Here are the output of show mobility summary.

The last WLC is the anchor.

WLC1

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up

WLC2

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up

WLC3

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 2

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up

WLCAnchor

(Cisco Controller) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Disabled

Symmetric Mobility Tunneling (after reboot) ..... Disabled

Mobility Protocol Port........................... 16666

Mobility Security Mode........................... Disabled

Default Mobility Domain.......................... mob1

Multicast Mode .................................. Disabled

Mobility Domain ID for 802.11r................... 0x392f

Mobility Keepalive Interval...................... 10

Mobility Keepalive Count......................... 3

Mobility Group Members Configured................ 4

Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group

MAC Address IP Address Group Name Multicast IP Sta

tus

00:23:04:7d:3e:e0 10.25.1.21 mob1 0.0.0.0 Up

00:23:04:7d:62:a0 10.20.1.22 mob1 0.0.0.0 Up

00:23:04:7d:73:20 10.20.1.21 mob1 0.0.0.0 Up

00:23:04:7d:79:80 10.20.2.21 mob1 0.0.0.0 Up

Okay.... well wlc 1, 2 & 3 should all be configured in each others mobility group. The wlan ssid used for guest on WLC 1, 2 & 3 needs to have mobility anchor configured with the WLCAnchor and on the WLCAnchor you need to configure the wlan guest ssid mobility anchor to itself.

Take a look at this doc:

http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html#wp1000477

Ok I made the changes.

Unfortunately the problem is still alive:

If I roam from a WLC to another I need to reauthenticate via WEB.

What am I doing incorrectly?

Can you post your config from the wlcanchor and also two of your wlc's in which you roamed from one to the other. Seems to be a configuration issues somewhere.

which is the command in CLI to show the whole configuration?

Do a show run-config not a show running-config.

And keep hitting the space bar... it will take a while.

Here are the configurations of two WLC and 1 anchor WLC.

I can't really find where I'm doing a mistake!

Thank you very much.

Johnny

Let me review the config and I will post my findings.

Thank you very, very, very much!

The problem is solved and everithing is ok.

I only would like to ask you my last question:

I upgraded the boot loader to the last version but I don't know what is the ER.

Here is the show version of my WLC, are all firmware up to date?

Thanks again and best regards

Johnny

System Information

Manufacturer's Name......Cisco Systems Inc.

Product Name........ Cisco Controller

Product Version........... 5.1.151.0

RTOS Version........... Linux-2.6.10_mvl401

Bootloader Version.......... 4.2.112.0

Build Type................... DATA + WPS

Glad I could help. It so much easier to look at the config so I'm glad you posted it. There is a 5.0.148.2 BOOT that is the ER, the 4.2.112 is the latest boot image out there. So what you can do is upload to the controller 5.0.148.2 BOOT just so you know you have everything up to date. This will not show up on the sysinfo though, so as long as it shows you that it successfully loaded, you are good.

Hi,

I have a new issues about web auth.

Now everithing is ok with roaming but now the problem is that randomly after 20 -30 minutes I loose authentication and I need to reauthenticate even if I didn't roam.

Do I Have to open a new topic for this issue?

Thanks and best regards

JOhnny