Anchor Eiop tunnel problem 5.2

Unanswered Question
Feb 24th, 2009
User Badges:


were using two dmz WLCs for "guest-Access" - one is designated for an Hotspot and one for a direct dmz access. The internal wlc uses the management-interface as interface in the wlan-config and the internal wlc has all accesspoints directly connected and have the same configuration as the dmz wlcs and both ssids are active. Between the inside and outside wlcs we have differend subnets routers and also checkpoint firewall clusters - but no NAT. All Wlcs are in the same mobility group.

The problem is, that under some condition the mobility feature hangs up ! The internal WLC authenticates the client and give him full access (including IP) but the client can not ping or connect to any device behind the eiop tunnel.(in the DMZ) That problem occurs to both DMZ WLCs. On the wcs i can see that there was a short interrupt of the ancor-tunnels but the alarm disappears. While the client can't forward any traffic a debug mobility or an mobility ping works fine and shows no problems (a lot of keepalives from all wlcs)! The only way to get the tunnel working for traffic-forwarding is to reboot the external wlcs in the DMZ. Rebooting the internal won't help!

Do you have any information or suggestion what can causes that kind of problem ? Is there any debug command wehere i can detect the problem ?

Thanks, Dennis

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dennischolmes Tue, 02/24/2009 - 04:05
User Badges:
  • Gold, 750 points or more

I am just wanting to verify that all controllers are on the same version of code. A mismatch between an older 5.1 controller or before my result in a problem establishing the tunnel because of the 2 different protocols being used to talk between the AP and the controllers. 5.1 and before is LWAPP 5.2 and later is CAPWAP I believe.

dneckermann Tue, 02/24/2009 - 04:39
User Badges:


the tunnel between the wlcs are Eoip for the anchor feature. But all wlcs running 5.2 in the mobility group.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode