WLC2x06 auto-anchor to 4400 appears to fail

g.sperryn · ‎05-27-2007

Hi, has anyone seen this problem, or is this a bug:

Auto-anchor is configured for guest mobility and has been working fine on a number of 4400 controllers in a mobility group. Guests get auto-anchored to a 4400 with access to the guest DMZ

we have now introduced both 2006 and 2106 controllers into the mobility group, however clients are net getting DHCP when coming through these controllers.

debugs show an apparent disinterest on the part of the 4400 to respond to mobility anchor requests from the 2x06, and mobility statistics report increase in 'ignored' requests

mobility debug on 4400 for unsuccessful request from 2106:

Wed May 23 15:31:34 2007: Mobility packet received from:

Wed May 23 15:31:34 2007: 192.168.156.2, port 16666, Switch IP: 192.168.156.2

Wed May 23 15:31:34 2007: type: 3(MobileAnnounce) subtype: 0 version: 1 xid: 200 seq: 200 len 120

Wed May 23 15:31:34 2007: group id: dedbb34b 687b56c2 633f1d4d 73ed6709

Wed May 23 15:31:34 2007: mobile MAC: 00:19:d2:d5:eb:39, IP: 0.0.0.0, instance: 0

Wed May 23 15:31:34 2007: VLAN IP: 192.168.156.2, netmask: 255.255.255.0

Wed May 23 15:31:35 2007: Mobility packet received from:

Wed May 23 15:31:35 2007: 192.168.156.2, port 16666, Switch IP: 192.168.156.2

Wed May 23 15:31:35 2007: type: 3(MobileAnnounce) subtype: 0 version: 1 xid: 200 seq: 200 len 120

Wed May 23 15:31:35 2007: group id: dedbb34b 687b56c2 633f1d4d 73ed6709

Wed May 23 15:31:35 2007: mobile MAC: 00:19:d2:d5:eb:39, IP: 0.0.0.0, instance: 0

Wed May 23 15:31:35 2007: VLAN IP: 192.168.156.2, netmask: 255.255.255.0

Wed May 23 15:31:36 2007: Mobility packet received from:

Wed May 23 15:31:36 2007: 192.168.156.2, port 16666, Switch IP: 192.168.156.2

Wed May 23 15:31:36 2007: type: 16(MobileAnchorExport) subtype: 0 version: 1 xid: 201 seq: 201 len 244

Wed May 23 15:31:36 2007: group id: dedbb34b 687b56c2 633f1d4d 73ed6709

Wed May 23 15:31:36 2007: mobile MAC: 00:19:d2:d5:eb:39, IP: 0.0.0.0, instance: 0

Wed May 23 15:31:36 2007: VLAN IP: 192.168.156.2, netmask: 255.255.255.0

Wed May 23 15:31:36 2007: Received Anchor Export request: 00:19:d2:d5:eb:39

from Switch IP: 192.168.156.2

Mobility debug on 4400 with successful request/resonse from another controller:

Wed May 23 15:31:41 2007: Mobility packet received from:

Wed May 23 15:31:41 2007: 192.168.160.13, port 16666, Switch IP: 192.168.160.13

Wed May 23 15:31:41 2007: type: 16(MobileAnchorExport) subtype: 0 version: 1 xid: 243028 seq: 29509 len 244

Wed May 23 15:31:41 2007: group id: dedbb34b 687b56c2 633f1d4d 73ed6709

Wed May 23 15:31:41 2007: mobile MAC: 00:12:f0:82:57:00, IP: 0.0.0.0, instance: 0

Wed May 23 15:31:41 2007: VLAN IP: 192.168.160.13, netmask: 255.255.255.0

Wed May 23 15:31:41 2007: Received Anchor Export request: 00:12:f0:82:57:00

from Switch IP: 192.168.160.13

Wed May 23 15:31:41 2007: Received Anchor Export policy update, valid mask 0x0:

Qos Level: 3, DSCP: 0, dot1p: 0 Interface Name: , ACL Name:

Wed May 23 15:31:41 2007: Mobility packet sent to:

Wed May 23 15:31:41 2007: 192.168.160.13, port 16666, Switch IP: 192.168.160.12

Wed May 23 15:31:41 2007: type: 17(MobileAnchorExportAck) subtype: 0 version: 1 xid: 243028 seq: 40918 len 272

Wed May 23 15:31:41 2007: group id: dedbb34b 687b56c2 633f1d4d 73ed6709

Wed May 23 15:31:41 2007: mobile MAC: 00:12:f0:82:57:00, IP: 192.168.191.16, instance: 1

Wed May 23 15:31:41 2007: VLAN IP: 192.168.191.2, netmask: 255.255.255.192

Wed May 23 15:31:41 2007: 00:12:f0:82:57:00 192.168.191.16 WEBAUTH_REQD (8) Plumbing duplex mobility tunnel to 192.168.160.13

as Export Anchor (VLAN 191)

all help appreciated!

Graeme

htarra · ‎06-04-2007

Guest tunneling provides additional security for guest-user access to the corporate wireless network. Refer URL

http://cisco.com/en/US/products/ps6308/products_qanda_item09186a008082c464.shtml

g.sperryn · ‎06-08-2007

Thanks for that, however: the configuration works fine on the 4400, but appears not to work on the 2x06

axfood · ‎07-10-2007

Hello

I don?t think the 20x6 controller support that.

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn40216.html#wp44028

These software features are not supported on 2000 and 2100 series controllers:

?Termination of guest controller tunnels (origination of guest controller tunnels is supported)

g.sperryn · ‎07-10-2007

Hi

Sure the 2106 doesn't support that. We are terminating the Anchor on a 4400.

Graeme

Steven van Jaarsveld · ‎07-10-2007

Hi Graeme

One requirement for the Mobility Group Auto Anchor feature is that ALL controllers must run the same version of code to work efficiently.

My suggestion here is to check the code versions on the 2006 and 2106 controllers and ensure that the 4400 is added as a Mobility peer which seems to be from your debug.

I have added various 2006 controllers to a setup like this and all work fine.

Regards

Steven

g.sperryn · ‎07-10-2007

Thanks Steven

All were running the same code.

I just wanted to see if anyone was running the same setup with it working - which you are so that helps a lot!

which ver are you running?

kind regards

Graeme

Steven van Jaarsveld · ‎07-10-2007

I am running version 4.1.171.0 on the WLAN Controllers and version 4.1.83.0 on the Wireless Control System.

g.sperryn · ‎07-10-2007

thanks

g.sperryn · ‎07-10-2007

would it possible to send a config of the anchor 4400 and one 2106, security stuff removed obviously

Graeme