Solved: Problem with mobility group membership

Mattias Andersson · ‎01-11-2011

Hi,

I have two WLC´s called wlc-1 and wlc-2. There should be a default mobility group set up with the name test.

The WLC´s share a common vlan(50) and can ping each other.

My problem is that both controllers shows their neigbor as "Control Path Down", eping works, mping does not.

I have as far as I know followed this guide for setting it up: http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html

Some more relevant(?) configuration snippets, full configs are attached:

WLC-1:

-------------------

System Inventory
NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:50 APs"
PID: AIR-WLC4402-50-K9, VID: V02, SN: FOC1237F06D

Burned-in MAC Address............................ 00:23:04:7E:1D:00
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50

System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.0.206.0
Emergency Image Version.......................... 5.2.157.0
Build Type....................................... DATA + WPS

System Name...................................... WLC-1
System Location.................................. Nkp:H12:P2:DH12
System Contact................................... TFO N&K
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 192.168.128.16

....

Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... test
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x414b
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast IP     Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Up
00:25:84:20:6e:07 192.168.128.18   test                              0.0.0.0          Control Path Down
-------------------

WLC-2:

-------------------

System Inventory
NAME: "Chassis" , DESCR: "4400 Series WLAN Controller:50 APs"
PID: AIR-WLC4402-50-K9, VID: V03, SN: FOC1322F024

Burned-in MAC Address............................ 00:25:84:20:6E:00
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 50

System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.98.0
RTOS Version..................................... 7.0.98.0
Bootloader Version............................... 4.2.112.0
Emergency Image Version.......................... 5.2.157.0
Build Type....................................... DATA + WPS

System Name...................................... WLC-2
System Location.................................. Nkp:H12:P2:DH12
System Contact................................... TFO N&K
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 192.168.128.18

......

Mobility Configuration
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... test
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x414b
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 2
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast IP     Status
00:23:04:7e:1d:07 192.168.128.16   test                              0.0.0.0          Control Path Down
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Up

-------------------

The controllers have the right time, recieved from NTP.

The logs also contains a lot of messages like this one:

Jan 11 10:14:42 wlc-2 WLC-2: *mmListen: Jan 11 11:14:42.455: %MM-3-INVALID_PKT_RECVD: mm_listen.c:6691 Received an invalid packet from 192.168.128.16. Source member:0.0.0.0. source member unknown.

debug mobility keep-alive enable gives me output like this:

*mmMobility: Jan 11 13:26:21.589: EOIP Keepalive sent to: 192.168.128.18

*mmMobility: Jan 11 13:26:21.589: version : 02, opcode : ETHOIP_OP_REQ sequence no. 401857 peerStatus: 1
*mmMobility: Jan 11 13:26:21.590: UDP Keepalive sent to ::

*mmMobility: Jan 11 13:26:21.590: 192.168.128.18, port 16666

*mmMobility: Jan 11 13:26:21.590: type: 20(MobilityPingRequest) subtype: 0 version: 1 xid: 196445 seq: 65373 len 41 flags 0

*mmMobility: Jan 11 13:26:21.590: group id: a9587516 10bd44fa 7b6a9011 be329da

*mmMobility: Jan 11 13:26:21.590: Highest Mobility Version supported 2

*mmMobility: Jan 11 13:26:21.590: Mobility Member 192.168.128.18 detected DOWN status 2, cleaning up client entries

*ethoipSocketTask: Jan 11 13:26:21.591: EOIP Keepalive received from: 192.168.128.18

*ethoipSocketTask: Jan 11 13:26:21.591: version : 02, opcode : ETHOIP_OP_RESP sequence no. 401857 peerStatus: 0
*mmMobility: Jan 11 13:26:31.594: EOIP Keepalive sent to: 192.168.128.18

*mmMobility: Jan 11 13:26:31.594: version : 02, opcode : ETHOIP_OP_REQ sequence no. 401858 peerStatus: 1
*mmMobility: Jan 11 13:26:31.595: Mobility Member 192.168.128.18 detected DOWN status 2, cleaning up client entries

*ethoipSocketTask: Jan 11 13:26:31.595: EOIP Keepalive received from: 192.168.128.18

*ethoipSocketTask: Jan 11 13:26:31.595: version : 02, opcode : ETHOIP_OP_RESP sequence no. 401858 peerStatus: 0
*mmMobility: Jan 11 13:26:41.589: EOIP Keepalive sent to: 192.168.128.18

*mmMobility: Jan 11 13:26:41.589: version : 02, opcode : ETHOIP_OP_REQ sequence no. 401859 peerStatus: 1
*mmMobility: Jan 11 13:26:41.589: Mobility Member 192.168.128.18 detected DOWN status 2, cleaning up client entries

*ethoipSocketTask: Jan 11 13:26:41.590: EOIP Keepalive received from: 192.168.128.18

*ethoipSocketTask: Jan 11 13:26:41.590: version : 02, opcode : ETHOIP_OP_RESP sequence no. 401859 peerStatus: 0
*mmMobility: Jan 11 13:26:51.590: EOIP Keepalive sent to: 192.168.128.18

