cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
666
Views
0
Helpful
4
Replies
Highlighted
Beginner

Mobility Control And Data Plan Down (C9800)

Hi,

Currently have a couple of C9800 controllers in a LAB environment for a POC. They both at this time connect to the same switch but on different subnet's so no firewall to consider.

 

Each WLC can ping each other, yet I am struggling to bring up the mobility tunnel.

 

Here is controller 1 details:

 

WLC01.png

WLC02.png

And the same for the other controller:

 

WLC03.png

WLC04.png

Have been following this guide:

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213913-building-mobility-tunnels-on-catalyst-98.html

 

That last screenshot in comparison to the other controller is missing the first line. This was there and still didn't work, think it disappeared after a reboot - so thinking it has nothing to do with issue.

 

Have additionally tried creating a new mobility group (as per URL) and put different MAC on each controller and pointed the peer to that MAC and WLC IP.

 

I couldn't find any specific debug command that I could use on these controllers, or any detail in the log as to what the problem might be.

 

Could be a config issue, hence throwing it out their.

 

Appreciate any assistance in advance.

 

Thanks

4 REPLIES 4
Highlighted
Hall of Fame Master

You shouldn’t have to change the MAC address for one. Since it’s in the lab, why don’t you put it on the same subnet and test that scenario first. If you get that working then you at least know that the configuration is good. Then move it to the other subnet and test again. I have mine with mobility to other 9800’s and AireOS controllers on different subnets and it’s working. I’m just testing also.
-Scott
*** Please rate helpful posts ***
Highlighted

Thanks for posting a reply.

 

I tried putting them on the same network, but made no difference.

 

Run a compare on the configs and noticed quite a bit of difference on one of them, looks like the startup wizard didn't complete properly.

I deleted the WLC and built a new one, and since there seems to be some success.

I see messages display desperately that the data and then the control path was up.

Oddly when I run the 'show wireless mobility summery' its showing the Control Path Down.

 

So almost there, just not sure why the control path is showing down now.

 

Anymore ideas, show commands, debug commands I could use to diagnose the issue?

 

Many thanks

Highlighted

Notice on the other controller the following error:
%DTLS_TRACE)MSG-3-EWC_DTLS_ERR: Chasis 1 R0/0: mobilityd: DTLS Error, session:192.168.0.222[16666], Certificate validation failed

Cert verify Error, SCC validation failure, Reason: certificate is not yet valid.

Guess that is the reason for the control path being down but not sure how to correct. Will keep digging.

Thanks
Highlighted
Hall of Fame Master

Make sure the time is correct either using NTP or manually setting the time. Also make sure you have your trustpoint added. This is required for all CL controllers.
-Scott
*** Please rate helpful posts ***