cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4927
Views
0
Helpful
20
Replies

Mobility Anchor/Foreign WLC code versions

Josh Morris
Level 6
Level 6

I am trying to setup a mobility anchor (5500 version: 7.2.111.3). I need this version as to support the Bonjour gateway.

The foreign WLC is a WiSM-1 (version: 7.0.220.0).

I have control/data path up. I am able to ping through it. I am, however, getting invalid mobility packets to the foreign WLC from the Anchor.

Do the code versions have to be identical for a mobility anchor? I do not plan on perofrming any AP roaming to the anchor.

Thanks.

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

They don't need to be on the same code as I have a mixed environment of some of my client installs. You are allowing bonjour on the DMZ? So the bonjour gateway need to have an interface also in the subnet in order for mDNS to work.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

20 Replies 20

Scott Fella
Hall of Fame
Hall of Fame

They don't need to be on the same code as I have a mixed environment of some of my client installs. You are allowing bonjour on the DMZ? So the bonjour gateway need to have an interface also in the subnet in order for mDNS to work.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

I'm assuming that the VIP and the mobility groups are setup correct.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Josh Morris
Level 6
Level 6

I ended up changing the code on the Mobility ANchor to 7.0.220.0 so they would match. That seemed to stop the invalid packet errors I was seeing, but I still can't get a host to connect. I have confirmed the WLAN settings are the same.

Mobility Anchor:

Cisco Controller) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... PNet
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0xf2fc
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast IP     Status
00:1a:6c:20:51:60  10.140.0.23      xxxxxx-m                          0.0.0.0          Up
68:ef:bd:93:bd:00  10.241.15.5      PNet                                  0.0.0.0          Up

Foreign controller:

Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... stjude-m
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x6d68
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 9
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast IP     Status
00:1a:6c:20:48:40  10.140.0.21      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:20:51:60  10.140.0.23      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:20:59:e0  10.140.0.25      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:20:60:40  10.140.0.27      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:22:79:e0  10.140.0.22      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:22:83:00  10.140.0.24      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:22:8b:80  10.140.0.26      xxxxxx-m                          0.0.0.0          Up
00:1a:6c:22:91:e0  10.140.0.28      xxxxxx-m                          0.0.0.0          Up
68:ef:bd:93:bd:00  10.241.15.5      PNet                                  0.0.0.0          Up

SO I finally got it working. I removed all my config and re-added it. It is working now. I am still having some issues getting clients to go to a multicast mac gateway, but I'll work through that too. Thanks!

I don't think that multicast is supported through anchoring. It is supported when APs are in local mode and the bonjour gateway has an IP address assigned to each subnet that requires multicast.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Thats what I was worried about. Let me clarify please...

The mobility anchor sits on a firewall switch and has it's own DMZ. The client subnet points to a default gateway of 10.241.0.10. This address is actually a VIP between three firewalls. The local switch is using a multicast mac entry to forward traffic directed to that particular multicast mac to the proper ports.

So really, when a client connects to this WLAN, are they still going through the mobility anchor to get to the destination (in the EoIP tunnel) or are they bypassing the tunnel after authentication and going directly to their destination?

Scott Fella
Hall of Fame
Hall of Fame

All traffics goes through the tunnel.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

So a client who is associated on the Mobility Anchor basically use the WLC configured interface to perform all network functions? (arp lookup, traffic forwarding, etc.)

So a client is associated to a foreign WLC and them tunneled to the anchor WLC. The interface you put the traffic on is the interface that does that.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Josh Morris
Level 6
Level 6

Ok so I am still having issues. I downgraded the Anchor to the same code as the foreign controllers (7.0.220) and had it working (with L3 web policy/authentication). The issue then was that I could not get MAC filtering (on failure) to work. I read that this was a bug in 7.0 versions. So I upgraded the Anchor back to 7.2.113 and left the Foreign on 7.0.220. I removed all config and rebuilt it fresh. I can get a client connected and surfing the web if I use no L2/L3 Security. As soon as I turn on L3 Web Policy (Authentication to LDAP) I can get the client connected, but the auth page never loads. I have matched the L2/L3 policy on the Anchor and Foreign controllers. I also tried the L3 web policy as Passthrough, and was able to connect, but the psasthrough page never loads. It just hangs and the Anchor shows me as Associated but noth Authenticated. Any ideas?

Josh,

When the client is connected. On the anchor do you see the client in the anchor controller and if so what PEM state is it in ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I do see the client on the Anchor. It is in WEBAUTH_REQD. I get no webauth page on the client though. I have tried a  Windows laptop, an iPhone, and Android phone.

Review Cisco Networking for a $25 gift card