*mmMobility: Jan 11 13:26:51.590: version : 02, opcode : ETHOIP_OP_REQ sequence no. 401860 peerStatus: 1
*mmMobility: Jan 11 13:26:51.591: UDP Keepalive sent to ::

*mmMobility: Jan 11 13:26:51.591: 192.168.128.18, port 16666

*mmMobility: Jan 11 13:26:51.591: type: 20(MobilityPingRequest) subtype: 0 version: 1 xid: 196447 seq: 65375 len 41 flags 0

*mmMobility: Jan 11 13:26:51.591: group id: a9587516 10bd44fa 7b6a9011 be329da

*mmMobility: Jan 11 13:26:51.591: Highest Mobility Version supported 2

*mmMobility: Jan 11 13:26:51.592: Mobility Member 192.168.128.18 detected DOWN status 2, cleaning up client entries

*ethoipSocketTask: Jan 11 13:26:51.595: EOIP Keepalive received from: 192.168.128.18

*ethoipSocketTask: Jan 11 13:26:51.596: version : 02, opcode : ETHOIP_OP_RESP sequence no. 401860 peerStatus: 0
*mmMobility: Jan 11 13:27:01.589: EOIP Keepalive sent to: 192.168.128.18

I can't figure out what is wrong, please advice.

Best regards,

/Mattias

Federico Ziliotto · ‎01-11-2011

Hi Mattias,

It looks like you have wrong entries in the mobility configuration:

WLC-1
MAC = 00:23:04:7E:1D:00
IP = 192.168.128.16
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Up
00:25:84:20:6e:07 192.168.128.18   test                              0.0.0.0          Control Path Down

It should be
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Up
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Control Path Down

WLC-2
MAC = 00:25:84:20:6E:00
IP = 192.168.128.18
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:07 192.168.128.16   test                              0.0.0.0          Control Path Down
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Up

It should be
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Control Path Down
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Up

Hope this helps,

Fede

--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

View solution in original post

Federico Ziliotto · ‎01-11-2011

Hi Mattias,

It looks like you have wrong entries in the mobility configuration:

WLC-1
MAC = 00:23:04:7E:1D:00
IP = 192.168.128.16
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Up
00:25:84:20:6e:07 192.168.128.18   test                              0.0.0.0          Control Path Down

It should be
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Up
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Control Path Down

WLC-2
MAC = 00:25:84:20:6E:00
IP = 192.168.128.18
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:07 192.168.128.16   test                              0.0.0.0          Control Path Down
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Up

It should be
Controllers configured in the Mobility Group
MAC Address           IP Address           Group Name                Multicast IP   Status
00:23:04:7e:1d:00 192.168.128.16   test                              0.0.0.0          Control Path Down
00:25:84:20:6e:00 192.168.128.18   test                              0.0.0.0          Up

Hope this helps,

Fede

--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Mattias Andersson · ‎01-11-2011

You are so right about that Federico.

That seams so obviuos now when you pointed it out.

I just used the mac-adress given for the management interface on the other controller(think I read that somewhere?), which is not same as burned-in mac.

But I see the controller self is locally using the burned in mac, so that is probably the right one to use.

Changing this solved the issue.

Thanks alot, also really quick reply!

I appreciate it.

/Mattias

Federico Ziliotto · ‎01-11-2011

Thank you Mattias, glad this helped.

Feel free to ping us back in the future for any further help on your wireless setup.

Regards,

Fede

--

If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

chuckf · ‎09-30-2011

Hi Mattias,

So what steps did you have to do to get the correct mac address in the mobility group?

Thanks!!

Mattias Andersson · ‎10-02-2011

Hi Chuck,

What I did to set up the mobility group is following the guide:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html

What I initialy got wrong was the MAC-address for the mobility peer in each controller.

Each controller automatically sets itself up as one of the members in the group.

Have a look at the initial mobility group configuration on each controller. Then add that information(MAC/IP) in the neigbouring peer controller.

The MAC-address given for self is the WLCs burned in MAC-address, that is the one to use.

Best regards

/Mattias

wififofum · ‎10-07-2011

As a quick sanity check, all controllers Base MAC address should end with a zero (0).

Also beware of the WCS when establishing mobility memberships - there's a bug whereby it adds an incorrect last byte. It's convenient, but entering them via CLI is the way to do it.

Sent from Cisco Technical Support iPad App

Jim Thomas · ‎09-06-2012

Do you have to define the MAC address? I'm trying to get controllers with firewalls in between to talk (NAT is involved).

Thanks

Jim

Jim Thomas Cisco Security Course Director Global Knowledge CCIE Security #16674

alois.heilmaier · ‎04-30-2013

I still had the same problem. Cisco Prime Infrastructure 1.3 has still this Bug. PI will use the mac address of the management interface. So membership will not work. You have to manually add the member with the mac address shown in e.g. show mobility summary of each node.

Sent from Cisco Technical Support iPad App