Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anchor connection


Situation -

LAN controler                            WAN                             Firewall                                    Anchor controler

WLC5760                                    <->                             ASA5550               <->             AIR-CTVM-K9 (VM)

On ASA we allow port 16666 and protocol 97

however Coontrol and Data are down

on the FWL i can see proper connection over 16666 however on the FWL i can see message

ASA-4-313005 No matching connection from ICMP error message

connection seems to be from LAN controler to Anchor one

so source to ( type 3, code 2 ). Original IP payload <unknown> -

error seems to be raleted to protocol 97 but don't have a clue what to do with this so any help relly appreciated.

I have attached caputre of this error


interface Vlan100

description Wireless Management Vlan

ip address

( address is e8ed.f39b.acfd )

wireless management interface Vlan100

wireless mobility group name MOBILITY

wireless mobility group member ip ->

-> public-ip group MOBILITY

Mobility Controller Summary:

Mobility Role                                   : Mobility Controller

Mobility Protocol Port                          : 16666

Mobility Group Name                             : MOBILITY

Mobility Oracle                                 : Disabled

Mobility Oracle IP Address                      :

DTLS Mode                                       : Enabled

Mobility Domain ID for 802.11r                  : 0xf2c

Mobility Keepalive Interval                     : 10

Mobility Keepalive Count                        : 3

Mobility Control Message DSCP Value             : 0

Mobility Domain Member Count                    : 2

Link Status is Control Link Status : Data Link Status

Controllers configured in the Mobility Domain:

IP               Public IP        Group Name       Multicast IP     Link Status

-------------------------------------------------------------------------------     -                MOBILITY          UP   : UP     MOBILITY          DOWN : DOWN


(Cisco Controller) >show mobility anchor

Mobility Anchor Export List

WLAN ID     IP Address            Status

-------     ---------------       ------

1           Up

2           Up

2           Control and Data Path Down

Controllers configured in the Mobility Group

MAC Address        IP Address                                       Group Name                        Multicast IP                                     Status

00:0c:29:f3:e3:07                                     MOBILITY                                                      Up

e8:ed:f3:9b:ac:fd                                     MOBILITY                                                      Control and Data Path Down



  • Getting Started with Wireless
VIP Purple

Anchor connection

All new IOS based wrieless controllers (3850, 5760) only support CAPWAP for mobility tunnel, not EoIP. Therefore your anchor controller should support that.

As far as I know 7.3MR1 & 7.5 have this feature (called new mobility) where you can terminate capwap inter-controller mobility tunnels. Not sure whether vWLC support this feature.



**** Pls rate all useful responses ****

New Member

Re: Anchor connection

According to QA about 5760

Q. In centralized mode with Cisco 5760 WLC or converged access mode, can I support guest anchor functionality?

A. Yes. You can point a Cisco 5760 WLC operating as a mobility controller  to a Cisco 5760 WLC or Cisco 5508 WLC operating as a guest anchor  controller.

Can someone from Cisco provide any info about this ?

VIP Purple

Re: Anchor connection

Yes, the above is true, which states a 5760 can do a Guest Anchor functionality where your anchor controller should be either 5760 or a 5508.

If anchor controller is 5508, you should have specific image(7.3MR1 or 7.5) to enable the feature called new mobility. Without that you cannot terminate CAPWAP inter-controller mobility tunnels which is the only mode supported in 5760/3850 (no longer EoIP is supported).

Hope that clear

**** Pls rate all useful responses ****

New Member

Re: Anchor connection

Hi Rasika,

Now everything seems to be clear - of course Cisco change mobility design and of course new one isn't supported on VM version (yet)

Question to somone from Cisco is this future on the road-map for VM version ?