Mobility Group

benolyndav · ‎01-29-2021

Hi

If I enable encryption on a new Mobility group im about to create will it reboot the WLC,? we already have a mobility group which does not use encryption.

wlc 8540

code 8.10

Thanks

Jegan Rajappa · ‎01-29-2021

Enabling/Disabling new mobility in aireOS will reboot the WLAN controller, enabling/disabling Data Encryption with mobility peer doesn't reboot the WLAN controller.

Scott Fella · ‎01-29-2021

Are you asking about "Enable New Mobility(Converged Access)" or adding or modifying a new/existing group? Adding or modifying will not need a reboot. Also, the controller will prompt you to reboot if a reboot is needed, it will not reboot on its own. This is for any configuration change.

-Scott
*** Please rate helpful posts ***

Jegan Rajappa · ‎01-29-2021

Enabling new mobility (Converged access) would reboot the controller on its own Scott, I have 500+ aireOS controllers in my environment which is using new mobility, I cannot use EOIP tunnel in those because EOIP protocol is not supported by Meraki security Gateway, so I am using new mobility to form mobility tunnel between foreign and anchor WLAN controllers.

Scott Fella · ‎01-29-2021

New mobility is when you have converged access and need to create a mobility between AireOS and Converged access. If its between AireOS controllers, you should not use new mobility. I don't know many folks who still use Converged Access.

-Scott
*** Please rate helpful posts ***

Jegan Rajappa · ‎01-29-2021

You are correct Scott, In my case I have foreign and anchor WLAN controller in each branch office, Meraki security appliance in middle, as Meraki doesn't support EOIP tunnel, the only way to form mobility tunnel is with new mobility.

Here is the summary from Meraki TAC case

#########################
Name of Customer:
- XXX

What is the problem:
- Unable to pass EoIP traffic
○ Test clients (both WLAN clients)
§ Source: X.X.X.X
§ Destination: X.X.X.X

What actions were taken?
- ICMP and Mping works but epings do not
- This is expected behavior.
○ Currently the MX can only rewrite TCP, UDP and ICMP traffic when in NAT mode. The IP protocol 97 would have to be encapsulated in TCP or UDP to be routed.
§ To summarize, EoIP is not supported on the MX
○ This is a hardware limitation and would be a feature request.

What are the next steps and why?
- Case closed

##################

benolyndav · ‎01-30-2021

Hi Scott

We presently have a Mobility group with our Foreign and Anchor WLC, Im looking at broadcasting a 3rd parties SSID and wondering if the best way would be to create another Mobility group bewteen our Foreign and the 3rd party Foreign WLC and map their SSID to the tunnel somehow. Is this the best way to do this ???

Thanks

Scott Fella · ‎01-31-2021

Cisco controllers can only form a mobility with another Cisco controller. Any other vendor equipment will not work. This goes for the opposite also, no vendors support another vendor equipment for wireless ap join or tunneling.

-Scott
*** Please rate helpful posts ***

benolyndav · ‎01-31-2021

Hi

When I say 3rd party I mean contractors who work at our site, we are going to broadcast their SSID so I am planning on creating a secure tunnel between our Cisco WLC and their Cisco WLC, is the best way to do this by creating a new tunnel withe their WLC and can I map their SSID to the new tunnel which sends the traffic down the tunnel to their radius server etc, also can this be added to our current mobility group or would it be better to create a new one for the sharing with Contractor company.??

thanks

Scott Fella · ‎01-31-2021

Okay... well it’s up to you and if you can both manage the ssid to be in sync. You can always create a new mobility member using a different mobility group name.

-Scott
*** Please rate helpful posts ***