Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3015
Views
0
Helpful
9
Replies

Intra-Controller roaming and AP Groups

jcosgrove
Level 1
Level 1

‎10-10-2013 02:30 PM - edited ‎07-04-2021 01:03 AM

WiSM 2 controllers running 7.3.101.0

All controllers have the same subnets/dynamic interfaces/WLAN

All controllers in same mobility group.

Controller1

AP1 has APGROUP1 applied

APGROUP1 has SSID1 mapped to DynintVLAN1

Controller2

AP2 has APGROUP2 applied

APGROUP2 has SSID1 mapped to DynIntVLAN2

Client associates to AP1 and gets IP from DynintVLAN1

Client roams to AP2.  Keeps IP address but connectivity stops.

Client shows in Controller 1 to be Anchored to Controller 1

Client shows in Controller 2 to be mobile client and mapped to Controller 1 but interface shows as DynintVLAN2

My understanding with this configuration is that the client should stay connected via mobility to Controller 1 but it seems to stay authenticated but looses connectivity.

Any thoughts?

Thanks.

Labels:
0 Helpful
9 Replies 9

Rasika Nayanajith
VIP
VIP

‎10-10-2013 02:45 PM

For me it is looks like L3- Inter controller roaming. Do you see mobility state as "Foreign" in 2nd controller ?

In Controller 2 you should see as DynintVLAN2, still client had the IP from Controller 1 which is normal.

Here is some of my reference note. Hope it may helpful

http://mrncciew.com/2013/03/17/l3-inter-controller-roaming/

HTH

Rasika

**** Pls rate all useful responses ****

0 Helpful

Abha Jha
Cisco Employee
Cisco Employee

‎10-10-2013 02:50 PM

see the below link and figure 8.2 inter controller roaming where client entry will be moved o another controller once the client roams from one controller to another....

http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcsmobil.html

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to Abha Jha

‎10-10-2013 02:57 PM

If two WLCs have same subnet (L2-Inter controller roaming) then client entry will be moved. Otherwise client entry will be copied to 2nd cotroller with the flag of "Foreign" while original entry on WLC1 will be tagged with "Anchor".

Figure 8.3 would be the accurate picture for the situation describe in this post (DynintVlan1 & DynintVlan2)

Rasika

0 Helpful

nikhilcherian
Level 5
Level 5
In response to Rasika Nayanajith

‎10-10-2013 08:24 PM

This is definetly a Layer 3 roaming and the client information should be kept with the WLC1.Probably 'debug mobility handoff enable' will give you more details

0 Helpful

jcosgrove
Level 1
Level 1
In response to Abha Jha

‎10-11-2013 07:01 AM

Jha,

I would love to have the roaming work for me this way but I am not sure how the use of APGroups change this behavior.

In my set up I use AP groups to help limit my broadcast domains but I would like to make sure a client maintains his IP if he does roam to another area.

We are a Campus with a large super structure the consists of multiple building connected together.  This makes it hard to divide my zones to break up the broadcast zones.

JC

0 Helpful

jcosgrove
Level 1
Level 1

‎10-11-2013 06:55 AM

I checked eping and mping between these controllers and no problem

When roamed to controller 2 I even tried a dhcp release and renew and that worked!  I got my same IP address so I think the mobility parts are working since I was able to get back to the original VLAN.  I just cant ping my gateway or off network.

After the roam here are the "sh client detail"

Controller 1 (Anchor)

(Controller1) >show client detail 00:24:D7:37:B7:48

Client MAC Address............................... 00:24:d7:37:b7:48

Client Username ................................. **************deleted

AP MAC Address................................... 00:00:00:00:00:00

AP Name.......................................... N/A              

Client State..................................... Associated    

Client NAC OOB State............................. Access

Wireless LAN Id.................................. 1 

Hotspot (802.11u)................................ Not Supported

BSSID............................................ 00:00:00:00:00:00 

Connected For ................................... 1060 secs

Channel.......................................... N/A

IP Address....................................... 172.17.137.241

Gateway Address.................................. Unknown

Netmask.......................................... Unknown

Association Id................................... 0 

Authentication Algorithm......................... Open System

Reason Code...................................... 1 

Status Code...................................... 0 

Client CCX version............................... 4 

Client E2E version............................... 1 

Re-Authentication Timeout........................ 1583

QoS Level........................................ Silver

--More-- or (q)uit

802.1P Priority Tag.............................. disabled

CTS Security Group Tag........................... Not Applicable

KTS CAC Capability............................... No

WMM Support...................................... Enabled

  APSD ACs.......................................  BK  BE  VI  VO

Power Save....................................... ON

Current Rate..................................... m15

Supported Rates.................................. 18.0,24.0,36.0,48.0,54.0

Mobility State................................... Anchor

Mobility Foreign IP Address...................... 172.17.12.5

Mobility Move Count.............................. 2

Security Policy Completed........................ Yes

Policy Manager State............................. RUN

Policy Manager Rule Created...................... Yes

Audit Session ID................................. ac110c0e0011541752570af9

IPv4 ACL Name.................................... none

IPv4 ACL Applied Status.......................... Unavailable

IPv6 ACL Name.................................... none

IPv6 ACL Applied Status.......................... Unavailable

Client Type...................................... SimpleIP

PMIPv6 State..................................... Unavailable

Policy Type...................................... WPA2

Authentication Key Management.................... 802.1x

--More-- or (q)uit

Encryption Cipher................................ CCMP (AES)

Management Frame Protection...................... No

EAP Type......................................... PEAP

Interface........................................ zone5dynint743

VLAN............................................. 743

Quarantine VLAN.................................. 0

Access VLAN...................................... 743

Controller2

(Controller2) >show client detail 00:24:D7:37:B7:48

Client MAC Address............................... 00:24:d7:37:b7:48

Client Username .................................**************deleted

AP MAC Address................................... 00:23:eb:81:ec:20

AP Name.......................................... AP2     

Client State..................................... Associated    

Client NAC OOB State............................. Access

Wireless LAN Id.................................. 1 

Hotspot (802.11u)................................ Not Supported

BSSID............................................ 00:23:eb:81:ec:20 

Connected For ................................... 212 secs

Channel.......................................... 11

IP Address....................................... 172.17.137.241

Gateway Address.................................. Unknown

Netmask.......................................... Unknown

Association Id................................... 10

Authentication Algorithm......................... Open System

Reason Code...................................... 1 

Status Code...................................... 0 

Client CCX version............................... 4 

Client E2E version............................... 1 

Re-Authentication Timeout........................ 1584

QoS Level........................................ Silver

--More-- or (q)uit

802.1P Priority Tag.............................. disabled

CTS Security Group Tag........................... Not Applicable

KTS CAC Capability............................... No

WMM Support...................................... Enabled

  APSD ACs.......................................  BK  BE  VI  VO

Power Save....................................... ON

Current Rate..................................... m15

Supported Rates.................................. 18.0,24.0,36.0,48.0,54.0

Mobility State................................... Foreign

Mobility Anchor IP Address....................... 172.17.12.14

Mobility Move Count.............................. 3

Security Policy Completed........................ Yes

Policy Manager State............................. RUN

Policy Manager Rule Created...................... Yes

Audit Session ID................................. ac110c05008392c65257ede8

IPv4 ACL Name.................................... none

IPv4 ACL Applied Status.......................... Unavailable

IPv6 ACL Name.................................... none

IPv6 ACL Applied Status.......................... Unavailable

Client Type...................................... SimpleIP

PMIPv6 State..................................... Unavailable

Policy Type...................................... WPA2

Authentication Key Management.................... 802.1x

--More-- or (q)uit

Encryption Cipher................................ CCMP (AES)

Management Frame Protection...................... No

EAP Type......................................... PEAP

Interface........................................ zone1dynint732

VLAN............................................. 732

Quarantine VLAN.................................. 0

Access VLAN...................................... 743

0 Helpful

Richard Atkin
Level 4
Level 4
In response to jcosgrove

‎10-11-2013 09:25 AM

The interfaces are different on each WLC;

"zone1dynint732" and "zone1dynint743"

So the WLC is dumping your Client in to a new VLAN when you roam and the Client doesn't realise; I bet if you do a DHCP Release / Renew, it starts working again?

You need to fix the problem though, as you shouldn't be moving to a new VLAN when you roam.  Have you confirmed that the WLANs are configured identically on both WLCs? And that both WLCs definitely have the VLANs / Subnets / Dynamic Interfaces all defined correctly?

0 Helpful

jcosgrove
Level 1
Level 1
In response to Richard Atkin

‎10-15-2013 07:37 AM

I did a dhcp renew after the roam and I get successful DHCP renewal for the original IP.

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to jcosgrove

‎10-11-2013 02:52 PM

As per the above ouptput, it appears mobility is working as normally. Still you cannot go to the network when roamed, there should be some configuration mistake somewhere. Pls provide this output in both controllers to have a quick look

show interface summary

show mobility summary

show wlan

HTH

Rasika

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card