08-12-2015 02:33 AM - edited 07-05-2021 03:43 AM
Hi,
We are trying to set up a Wired Guest Access solution based on the infrastructure:
There is a Switch Peer Group (SPG) on the MC for the sup8/c3850 and the link between MA/MC and between SPG members is up, so no problems there at this moment.
The issue is that we cannot establish the tunnel for the Wired Guest Access, from the MA to the anchor, we keep on receiving these messages on the MA:
Aug 12 08:00:42.463: epm_spi_client_tunnel_add:server Aug 12 08:00:42.463: Sending tunnel add request to WCM for server_handle 3100004B, server_rh 7A000053, mac 0023.ebc8.92d6, audit_ses_id 0A8320080000101DD2318554, profile name TUNNEL-CAPWAP, src intf 0x101A4000000015A, client iif id 0x100E080000002D9, client hdl 74000010 Aug 12 08:00:42.463: EPM_SESS_EVENT: Feature (EPM Tunnel Feature PLUG-IN) identity has been updated (status 1) Aug 12 08:00:42.464: spi_epm_wired_tunnel_wcm_epm_response_handler Aug 12 08:00:42.464: tunnel add failed Aug 12 08:00:42.464: EPM_SESS_EVENT: Feature (EPM Tunnel Feature PLUG-IN) Status (2) Notified Aug 12 08:00:42.464: EPM_SESS_EVENT: Failed feature attrs provided for EPM Tunnel Feature PLUG-IN
Software versions:
Relevant config on sup8
wireless mobility controller ip <CT-5508 MC IP> public-ip <CT-5508 MC IP> ! guest-lan WIRED-GUEST 1 shutdown client vlan 10 mobility anchor <CT-5508 anchor IP> no security web-auth no shutdown ! service-template GUEST-TUNNEL tunnel type capwap name TUNNEL-CAPWAP ! policy-map type control subscriber TUNNELLED-GUEST event session-started match-all 1 class DOT1X-NO-RESP do-until-failure 1 activate service-template GUEST-TUNNEL ! vlan 10 name GUEST exit ! access-session tunnel vlan 10 ! interface GigabitEthernet2/1 description *** Phone + Laptop switchport access vlan 5 switchport mode access switchport nonegotiate switchport voice vlan 6 access-session host-mode multi-domain access-session port-control auto dot1x pae authenticator dot1x timeout tx-period 6 dot1x timeout supp-timeout 6 spanning-tree portfast service-policy type control subscriber TUNNELLED-GUEST
Relevant config on CT-5508 MC
Enable New Mobility(Converged Access) SPG and SPG members
Relevant config on CT-5508 Anchor
Enable New Mobility(Converged Access) Guest LAN WIRED-GUEST
Has anyone done this type of setup?
01-15-2016 06:57 AM
For documentation proposes, in case someone reaches here in the future, the problem is solved.
The name of the tunnel (bold underline below)
service-template GUEST-TUNNEL
tunnel type capwap name TUNNEL-CAPWAP
has to match the guest-lan name (bold underline below)
guest-lan WIRED-GUEST 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide