Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

failed to roam to antoher AP in different controller

Hi everyone...

I'm having issue with roaming problem...

when client roams to another AP which reside to another controller the connectivity is dropped... the connection status is still there but I can't longer ping to the outside...

I noticed that the roaming already success by looking the client list on another WLC which the AP reside but the Auth status is NO...

I assume this is the cause that the connection is dropped..

I already setup the mobility domain group, RF group in one name (case sensitive right?) and register every WLC mac addr and ip add on the mobility group. I check the status controller --> mobility group, all registered wlc in the same local mobility group already UP...

I setup my WLAN with WPA2 + AES with DHCP Addr Assignment Required checked on the advanced setting on the SSID...

I also have Client Band Select enabled.

WLC1 and WLC2 in on the same subnet and there is no firewall between WLC (I'm using WiSM actually) and between AP

I'm wondering.. anyone have experienced this problem??

I really appreciate anyone who can help

24 REPLIES
Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

So you have this issue no matter if its from wlc1 to wlc2 and vice versa? Just to rule out interface or vlan settings.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: failed to roam to antoher AP in different controller

yes correct...

each WLC have the same software version 7.0.98.0 and AP reside on WLC1 is AIR-LAP1252 and the other one is AIR-CAP 3502E

VLAN is already setup on each WLAN also

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

You should also just try to setup the basic for now. Remove band select and remove dhcp required until you get things working then add one thing at a time and test. If you create an open SSID just for testing, does it work?

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: failed to roam to antoher AP in different controller

Oke... I will test it...

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

As long as we know that devices can associate to AP's on either wlc fine and roam within the same WLC that would be a good starting point.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

failed to roam to antoher AP in different controller

Scott,

I tested it...

start from open SSID, WPA2+AES... and it stuck when DHCP Addr Assignment enabled on WLAN profile -> advanced setting....

if I enable client load balance or Client Band Select on at a time it will add more delay to move to another AP in same WLC or not same WLC (2-4 RTO)

so if i enable both client load balance and client band select it will take more time to roam (3 - 5 RTO)

what happen with DHCP Addr Assignement.... it hog the roaming process

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

Well how did it work with open authentication an not enabling dhcp required, client load balancing and band select.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

failed to roam to antoher AP in different controller

no roaming problem with Open SSID, no client load balance, no DHCP Addr Assign... and no band select...

is this a bug from the controller software??

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

Ah... So now what you should do is setup a new SSID using wpa/tip and see if that works.

I don't know if there is any bug

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

Just keep in mind that client load balancing has issues with various laptop manufactures like Apple. Band select doesn't guarantee devices to choose the 5ghz also. These features you need to test and make sure they work well in your environment.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: failed to roam to antoher AP in different controller

I already tested with:

WPA2+AES, Client Load Balance --> roaming success

WPA2+AES, band select --> roaming sucess

WPA2+AES, Client Load Balance, band select --> roaming success

WPA2+AES, Client Load Balance, band select, DHCP Addr Assign --> roaming to different WLC failed

WPA2+AES, DHCP Addr Assign --> roaming to different WLC failed

I also tested same scenario above with WPA2+802.1X and the result failed roaming to another AP in different controller with DHCP Addr Assign feature enabled...

so what i need to do right now is to disable DHCP Addr Assign feature after office hour....

thanks to remind me about the client load balance and band select feature...

New Member

Re: failed to roam to antoher AP in different controller

do you think upgrading the WLC software version to the latest will help??

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

Do you have dhcp required on wlc1 and wlc3 when you were testing? I don't know if upgrading will help.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: failed to roam to antoher AP in different controller

yes of course... I always set the same thing to other WLC...  DHCP Addr Assignment Required thicked...

so whenever this feature enabled on WLAN... Roaming to different controller fails....

Hall of Fame Super Silver

Re: failed to roam to antoher AP in different controller

I never use that feature, but if you have that setup on wlc2 and wlc1 which are working, then I don't know why it wouldn't work for wlc3.

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: failed to roam to antoher AP in different controller

no Scott... it fails to another WLC also... not just one WLC but to other WLC also...

so if I start connected to wlc1 and roams to wlc2 or wlc3.... it will fails if DHCP Addr Assign Required enabled...

same thing if i start from wlc2 and want to roam to wlc1 or wlc3...

Cisco Employee

Re: failed to roam to antoher AP in different controller

Is the DHCP proxy setting the same across all WLCs? What about the virtual IP address? These settings should be the same across your controllers for proper mobility.

*NOTE* changing the virtual IP address requires a WLC reboot.

-Pat

New Member

Re: failed to roam to antoher AP in different controller

DHCP Proxy setting enabled on all WLC

virtual interface already has same IP Address 1.1.1.1 on all WLC...

Cisco Employee

Re: failed to roam to antoher AP in different controller

Alright, in this scenario it's time to capture some debugs:

Capture the output of a "debug client xx:xx:xx:xx:xx:xx" (where xx is the client mac address)

Capture this output from both the original WLC and the new WLC you are roaming to, from the start of the initial client connection.

It also might be time to open up a TAC case for more in-depth analysis.

-Pat

New Member

Re: failed to roam to antoher AP in different controller

oke thanks... I will try..

so it means just only me with this scenario that having such problem...?? and other not having this issue with same scenario??

Cisco Employee

Re: failed to roam to antoher AP in different controller

The client debugs will help us pinpoint the reason for the roaming failure. This is not normal behavior, we just need to figure out what is not working properly.

-Pat

New Member

Re: failed to roam to antoher AP in different controller

here is the debug using yey SSID as a test

maybe anyone can know something from here

#scenario Open SSID with DHCP Addr Assignment Required enabled

WLC1

-------------------------

*spamReceiveTask: Nov 17 15:00:00.495: 10:9a:dd:bf:35:0d Received Idle-Timeout from AP 00:1d:70:93:b1:80, slot 1 for STA 10:9a:dd:bf:35:0d

*spamReceiveTask: Nov 17 15:00:00.495: 10:9a:dd:bf:35:0d apfMsDeleteByMscb Scheduling mobile for deletion with deleteReason 4, reasonCode 4

*spamReceiveTask: Nov 17 15:00:00.495: 10:9a:dd:bf:35:0d Scheduling deletion of Mobile Station:  (callerId: 30) in 1 seconds

*osapiBsnTimer: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d apfMsExpireCallback (apf_ms.c:599) Expiring Mobile!

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d apfMsExpireMobileStation (apf_ms.c:4888) Changing state for mobile 10:9a:dd:bf:35:0d on AP 00:1d:70:93:b1:80 from Associated to Disassociated

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d Sent Deauthenticate to mobile on BSSID 00:1d:70:93:b1:80 slot 1(caller apf_ms.c:4972)

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d apfMsAssoStateDec

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d apfMsExpireMobileStation (apf_ms.c:5009) Changing state for mobile 10:9a:dd:bf:35:0d on AP 00:1d:70:93:b1:80 from Disassociated to Idle

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d 10.7.8.20 RUN (20) Deleted mobile LWAPP rule on AP [00:1d:70:93:b1:80]

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d apfMsRunStateDec

*apfReceiveTask: Nov 17 15:00:01.487: 10:9a:dd:bf:35:0d Deleting mobile on AP 00:1d:70:93:b1:80(1)

*pemReceiveTask: Nov 17 15:00:01.492: 10:9a:dd:bf:35:0d 10.7.8.20 Removed NPU entry.

WLC2

--------------------------------------------

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Adding mobile on LWAPP AP 00:1d:70:92:e8:10(1)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Reassociation received from mobile on AP 00:1d:70:92:e8:10

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 START (0) Changing ACL 'guestcil' (ACL ID 0) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Applying site-specific IPv6 override for station 10:9a:dd:bf:35:0d - vapId 5, site 'JIS-Cilandak', interface 'jisair-cil-pie-vo'

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Applying IPv6 Interface Policy for station 10:9a:dd:bf:35:0d - vlan 23, interface id 9, interface 'jisair-cil-pie-vo'

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Applying site-specific override for station 10:9a:dd:bf:35:0d - vapId 5, site 'JIS-Cilandak', interface 'jisair-cil-pie-vo'

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 START (0) Changing ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:1393)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d STA - rates (7): 18 152 36 176 72 96 108 0 0 0 0 0 0 0 0 0

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 START (0) Initializing policy

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 START (0) Change state to AUTHCHECK (2) last state AUTHCHECK (2)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 AUTHCHECK (2) Change state to L2AUTHCOMPLETE (4) last state L2AUTHCOMPLETE (4)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 00:1d:70:92:e8:10 vapId 5 apVapId 5

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d 0.0.0.0 L2AUTHCOMPLETE (4) Change state to DHCP_REQD (7) last state DHCP_REQD (7)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d apfMsAssoStateInc

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d apfPemAddUser2 (apf_policy.c:222) Changing state for mobile 10:9a:dd:bf:35:0d on AP 00:1d:70:92:e8:10 from Idle to Associated

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Scheduling deletion of Mobile Station:  (callerId: 49) in 1800 seconds

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d Sending Assoc Response to station on BSSID 00:1d:70:92:e8:10 (status 0)

*apfMsConnTask_0: Nov 17 14:59:49.361: 10:9a:dd:bf:35:0d apfProcessAssocReq (apf_80211.c:4587) Changing state for mobile 10:9a:dd:bf:35:0d on AP 00:1d:70:92:e8:10 from Associated to Associated

*apfReceiveTask: Nov 17 14:59:51.256: 10:9a:dd:bf:35:0d 0.0.0.0 DHCP_REQD (7) State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED

*apfReceiveTask: Nov 17 14:59:51.256: 10:9a:dd:bf:35:0d 0.0.0.0 DHCP_REQD (7) pemAdvanceState2 4182, Adding TMP rule

*apfReceiveTask: Nov 17 01:29:11.256: 10:9a:dd:bf:35:0d 0.0.0.0 DHCP_REQD (7) Adding Fast Path rule

  type = Airespace AP - Learn IP address

  on AP 00:1d:70:92:e8:10, slot 1, interface = 29, QOS = 0

  ACL Id = 255, Jumbo F

*apfReceiveTask: Nov 17 14:59:51.256: 10:9a:dd:bf:35:0d 0.0.0.0 DHCP_REQD (7) Fast Path rule (contd...) 802.1P = 0, DSCP = 0, TokenID = 5006  IPv6 Vlan = 23, IPv6 intf id = 9

*apfReceiveTask: Nov 17 14:59:51.256: 10:9a:dd:bf:35:0d 0.0.0.0 DHCP_REQD (7) Successfully plumbed mobile rule (ACL ID 255)

*pemReceiveTask: Nov 17 14:59:51.262: 10:9a:dd:bf:35:0d 0.0.0.0 Added NPU entry of type 9, dtlFlags 0x0

*pemReceiveTask: Nov 17 14:59:51.262: 10:9a:dd:bf:35:0d Sent an XID frame

*apfReceiveTask: Nov 17 14:59:51.635: 10:9a:dd:bf:35:0d Orphan Packet from 10.7.8.20 on mobile

*apfReceiveTask: Nov 17 14:59:51.635: 10:9a:dd:bf:35:0d Invalid MSCB state: ipAddr=10.7.8.20, regType=2, Dhcp required!

*apfReceiveTask: Nov 17 14:59:51.970: 10:9a:dd:bf:35:0d Orphan packet from DS interface 29 for mobile

*apfReceiveTask: Nov 17 14:59:51.970: 10:9a:dd:bf:35:0d Invalid MSCB state: ipAddr=10.7.8.20, regType=2, Dhcp required!

New Member

Re: failed to roam to antoher AP in different controller

the scenario is I roamed from AP that connected to WLC1 to other AP which connected to WLC2

Cisco Employee

Re: failed to roam to antoher AP in different controller

Hello,

The following messages in the log above concern me:

Received Idle-Timeout from AP 00:1d:70:93:b1:80, slot 1 for STA 10:9a:dd:bf:35:0d*spamReceiveTask: Nov 17 15:00:00.495: 10:9a:dd:bf:35:0d apfMsDeleteByMscb Scheduling mobile for deletion with

We had an issue in 7.0.98.0 WLC code where the client would be incorrectly deleted, which appears to be the situation in your environment.

CSCti91944 -- Unified AP removing clients on maximum retries.

My suggestion would be an upgrade on the WLCs when possible -- 7.0.220.0 (latest maintenance release)

-Pat

874
Views
0
Helpful
24
Replies
CreatePlease to create content