Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Foreign to anchor communication broken after FW outage


I managed to bring up a fully functional WLAN guest access including WebAuth, a foreign WLC serving the APs, an anchor WLC in a DMZ behind a FW, considered all the details described in GAccess_41.pdf (hopefully). The deployment even survived the migration from 4.2.61 to 5.0.148, done on both controllers, of course - short: it worked.

I came down to earth as one of the FW boxes of the FW-cluster in between the foreign and the anchor failed and the secondary FW box didn't take over instantly. The connection between foreign and anchor was down for around 5 minutes. After that, my problem began:

The foreign controller showed data connection and control connection to anchor controller up. Anchor controller showed both connections to itself up. Ping, mping and eping worked in both directions.

But for all that the foreign controller did not export the client information to the anchor any longer.

A client associated to the guest WLAN kept on staying in the Mobility State "local" on the foreign WLC (I would have expected "Export Foreign" here?).

I was not able to get the controllers talking to each other again by now - even a simultaneous reboot of both WLCs did not help.

Browsing the forum I found a post mentioning a bug that can be worked around by using the same mobility group for both, foreign and anchor WLC - unfortunately no more details.

Could this help here, too? Or is there an other way to bring up the broken communication again?



Community Member

Re: Foreign to anchor communication broken after FW outage


indeed, putting both WLCs in the same mobility group fixed the problem for the time being. This setup even came back up again after intentionally breaking and reestablishing the communication between foreign and anchor controller.



CreatePlease to create content