Solved: 7.4.121.0

Gunter · ‎09-11-2014

Hi,

I'm trying to configure L3 roaming between vWLC and 2500. I configure everything like it should be: the same SSID, same security, interfaces in different VLANs, mobility group established. When I associated client to the WLC1 and then removed it, client associated to the second WLC2 but his IP address changed. When I issue show client detail or show client summ on the WLC1 there is no information about my client but it should be with the information that he is marked as an Anchor.

I run mobility handoff debug - that's what I get from the WLC1 where I disconnected my client:

(Cisco Controller) >*emWeb: Sep 12 01:16:20.705: 18:3d:a2:8f:90:28 2 PMK-remove groupcast messages sent
*mmListen: Sep 12 01:16:21.946: Vlan List payload not found, ignoring ...

*mmListen: Sep 12 01:16:21.946: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:21.946: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found

*mmListen: Sep 12 01:16:22.856: Vlan List payload not found, ignoring ...

*mmListen: Sep 12 01:16:22.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:22.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found

*mmListen: Sep 12 01:16:23.856: Vlan List payload not found, ignoring ...

*mmListen: Sep 12 01:16:23.856: IP Address don't compare for client 18:3d:a2:8f:90:28 is 0
*mmListen: Sep 12 01:16:23.856: 18:3d:a2:8f:90:28 Ignoring Announce, client record for not found

and output from the same WLC when I now disconnected client form the WLC2:

(Cisco Controller) >*Dot1x_NW_MsgTask_0: Sep 12 01:18:57.705: 18:3d:a2:8f:90:28 Mobility query, PEM State: L2AUTHCOMPLETE

*mmMobility: Sep 12 01:18:58.723: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0

*mmMobility: Sep 12 01:18:59.743: 00:00:00:00:00:00 Mobility packet retry: Peer IP: Groupcast, Anchor IP: 0.0.0.0

*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 Mobile Announce Mip not present

*apfReceiveTask: Sep 12 01:19:00.763: 18:3d:a2:8f:90:28 0.0.0.0 DHCP_REQD (7) mobility role update request from Unassociated to Local
Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.10.40.2
*apfReceiveTask: Sep 12 01:19:00.764: 18:3d:a2:8f:90:28 Mobility Response: IP 0.0.0.0 code Handoff (1), reason Handoff request timed out (7), PEM State RUN, Role Local(1)

Can anyone help me understand where the problem is? I'm also tried the same between two vWLC - the same issue

Regards

Gunter

Rasika Nayanajith · ‎09-19-2014

Hi Gunter,

This may be the issue. Check wether both WLC configured with same virtual IP

*mmListen: Sep 19 21:34:01.428: Handoff Virtual IP Mismatch, Local = 1010101, Request = 101c801
    **** Handoff Request Ignored

HTH

Rasika

**** Pls rate all useful responses ****

View solution in original post

Stephen Rodriguez · ‎09-12-2014

Note These are the guidelines and limitations for this feature:

• Multicast on overridden interfaces is not supported.

• This feature is available only on a per-WLAN basis, where the WLAN is locally switched.

• IPv6 ACLs, CAC, NAC, and IPv6 are not supported.

• IPv4 ACLs are supported only with VLAN-based central switching enabled and applicable only

to central switching clients on the WLAN.

• This feature is applicable to APs in FlexConnect mode in locally switched WLANs.

• This feature is not applicable to APs in Local mode.

• This feature is not supported on APs in FlexConnect mode in centrally switched WLANs.

• This feature is supported on central authentication only.

• This features is not supported on web authentication security clients.

• Layer 3 roaming for local switching clients is not supported.

From here:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-3/configuration/guide/b_cg73/b_wlc-cg_chapter_01110.pdf

--

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Gunter · ‎09-13-2014

Hi Steve,

thx for your replay but to be honest I'm lost :)

you sent me some points describing "Select or unselect the VLAN based Central Switching check box to enable or disable central switching on a locally switched WLAN based on AAA overridden VLAN" from the link you provide.

How this is related with my problem? I don't want to use "Vlan based Central Switching" but normal Intercontroller Roaming.

If any one know why this is not working? Maybe vWLC have some limitation for L3 Roaming?

patrick.kofler · ‎09-15-2014

Hi,

what code are you running on both Platforms (vWLC and 2500)?

Regards,

Patrick

Gunter · ‎09-15-2014

7.4.121.0

Gunter · ‎09-18-2014

Today I used 2x 2500 WLC. I've created mobility groups between them, configured two the same SSID on each but with interface in different Vlan.

Unfortunately situation is the same, when I remove my client from WLC1 he connect to the WLC2 and change IP address. in a "sh client summary" or in "sh client detail (MAC)" no information about foreign and anchor controller.

Any idea what can be wrong?

Rasika Nayanajith · ‎09-18-2014

Hi Gunter,

when I remove my client from WLC1 he connect to the WLC2 and change IP address.

What do you mean by this ? How do you simulate roaming ?

Rasika

Gunter · ‎09-19-2014

Exactly in the same way like you did in your L2/L3 Roaming post on your blog. I click on the associated client MAC address and click on remove button.

Rasika Nayanajith · ‎09-19-2014

Hi Gunter,

Without doing that can you reduce the power level of AP (if it is lab setup) & move your supplicant to do a real roaming.

Sometime when you remove client forcefully it may be a new association to the other AP.

See what happen in that scenario. Take "debug client <client_mac>" output in both controllers & attached that to your next response.

HTH

Rasika

**** Pls rate all useful responses ****

Gunter · ‎09-19-2014

OK, so I did this. I migrate my test PC between APs and make it to roaming without any client remove from GUI.

In attachment 4 files:

- from WLC-LAB1 - one file with "debug client MAC" and the second with "debug mobility handoff enable"

- the same for WLC-LAB20

I hope this clarify what or where the problem is?

Regards

Gunter

Rasika Nayanajith · ‎09-19-2014

Hi Gunter,

This may be the issue. Check wether both WLC configured with same virtual IP

*mmListen: Sep 19 21:34:01.428: Handoff Virtual IP Mismatch, Local = 1010101, Request = 101c801
    **** Handoff Request Ignored

HTH

Rasika

**** Pls rate all useful responses ****

Gunter · ‎09-19-2014

Exactly :) that's the correct answer.

Gunter

Gunter · ‎09-19-2014

Rasik, thx to your debug I noticed that the problem is related with the IP address on the virtual interfaces. On the WLC-LAB1 I had 1.1.1.1 and on the WLC-LAB20 I had 1.1.200.1. When I change WLC-LAB20 virtual interfaces to 1.1.1.1 I get what I'm looking for - L3 roaming :)

My last question, how should I set virtual interface IP address? Always to 1.1.1.1 on all WLCs?

Regards

Gunter

Rasika Nayanajith · ‎09-19-2014

Yes, you should set same virtual IP address in all your controllers for roaming to work. (even Branch /HQ scenarios as well if you want to do guest tunneling even though no real roaming)

1.1.1.1 is recommended IP in the past, since it is routable IP now, Cisco recommend to use 192.0.2.1 as virtual IP on your WLC.

HTH

Rasika

**** Pls rate all useful responses ****

L3 Roaming - vWLC - why it's not working?