to be mobile client and mapped to Controller 1 but interface shows as DynintVLAN2
My understanding with this configuration is that the client should stay connected via mobility to Controller 1 but it seems to stay authenticated but looses connectivity.
Any thoughts?
Thanks.
10-10-2013 02:45 PM
For me it is looks like L3- Inter controller roaming. Do you see mobility state as "Foreign" in 2nd controller ?
In Controller 2 you should see as DynintVLAN2, still client had the IP from Controller 1 which is normal.
Here is some of my reference note. Hope it may helpful
http://mrncciew.com/2013/03/17/l3-inter-controller-roaming/
HTH
Rasika
**** Pls rate all useful responses ****
10-10-2013 02:50 PM
see the below link and figure 8.2 inter controller roaming where client entry will be moved o another controller once the client roams from one controller to another....
http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcsmobil.html
10-10-2013 02:57 PM
If two WLCs have same subnet (L2-Inter controller roaming) then client entry will be moved. Otherwise client entry will be copied to 2nd cotroller with the flag of "Foreign" while original entry on WLC1 will be tagged with "Anchor".
Figure 8.3 would be the accurate picture for the situation describe in this post (DynintVlan1 & DynintVlan2)
Rasika
10-10-2013 08:24 PM
This is definetly a Layer 3 roaming and the client information should be kept with the WLC1.Probably 'debug mobility handoff enable' will give you more details
10-11-2013 07:01 AM
Jha,
I would love to have the roaming work for me this way but I am not sure how the use of APGroups change this behavior.
In my set up I use AP groups to help limit my broadcast domains but I would like to make sure a client maintains his IP if he does roam to another area.
We are a Campus with a large super structure the consists of multiple building connected together. This makes it hard to divide my zones to break up the broadcast zones.
JC
10-11-2013 06:55 AM
I checked eping and mping between these controllers and no problem
When roamed to controller 2 I even tried a dhcp release and renew and that worked! I got my same IP address so I think the mobility parts are working since I was able to get back to the original VLAN. I just cant ping my gateway or off network.
After the roam here are the "sh client detail"
Controller 1 (Anchor)
(Controller1) >show client detail 00:24:D7:37:B7:48
Client MAC Address............................... 00:24:d7:37:b7:48
Client Username ................................. **************deleted
AP MAC Address................................... 00:00:00:00:00:00
AP Name.......................................... N/A
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:00:00:00:00:00
Connected For ................................... 1060 secs
Channel.......................................... N/A
IP Address....................................... 172.17.137.241
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 0
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... 4
Client E2E version............................... 1
Re-Authentication Timeout........................ 1583
QoS Level........................................ Silver
--More-- or (q)uit
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m15
Supported Rates.................................. 18.0,24.0,36.0,48.0,54.0
Mobility State................................... Anchor
Mobility Foreign IP Address...................... 172.17.12.5
Mobility Move Count.............................. 2
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. ac110c0e0011541752570af9
IPv4 ACL Name.................................... none
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Client Type...................................... SimpleIP
PMIPv6 State..................................... Unavailable
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
--More-- or (q)uit
Encryption Cipher................................ CCMP (AES)
Management Frame Protection...................... No
EAP Type......................................... PEAP
Interface........................................ zone5dynint743
VLAN............................................. 743
Quarantine VLAN.................................. 0
Access VLAN...................................... 743
Controller2
(Controller2) >show client detail 00:24:D7:37:B7:48
Client MAC Address............................... 00:24:d7:37:b7:48
Client Username .................................**************deleted
AP MAC Address................................... 00:23:eb:81:ec:20
AP Name.......................................... AP2
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
Hotspot (802.11u)................................ Not Supported
BSSID............................................ 00:23:eb:81:ec:20
Connected For ................................... 212 secs
Channel.......................................... 11
IP Address....................................... 172.17.137.241
Gateway Address.................................. Unknown
Netmask.......................................... Unknown
Association Id................................... 10
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Client CCX version............................... 4
Client E2E version............................... 1
Re-Authentication Timeout........................ 1584
QoS Level........................................ Silver
--More-- or (q)uit
802.1P Priority Tag.............................. disabled
CTS Security Group Tag........................... Not Applicable
KTS CAC Capability............................... No
WMM Support...................................... Enabled
APSD ACs....................................... BK BE VI VO
Power Save....................................... ON
Current Rate..................................... m15
Supported Rates.................................. 18.0,24.0,36.0,48.0,54.0
Mobility State................................... Foreign
Mobility Anchor IP Address....................... 172.17.12.14
Mobility Move Count.............................. 3
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
Audit Session ID................................. ac110c05008392c65257ede8
IPv4 ACL Name.................................... none
IPv4 ACL Applied Status.......................... Unavailable
IPv6 ACL Name.................................... none
IPv6 ACL Applied Status.......................... Unavailable
Client Type...................................... SimpleIP
PMIPv6 State..................................... Unavailable
Policy Type...................................... WPA2
Authentication Key Management.................... 802.1x
--More-- or (q)uit
Encryption Cipher................................ CCMP (AES)
Management Frame Protection...................... No
EAP Type......................................... PEAP
Interface........................................ zone1dynint732
VLAN............................................. 732
Quarantine VLAN.................................. 0
Access VLAN...................................... 743
10-11-2013 09:25 AM
The interfaces are different on each WLC;
"zone1dynint732" and "zone1dynint743"
So the WLC is dumping your Client in to a new VLAN when you roam and the Client doesn't realise; I bet if you do a DHCP Release / Renew, it starts working again?
You need to fix the problem though, as you shouldn't be moving to a new VLAN when you roam. Have you confirmed that the WLANs are configured identically on both WLCs? And that both WLCs definitely have the VLANs / Subnets / Dynamic Interfaces all defined correctly?
10-15-2013 07:37 AM
I did a dhcp renew after the roam and I get successful DHCP renewal for the original IP.
10-11-2013 02:52 PM
As per the above ouptput, it appears mobility is working as normally. Still you cannot go to the network when roamed, there should be some configuration mistake somewhere. Pls provide this output in both controllers to have a quick look
show interface summary
show mobility summary
show wlan
HTH
Rasika
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide