09-11-2014 04:25 PM - edited 07-05-2021 01:30 AM
Hi,
I'm trying to configure L3 roaming between vWLC and 2500. I configure everything like it should be: the same SSID, same security, interfaces in different VLANs, mobility group established. When I associated client to the WLC1 and then removed it, client associated to the second WLC2 but his IP address changed. When I issue show client detail or show client summ on the WLC1 there is no information about my client but it should be with the information that he is marked as an Anchor.
I run mobility handoff debug - that's what I get from the WLC1 where I disconnected my client:
(Cisco Controller) >*emWeb: Sep 12 01:16:20.705: 18:3d:a2:8f:90:28 2 PMK-remove groupcast messages sent
*mmListen: Sep 12 01:16:21.946: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:21.946: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:21.946: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
*mmListen: Sep 12 01:16:22.856: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:22.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:22.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
*mmListen: Sep 12 01:16:23.856: Vlan List payload not found, ignoring ...
*mmListen: Sep 12 01:16:23.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:23.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found
and output from the same WLC when I now disconnected client form the WLC2:
(Cisco Controller) >*Dot1x_NW_MsgTask_0: Sep 12 01:18:57.705: 18:3d:a2:8f:90:28 Mobility query, PEM State: L2AUTHCOMPLETE
*mmMobility: Sep 12 01:18:58.723: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0
*mmMobility: Sep 12 01:18:59.743: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0
*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 Mobile Announce Mip not present
*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.10.40.2
*apfReceiveTask: Sep 12 01:19:00.764: 18:3d:a2:8f:90:28 Mobility Response: IP 0.0.0.0 code Handoff (1), reason Handoff request timed out (7), PEM State RUN, Role Local(1)
Can anyone help me understand where the problem is? I'm also tried the same between two vWLC - the same issue
Regards
Gunter
Solved! Go to Solution.
09-19-2014 01:06 PM
Hi Gunter,
This may be the issue. Check wether both WLC configured with same virtual IP
*mmListen: Sep 19 21:34:01.428: Handoff Virtual IP Mismatch, Local = 1010101, Request = 101c801 **** Handoff Request Ignored
HTH
Rasika
**** Pls rate all useful responses ****
09-12-2014 07:07 AM
Note These are the guidelines and limitations for this feature:
• Multicast on overridden interfaces is not supported.
• This feature is available only on a per-WLAN basis, where the WLAN is locally switched.
• IPv6 ACLs, CAC, NAC, and IPv6 are not supported.
• IPv4 ACLs are supported only with VLAN-based central switching enabled and applicable only
to central switching clients on the WLAN.
• This feature is applicable to APs in FlexConnect mode in locally switched WLANs.
• This feature is not applicable to APs in Local mode.
• This feature is not supported on APs in FlexConnect mode in centrally switched WLANs.
• This feature is supported on central authentication only.
• This features is not supported on web authentication security clients.
• Layer 3 roaming for local switching clients is not supported.
From here:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-3/configuration/guide/b_cg73/b_wlc-cg_chapter_01110.pdf
--
HTH,
Steve
09-13-2014 03:11 PM
Hi Steve,
thx for your replay but to be honest I'm lost :)
you sent me some points describing "Select or unselect the VLAN based Central Switching check box to enable or disable central switching on a locally switched WLAN based on AAA overridden VLAN" from the link you provide.
How this is related with my problem? I don't want to use "Vlan based Central Switching" but normal Intercontroller Roaming.
If any one know why this is not working? Maybe vWLC have some limitation for L3 Roaming?
09-15-2014 12:18 AM
Hi,
what code are you running on both Platforms (vWLC and 2500)?
Regards,
Patrick
09-15-2014 01:58 PM
7.4.121.0
09-18-2014 03:37 PM
Today I used 2x 2500 WLC. I've created mobility groups between them, configured two the same SSID on each but with interface in different Vlan.
Unfortunately situation is the same, when I remove my client from WLC1 he connect to the WLC2 and change IP address. in a "sh client summary" or in "sh client detail (MAC)" no information about foreign and anchor controller.
Any idea what can be wrong?
09-18-2014 08:50 PM
Hi Gunter,
What do you mean by this ? How do you simulate roaming ?
Rasika
09-19-2014 03:13 AM
Exactly in the same way like you did in your L2/L3 Roaming post on your blog. I click on the associated client MAC address and click on remove button.
09-19-2014 04:05 AM
Hi Gunter,
Without doing that can you reduce the power level of AP (if it is lab setup) & move your supplicant to do a real roaming.
Sometime when you remove client forcefully it may be a new association to the other AP.
See what happen in that scenario. Take "debug client <client_mac>" output in both controllers & attached that to your next response.
HTH
Rasika
**** Pls rate all useful responses ****
09-19-2014 12:43 PM
OK, so I did this. I migrate my test PC between APs and make it to roaming without any client remove from GUI.
In attachment 4 files:
- from WLC-LAB1 - one file with "debug client MAC" and the second with "debug mobility handoff enable"
- the same for WLC-LAB20
I hope this clarify what or where the problem is?
Regards
Gunter
09-19-2014 01:06 PM
Hi Gunter,
This may be the issue. Check wether both WLC configured with same virtual IP
*mmListen: Sep 19 21:34:01.428: Handoff Virtual IP Mismatch, Local = 1010101, Request = 101c801 **** Handoff Request Ignored
HTH
Rasika
**** Pls rate all useful responses ****
09-19-2014 01:36 PM
Exactly :) that's the correct answer.
Gunter
09-19-2014 01:33 PM
Rasik, thx to your debug I noticed that the problem is related with the IP address on the virtual interfaces. On the WLC-LAB1 I had 1.1.1.1 and on the WLC-LAB20 I had 1.1.200.1. When I change WLC-LAB20 virtual interfaces to 1.1.1.1 I get what I'm looking for - L3 roaming :)
My last question, how should I set virtual interface IP address? Always to 1.1.1.1 on all WLCs?
Regards
Gunter
09-19-2014 01:43 PM
Yes, you should set same virtual IP address in all your controllers for roaming to work. (even Branch /HQ scenarios as well if you want to do guest tunneling even though no real roaming)
1.1.1.1 is recommended IP in the past, since it is routable IP now, Cisco recommend to use 192.0.2.1 as virtual IP on your WLC.
HTH
Rasika
**** Pls rate all useful responses ****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide